[GNSO-TPR] For Review: Draft recommendations on post-registration and post-transfer locks

Fri Apr 15 07:45:28 UTC 2022

Dear Working Group members,

Draft recommendations are now available on post-registration and post-transfer locks here<https://docs.google.com/document/d/1RGow_TYPSESvI9DFweF3T_g7vgufg6zCwEdSsUjBfqs/edit> (see pages 5 and 6).

In addition, our internal ICANN org SMEs have been invited to provide early input on the discussions covering this topic. Below you will find a responses from two of the SMEs.

Kind regards,

Julie, Caitlin, Berry, and Emily

  1.  Post-Transfer Lock: This if implemented, will greatly impact the domain name trading business.

Currently, many domain name trading activities will use an “Escrow Registrar” acting as intermediary, where the domain name owner will transfer the name to that “Escrow Registrar” after a deal is agreed. Then once the “Escrow Registrar” receives the funds from the buyer, it will immediately release the domain name to the buyer, and buyer can immediately transfer the domain name to its desired registrar.

By imposing this mandatory lock, will unnecessarily delay the domain name being transferred to the buyer’s own registrar. Further, to fight with fraudulent transfers, we do have TDRP that registrants can use.

  1.  I’d recommend that all these requirements being only registrar level policies, and all RA/RRA should be silent on this. That way, registrar can implement the policy pertain to their business model and don’t have to struggle between ICANN policies and registry requirements.

Using the above Post-Transfer Lock in domain name trading business as an example, the current TP used sentence as “The Registrar of Record may deny a transfer request only in the following specific instances: …” this give the registrar the flexibility in implementation that fits their business.

 I think that the selection of parameters for the post-creation lock is easy. In the gTLD market, .com is the largest, and the majority of the gTLD domains are .com; therefore, .com already showed us what is possible.

The rationale for post-creation lock says: "Provides registrars with a reasonable period of time to address issues related to chargebacks associated with fraudulent transactions." From my experience working for a registry and a registrar, you can get chargebacks after 10 days. A period of 60 days seems more reasonable for handling chargebacks.

I think that applying the post-creation lock at the Registry-level makes more sense. From my experience, it was easier to develop security controls/policies at the Registry-level because as the Registrar deals with the public, there are more exceptions to be handled. For example, for a Registrar is easy to say, "apologies, this lock is applied at the registry, there is nothing that I can do", when you get calls from external VIPs asking you to make exceptions.

From a security perspective, regarding the post-transfer lock, preventing repeated transfers in rapid succession is a control that could mitigate bad actors using rapid successions transfers to hide tracks. I think that 60 days sounds reasonable.

I don’t see issues with a 60-day period for post-transfer locks, the escrow registrar would be the registrar sponsor for the gaining registrant during the 60 days-period. If the gaining registrant doesn't want to be with the escrow registrar, they can move after 60 days. If you have money to buy domain names in the secondary market, you probably have money to do another transfer after 60 days.

In the end, the market adapts, and if currently, the escrow registrars don't provide all the features of a typical registrar, the escrow registrar will start delivering them, or the typical Registrar will offer escrow services.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-tpr/attachments/20220415/1fd3081c/attachment-0001.html>