<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1970698869;
mso-list-type:hybrid;
mso-list-template-ids:-1695523050 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:2114091070;
mso-list-type:hybrid;
mso-list-template-ids:2117731508 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:1.75in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:2.75in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.25in;
text-indent:-.25in;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:3.75in;
text-indent:-.25in;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.25in;
text-indent:-.25in;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
margin-left:4.75in;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Dear Working Group Members,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Please find below the notes and action items from today’s meeting.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The next meeting will be during ICANN71 on Wednesday, 16 June at 12:30 UTC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Emily, Julie, Berry, and Caitlin<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">--<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;color:black">Action Items<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;color:black"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Please refer to the
<a href="https://docs.google.com/spreadsheets/d/1FunWaz3gNZl8mPi5pNKti2GsfPC_9_DTt8uRQq4Oe5Q/edit#gid=0">
Work Plan and Action Items List</a> for updated action items.<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;color:black">Transfer Policy Review Phase 1 - Meeting #05</span></b><span style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;color:black">Proposed Agenda</span></b><span style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Tuesday 8 June 2021 at 16.00 UTC<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:6.0pt;margin-left:40.5pt;text-indent:-22.5pt;line-height:18.0pt">
<span style="font-size:11.0pt;color:black">1.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black"> </span><span style="font-size:11.0pt;color:black">Roll Call & SOI Updates (5 minutes)</span><span style="font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:6.0pt;margin-left:40.5pt;text-indent:-22.5pt;line-height:18.0pt">
<span style="font-size:11.0pt;color:black">2.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black"> </span><span style="font-size:11.0pt;color:black">Welcome & Chair updates (5 minutes)<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l1 level1 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Support Staff plans to share the draft SO/AC/SG/Cs outreach document with the WG following this call.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l1 level1 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The proposed deadline for adding comments and proposing additional questions will be 24 June. Support Staff will aim to finalize the document during the 29 June call.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l1 level1 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">We intend to use Google Drive as our primary method for working on shared documents, pending no objections. (No objections were raised during the call.)<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:6.0pt;margin-left:40.5pt;text-indent:-22.5pt;line-height:18.0pt">
<span style="font-size:11.0pt;color:black">3.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black"> </span><span style="font-size:11.0pt;color:black">Discussion of AuthInfo Codes (75 minutes)<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The first section of the document provides the relevant policy language from the Transfer Policy and the Interim Registration Data Policy.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The working definition can evolve over time. The definition, as written, was pulled from ICANN’s website. As the Team is working through the charter questions, please have the working definition
in mind so that we can finalize this for the report later in the process. <o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Regarding “unique codes”, curious how this actually works for the non-technical or non-registrar members. Is it possible that two registrars could develop the same random code, for example? Has
this ever happened? Is an authinfo code collision possible?<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From a technology point of view, yes – this is possible, but something to keep in mind is the code has to be correlated to something. The likelihood of this happening in terms of the same two people
trying to transfer a domain name – is next to zero. If this is a concern, the domain name could be hashed.<o:p></o:p></span></li></ul>
<table class="MsoTableGrid" border="1" cellspacing="0" cellpadding="0" style="margin-left:.75in;border-collapse:collapse;border:none">
<tbody>
<tr>
<td width="623" valign="top" style="width:467.5pt;border:solid windowtext 1.0pt;padding:0in 5.4pt 0in 5.4pt">
<ul style="margin-top:0in" type="disc">
<li style="color:black;margin-top:0in;margin-bottom:0in;margin-left:.25in;margin-bottom:.0001pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Charter Question b1) Is AuthInfo Code still a secure method for inter-registrar transfers? What evidence was used by the Working Group to make this determination?<o:p></o:p></span></li></ul>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="line-height:18.0pt"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<ul type="disc">
<li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">As a starting point, it’s important to know what we are trying to achieve with the auth-info code as an overarching question before reviewing who the manager of the code should be.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">In terms of evidence, there must be some evidence that we can look at – like ICANN compliance tickets re: auth codes being insecure, people not being able to get access, etc.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Since the dependency on auth codes have changed, it may be helpful to look backwards and forwards – (pre-Temp Spec elimination of Gaining FOA and post-Temp Spec elimination of Gaining FOA).
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Do not think if asking if auth codes are secure enough at the right question? The real question is – what are we trying to achieve with auth codes – what we are trying to derive from a security
point of view. <o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">What is the difference between the auth code and the one-time password referenced in the document?<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">In EPP, it’s called authinfo; however, it’s called other names such as password, authorization code. Use of onetime password is a way of saying this is a goal we are trying to achieve. A onetime
password has all of the goals you would want to achieve. <o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">"Transfer Authorization Code" may be an optional replacement of the term auth code because it is more descriptive<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">There should be one standard term used across the board, so registrants don't get confused<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From a security point of view with no consideration to business processes, our use of authinfo codes is not secure enough. There are changes that are necessary and should be made. For one, it is
not uniformly managed and processed at independent registrars. We need to create homogeneity about what it means to create an authinfo code. With that in mind, there is discussion to be had about how a transfer works and how we adapt the security principles
that come with a onetime password and make sure they are covered.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">If we create a transfer authorization code, are we creating an identification that could be PII which could be problematic with data privacy laws?<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Many systems are adopting two-factor authorization – suggest that, if possible, recommend that two-factor authentication be enabled such that the domain name owner can verify this is a genuine
transfer request<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The auth code could be personal data, but not necessarily. The auth code does not say who someone is, so it would be difficult to identify a natural person, although in some edge cases, it could
be used to validate information. This should be protected similar to how passwords are protected. If it is personal data, there would be a legitimate interest for processing the personal data.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The goal should be secure transfers. The authinfo code is a good method for registrar transfers. There are small things to do to make it more secure, such as TTL – which makes it a onetime password.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The whole transfer process is a pain and a lot of people do not understand it. Making it secure does not mean that people will use it. Usability is another issue the group should consider.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The question about usability and bulk are excellent and important questions – that is why we need to talk about the business processes that need to be in place. What are the uniform steps that
we are going to follow to make this work? Where is the uniformity within each of those steps that we all agree to abide by? Is bulk a separate process, or will it be incorporated in? These are all choices to be made, and they’re all related.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">It’s not just about the security about the auth code itself; it’s also about getting the auth code. There should be an easy way for the registrar to actually get the auth code<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">There should be requirements regarding explaining how a registrant can get its auth code<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">If it comes to security level of the auth code, we could have a look at ccTLDs. We could copy what is already out there.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">It sounds like the group thinks the auth code is a secure mechanism that needs improvements<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">With respect to onetime use, the first issue is whether or not we believe the goal is to make sure that we are correlating the registrant at both ends – from the incumbent registrar to the gaining
registrar. With that in mind, a onetime password might be enough. Two-factor authentication may be overkill for this application but could be dissuaded if others disagree with this position. We should have guidance about how to create an auth code, how long
it has to be, and other technical guidance regarding its lifetime and when they come into existence and when they don’t. When you start getting into where and how it’s used, then you talk about the management. How much of a role do registries have? There are
a few things we need to get through and not prepared to answer these questions without more information.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Registrars have to answer the question about two-factor authentication. You would want one system that everyone is going to have so there is interoperability.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">2FA is more of a hindrance – this would not go down well, and not sure this is what we are trying to achieve. In terms of looking at best practices, it could be optional, but some smaller registrars
may not have the capability and it would not be a fair approach. <o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">We should not lock down to one specific type of security. Many registrars already use 2FA.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Some people think a transfer should be instant – how would the code be evaluated and provided in this instance<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Regarding when not to provide an auth code, this comes to provisioning.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">To the extent there’s a security impact, then it’s a policy consideration. For example, minimum length for the auth info would be policy consideration. For example, uniqueness of an auth info
would be a policy consideration. Guidance but not requirements on how to create an auth info would be helpful but not necessarily binding. Is it created as needed? Does it have a lifetime? These are policy considerations that have a security impact. If authinfo
is going to replace the FOA, there needs to be some considerations added.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Who is going to have the operational burden? The second part that needs to be determined whether the registrar is responsible for doing certain checks or the registry.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Design of a specific onetime password scheme is better done by specialists, not a group like this. What this group will be good at is setting general requirements and evaluating a proposed scheme
in terms of its usability, cost of implementation, etc.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;margin-left:.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">This group needs determine what the concerns are and have a technical group design something with these concerns in mind and pass it back to the WG for confirmation<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:6.0pt;margin-left:40.5pt;text-indent:-22.5pt;line-height:18.0pt">
<span style="font-size:11.0pt;color:black">4.</span><span style="font-size:7.0pt;font-family:"Times New Roman",serif;color:black"> </span><span style="font-size:11.0pt;color:black">Next steps & closing (5 minutes)</span><span style="font-family:"Times New Roman",serif;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in;text-indent:.5in"><span style="font-size:11.0pt;color:black">Next meeting (ICANN71 session): 16 June 2021 @ <span style="background:white">12:30 UTC</span><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
</body>
</html>