<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1021204715;
mso-list-type:hybrid;
mso-list-template-ids:-725980538 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l1
{mso-list-id:1132870641;
mso-list-template-ids:-474979796;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2
{mso-list-id:1403020120;
mso-list-template-ids:-713652412;}
@list l2:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1404991589;
mso-list-template-ids:451299940;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:1516842875;
mso-list-type:hybrid;
mso-list-template-ids:2137538600 67698691 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5
{mso-list-id:1647083498;
mso-list-template-ids:319326460;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l6
{mso-list-id:1816487386;
mso-list-type:hybrid;
mso-list-template-ids:-2093984486 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l6:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l6:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l6:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l7
{mso-list-id:2048944004;
mso-list-type:hybrid;
mso-list-template-ids:-60636236 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l7:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l7:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l7:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l7:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l7:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l7:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l7:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l7:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l7:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l8
{mso-list-id:2109963656;
mso-list-template-ids:319326460;}
@list l8:level1
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";}
@list l8:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l8:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l8:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l8:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l8:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l8:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l8:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l8:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l9
{mso-list-id:2111123597;
mso-list-type:hybrid;
mso-list-template-ids:184479250 67698689 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l9:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l9:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l9:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l9:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l9:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l9:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l9:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l9:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l9:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l2:level1 lfo9
{mso-level-start-at:0;
mso-level-numbering:continue;
mso-level-text:o;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">Dear TPR Working Group,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Please find below the notes and action items from today’s TPR meeting.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The next meeting will be <b>Tuesday, 03 August at 16:00 UTC</b>.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Best regards,<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Emily, Caitlin, Berry, and Julie<o:p></o:p></p>
<p class="MsoNormal">--<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b><u>Action Items</u></b><o:p></o:p></p>
<p class="MsoNormal"><b> <o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><b>ACTION ITEM: Homework for WG members – add comments and suggested edits to the principles and strawman list at:
<a href="https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing">
https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing</a> including anything that might be missing, clarifications/changes to terminology, impacts on use cases, etc.<o:p></o:p></b></p>
<p class="MsoNormal">Also see the <a href="https://urldefense.com/v3/__https:/docs.google.com/spreadsheets/d/1FunWaz3gNZl8mPi5pNKti2GsfPC_9_DTt8uRQq4Oe5Q/edit*gid=0__;Iw!!PtGJab4!o0PW6FDz4oeI2yWVlZ-6QHbGvS2VxPn0_8R_qDAqddh-FQQAkEyzlaJpFqJ4qFoQCoEgYPbHTg$">
project workplan [docs.google.com]</a> for action items. <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"><b><u><o:p><span style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal"><b><u>Notes:<o:p></o:p></u></b></p>
<p class="MsoNormal"><b><u><o:p><span style="text-decoration:none"> </span></o:p></u></b></p>
<p class="MsoNormal"><b><u><span style="color:black">Transfer Policy Review Phase 1 - Meeting #0</span>8</u></b><u><o:p></o:p></u></p>
<p class="MsoNormal"><b><u><span style="color:black">Proposed Agenda</span></u></b><u><o:p></o:p></u></p>
<p class="MsoNormal"><span style="color:black"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:black">Tuesday </span>27 July<span style="color:black"> at 16.00 UTC</span><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt">1. Welcome & Chair updates<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt">2. Presentation of outputs from the small group and continued discussion of Auth-Info Codes: See new section at the end of the Working Document (beginning on page 7): <a href="https://urldefense.com/v3/__https:/docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing__;!!PtGJab4!u9vwJ_T4zFRHtcsEC3OSv8CaQvpvwEGhO9y11c-3dDilQNFuDq4Prz9IxdI_OU7jLu_IlDT-4w$" title="https://urldefense.com/v3/__https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing__;!!PtGJab4!u9vwJ_T4zFRHtcsEC3OSv8CaQvpvwEGhO9y11c-3dDilQNFuDq4Prz9IxdI_OU7jLu_IlDT-4w$">https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing
[docs.google.com]</a>.<o:p></o:p></p>
<ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l4 level1 lfo7">
<span style="font-size:11.0pt">Small Team has been meeting for the last two weeks on Auth-Info Codes. They will present their thoughts to us. There is some additional work that will need to happen in the full WG.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l4 level1 lfo7">
<span style="font-size:11.0pt">Project Plan was introduced to the GNSO Council at the meeting on 22 July. There were no questions from Council.<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><u>Presentation from Jim Galvin on Principles</u>:<o:p></o:p></p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
“Transfer Authorization Code (TAC) is an Identity Credential that upon presentation by a registrant identifies that registrant as the owner of its corresponding domain name.”
<o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
This is very important and we should try to come to agreement on it.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
“Should only exist at registry when a transfer is in progress”: <o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
This suggests that regardless of when a registrar creates a TAC, it is not passed to the registry unless a transfer is in progress.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
“Must be unique per registrant and per domain name”: <o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
The value must be safe and secure and not reproducible outside of the registrar, i.e., one-time password. If there is a request for another one just generate a new password.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
“Must not be retrievable from the registry”: <o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
A registrar can set it but a registry will never respond with it, other than to validate if an accurate one was submitted (rate limits to avoid brute force).
<o:p></o:p></li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
A registrar would set a “NULL” or send new TAC to remove it from the registry or update the existing TAC.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
“Registrars should manage any TTL scheme”: <o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
Important principle that registrar is completely in control of the transfer process.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
“SHOULD be updated at the registry upon completion of owner change process.”: <o:p>
</o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level2 lfo8">
This is up for discussion.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level1 lfo8">
Important part is the first principle: If you have this code you are the owner for the purpose of transfer. There was discussion on the Small Team about AuthInfo Codes for purposes other than transfers. Look at those to see if these purposes are still legitimate
and if there’s another way to achieve the purpose.<o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><u>Presentation from Jody Kolker on the Strawman List</u>:<o:p></o:p></p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
The registrar creates Auth-Info code and it is hashed at the registry.<o:p></o:p></li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
It’s not stored at the registrar and stored at the registry. <o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level2 lfo10">
Discussed issues of how it would be stored if not at the registry. If the registrar doesn’t have the Auth-Info Code then it can’t prove identity. This is up for discussion.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
Two-factor authentication, not necessarily using cell phone number, could be a security question.<o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level2 lfo10">
Discussed that the registrant would have to have a second form of technology, such as a smart phone.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
32-character min [Alternative: 16 characters].<o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level2 lfo10">
This is what we wanted to get to. Aren’t there right now.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
Require uppercase and lowercase letters, numbers, and special characters. Prohibit use of dictionary words. +Homoglyph consideration (0 vs O) see below.**<o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level2 lfo10">
Discussed homoglyphs and said they shouldn’t be able to use those.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
Registry check to ensure Auth-Code meets minimum requirements -- to discuss with the full group.<o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level2 lfo10">
We would like them to check, but this needs to be discussed with the full WG.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
Timeout after a certain number of requests to initiate a transfer. (Why: Adds integrity to legitimate xfer [slow manual incumbent, automated gaining process], guards against illegitimate [brute force]. What: ServerTransferLock at threshold x, notice to incumbent
registrar, other)<o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level2 lfo10">
This needs to be discussed. Not sure “timeout” is the right word. This would require work by the registry to alert the registrar.<o:p></o:p></li></ul>
</li><li class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt;mso-list:l8 level1 lfo10">
Can Transfer Lock status affect requesting/updating auth code in addition to just blocking a transfer request?<o:p></o:p></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l8 level1 lfo10">
<span style="font-size:11.0pt">There are open questions on a lot of these.</span><o:p></o:p></li></ul>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><u>Discussion</u>:<o:p></o:p></p>
<ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Seems that there are two competing factors: 1) is the Auth-Info Code strong enough? 2) is it useable? In pushing for very long strings and raising the prospect that these will have to be typed by hand (not copied) this would
cause errors. Both considerations should be included. For example, you could have 16-characters broken into groups of 4.</span><o:p></o:p></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Small Team was thinking about how to be secure and still make it useable. If it is too secure it may not be usable, but too usable it may not be secure.</span><o:p></o:p></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Need to ask ourselves how many entities in between do we want to have access to the Auth-Info Codes – resellers? Other service providers? Or only allow directly to the registrant. Need to decide this first before other questions.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Don’t think we can say “no storage” but need to set parameters around storage.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">When we talk about two-step authentication, we need to talk about when that is appropriate. The two-step now is at the registrar panel. There is no two-step after getting the Auth-Info Code.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">The most important point is the discussion about the ecosystems outside of the registrars and registries. They are outside the ICANN contracts. They are using a chain of resellers. So there are questions about storage of the
Auth-Info Code. They might be stored and retrieved many times by many people. Second, if we make technical difficulties in accessing the code we will lose many people.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Need to come up with good practice around storing and keeping it safe.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">The registrar creates Auth-Info code and it is hashed at the registry.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">It's not stored at the registrar and stored at the registry.
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Two-factor authentication, not necessarily using cell phone number, could be a security question.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">32 character min [Alternative: 16 characters].<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Require uppercase and lowercase letters, numbers, and special characters. Prohibit use of dictionary words. +Homoglyph consideration (0 vs O) see below.**<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Registry check to ensure Auth-Code meets minimum requirements -- to discuss with the full group.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Timeout after a certain number of requests to initiate a transfer. (Why: Adds integrity to legitimate xfer [slow manual incumbent, automated gaining process], guards against illegitimate [brute force]. What: ServerTransferLock
at threshold x, notice to incumbent registrar, other)<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Can Transfer Lock status affect requesting/updating auth code in addition to just blocking a transfer request?<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Bulk transfers could be an issue, but this WG could work on alternatives/solutions.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">On multifactor authentication and locking the domain name: Issue is that a lot of us already offer MFA, but user adoption is very low. Have to consider how to encourage adoption. Could require increased support.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">On transfer lock needing to be removed before a transfer: what we see is that resellers or their customers they turn it on and off for no obvious reason. Some resellers turn it off as a default. Lot of use cases regarding when
a transfer lock is present or not.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">This is more of a timing issue: should you be able to receive an Auth-Info Code when a lock is on it.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">The transfer lock being on might impact whether you can request an Auth-Info Code from the registrar.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Re: the second principle (comment from Sarah Wyld): “How does the losing Rr know when to send the TAC to the Ry? E.g. RNH unlocks domain on Monday; on Tuesday they obtain the authcode from the Rr (how? by viewing it in CP? clicking
a button that triggers it to be emailed to them? Some of this is known to the Rr and some is not). On Friday they go to the gaining Rr to initiate the transfer, including providing the authcode to them. At what point was the losing Rr supposed to send the
authcode to the Ry? If the code is always existing in the Rr system and always visible to the RNH via their CP, nothing notifies the losing Rr that the transfer is being initiated until it's already happened.”</span><o:p></o:p>
<ul style="margin-top:0in" type="circle">
<li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level2 lfo11">
<span style="font-size:11.0pt">This doesn’t seem to align with the second item on the strawman list:
<o:p></o:p></span></li></ul>
</li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">When the transfer request has started, when the TAC is provided to the registrant that’s when it is stored at the registry.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">In a lot of different provider control panels the Auth-Info Code is always visible. We would change that to only seeing it when the registrant requests one. Yes, the intent of the principle is that the TAC is only viewable when
the registrant requests it.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">A larger point to keep in mind is that this a proposal and it doesn’t match 100 percent what everyone is doing now. Need to highlight points of use that might be impacted by the principles/strawman. Some people may need to change
some things to align with the principles. Question: do these principles conflict with where you are that would make you want to seek a different solution?<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">We could improve security if the Auth-Info code only exists for a limited period of time, is a one-time password with a TTL, and handled in the registry system, not the registrars.
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Auth-Info Code is used for transfers between resellers at the same registrar.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Keep in mind that although we are talking about Auth-Info Codes in isolation, this leads into the discussion on gaining and losing FOAs.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Primary principle: If someone has this code then someone can transfer it. Need to look at all these items and what is missing in between as well as other uses.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Comment: Need to look at what is going on at the gaining and losing registrar, and what is going on at the registry, and the user interface in each instance. These principles may not be 100-percent aligned, but we tried to gather
up the ideas and put them on the table for the WG.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Staff did some digging to see what diagrams we have on the current process, but some of what we have is not up-to-date. Staff could try to update it to develop a working draft reflecting the current state. What might be most
useful is after we formulate recommendations that we then develop a diagram to reflect those.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Not sure if going back to all the use cases is a good way to spend our time. Instead make sure that we put out our goals and make sure that our language around those goals are technology and policy agnostic, so there is enough
room for all registrars to achieve those goals without limiting use cases.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Might be helpful to have some data - high level - on what the things are that registrants complain about … as mentioned earlier, there is a use sophistication hurdle that might taint that info.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">One thing that came up in the Small Team’s discussion is that there are pieces that are going to be interdependent. Such as bulk-type transfers. There are real-world scenarios where someone might be consolidating domain names.
We may need to talk about whether that use case is or isn’t covered.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Goal between now and the next call is to look at the principles and strawman and add their ideas/comments and how use cases may be impacted.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Re: second principle: suggest changing to “Should only exist at registry when a transfer is [eligible to be] in progress”. New text in brackets.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Re: TTL – could have registrar manage minimum and registry manage maximum; or registrar could manage TTL or registry could manage it. Could be more manageable with the fewer parties that are doing it.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">The TTL should be allowed be very short for high value domains, but it should not be common to set to 15 minutes.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">A TTL should have a minimum value no less than 1-2 days. Would not want a sticky registrar to set it to 5 minutes.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Looking across registrars, the transfer lock is guarding the name.
<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Re: TTL could see that a registrar could set the TTL low to make it hard for a registrant to transfer. There would have to be some kind of minimum.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">On this issue of whether there should be a TTL at the registry and enforced there. Need to change the way we are thinking about this: What is it we are trying to achieve, what is the goal, and who benefits? What is the security
feature we get with one approach or another? If the registry controls TTL then the registrar loses control. Also, the registry can just turn it off and the registrar will get the customer service issue. Focus less on the failure points, and on what is the
benefit in terms of security that the registrant gets?<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Most important to decide whether to have a TTL on the Auth ID. Registry can only validate the Auth ID based on whether it’s expired or now and so that Auth ID needs to be in the registry.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">If we think TTL is a needed feature – seems most agree that there should be an upper and lower limit; we should set those bounds.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">If we set a TTL we always place some part of the risk with the registrant, such as registrar failure, reseller failure, etc.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">The domain name has to be unlocked at the registry. If the registrar fails then the domain name can’t be transferred. If the registrar has the domain name locked, then there is no way to transfer.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">It’s not actually true that if you have the Auth-Info Code you can transfer, you can’t if the registrar has locked the name. Once an Auth-Info code is set at the registry then the locks have to come off.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Seems agreement that we should have TTLs with a maximum and minimum but have not agreed on the management of the TTL.<o:p></o:p></span></li><li class="MsoListParagraph" style="margin-bottom:6.0pt;margin-left:0in;line-height:18.0pt;mso-list:l5 level1 lfo11">
<span style="font-size:11.0pt">Possible new principle: Be sure that we can override the TTL with an Auth-Info Code. Need to be able to invalidate it.<o:p></o:p></span></li></ul>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><b>ACTION ITEM: Homework for WG members – add comments and suggested edits to the principles and strawman list at:
<a href="https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing">
https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing</a> including anything that might be missing, clarifications/changes to terminology, impacts on use cases, etc.<o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><b><o:p> </o:p></b></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt">3. AOB (5 minutes)<b><o:p></o:p></b></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt">- Next meeting: 3 August 2021 @ 16.00 UTC<o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><b><o:p> </o:p></b></p>
</div>
</body>
</html>