<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:40911884;
mso-list-template-ids:-1749495364;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:712769670;
mso-list-template-ids:1860232940;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:1346637779;
mso-list-template-ids:-1022218088;}
@list l2:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:"Times New Roman";}
@list l2:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l2:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l3
{mso-list-id:1436827888;
mso-list-template-ids:-139947670;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:1810046863;
mso-list-template-ids:-905817680;}
@list l4:level1
{mso-level-start-at:5;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Dear TPR WG Members,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Please find below the notes and action items from today’s call.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">The next TPR WG meeting will be Tuesday, 12 October at 16:00 UTC.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><br>
Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">Emily, Julie, Berry, and Caitlin <o:p></o:p></span></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;color:black"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;color:black"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;color:black">Action Items<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span style="font-size:11.0pt;color:black"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">1. Working Group Members to review the table on p. 14 of the
<a href="https://docs.google.com/document/d/1QOCzbLh7w4hdijpAsg6_lybddr0nlsFDcWjdz5e21Qo/edit">
Gaining FOA working document</a>, which sets out the purposes/functions of the pre-GDPR Gaining FOA. The purposes/functions are listed in an effort to ensure that if the Gaining FOA is ultimately eliminated, any important purpose/function is covered elsewhere
or in an updated step of the transfer process by <b><u>Monday, 11 October</u></b>.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">2. TPR Support Staff to review the transcript from today's call and document the rationales described for why the Gaining FOA may be technically feasible, but it is NOT commercially feasible or
legally authorized under the current data protection landscape. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black">3. Working Group Members to review the TAC Candidate Recommendations, beginning on p. 17 of the
<a href="https://docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit">
Auth-Info Code working document</a>, and provide comments, concerns, and proposed edits, etc., by
<b><u>Monday, 11 October</u></b>. <o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><span style="font-size:11.0pt;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;color:black">Transfer Policy Review Phase 1 - Meeting #20</span></b><span style="font-size:11.0pt;color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><b><span style="font-size:11.0pt;color:black">Tuesday 5 October 2021 at 16:00 UTC<o:p></o:p></span></b></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l2 level1 lfo1">
<span style="font-size:11.0pt">Roll Call & SOI Updates (5 minutes)<o:p></o:p></span>
<ul type="disc">
<li class="MsoListParagraph" style="color:black;line-height:18.0pt;mso-list:l2 level2 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Tucows has recently purchased the registry platform of another company. Sarah will continue to represent the RrSG but wanted to note this.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:18.0pt;mso-list:l2 level2 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Thomas Keller has left the RrSG, and accordingly, has left the WG.<o:p></o:p></span></li></ul>
</li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l2 level1 lfo1">
<span style="font-size:11.0pt">Welcome & Chair updates (5 minutes)<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l2 level1 lfo1">
<span style="font-size:11.0pt">Upcoming meeting schedule and ICANN72 (5 minutes)<o:p></o:p></span>
<ul type="disc">
<li class="MsoListParagraph" style="color:black;line-height:18.0pt;mso-list:l2 level2 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">TPR session will be
<b><u>Tuesday, 26 October at 10:30-12:00 UTC</u></b>. This will function as a normal WG meeting.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:18.0pt;mso-list:l2 level2 lfo1">
<span style="font-size:11.0pt;font-family:"Calibri",sans-serif">The Tuesday, 2 November meeting immediately following ICANN72 will be cancelled.<o:p></o:p></span></li></ul>
</li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l2 level1 lfo1">
<span style="font-size:11.0pt">Gaining FOA (40 minutes)<o:p></o:p></span></li></ol>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;color:black"><a href="https://urldefense.com/v3/__https:/docs.google.com/document/d/1QOCzbLh7w4hdijpAsg6_lybddr0nlsFDcWjdz5e21Qo/edit?usp=sharing__;!!PtGJab4!vMmTykrjPYC2EmozCVy1-ZxnTnCkZdZg6MMPo3BgHqaJZGP_Rq1RJtI8T5btCW-bOVHqJsF7VmI$"><span style="color:#0563C1">Gaining
FOA working document [docs.google.com]</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l0 level1 lfo2">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;color:black">In reviewing the Gaining FOA, support staff has outlined the functions of the Gaining FOA to see if the functions and security measures are covered.<o:p></o:p></span></p>
<ul type="disc">
<ul type="disc">
<li class="MsoListParagraph" style="color:black;mso-list:l0 level2 lfo2"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">1. Provides a verification step that is distinct from any processes with the Losing Registrar.<o:p></o:p></span>
<ul type="disc">
<li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">The Gaining and Losing FOA were methods of how to transfer the domain name. These were not really a verification step. With the verification of the TAC, this would be covered.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">If the Gaining FOA is removed and the team is relying on stronger security features, wonder if now is a good time to discuss what some of those additional security features may
be. For example, when thinking about the entire transfer process, is it worth giving initial indications about what additional security measures could be explored in the context of the Gaining FOA being removed. With respect to Charter question a3, the Temp
Spec references other secure methods – is this something that should be explored here?
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">The team already put in details regarding the TAC – does anyone believe this requires more discussion?<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">The process the WG is going through is trying to capture the deliberation and rationale that is being proposed by the WG. Part of that process is trying to consider other possible
aspects. For example, Charter question a3 – until such time as the RDAP service or other secure method…the Temp Spec is pointing to RDAP and/or some secure method for transferring the data. For now, set aside the questions of lawfulness – the group needs to
provide appropriate rationale for why the Gaining FOA is no longer required. As a practical matter, pre-GDPR, the Gaining Registrar got information automated via Port43, and registrars whitelisted each other to facilitate this. Could it be conceivable that
now that RDAP is partially initiated that in two years – could a whitelist function be implemented that would allow registrars to still obtain the email address of an registered name holder? Or if not as simple as whitelisting, is there some sort of authentication
mechanism that could be considered? This is the kind of deliberation that needs to happen here to provide the rationale for why the Gaining FOA could be removed.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">The technical answer is yes – there are many ways to facilitate this; however, we must consider data protection law.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">There will not be a legal basis for this transfer – the Gaining FOA is not needed. This is also probably not commercially feasible.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">This could end up being very confusing for the registrant. In some jurisdictions, this is not possible, and transfers would be handled differently from registrar to registrar –
this is not ideal. <o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Could the SSAD, if it were to be approved, be a way for registrars to gain access to the registered name holder’s data? UDRP providers are envisioned to use SSAD to verify the
respondent in a UDRP complaint; similarly, could gaining registrars use SSAD to verify the identity of the registered name holder for purposes of a transfer?
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Prior to GDPR, there was a system called RADAR that registrars could use. The problem would be the level of effort where you are potentially losing a paying customer could be cost-prohibitive.
This does not overcome the risk of the transfer of personal information under GDPR.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Worthy to note that yes, there may be technical solutions. Is legal advice necessary to make a determination about the lawfulness of the processing of data? One member noted that
there is not a lawful basis to process this data. This warrants an action by this group to document the lawfulness or lack thereof of processing this data. This is important to document for the purpose of public comment and the board. The response that this
is not lawful will not be adequate. In today’s world, there is still a balancing for disclosure to UDRP providers. Recommend the group is very technically and legally precise and makes this understandable for those outside of this group.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Support Staff to pull out the relevant portions of this conversation to document rationales discussed<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">It is not that the gaining FOA is not obtaining the PII. It used to be that the public WHOIS was used to send the FOA to the domain owner. The Team has to ground this transfer
in necessity. Unlike the UDRP, where the data is necessary, the transfer process has functioned properly without the Gaining FOA for years without instances of increased domain name theft.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">ICANN community seems to be very easy going on the data that is collected and processed. The data registrars have, in general, is high level data, and it poses a huge security
risk. <o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Transfers used to be just FOAs and then auth-info codes were added to make it more secure. Auth-info codes obviated the need for Gaining FOAs, and the last three years have additionally
proven this point.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Gaining FOA also provides notice that registrant will need to enter into Registration Agreement with new Registrar<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">The registrant will need to enter into a registration agreement, but the Gaining FOA is not the first interaction between the gaining registrar and the registrant. The terms of
service and registration agreement should happen before the Gaining FOA step.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Confirm the transfer in a 5-day window – have to actively knowledge the transfer – this may be a security feature that is not covered in future-state.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Loosely provides instructions about how to stop the transfer.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">This chart is helpful – the 5-day window is already covered (item 2) and provides instructions about to stop the transfer is already covered in item 5.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level3 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">Encourage members to continue adding reasons to the right side of the column so that the rationale is clearly documented.
<o:p></o:p></span></li></ul>
</li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level2 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">2. Transfer may proceed only when RNH has responded to this notification, therefore the notification is always well in advance of the transfer taking place.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level2 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">3. Gaining Rr obtains PII from Losing Rr and uses it to send Gaining FOA.
<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level2 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">4. Express authorization by RNH is needed for transfer to proceed.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level2 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">5. If the RNH takes no action in response to the Gaining FOA, transfer does not proceed.<o:p></o:p></span></li><li class="MsoListParagraph" style="color:black;line-height:150%;mso-list:l0 level2 lfo2">
<span style="font-size:11.0pt;line-height:150%;font-family:"Calibri",sans-serif">6. The Gaining FOA provides documentation that RNH has authorized the transfer.<o:p></o:p></span></li></ul>
</ul>
<p class="MsoListParagraph" style="margin-left:1.0in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<ol style="margin-top:0in" start="5" type="1">
<li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l4 level1 lfo3">
<span style="font-size:11.0pt">Review of draft responses to charter questions and candidate recommendations for AuthInfo Codes (30 minutes)<o:p></o:p></span></li></ol>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;color:black"><a href="https://urldefense.com/v3/__https:/docs.google.com/document/d/1O9PAnxWFUuPofLQCWIQXz8lT7KEj1HgH3b_obh0AK00/edit?usp=sharing__;!!PtGJab4!vMmTykrjPYC2EmozCVy1-ZxnTnCkZdZg6MMPo3BgHqaJZGP_Rq1RJtI8T5btCW-bOVHqhnsvGbA$"><span style="color:#0563C1">AuthInfo
Codes working document [docs.google.com]</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;color:black">Based on the Team’s previous discussions, Support Staff drafted responses to the charter questions and accompanying candidate recommendations for the WG to review.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;color:black">Note: these are not draft recommendations at this stage.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-size:11.0pt;color:black">Candidate Recommendation 1</span></b><span style="font-size:11.0pt;color:black">: The Working Group recommends that the</span><b><span style="color:#980000">
</span></b><span style="font-size:11.0pt;color:black">Transfer Policy and all related policies use the term “Transfer Authorization Code (TAC)” in place of the currently-used term “AuthInfo Code.” This recommendation is for an update to terminology only and
does not imply any other changes to the substance of the policies.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-size:11.0pt;color:black">Candidate Recommendation 2</span></b><span style="font-size:11.0pt;color:black">: The Working Group recommends that the Transfer Authorization Code be defined as follows: “A Transfer
Authorization Code (TAC) is a code created by a Registrar of Record to validate that a request to transfer domain name in a generic top-level domain (gTLD) is submitted by the authorized person. A TAC is required for a Registered Name Holder to transfer a
domain name from one Registrar to another.”<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">It is reasonable in some situations where someone other than the domain owner would have the TAC. Not sure this should be limited to authorized person. WG considered that having the TAC makes someone an authorized person.
<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-size:11.0pt;color:black">Candidate Recommendation 3</span></b><span style="font-size:11.0pt;color:black">: The Working Group recommends that the Transfer Policy require that the TAC must be a minimum of [16
characters] [32 characters] in length or any alternative minimum length prescribed by ICANN from time to time. <o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">There were two suggestions for length, so both options are included in brackets.<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-size:11.0pt;color:black">Candidate Recommendation 4</span></b><span style="font-size:11.0pt;color:black">: The Working Group recommends that the Transfer Policy require that the TAC include at a minimum of
one uppercase letter, one lowercase letter, one number, and one special character.<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">ICANN internal colleagues noted that entropy is important – for example, 128 bits of entropy.
<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">Instead of specifying, perhaps reference a security standard like NIST.<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">The problem with specifying a current standard is what happens when the standard changes – how long do registrars have to implement the new standard?<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">Could consider adding – or different length as prescribed by ICANN<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">Could the policy recommendation be for ICANN to set the specific standard as prescribed by NIST – in other words, the policy itself would be specific, but the policy recommendation would not be specific to allow for flexibility.
<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-size:11.0pt;color:black">Candidate Recommendation 5</span></b><span style="font-size:11.0pt;color:black">: The Working Group recommends that the registry verify that the TAC meets the requirements specified
in Recommendations 3 and 4.<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;margin-bottom:6.0pt;line-height:18.0pt;mso-list:l1 level3 lfo4">
<span style="font-size:11.0pt">When should this verification take place? If anyone has comments, please populate in the document.
<o:p></o:p></span></li></ul>
</ul>
</ul>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:1.0in;text-indent:-.25in;line-height:18.0pt;mso-list:l1 level1 lfo4">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><b><span style="font-size:11.0pt;color:black">Candidate Recommendation 6</span></b><span style="font-size:11.0pt;color:black">: [The Working Group recommends that the Registrar of Record [and registrant] receive a notification
after [number] failed attempts to enter the TAC. ICANN Org may change from time to time the number of failed attempts that trigger a notification.] OR [The Working Group recommends that after [number] failed attempts to enter the TAC, it is not possible to
attempt a transfer for [period of time]. ICANN Org may change from time to time the number of failed attempts that trigger this result.]. <o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:0in;margin-right:0in;margin-bottom:6.0pt;margin-left:40.5pt;text-indent:-22.5pt;line-height:18.0pt">
<span style="font-size:11.0pt;color:black">5. AOB (5 minutes)<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in;text-indent:-.25in;mso-list:l3 level1 lfo5">
<![if !supportLists]><span style="font-size:10.0pt;font-family:Symbol;color:black"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:11.0pt;color:black">Next meeting</span><span style="font-size:11.0pt">: 12 October<span style="color:black"> 2021 @ <span style="background:white">16.00 UTC</span><o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;color:black"> <o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
</div>
</body>
</html>