<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI Symbol";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:115222331;
mso-list-template-ids:1670440296;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:154878664;
mso-list-template-ids:1456923062;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l2
{mso-list-id:698968692;
mso-list-type:hybrid;
mso-list-template-ids:-1913901342 -314928900 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l2:level1
{mso-level-start-at:2;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-font-family:Calibri;}
@list l2:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l2:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l2:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l2:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l3
{mso-list-id:1079063087;
mso-list-template-ids:137163146;}
@list l3:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l3:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4
{mso-list-id:1728988043;
mso-list-template-ids:-360810330;}
@list l4:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l4:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5
{mso-list-id:1998268907;
mso-list-template-ids:-1898560494;}
@list l5:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:36.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:72.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:108.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:144.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:180.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:216.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:252.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:288.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:324.0pt;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style>
</head>
<body lang="en-BE" link="#0563C1" vlink="#954F72" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Dear WG members,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">As a follow-up to Tuesday’s session, staff has created a new section of the Additional Security Measures Working Document for members to list other potential security measures for the
group to discuss. Please add your notes on page 8 of the <a href="https://docs.google.com/document/d/1q7xaJuxi50Q6TDD26H92P6wOfZ8luap1wdWOtIgkv7o/edit">
working document</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">We look forward to continuing the discussion on 9 November. Wishing everyone a restful break from WG activities until then.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Kind regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US">Caitlin, Berry, Julie, and Emily<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:12.0pt;color:black">From:
</span></b><span lang="EN-US" style="font-size:12.0pt;color:black">GNSO-TPR <gnso-tpr-bounces@icann.org> on behalf of Julie Hedlund <julie.hedlund@icann.org><br>
<b>Date: </b>Tuesday, 26 October 2021 at 21:04<br>
<b>To: </b>"gnso-tpr@icann.org" <gnso-tpr@icann.org><br>
<b>Subject: </b>[GNSO-TPR] Notes and action items - TPR WG Meeting #23 - 26 Oct 2021<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span lang="EN-US" style="color:black">Dear TPR WG Members,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black">Please find below the notes and action items from today’s call.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black">The next TPR WG meeting will be</span><span lang="EN-US">
<i>in two weeks</i> on<span style="color:black"> <b>Tuesday, </b></span><b>09 November
<span style="color:black">at </span>16:00<span style="color:black"> UTC</span></b><span style="color:black">.<o:p></o:p></span></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black"><br>
Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="color:black">Emily, Julie, Berry, and Caitlin </span><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><b><u><span lang="EN-US" style="color:black"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span lang="EN-US" style="color:black">Action Items<o:p></o:p></span></u></b></p>
<p class="MsoNormal"><b><u><span lang="EN-US" style="color:black"><o:p><span style="text-decoration:none"> </span></o:p></span></u></b></p>
<p class="MsoNormal"><span lang="EN-US">1. <b>ACTION ITEM: WG members to contribute to a list of additional security measures and provide other comments/suggestions in the Google doc for
<a href="https://urldefense.com/v3/__https:/docs.google.com/document/d/1q7xaJuxi50Q6TDD26H92P6wOfZ8luap1wdWOtIgkv7o/edit?usp=sharing__;!!PtGJab4!t3ltLk-w1K9kIEcoxB4bXhYFy2-W_zL51DN3V8_9z4OFEBJWhdgDTiMOM-BUz-U5zDLub9mm7A$">
Additional Security Measures Working Document [docs.google.com]</a>.<o:p></o:p></b></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span lang="EN-US" style="color:black">Transfer Policy Review Phase 1 - Meeting #2</span></b><b><span lang="EN-US">3</span></b><span lang="EN-US" style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:6.0pt;line-height:18.0pt"><b><span lang="EN-US" style="color:black">Tuesday </span></b><b><span lang="EN-US">26
<span style="color:black">October 2021 at </span>17<span style="color:black">:</span>3<span style="color:black">0 UTC<o:p></o:p></span></span></b></p>
<p class="MsoNormal"><span lang="EN-US">1. Chair Update<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">2. About the PDP and Status Update (20 minutes) -- Slides attached<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">About the Transfer Policy: “ICANN consensus policy governing the procedure and requirements for registrants to transfer
their domain names from one registrar to another.”</span><span lang="EN-US"> </span>
<span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span>
<ul type="circle">
<li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Formerly called the Inter‐Registrar Transfer Policy (IRTP)<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Went into effect in November 2004<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">GNSO reviewed the policy once before, shortly after implementation<o:p></o:p></span></li></ul>
</li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Mission and Scope: PDP to conduct a holistic review of the Transfer Policy and determine if changes to the policy are
needed to improve the ease, security, and efficacy of inter-registrar and inter-registrant transfers.</span><span lang="EN-US">
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span>
<ul type="circle">
<li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Conducted in 2 Phases under a single
<u><a href="https://community.icann.org/display/TPRPDP/2.%2BWG%2BCharter">Charter</a><a href="https://community.icann.org/display/TPRPDP/2.%2BWG%2BCharter">
</a></u>& covering 8 topics.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">PDP began Phase 1(a) in May 2021:<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Phase 1(a) Topics: Forms of Authorization and AuthInfo Codes<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">The working group has now conducted initial deliberations on each of the Phase 1(a) topics and has begun to develop “candidate
recommendations” and draft responses to charter questions.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">While members and alternates are limited to representatives designated by SO/AC/SG/Cs, anyone can sign up to observe.<o:p></o:p></span></li></ul>
</li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Topics:</span><span lang="EN-US">
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span>
<ul type="circle">
<li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">AuthInfo Code Management<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Gaining & Losing Registrar Form of Authorization (FOA)<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">FOA: Further Work Needed</span><span lang="EN-US">
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span>
<ul type="square">
<li class="MsoListParagraph" style="mso-list:l2 level3 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">EPDP included the workaround from the Temporary Specification in its recommendations, which were adopted by the ICANN
Board.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level3 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Registrars identified challenges in ICANN org’s position that a Gaining Registrar is required to send a Gaining FOA where
the email address “is available”, as there is no guarantee that the email goes directly to the registrant.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level3 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">ICANN Board passed a resolution to defer contractual compliance enforcement of the Gaining FOA requirement pending further
work in this area.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level3 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Contracted Party House Tech Ops Subcommittee has developed a proposal for a proposed transfer process.<o:p></o:p></span></li></ul>
</li></ul>
</li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Status: Potential Recommendations Under Consideration</span><span lang="EN-US">
</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p></o:p></span>
<ul type="circle">
<li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Eliminate requirement for the Gaining Registrar to send the Gaining FOA and obtain consent from the Registered Name Holder
before it may proceed with the transfer.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Eliminate requirement for the Losing Registrar to send the Losing FOA to the Registered Name Holder.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">New notifications from the Losing Registrar to the Registered Name Holder when key changes are made to the account, some
mandatory for the Losing Registrar to send, others optional.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Additional security for the AuthInfo Code, which the group is recommending be called the “Transfer Authorization Code”
(TAC). Highlights:<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Segoe UI Symbol",sans-serif">➔</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Minimum requirements
for TAC syntax/complexity, adherence to requirements confirmed by registry<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Segoe UI Symbol",sans-serif">➔</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Losing Registrar
generates TAC upon request<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Segoe UI Symbol",sans-serif">➔</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> TAC may only be
used once<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Segoe UI Symbol",sans-serif">➔</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> TAC is valid for
a limited period of time (Time to Live)<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level2 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Segoe UI Symbol",sans-serif">➔</span><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Registry must securely
store the TAC using a one-way hash that protects the TAC from disclosure<o:p></o:p></span></li></ul>
</li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">After the WG has reviewed the elements relating to single transfers, the WG will consider issues relating to bulk transfers.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><span lang="EN-US">3. Deliberations on Additional Security Measures (60 minutes) -- see:
<a href="https://urldefense.com/v3/__https:/docs.google.com/document/d/1q7xaJuxi50Q6TDD26H92P6wOfZ8luap1wdWOtIgkv7o/edit__;!!PtGJab4!vjl06Qn8UftaQiLbKWi1jS9QQaHmYQM8XU-D4tjserWynICxRCnHmZd3yqK9iESaf9AsXa8f7A$" title="https://urldefense.com/v3/__https://docs.google.com/document/d/1q7xaJuxi50Q6TDD26H92P6wOfZ8luap1wdWOtIgkv7o/edit__;!!PtGJab4!vjl06Qn8UftaQiLbKWi1jS9QQaHmYQM8XU-D4tjserWynICxRCnHmZd3yqK9iESaf9AsXa8f7A$">
Additional Security Measures working document [docs.google.com]</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><u><span lang="EN-US">Overview</span></u><span lang="EN-US">:<o:p></o:p></span></p>
<ul type="disc">
<li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Staff and leadership developed a chart of an overview of inter-registrar transfer locks following last week’s discussion.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">To help everyone understand what locks we are talking about.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Where we are unsure of the origin of a lock staff has inserted an asterisk (*).</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Looking for feedback to make sure this is complete and accurate.</span><span lang="EN-US"><o:p></o:p></span></li></ul>
<p class="MsoNormal"><u><span lang="EN-US">Discussion:<o:p></o:p></span></u></p>
<ul type="disc">
<li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">A lot of registrars apply locks by default to protect against unauthorized transfers.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Not all domain locking is an additional security measure – whether it prevents hijacking depends on good account security
– it is a dependency. If you lose control of the account it doesn’t matter if there is a lock or not. Need to capture these details.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">The key is if we say that there is a mandatory lock and if someone gets ahold of someone’s account, it doesn’t matter since
it can’t be transferred for 60 days. It becomes a more difficult hack if you have to hack both the registrar and registry accounts.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">The concern with these stated security features is that there is a relationship between them – we need to capture and recognize
that. Challenging to talk about them in isolation.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Question: What do the asterisks mean? Answer: It denotes uncertainty on the staff support side as to the origin of a lock
– indicating that the origin is a guess.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">First row: If this lock that many registrars do upon creation: the charter question a6 is whether this should be mandatory
or just allowed as it is today. Leaning towards keeping it optional, but focusing on trying to keep it as consistent as possible across registrars.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Is there an opportunity to get more information about the impact/concerns relating to inconsistency of application of locks?</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">The charter question being specific to this first row – seems that we have answered that, but we need to resolve the 60-day
creation.</span><span lang="EN-US"><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">“Lock means a set of measures that a registrar applies to a domain name, which prevents at a minimum any modification to
the registrant and registrar information by the Respondent, but does not affect the resolution of the domain name or the renewal of the domain name. (UDRP Rules, Section 1)”<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">The UDRP lock is different than EPP code clientTransferProhibited (which can allow change of registrant info).<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">There is an issue that some registrars may be imposing a UDRP lock that also locks the nameservers in place, which can
prevent removal of allegedly infringing content etc.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Question: Any ideas on additional security measure we could be doing to improve this? Should we put in requirements around
registrar and registry locks?<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Question: Is this a place where people want to talk about multi-factor authentication? Answer: Not sure we want to include
this in our policy.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Question: Is there a multi-factor piece of transfers that is possible?<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">We shouldn’t make assumptions about any one feature because they do have dependencies.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Multi-factor authentication is a security feature and if it is present it may help. We could note that it may or may not
be present, and we could say something about it if it is present in transfers. We can mention that it adds to the security features if it is present. Different registrar models have different use cases for multi-factor authentication.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Should not make it too difficult for a registrar to do it if it wishes to use MFA.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">In terms of scope and deliberation on additional security measures as they relate to transfer policy is in scope, although
it might not be a consensus policy. Looking at the WG Guidelines there is nothing that would prevent the WG from providing implementation guidance. Perhaps there is language that is not consensus policy but could help the implementers.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">What we could consider doing is for it to be allowed to have MFA on the TAC, but not on other actions. That would be in
scope.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">It’s important that we put boundaries on either side of this – can’t make it too easy to transfer a domain name but also
can’t make it too hard.<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Steinar Grøtterød-TPR Member (At-Large) to Everyone (2:46 PM): <COMMENT> I am in favor or adding wording that describes
a requirement for registrars to make access to their control panel in a secure way. Of importance is also the distribution of the TAC to the Registrant/DNH. I find it strange that 2FA is enabled for accessing a control panel and then the TAC is sent in unsecured
way (email).<COMMENT><o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Question: Should we brainstorm a list of security measures?<o:p></o:p></span></li><li class="MsoListParagraph" style="mso-list:l2 level1 lfo3"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif">Shouldn’t be prescriptive on the mechanism.<o:p></o:p></span></li></ul>
<p class="MsoNormal"><b><span lang="EN-US">ACTION ITEM: WG members to contribute to a list of additional security measures and provide other comments/suggestions in the Google doc for
<a href="https://urldefense.com/v3/__https:/docs.google.com/document/d/1q7xaJuxi50Q6TDD26H92P6wOfZ8luap1wdWOtIgkv7o/edit?usp=sharing__;!!PtGJab4!t3ltLk-w1K9kIEcoxB4bXhYFy2-W_zL51DN3V8_9z4OFEBJWhdgDTiMOM-BUz-U5zDLub9mm7A$">
Additional Security Measures Working Document [docs.google.com]</a>.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">4. AOB (5 minutes)<o:p></o:p></span></p>
<ul style="margin-top:0cm" type="disc">
<li class="MsoNormal" style="mso-list:l0 level1 lfo8"><span lang="EN-US">Next meeting:
<i>In two weeks</i> on Tuesday, 9 November 2021 at 16:00 UTC (no meeting next week).<o:p></o:p></span></li></ul>
</div>
</body>
</html>