[registrars] Proliferation of registrar locks

[Tim Ruiz]

Ross, you said:

"...this trend has been driven by misinformation fed to the market by the
few registrars who put protecting their marketshare ahead of the welfare of
their customers. Locking isn't a bad thing - in fact, on the whole, its
probably a good thing. Creating mass hysteria with your customers and the
media isn't good for anyone except the very selfish few operators who are
propagating the myths about this new policy."

Clearly, if a gaining registrar does not do their due diligence in getting
proper authorization fraudulent transfers will occur. We've seen it happen
many times. It is encouraging to now have an improved process to get those
transfers reversed in a somewhat timelier manner. But as a registrant, I
would not be happy about any time at all that my name is no longer in my
control, especially if my livelihood depended on it. This not a concern over
what *might* happen, it is concern over what *does* happen.

Since you say yourself that locking is probably a good thing, why do you
resort to imputing motives and name calling? That isn't going to solve
anything and certainly won't encourage these registrars to come to the table
and seriously discuss future policy changes.

Tim


-----Original Message-----
From: owner-registrars at gnso.icann.org
[mailto:owner-registrars at gnso.icann.org] On Behalf Of Ross Wm. Rader
Sent: Monday, November 15, 2004 8:59 AM
To: Marcus Faure
Cc: Nikolaj Nyholm; Paul Lecoultre(CORE secretariat); Registrars at dnso.org
Subject: Re: [registrars] Proliferation of registrar locks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15/11/2004 6:01 AM Marcus Faure noted that;

| Well, in that case you should not like the FOA as well. An FOA is not
more
| secure than the authinfo.

I think you are missing my point. The FOA represents explicit
instructions from the registrant - it is the equivalent of a contract.
Auth-info cannot provide this. On the other hand, the FOA doesn't, by
itself, represent that the instructions are coming from an authenticated
source. This is where the auth-info tokens come into play. They really
work together quite well, but you don't need to have auth-info
implemented in order for the FOA to work. There are other ways to
authenticate the registrant.

| Maybe you could explain your point ".com authinfo nightmare" a little
more.

There are no auth-info tokens for .com and .net. Given the confusion
caused by the .org migration, I would expect it to be another two or
three years before it would be safe to rely on a .com auth-info token as
being reliable evidence of identity. We need a solution in the meantime.
Jumping on auth-info in the transfer policy would have left us without a
solution for .com and .net.

| If the policy gives us more security, why have all registrars locked
their
| domains? Even those registars who have not yet put their domains on lock
| will do so soon because the market will drive them to. Is that what the
| transfer policy intended?

I think, in large part, that this trend has been driven by
misinformation fed to the market by the few registrars who put
protecting their marketshare ahead of the welfare of their customers.
Locking isn't a bad thing - in fact, on the whole, its probably a good
thing. Creating mass hysteria with your customers and the media isn't
good for anyone except the very selfish few operators who are
propagating the myths about this new policy.

- --




~                       -rwr



Contact info: http://www.blogware.com/profiles/ross
Skydasher: A great way to start your day
My weblog: http://www.byte.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)

iD8DBQFBmMQj6sL06XjirooRAp59AJ9sem+B2pZHwd9/v1Y0dhz6TqNePwCfceCz
G3uBsRq/6io9PoTlHAstaGg=
=4RbX
-----END PGP SIGNATURE-----