Hello, On Thu, May 28, 2009 at 1:36 PM, Mike Rodenbaugh wrote:
c) Whether special provisions are needed for a change of registrant when it occurs near to the time of a change of registrar
We'd support the PDP, if it will raise the general level of security for all registrants. For many years we've been fighting to reverse domain name thefts and the industry needs to be proactive regarding security, instead of "reactive" using an exception mechanism. Some of our past comments within ICANN can be seen at: http://forum.icann.org/lists/transfer-comments-g/msg00003.html and some registrars have followed our advice. However, this issue is also closely tied in to WHOIS accuracy and registrant verification. Domains are valuable and if the thieves are able to operate in relative anonymity, they'll continue to operate. Address verification and other systems (2-factor security, out-of-band verification, etc.) can be used to raise the level of security for every registrant and their clients/users. One should be cautious about the "special provisions" noted above, as most domain name purchases/sales will involve a change of registrar at the same time as a registrant change (e.g. Sally Jones purchases Example.com from John Smith, registered at NSI, and immediately transfers the name to her favourite registrar Tucows). But, I assume we'll have lots of time to comment on anything produced by members of the PDP, so nothing too kooky should come out of the process once everyone has had an opportunity to review it. Making ALL domain registrant changes highly secure (with an audit trail, with verified registrants) reduces the need for exception mechanisms. Rogue registrars are also part of the problem (e.g. RegisterFly, EstDomains) and so the bar needs to be raised in terms of due diligence in the registrar accreditation and ongoing compliance process. Sincerely, George Kirikos 416-588-0269 http://www.leap.com/