GNSO TPR PDP meeting on Sep 5, 2022
Dear all, Due to the cancellation of the CPWG meeting on Sep 7, 2022, I will inform the CPWG of the outcome of the CPWG informal letter to the TPR WG.
From the minutes
* Update from Steiner on the At-Large summary of the CPWG discussion on Change of Registrant policy. See attached. * Had a fruitful discussion last week on the CPWG call. * Based on that discussion, if we are going to change anything on the transfer lock the CPWG would like some statistics/data supporting removing that part of the policy. But we don’t have any statistics. If we will have transfer lock period it might be reduced to less than 60 days. Specifically: “Input to the discussion were mostly connected to the question whether the present 60-days transfer lock after a change of registrant data is preventing domain name hijacking. Further - the majority of the CPWG attendees requested data about the volume of hijacked domain names. These statistics - if available, may indicate if the transfer lock after a change of registrant is needed. The discussion also covered whether a transfer lock is needed for mitigation of domain name hijacking.” * Discussion: * Wonder if Compliance has some data? * Registrars have indicated that they don’t have data. * Without data we should remove it. * From staff re: question about data: Compliance has provided data related to complaints about the lock itself in Phase 1A, but not specific enough in terms of hijacking. As to data to “prove” that a lock is necessary or not, we don’t have that level of breakdown/tracking to speak to that issue. * Compliance tracks transfer complaints in general, but does not break down to “inter registrar" vs. “COR”. * The best you can get is the NACK statistics from the Open Data Initiative, but only limited years and not recent. Does show significant use of the NACK, but can’t correlate it to hijacking. * Not sure that we can get valuable data as to why there was a NACK in the first place. * Registrars offer different levels of security and registrant can pick the model that fits their needs/shop around to get what they are looking for. * I also remember most complaints about COR to Compliance were people annoyed by not being to unlock their domains. For hijacked domains, the hijack happened even with COR process (which hijackers were able to bypass). * It’s a very interesting perspective. As registrars can and do provide security that is superior to minimum requirements under the Transfer Policy. Accordingly, it may be that this is the answer; leave it to registrants to select a registrar with desirable security protocols to prevent unauthorized transfer. All recordings for the Transfer Policy Review PDP WG call held on Tuesday, 06 September 2022 at 16:00 UTC can be found on the agenda wiki page <https://community.icann.org/x/BwVpD> (attendance included) and the GNSO Master calendar <https://urldefense.com/v3/__https:/gnso.icann.org/en/group-activities/calend...> . Regards, Steinar Grøtterød
Thank you Steinar. I invite any other ALAC Reps in GNSO PDPs to provide their summarised update, if any, by email, like you have done so well. Kindest regards, Olivier On 07/09/2022 09:13, Steinar Grøtterød wrote:
Dear all,
Due to the cancellation of the CPWG meeting on Sep 7, 2022, I will inform the CPWG of the outcome of the CPWG informal letter to the TPR WG.
From the minutes
* Update from Steiner on the At-Large summary of the CPWG discussion on Change of Registrant policy. See attached. o Had a fruitful discussion last week on the CPWG call. o Based on that discussion, if we are going to change anything on the transfer lock the CPWG would like some statistics/data supporting removing that part of the policy. But we don’t have any statistics. If we will have transfer lock period it might be reduced to less than 60 days. Specifically: “Input to the discussion were mostly connected to the question whether the present 60-days transfer lock after a change of registrant data is preventing domain name hijacking. Further - the majority of the CPWG attendees requested data about the volume of hijacked domain names. These statistics - if available, may indicate if the transfer lock after a change of registrant is needed. The discussion also covered whether a transfer lock is needed for mitigation of domain name hijacking.” * Discussion: o Wonder if Compliance has some data? o Registrars have indicated that they don’t have data. o Without data we should remove it. o >From staff re: question about data: Compliance has provided data related to complaints about the lock itself in Phase 1A, but not specific enough in terms of hijacking. As to data to “prove” that a lock is necessary or not, we don’t have that level of breakdown/tracking to speak to that issue. o Compliance tracks transfer complaints in general, but does not break down to “inter registrar" vs. “COR”. o The best you can get is the NACK statistics from the Open Data Initiative, but only limited years and not recent. Does show significant use of the NACK, but can’t correlate it to hijacking. o Not sure that we can get valuable data as to why there was a NACK in the first place. o Registrars offer different levels of security and registrant can pick the model that fits their needs/shop around to get what they are looking for. o I also remember most complaints about COR to Compliance were people annoyed by not being to unlock their domains. For hijacked domains, the hijack happened even with COR process (which hijackers were able to bypass). o It’s a very interesting perspective. As registrars can and do provide security that is superior to minimum requirements under the Transfer Policy. Accordingly, it may be that this is the answer; leave it to registrants to select a registrar with desirable security protocols to prevent unauthorized transfer.
All recordings for the*Transfer Policy Review PDP WG*call held on*Tuesday,06 September 2022at 16:00 UTC*can be foundon theagenda wiki page <https://community.icann.org/x/BwVpD>(attendance included)and theGNSO Master calendar<https://urldefense.com/v3/__https:/gnso.icann.org/en/group-activities/calend...>.
Regards,
Steinar Grøtterød
On 07/09/2022 07:13, Steinar Grøtterød via CPWG wrote:
* Discussion: o Wonder if Compliance has some data? o Registrars have indicated that they don’t have data. o Without data we should remove it. o >From staff re: question about data: Compliance has provided data related to complaints about the lock itself in Phase 1A, but not specific enough in terms of hijacking. As to data to “prove” that a lock is necessary or not, we don’t have that level of breakdown/tracking to speak to that issue. o Compliance tracks transfer complaints in general, but does not break down to “inter registrar" vs. “COR”. o The best you can get is the NACK statistics from the Open Data Initiative, but only limited years and not recent. Does show significant use of the NACK, but can’t correlate it to hijacking.
I've got ICANN registrar transaction data back to 2001 (even extracted it from various document formats) and have been tracking the data each month. The raw CSV format reports are available on https://www.icann.org/resources/pages/registry-reports It seems that ICANN just doesn't pay attention to the quality of the registrar transaction reports that are filed and some, like .AFRICA, have not had any real data since they launched. Some registries file partial or corrupted reports but ICANN seems overwhelmed by having to deal with these reports. The Open Data Platform was a good idea but it was a bit of a management solution that ignored fundamental data quality issues. It would be possible to produce historical NACK data from the reports if it would be of any help. The main targets for domain name theft would be the .COM/NET/ORG. The latest dataset on the ICANN site is from May 2022 while the latest on the ODP is 2020 data. The data to 202203 is currently loaded into the large historical table here and this is the txgain-nack historical data for .COM back to 2007 (gtld - Year/Month - NACK): | com | 200704 | 11090 | | com | 200705 | 76148 | | com | 200706 | 11769 | | com | 200707 | 14099 | | com | 200708 | 13182 | | com | 200709 | 14322 | | com | 200710 | 16652 | | com | 200711 | 20028 | | com | 200712 | 25344 | | com | 200801 | 27895 | | com | 200802 | 19313 | | com | 200803 | 17447 | | com | 200804 | 17145 | | com | 200805 | 17804 | | com | 200806 | 16762 | | com | 200807 | 16345 | | com | 200808 | 16184 | | com | 200809 | 14881 | | com | 200810 | 19241 | | com | 200811 | 107859 | | com | 200812 | 83442 | | com | 200901 | 13736 | | com | 200902 | 14673 | | com | 200903 | 18566 | | com | 200904 | 24207 | | com | 200905 | 20245 | | com | 200906 | 18223 | | com | 200907 | 17276 | | com | 200908 | 16222 | | com | 200909 | 13942 | | com | 200910 | 15386 | | com | 200911 | 12386 | | com | 200912 | 12786 | | com | 201001 | 12483 | | com | 201002 | 12458 | | com | 201003 | 14498 | | com | 201004 | 29430 | | com | 201005 | 11345 | | com | 201006 | 11580 | | com | 201007 | 11046 | | com | 201008 | 10850 | | com | 201009 | 10315 | | com | 201010 | 11402 | | com | 201011 | 10782 | | com | 201012 | 11187 | | com | 201101 | 16472 | | com | 201102 | 12050 | | com | 201103 | 11822 | | com | 201104 | 12852 | | com | 201105 | 10815 | | com | 201106 | 10565 | | com | 201107 | 10100 | | com | 201108 | 13567 | | com | 201109 | 13484 | | com | 201110 | 8625 | | com | 201111 | 9120 | | com | 201112 | 14957 | | com | 201201 | 11250 | | com | 201202 | 9663 | | com | 201203 | 13135 | | com | 201204 | 9097 | | com | 201205 | 8388 | | com | 201206 | 9610 | | com | 201207 | 8320 | | com | 201208 | 56036 | | com | 201209 | 86917 | | com | 201210 | 8538 | | com | 201211 | 7651 | | com | 201212 | 7955 | | com | 201301 | 9196 | | com | 201302 | 8748 | | com | 201303 | 9235 | | com | 201304 | 8240 | | com | 201305 | 7790 | | com | 201306 | 8663 | | com | 201307 | 9344 | | com | 201308 | 6745 | | com | 201309 | 6445 | | com | 201310 | 6958 | | com | 201311 | 5645 | | com | 201312 | 5866 | | com | 201401 | 10639 | | com | 201402 | 7294 | | com | 201403 | 13081 | | com | 201404 | 18417 | | com | 201405 | 7540 | | com | 201406 | 7004 | | com | 201407 | 6445 | | com | 201408 | 7203 | | com | 201409 | 9225 | | com | 201410 | 7443 | | com | 201411 | 7796 | | com | 201412 | 7703 | | com | 201501 | 8650 | | com | 201502 | 7540 | | com | 201503 | 8830 | | com | 201504 | 7758 | | com | 201505 | 8251 | | com | 201506 | 7558 | | com | 201507 | 7251 | | com | 201508 | 7299 | | com | 201509 | 7417 | | com | 201510 | 8032 | | com | 201511 | 7100 | | com | 201512 | 6278 | | com | 201601 | 7126 | | com | 201602 | 10018 | | com | 201603 | 8020 | | com | 201604 | 7247 | | com | 201605 | 7070 | | com | 201606 | 6537 | | com | 201607 | 6330 | | com | 201608 | 7179 | | com | 201609 | 6581 | | com | 201610 | 6665 | | com | 201611 | 6821 | | com | 201612 | 6088 | | com | 201701 | 8357 | | com | 201702 | 8774 | | com | 201703 | 9656 | | com | 201704 | 8104 | | com | 201705 | 6222 | | com | 201706 | 6693 | | com | 201707 | 5834 | | com | 201708 | 6618 | | com | 201709 | 6306 | | com | 201710 | 7154 | | com | 201711 | 6626 | | com | 201712 | 6065 | | com | 201801 | 6754 | | com | 201802 | 6185 | | com | 201803 | 6729 | | com | 201804 | 12105 | | com | 201805 | 7329 | | com | 201806 | 10029 | | com | 201807 | 8330 | | com | 201808 | 23764 | | com | 201809 | 10502 | | com | 201810 | 10830 | | com | 201811 | 10891 | | com | 201812 | 10735 | | com | 201901 | 12392 | | com | 201902 | 9691 | | com | 201903 | 10122 | | com | 201904 | 9677 | | com | 201905 | 11302 | | com | 201906 | 17776 | | com | 201907 | 33328 | | com | 201908 | 11636 | | com | 201909 | 10232 | | com | 201910 | 12432 | | com | 201911 | 12030 | | com | 201912 | 11964 | | com | 202001 | 21279 | | com | 202002 | 14115 | | com | 202003 | 13757 | | com | 202004 | 20973 | | com | 202005 | 15150 | | com | 202006 | 18829 | | com | 202007 | 22475 | | com | 202008 | 19439 | | com | 202009 | 9115 | | com | 202010 | 8379 | | com | 202011 | 9869 | | com | 202012 | 10656 | | com | 202101 | 9613 | | com | 202102 | 7809 | | com | 202103 | 11387 | | com | 202104 | 7529 | | com | 202105 | 13874 | | com | 202106 | 14561 | | com | 202107 | 14996 | | com | 202108 | 20619 | | com | 202109 | 6360 | | com | 202110 | 5782 | | com | 202111 | 7602 | | com | 202112 | 7609 | | com | 202201 | 8082 | | com | 202202 | 7800 | | com | 202203 | 8921 | The April 2022 NACK was 7,576 and the May 2022 NACK was 32,349. While ICANN Compliance may have some data on some domain name disputes, more reliable data could be derived from some of the UDRP decisions where domain name theft is a component of the dispute. There are also tx-dispute fields in the registrar transaction rpeorts which may be of use. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by Avast antivirus software. www.avast.com
Dear Steinar, I would like for all the efforts that you are providing in order to make the At-large community updated about the TRP WG activities in addition to your active participation in this WG. No doubt that with the absence of objective Metrics it will be very hard for the community members to decide for a precise lock period and proposals will differ. No doubt, in the absence of objective metrics, it will be very difficult for the community members to decide on a precise period of lockdown and the proposals will be multiple. In my opinion the lock period in the case of inter registrants transfer should be delegate to the registrants and no need to mention a lock period in the CoR policy since from end-user perspective this period should be reduced at the duration of the management or financial process , so registrants should improve this management process duration in order to avoid a long lock period that will affects the services offered to the end user, a similar recommendations that could be added to the policy CoR without mentioning a static lock period that will handicape all actors and that could evolve in a short period. Friendly regards Chokri Le mer. 7 sept. 2022 à 07:14, Steinar Grøtterød via CPWG <cpwg@icann.org> a écrit :
Dear all,
Due to the cancellation of the CPWG meeting on Sep 7, 2022, I will inform the CPWG of the outcome of the CPWG informal letter to the TPR WG.
From the minutes
- Update from Steiner on the At-Large summary of the CPWG discussion on Change of Registrant policy. See attached. - Had a fruitful discussion last week on the CPWG call. - Based on that discussion, if we are going to change anything on the transfer lock the CPWG would like some statistics/data supporting removing that part of the policy. But we don’t have any statistics. If we will have transfer lock period it might be reduced to less than 60 days. Specifically: “Input to the discussion were mostly connected to the question whether the present 60-days transfer lock after a change of registrant data is preventing domain name hijacking. Further - the majority of the CPWG attendees requested data about the volume of hijacked domain names. These statistics - if available, may indicate if the transfer lock after a change of registrant is needed. The discussion also covered whether a transfer lock is needed for mitigation of domain name hijacking.” - Discussion: - Wonder if Compliance has some data? - Registrars have indicated that they don’t have data. - Without data we should remove it. - From staff re: question about data: Compliance has provided data related to complaints about the lock itself in Phase 1A, but not specific enough in terms of hijacking. As to data to “prove” that a lock is necessary or not, we don’t have that level of breakdown/tracking to speak to that issue. - Compliance tracks transfer complaints in general, but does not break down to “inter registrar" vs. “COR”. - The best you can get is the NACK statistics from the Open Data Initiative, but only limited years and not recent. Does show significant use of the NACK, but can’t correlate it to hijacking. - Not sure that we can get valuable data as to why there was a NACK in the first place. - Registrars offer different levels of security and registrant can pick the model that fits their needs/shop around to get what they are looking for. - I also remember most complaints about COR to Compliance were people annoyed by not being to unlock their domains. For hijacked domains, the hijack happened even with COR process (which hijackers were able to bypass). - It’s a very interesting perspective. As registrars can and do provide security that is superior to minimum requirements under the Transfer Policy. Accordingly, it may be that this is the answer; leave it to registrants to select a registrar with desirable security protocols to prevent unauthorized transfer.
All recordings for the *Transfer Policy Review PDP WG* call held on *Tuesday, 06 September 2022 at 16:00 UTC* can be found on the agenda wiki page <https://community.icann.org/x/BwVpD>(attendance included) and the GNSO Master calendar <https://urldefense.com/v3/__https:/gnso.icann.org/en/group-activities/calend...> .
Regards,
Steinar Grøtterød _______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg
_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (4)
-
Chokri Ben Romdhane -
John McCormac -
Olivier MJ Crépin-Leblond -
Steinar Grøtterød