Colleague, and observers, A link to the corporation board meeting minutes: http://www.icann.org/en/minutes/resolutions-25aug11-en.htm Of some personal relevance is item 1.2, Approval of Recommendation of GNSO Council on IRTP Part B. This policy, which I first encountered advocted by Mike Rodenbaugh in the Fast Flux Hosting PDP, imposes a 240 minute respons duty, at any date or time, on all registrars, to arbitrary third-parties. A significant motivational rational offered by its advocates was the 2003 panix.com transfer. I was involved, having learned of the xfr from Steve Bellovin, a panix (oldest still operating dialup ISP in NYC) subscriber, hours after the xfr, and then calling Marty Hannigan, then a Verisign employee, to brief him on the problem, hours before it was discovered by Melbourne IT, at the start of their business day. No similar event involving the compromise of critical network infrastructure through an unauthorized transfer of registrar is known to me. Therefore this rational is not sufficient for this, or any, policy development. I wrote a draft recommendation advising that this policy not be adopted as it would not be effective in preventing a non-recurring problem. I was also critical of the assumption that all registrants share the vulnerability of targeted loss to third-party actors, and observed the proposed policy could only benefit registrants with "valuable" domains, which is less than 2/3rds of all registrations, when the minimum return for ad word motivated registrations (domain tasting epoch) is assumed as a useful maximal definition of "valuable", or some small multiple of re-registration costs. The actual pool of third-party targeted domains could be much smaller than 30m of the roughly 90m legacy domains, and very few of those in post-ICANN registry registered inventories. I also observed that the 240 minute required response time could become an attack vector on registrars, and on ICANN's compliance function, through the creation of a well-defined breach condition, for which no associated well-defined harm to registrants necessarily exists. The coordination body which solicited the draft declined to use it, a comment, one of few I'm aware of, was that it used the word "stupid" to describe the 240 minute universal obligation and the obvious net effect of driving small, and not necessarily transfer abusive, actors out of the registrar market, that is, more likely to affect registrars who's primary revenue is from hosting and other stable customer-facing relations, than registrars who's primary revenue is from registrations, and for whom transfers, by any means not barred by contract or law, is "good business". Where one assumes that consolidation of the registrar market -- shell registrars ignored as managed properties of large registrars with 24x7x365 staffing -- is in the public interest, or causes no harm -- harm to those fee paying and contract-to-date conformant businesses necessarily ignored -- then the 240 minuted universal obligation is not <insert polite word choice alternative to "stupid" here>. A personal observation: I don't like doing the BC's dirty work. I don't think the issue of using the correct policy tools to adress the actual policy problem should be abandoned to using any tool in all situations because "it might work in some". Eric