The DAG3 includes a draft concept paper designed to improve new gTLD security -- see http://www.icann.org/en/topics/new-gtlds/high-security-zone-verification-04o... The document (on page three) states: "It includes verification of Registry operations and supporting Registrar operations. It also builds upon the assumption that Registrars will be required to perform procedures to authenticate the accuracy of Registrant information at the time of domain registration." This is a significant proposal, but it is also a proposal that will likely gain no immediate traction as currently formulated. If a new gTLD operator were to limit its registrations only to those submitted by registrars that offer time-of-registration authentication services, such a TLD would never initially get off the ground. What's missing in this proposal is either an incentive or a requirement for registrars to do the right thing. As I see it, registrars authenticating new registrants through agreed processes will only happen by way of a consensus policy requirement stipulating that Data must be consistent and correct at the Registrar level.