Our comments below are specifically related to the VeriSign Registry-Registrar Two-Factor Authentication Service. However, we would like to make clear that Go Daddy was not consulted on either this service or the Who Was Service. The Registrar Constituency also has concerns regarding the lack of a more formal process to ensure that such consultations take place and has submitted comments in that regard. We fully support those comments. The VeriSign Registry-Registrar Two-Factor Authentication Service describes two phases of the service. The first phase involves communications between the Registrar and the Registry. The second phase involves communications between the Registrar and the Registrant. Our concerns involve the second phase. VeriSign's request goes on to state: "Both phases of thee[sic] Registry-Registrar Two-Factor Authentication Service would initially be an optional service for registrars who elect to use it. Once the service becomes widely adopted, two-factor authentication credentials will become a requirement for Registry-Registrar transactions." After reading the above we contacted VeriSign regarding their intent to eventually require Registrars to provide the service. VeriSign confirmed that their desire was indeed to eventually make both phases of the service a requirement. We expressed our concerns regarding requirement of phase II. VeriSign understood our concerns, agreed to take them in account, and suggested we also submit comments to ICANN. As we expressed to VeriSign, we do not believe phase II should ever be required. It assumes that two-factor authentication is the best option and dictates that registrars use it with their customers. We do not believe there is any evidence to support two-factor authentication as the best or only solution, nor to suggest that a non-OATH proprietary model (perhaps our own) may not be better or as secure. Requiring phase II removes the Registrar and consumer choice to decide how/what/when we want to market/sell/promote/purchase security type services. For example, Go Daddy offers security products such as Protected Registrations and SSL Certificates. Numerous other Registrars offer similar services of their own or through arrangements with third party providers. Without the opportunity for consultation with VeriSign, it is difficult to determine the impact of their service on these potentially competing products, or with products/services that we may have under development. Phase II also implies a more direct relationship between Registrants (our customers) and the Registry, a relationship which is not fully described or understood at this stage. Again, further consultations with VeriSign are essential to understand the impact on customer relationship management, customer support and service, and the costs and impact of implementation. We believe ICANN should ask VeriSign to engage Registrars more fully in consultation on this service before considering the request complete and actionable. Failing that, phase II should be removed from this request until such consultations have taken place. In no event should the service be approved in a way that would allow VeriSign to later require phase II of Registrars without fully consulting with Registrars and Registrants. Tim Ruiz Vice President Corporate Development & Policy GoDaddy.com, Inc.