en

Public Comment

Public Comment is a vital part of our multistakeholder model. It provides a mechanism for stakeholders to have their opinions and recommendations formally and publicly documented. It is an opportunity for the ICANN community to effect change and improve policies and operations.

Name: Andrew Allemann
Date: 23 Jun 2022
Are you providing input on behalf of another group (e.g., organization, company, government)?
No
Please choose your level of support for Preliminary Recommendation 1.
No opinion
Please choose your level of support for Preliminary Recommendation 2.
Recommendation should be deleted

If your response requires an edit or deletion of Preliminary Recommendation 2, please indicate the revised wording and rationale here.

I'm concerned about the decision to remove the losing registrar's Form of Authorization (FOA). With the FOA, a domain owner could be made aware of a fraudulent transfer and have time to contact the registrar to stop it. Under the proposed system, the domain registrant likely won't learn of a transfer until after the transfer is complete. While this will make transfers easier and — in the words of the Initial Report  — instant, I'm concerned that it will result in fraudulent transfers. It would be interesting to hear from registrars about how many times customers try to stop fraudulent transfers after receiving the FOA. There is a backdoor security measure that registrars could undertake to reduce the chances of this happening: domain registrars could delay the time between people asking for Transfer Authorization Codes (TACs) and issuing them to customers. I fear that registrars will feel compelled to implement this backdoor security measure, which will ultimately burden domain registrants; they will have to request the code and then wait a long time for it to arrive before providing it to the gaining registrar. They would not be able to complete the domain transfer process in one sitting. I understand the Working Group is working on transfer rollback procedures in a later phase. Approving a less secure transfer system prior to determining rollback features doesn't make sense to me.

Please choose your level of support for Preliminary Recommendation 3.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 4.
Support Recommendation as written
Question to the community: Should the Gaining Registrar’s IANA ID be provided by the Registry Operator to the Losing Registrar so that it may be included in the Notification of Transfer Completion sent by the Losing Registrar to the Registered Name Holder? Why or why not? Please explain.

Registrar name or IANA ID should be included

Please choose your level of support for Preliminary Recommendation 5.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 6.
No opinion
Please choose your level of support for Preliminary Recommendation 7.
No opinion
Please choose your level of support for Preliminary Recommendation 8.
No opinion
Please choose your level of support for Preliminary Recommendation 9.
No opinion
Please choose your level of support for Preliminary Recommendation 10.
No opinion
Please choose your level of support for Preliminary Recommendation 11.
Support Recommendation as written
Please choose your level of support for Preliminary Recommendation 12.
No opinion
Please choose your level of support for Preliminary Recommendation 13.
No opinion
Please choose your level of support for Preliminary Recommendation 14.
No opinion
Please choose your level of support for Preliminary Recommendation 15.
No opinion
Please choose your level of support for Preliminary Recommendation 16.
No opinion
Please choose your level of support for Preliminary Recommendation 17.
No opinion
Please choose your level of support for Preliminary Recommendation 18.
No opinion
Please choose your level of support for Preliminary Recommendation 19.
No opinion
Please choose your level of support for Preliminary Recommendation 20.
No opinion
Please choose your level of support for Preliminary Recommendation 21.
No opinion
Please choose your level of support for Preliminary Recommendation 22.
No opinion
Summary of Submission

Thank you for your work modernizing domain transfers.

I'm concerned about the decision to remove the losing registrar's Form of Authorization (FOA). With the FOA, a domain owner could be made aware of a fraudulent transfer and have time to contact the registrar to stop it. Under the proposed system, the domain registrant likely won't learn of a transfer until after the transfer is complete.

While this will make transfers easier and — in the words of the Initial Report — instant, I'm concerned that it will result in fraudulent transfers.

It would be interesting to hear from registrars about how many times customers try to stop fraudulent transfers after receiving the FOA.

There is a backdoor security measure that registrars could undertake to reduce the chances of this happening: domain registrars could delay the time between people asking for Transfer Authorization Codes (TACs) and issuing them to customers. I fear that registrars will feel compelled to implement this backdoor security measure, which will ultimately burden domain registrants; they will have to request the code and then wait a long time for it to arrive before providing it to the gaining registrar. They would not be able to complete the domain transfer process in one sitting.

I understand the Working Group is working on transfer rollback procedures in a later phase. Approving a less secure transfer system prior to determining rollback features doesn't make sense to me.