On Tue, 18 Jan 2005, Bruce Tonkin wrote:
Hello Brandon,
Thanks for your feedback.
My experience has been that getting auth_info (which criminal staff would have access to) from bad registrars is almost impossible, with registrar-LOCK too they have enough control to negate the gain in being able to pull a domain to a new registrar - you still need the cooperation of the old one so it's just as bad as the old way but lots more risk for everyone
EPP is thus of no advantage and registrar pull is dangerous
Thus are you basically proposing that the registrant rely on cooperation with the old registrar, and if that fails, rely on ICANN to enforce compliance if the old registrars doesn't cooperate?
I would propose the following: 1. Keep existing model but make it "SHOULD" for old registrar to inform of upcoming transfer (I still don't understand how that failed in panix.com case BTW, because I'm pretty certain dotster does it, the only thing I can think of is that they did but answer was lost among all the spam that hostmaster account received). 2. Allow for fast way to reverse the domain transfer for old register. I'd propose the following: a. Old registrar can use special registry function to request reversal within 5 days of the transfer and that is immediatly granted (no questions asked at that time) with immediate restoration of old NS servers b. After that is done the following day the registry (i.e. Verisign) rather then either of the registrars must send its own confirmation that transfer was authorized to contacts unless it receives word from old registrar that contact information can not be trusted (in some cases people loose their domains because somebody else gained access to email account listed under administrator in whois) c. If it receives no answer, then it must inform old registrar and expect explanation for their request for reversal including how they got in touch with the registrant. d. The cost of the procedure should be about equivalent to normal domain registration and the losing registrar (i.e. the one that expected to receive domain but failed to receive proper authorization if reversal was final or old registrar that improperly requested the procedure if it was so) should pay it. -- William Leibzon Elan Networks william@elan.net