Hello Brandon, Thanks for your feedback.
My experience has been that getting auth_info (which criminal staff would have access to) from bad registrars is almost impossible, with registrar-LOCK too they have enough control to negate the gain in being able to pull a domain to a new registrar - you still need the cooperation of the old one so it's just as bad as the old way but lots more risk for everyone
EPP is thus of no advantage and registrar pull is dangerous
Thus are you basically proposing that the registrant rely on cooperation with the old registrar, and if that fails, rely on ICANN to enforce compliance if the old registrars doesn't cooperate? I think in any model, unless ICANN enforces compliance the model will fail. We use the EPP model with registrar pull in Australia, and I haven't heard of any recent instances of abuse. There is no mechanism for the losing registrar to deny a transfer. The difference is that the ICANN equivalent in Australia (auDA) rigorously enforces compliance by the gaining registrar. Regards, Bruce