RE: EPP minutia (was: Re: Gtld transfer process)

Hello Eric,

Thanks for your descriptions from an operator and web-hosting company

Essentially different customers have different needs. Some that value
price higher than reliability/security are likely to want to easily move
names around depending on renewal prices and the prices of other
services. Others value reliability/security very highly, and prefer to
stay with one reliable provider, and will pay a premium for that
provider to put in place strict change management procedures.

In terms of the second category many registrars (including Melbourne IT)
offer services tailored to the corporate market that incorporate change
management processes, often with dedicated staff that are trained in
such procedures.

The transfers policy therefore needs to be able to support both types of
registrant, and in particular allows the registrant to control the
choice of processes. In the past some registrars have imposed their own
strict processes (for example requiring a judge to approve any changes
of registrar) that are not in accordance with the wishes of the
registrant. Often these processes for registrar change are not in
proportion to the processes for change of delegation etc. Generally a
corporate wanting high security/stability will want strict change
management across all processes, rather than a registrar accepting a
delegation change over the phone without authentication, but requiring a
judge to approve a transfer.

A registrar wishing to offer a customer a high level of protection must
be able to set a flag in the registry that prevents a transfer. This is
the Registrar-LOCK function. Now I agree this still requires the
registrar to have strict process control on how this flag can be
set/cleared. The policy requires that a registrar provide a mechanism
for a registrant to unlock a name that is consistent with other
processes - e.g delegation for that name/registrant.