Dyn comments on Registration Data Access Protocol (RDAP) Operational Profile for gTLD Registries and Registrars

[Adam Coughlin <acoughlin@xxxxxxx>]

To Whom It May Concern,

Please find approved comments from Dyn below.

Thanks.

Dyn appreciates the opportunity to comment on the Registration Data Access
Protocol (RDAP) Operational Profile for gTLD Registries and Registrars.

Dyn believes enthusiastically in the deprecation of Whois in favour of
RDAP.  Dyn believes that Whois has long outlived its usefulness and looks
forward to the deployment of RDAP as its replacement.

Dyn is aware that there is a Policy Development Process getting started to
make a new policy for Registration Data Services (RDS), and that to some
extent this proposed Operational Profile is hostage to the current policy.
Dyn appreciates that the present policy was developed under circumstances
where only the capabilities of Whois were available.  Nevertheless, the
IETF created RDAP in an effort to correct several deficiencies of Whois.
In Dyn’s opinion, the Operational Profile should support those corrections
to the maximum extent possible.

Because it is based on HTTP(S), RDAP has the capability to authenticate
users.  If a server has authenticated the user, then the server can make
policy-based choices about what fields to display.  Dyn therefore believes
it to be advisable that the Operational Profile require by default the
ability to authenticate from the beginning.  All users, authenticated or
not, will of course need to receive the same output, due to the existing
RDS policies.  But by requiring the ability to authenticate from the
beginning, it will not be possible for people to argue during the RDS PDP
that differentiated output based on authenticated access will be a new
expense: the work of being able to authenticate users will already have
been done.  Authentication is a key enabling feature of several different
policy alternatives, and it should be required from the outset.

RDAP also provides effective referral mechanisms.  Given the GNSO’s
resolution of 31 October 2013, in favour of the operation of only thick
registries, the reason for registrars to need to implement RDAP at all
appears to be only that prevailing policy (which is being altered) requires
it.  This seems wasteful -- particularly since the Operational Profile will
not provide much of the advantage of RDAP in the form of authenticated
access and differential output.  It seems it would be better to postpone
the registrar obligation until the RDS PDP is completed; at that point, if
contracted registrars are still obliged to implement RDAP, they will need
to undertake only one implementation effort.  Dyn would not especially
object to undertaking development knowing that its RDAP obligation would be
short-lived, but it objects to undertaking that development without getting
many of the important benefits of RDAP.

Dyn is extremely supportive of the requirement to deploy over TLS only, and
commends ICANN for it.


-- 
Adam Coughlin
Director, Corporate Communications
Dyn
(C): +1 603-714-5798
(T): @adamcoughlin


Xconomy says Dyn is the company who runs the Internet. Read more here
<http://www.xconomy.com/boston/2015/10/20/this-new-england-company-runs-the-internet-and-now-you-can-too/?utm_content=buffer4ad76&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer>
.