Re: [gnso-authoritative-thickwhois] summary of comments re authoritativeness

[Volker Greimann <vgreimann@xxxxxxxxxxxxxxx>]

Hi Steve,

I will try to review over the course of the week.

With regard to the threshold question, I would like to point out that 
one data source must be considered authoritative, and that can only be 
the main data depository. Even today, thick whois registries are 
factually authoritative for the part of the whois that they output, 
namely the data the holds the most basic registration data. For 
illustration purposes, I have pasted the specific part of the whois of a 
random domain for which the thick whois operator is authoritative:
   Domain Name: INTERNIC.NET
   Registrar: GODADDY.COM, LLC
   Whois Server: whois.godaddy.com
   Referral URL: http://registrar.godaddy.com
   Name Server: NS.ICANN.ORG
   Name Server: NS.RIPE.NET
   Name Server: NS1.CRSNIC.NET
   Name Server: NS2.NSIREGISTRY.NET
   Name Server: SEC1.APNIC.NET
   Name Server: SEC3.APNIC.NET
   Status: clientDeleteProhibited
   Status: clientRenewProhibited
   Status: clientTransferProhibited
   Status: clientUpdateProhibited
   Updated Date: 10-jan-2012
   Creation Date: 01-jan-1993
   Expiration Date: 18-oct-2021

As registries may and do change registrars, sometimes forgetting to inform the 
current registrar (less of a problem now, but it happened until quite recently),
a registrars' whois data can only be considered authoritative for the data elements it itself holds and then only in as much as the registry whois details point to the registrar.  

Changing to thick whois, the registry will hold the entire data set, and is 
able to change the data without informing the registrar (due to closed court 
orders or similar events).
Therefore, the only authoritative data source can be the registry as it holds 
the ultimate sway over the data. A registrar may update the data at customer 
request, but such changes would
only become authoritative once the registry whois reflects the change.

The registration of a domain name only becomes active once the registry 
confirms and enacts the registrar creation request. The same applies to any 
updates of the data by the registrar.

This is saying nothing about ownership of the data, which is a wholly different 
topic and one I think we should not touch at all.

Authoritative should be interpreted as "the data set to be relied upon in case of 
doubt". In that context, no other entity but the registry can be considered the 
authoritative data source.

That said, I think the question of defining a data set as authoritative is 
moot, as the implementationwill create reality around it. We do not
need to define authoritativeness as it will define itself due to the realities 
of how whois works in a thick registry.

Volker
> Authoritativeness subgroup members,
>
> A review of the comments received on this topic from stakeholder 
> groups, constituencies and others may help advance our work. These are 
> collected in the chart prepared by staff, beginning at item 52 (in the 
> most recent version circulated  today).
> A threshold question is whether it is necessary for this PDP to define 
> which Whois data is authoritative in the thick Whois environment. ALAC 
> questions whether this is necessary, while NPOC seems to think it is.  
> (We still have no data on the prevalence of data discrepancies between 
> registry and registrar Whois in the thick Whois setting, other than 
> the transition report from PIR which seems to indicate it is not a 
> problem.)
> As to which set of Whois data should be authoritative, only the NCUC 
> clearly asserts that registrar data is authoritative. ALAC notes the 
> registrar data is treated as authoritative in the UDRP setting. (Note, 
> though, that since the vast majority of UDRP cases involve 
> registrations in thin Whois gTLDs -- .com and .net -- the question of 
> authoritativeness as between registry and registrar may not  arise.)
> On the other hand, the registry data is authoritative, according to 
> BC, R'rSG, and PIR in their submissions. Verisign's comments indicate 
> that registry data should be authoritative for technical purposes.
> Several commentators note that registrars remain responsible for 
> collecting the data and for its accuracy (although I note that 
> "responsible" might overstate registrars' accuracy obligations under 
> the current RAA). For NCUC this seems to dictate a finding that 
> registrar Whois is authoritative, while for the registrar and registry 
> commentators, this fact does not appear inconsistent with the 
> conclusion that registry Whois is authoritative.
> As a platform for discussion, let me pose two questions, informed by 
> these responses:
> (1)Does this PDP need to determine authoritativeness?  If no policy 
> establishing authoritativeness (other than in the UDRP context) has 
> been adopted during all the years that thick Whois systems have been 
> in operation, does this indicate that resolving authoritativeness is a 
> "solution in search of a problem"?
> (2)If the answer to Q. 1 is "yes," then would the fact that registrars 
> remain responsible for collecting the data in question from 
> registrants (and for updating the same) disqualify the registry data 
> (all received from registrars) from being considered authoritative?  
> Why or why not? Put another way, is there an inherent contradiction if 
> registrars continue to collect all data but the registry database were 
> authoritative?
> Looking forward to your responses (or to other views of the comments 
> we have received).
> Steve Metalitz