<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-authoritative-thickwhois] summary of comments re authoritativeness
- To: "Metalitz, Steven" <met@xxxxxxx>
- Subject: Re: [gnso-authoritative-thickwhois] summary of comments re authoritativeness
- From: Volker Greimann <vgreimann@xxxxxxxxxxxxxxx>
- Date: Mon, 18 Feb 2013 18:54:11 +0100
Hi Steve,
I will try to review over the course of the week.
With regard to the threshold question, I would like to point out that
one data source must be considered authoritative, and that can only be
the main data depository. Even today, thick whois registries are
factually authoritative for the part of the whois that they output,
namely the data the holds the most basic registration data. For
illustration purposes, I have pasted the specific part of the whois of a
random domain for which the thick whois operator is authoritative:
Domain Name: INTERNIC.NET
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS.ICANN.ORG
Name Server: NS.RIPE.NET
Name Server: NS1.CRSNIC.NET
Name Server: NS2.NSIREGISTRY.NET
Name Server: SEC1.APNIC.NET
Name Server: SEC3.APNIC.NET
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 10-jan-2012
Creation Date: 01-jan-1993
Expiration Date: 18-oct-2021
As registries may and do change registrars, sometimes forgetting to inform the
current registrar (less of a problem now, but it happened until quite recently),
a registrars' whois data can only be considered authoritative for the data elements it itself holds and then only in as much as the registry whois details point to the registrar.
Changing to thick whois, the registry will hold the entire data set, and is
able to change the data without informing the registrar (due to closed court
orders or similar events).
Therefore, the only authoritative data source can be the registry as it holds
the ultimate sway over the data. A registrar may update the data at customer
request, but such changes would
only become authoritative once the registry whois reflects the change.
The registration of a domain name only becomes active once the registry
confirms and enacts the registrar creation request. The same applies to any
updates of the data by the registrar.
This is saying nothing about ownership of the data, which is a wholly different
topic and one I think we should not touch at all.
Authoritative should be interpreted as "the data set to be relied upon in case of
doubt". In that context, no other entity but the registry can be considered the
authoritative data source.
That said, I think the question of defining a data set as authoritative is
moot, as the implementationwill create reality around it. We do not
need to define authoritativeness as it will define itself due to the realities
of how whois works in a thick registry.
Volker
Authoritativeness subgroup members,
A review of the comments received on this topic from stakeholder
groups, constituencies and others may help advance our work. These are
collected in the chart prepared by staff, beginning at item 52 (in the
most recent version circulated today).
A threshold question is whether it is necessary for this PDP to define
which Whois data is authoritative in the thick Whois environment. ALAC
questions whether this is necessary, while NPOC seems to think it is.
(We still have no data on the prevalence of data discrepancies between
registry and registrar Whois in the thick Whois setting, other than
the transition report from PIR which seems to indicate it is not a
problem.)
As to which set of Whois data should be authoritative, only the NCUC
clearly asserts that registrar data is authoritative. ALAC notes the
registrar data is treated as authoritative in the UDRP setting. (Note,
though, that since the vast majority of UDRP cases involve
registrations in thin Whois gTLDs -- .com and .net -- the question of
authoritativeness as between registry and registrar may not arise.)
On the other hand, the registry data is authoritative, according to
BC, R'rSG, and PIR in their submissions. Verisign's comments indicate
that registry data should be authoritative for technical purposes.
Several commentators note that registrars remain responsible for
collecting the data and for its accuracy (although I note that
"responsible" might overstate registrars' accuracy obligations under
the current RAA). For NCUC this seems to dictate a finding that
registrar Whois is authoritative, while for the registrar and registry
commentators, this fact does not appear inconsistent with the
conclusion that registry Whois is authoritative.
As a platform for discussion, let me pose two questions, informed by
these responses:
(1)Does this PDP need to determine authoritativeness? If no policy
establishing authoritativeness (other than in the UDRP context) has
been adopted during all the years that thick Whois systems have been
in operation, does this indicate that resolving authoritativeness is a
"solution in search of a problem"?
(2)If the answer to Q. 1 is "yes," then would the fact that registrars
remain responsible for collecting the data in question from
registrants (and for updating the same) disqualify the registry data
(all received from registrars) from being considered authoritative?
Why or why not? Put another way, is there an inherent contradiction if
registrars continue to collect all data but the registry database were
authoritative?
Looking forward to your responses (or to other views of the comments
we have received).
Steve Metalitz
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|