[gnso-authoritative-thickwhois] authoritativeness in registry-registrar agreements

["Metalitz, Steven" <met@xxxxxxx>]

I am not sure how illuminating these agreements are for our task.

Both the .org and .biz agreements define “registry database” as “a database 
comprised of data about one or more DNS domain names within the domain of the 
Registry TLD that is used to generate either DNS resource records that are 
published authoritatively or responses to domain name availability lookup 
requests or Whois queries, for some or all of those names.”   This implies that 
the records are  authoritative with regard to published DNS resource records 
but not necessarily with regard to Whois queries.  There is no other reference 
in either agreement to authoritativeness.   However, I’d welcome perspectives 
from those more familiar with these agreements than I am.

I have not yet reviewed the .us agreement but in any case that would not be 
determinative on whether registry Whois is considered authoritative in gTLD 
thick whois registries.

In any case I would chalk up Volker’s and Tim’s posts as votes to answer 
question 1 below as “no” – this PDP does not need to determine 
authoritativeness because the registry data is inherently authoritative.  As 
noted, another and related reason for answering “no” is that the problem has 
not arisen in any thick  registry, or at least has not risen to the level where 
ICANN has felt any need to adopt a policy about it.

It would be great to hear at this point from any member of the subgroup who 
believes that this PDP does need to address the issue of authoritativeness, so 
that we can get all the relevant perspectives on the table.   Bonus points if 
you then go on to provide an answer to question 2 (“ is there an inherent 
contradiction if registrars continue to collect all data but the registry 
database were authoritative?).

Steve Metalitz

From: Neuman, Jeff [mailto:Jeff.Neuman@xxxxxxxxxx]
Sent: Tuesday, February 19, 2013 11:18 AM
To: Metalitz, Steven; 'Tim Ruiz'; Volker Greimann
Cc: Authoritative Thick WHOIS
Subject: RE: [gnso-authoritative-thickwhois] summary of comments re 
authoritativeness

Here is a link to the current .biz registry-registrar agreement:  
http://www.neustar.biz/enterprise/docs/product-literature/domain-name-registry/neustar_biz_registry_registrar.pdf.

Also attaching the .us Registry-Registrar Agreement and Accreditation Agreement 
for your review as .us is a thick registry.


a)       .us Accreditation Agreement:  
http://www.neustar.biz/enterprise/docs/misc/domain-name-registry/ustld_registrar_accreditation_agreement_feb2012__clean_.pdf?__utma=1.304452321.1358264716.1361289967.1361290452.6&__utmb=1.4.9.1361290461941&__utmc=1&__utmx=-&__utmz=1.1358264716.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=1.InternalUser|2=Status=coDir-coRegU=1&__utmk=31430975

b)      .us Registry-Registrar Agreement:  
http://www.neustar.biz/enterprise/docs/misc/domain-name-registry/ustld_registrar_agreement_feb2012.pdf?__utma=1.304452321.1358264716.1360113660.1361289967.5&__utmb=1.22.9.1361290542588&__utmc=1&__utmx=-&__utmz=1.1358264716.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)&__utmv=1.InternalUser|2=Status=coDir-coRegU=1&__utmk=266311055
I also found the .org RRA:  
http://www.pir.org/pdf/ORG-RRA-3-April-2007-FINAL.pdf

Let me know if these help.

Jeffrey J. Neuman
Neustar, Inc. / Vice President, Business Affairs

From: 
owner-gnso-authoritative-thickwhois@xxxxxxxxx<mailto:owner-gnso-authoritative-thickwhois@xxxxxxxxx>
 [mailto:owner-gnso-authoritative-thickwhois@xxxxxxxxx] On Behalf Of Metalitz, 
Steven
Sent: Tuesday, February 19, 2013 11:03 AM
To: 'Tim Ruiz'; Volker Greimann
Cc: Authoritative Thick WHOIS
Subject: RE: [gnso-authoritative-thickwhois] summary of comments re 
authoritativeness

Excellent suggestion Tim.   Can you share the relevant portions of any of the 
existing agreements or do you know if they are publicly available?

Steve

From: Tim Ruiz [mailto:tim@xxxxxxxxxxx]
Sent: Tuesday, February 19, 2013 10:59 AM
To: Volker Greimann; Metalitz, Steven
Cc: Authoritative Thick WHOIS
Subject: RE: [gnso-authoritative-thickwhois] summary of comments re 
authoritativeness

What Volker said. Also, I said on the call today, perhaps verifying how the 
agreements between existing thick registries and registrars address the 
authoritative question would be helpful in formulating our conclusion/resposnse.

Tim Ruiz
Director, Policy Planning
GoDaddy.com<http://GoDaddy.com> LLC
Email: tim@xxxxxxxxxxx<mailto:tim@xxxxxxxxxxx>

This email message and any attachments hereto are intended for use only by its 
intended recipient(s) and may contain confidential information. If you have 
received this email in error, please immediately notify the sender and 
permanently delete the original and any copy of this message and its 
attachments.


-------- Original Message --------
Subject: Re: [gnso-authoritative-thickwhois] summary of comments re
authoritativeness
From: Volker Greimann 
<vgreimann@xxxxxxxxxxxxxxx<mailto:vgreimann@xxxxxxxxxxxxxxx>>
Date: Mon, February 18, 2013 11:54 am
To: "Metalitz, Steven" <met@xxxxxxx<mailto:met@xxxxxxx>>
Cc: Authoritative Thick WHOIS 
<gnso-authoritative-thickwhois@xxxxxxxxx<mailto:gnso-authoritative-thickwhois@xxxxxxxxx>>
Hi Steve,

I will try to review over the course of the week.

With regard to the threshold question, I would like to point out that one data 
source must be considered authoritative, and that can only be the main data 
depository. Even today, thick whois registries are factually authoritative for 
the part of the whois that they output, namely the data the holds the most 
basic registration data. For illustration purposes, I have pasted the specific 
part of the whois of a random domain for which the thick whois operator is 
authoritative:

Domain Name: INTERNIC.NET<http://INTERNIC.NET> Registrar: 
GODADDY.COM<http://GODADDY.COM>, LLC Whois Server: 
whois.godaddy.com<http://whois.godaddy.com> Referral URL: 
http://registrar.godaddy.com<http://registrar.godaddy.com/> Name Server: 
NS.ICANN.ORG<http://NS.ICANN.ORG> Name Server: NS.RIPE.NET<http://NS.RIPE.NET> 
Name Server: NS1.CRSNIC.NET<http://NS1.CRSNIC.NET> Name Server: 
NS2.NSIREGISTRY.NET<http://NS2.NSIREGISTRY.NET> Name Server: 
SEC1.APNIC.NET<http://SEC1.APNIC.NET> Name Server: 
SEC3.APNIC.NET<http://SEC3.APNIC.NET> Status: clientDeleteProhibited Status: 
clientRenewProhibited Status: clientTransferProhibited Status: 
clientUpdateProhibited Updated Date: 10-jan-2012 Creation Date: 01-jan-1993 
Expiration Date: 18-oct-2021 As registries may and do change registrars, 
sometimes forgetting to inform the current registrar (less of a problem now, 
but it happened until quite recently), a registrars' whois data can only be 
considered authoritative for the data elements it itself holds and then only in 
as much as the registry whois details point to the registrar. Changing to thick 
whois, the registry will hold the entire data set, and is able to change the 
data without informing the registrar (due to closed court orders or similar 
events). Therefore, the only authoritative data source can be the registry as 
it holds the ultimate sway over the data. A registrar may update the data at 
customer request, but such changes would only become authoritative once the 
registry whois reflects the change. The registration of a domain name only 
becomes active once the registry confirms and enacts the registrar creation 
request. The same applies to any updates of the data by the registrar. This is 
saying nothing about ownership of the data, which is a wholly different topic 
and one I think we should not touch at all. Authoritative should be interpreted 
as "the data set to be relied upon in case of doubt". In that context, no other 
entity but the registry can be considered the authoritative data source. That 
said, I think the question of defining a data set as authoritative is moot, as 
the implementation will create reality around it. We do not need to define 
authoritativeness as it will define itself due to the realities of how whois 
works in a thick registry.
Volker
Authoritativeness subgroup members,

A review of the comments received on this topic from stakeholder groups, 
constituencies and others may help advance our work. These are collected in the 
chart prepared by staff, beginning at item 52 (in the most recent version 
circulated  today).

A threshold question is whether it is necessary for this PDP to define which 
Whois data is authoritative in the thick Whois environment. ALAC questions 
whether this is necessary, while NPOC seems to think it is.  (We still have no 
data on the prevalence of data discrepancies between registry and registrar 
Whois in the thick Whois setting, other than the transition report from PIR 
which seems to indicate it is not a problem.)

As to which set of Whois data should be authoritative, only the NCUC clearly 
asserts that registrar data is authoritative.  ALAC notes the registrar data is 
treated as authoritative in the UDRP setting. (Note, though, that since the 
vast majority of UDRP cases involve registrations in thin Whois gTLDs -- .com 
and .net – the question of authoritativeness as between registry and registrar 
may not  arise.)

On the other hand, the registry data is authoritative, according to BC, R’rSG, 
and PIR in their submissions.  Verisign’s comments indicate that registry data 
should be authoritative for technical purposes.

Several commentators note that registrars remain responsible for collecting the 
data and for its accuracy (although I note that “responsible” might overstate 
registrars’ accuracy obligations under the current RAA). For NCUC this seems to 
dictate a finding that registrar Whois is authoritative, while for the 
registrar and registry commentators, this fact does not appear inconsistent 
with the conclusion that registry Whois is authoritative.

As a platform for discussion, let me pose two questions, informed by these 
responses:
(1)    Does this PDP need to determine authoritativeness?  If no policy 
establishing authoritativeness (other than in the UDRP context) has been 
adopted during all the years that thick Whois systems have been in operation, 
does this indicate that resolving authoritativeness is a ”solution in search of 
a problem”?
(2)    If the answer to Q. 1 is “yes,” then would the fact that registrars 
remain responsible for collecting the data in question from registrants (and 
for updating the same) disqualify the registry data (all received from 
registrars) from being considered authoritative?  Why or why not? Put another 
way, is there an inherent contradiction if registrars continue to collect all 
data but the registry database were authoritative?

Looking forward to your responses (or to other views of the comments we have 
received).

Steve Metalitz