[gnso-authoritative-thickwhois] DRAFT subteam report re authoritatitveness
Fellow sub-team members, As convenor of the subteam, I was asked by the full working group to prepare a report on the conclusions of our subteam, using a template that had been prepared by staff. My draft effort is attached. I have some doubt that the template works very well to capture our discussions but I have done my best (see, e.g., the insert between items 3 and 4, in italics). I encourage you to review and to circulate any comments, additions or suggested edits. Anything you can provide prior to our scheduled working group call tomorrow would be especially appreciated! Thank you - and a special thank you to Volker, who I see in preparing this has emerged as something like our thought leader! Steve Metalitz From: Volker Greimann [mailto:vgreimann@xxxxxxxxxxxxxxx] Sent: Monday, February 18, 2013 12:54 PM To: Metalitz, Steven Cc: Authoritative Thick WHOIS Subject: Re: [gnso-authoritative-thickwhois] summary of comments re authoritativeness Hi Steve, I will try to review over the course of the week. With regard to the threshold question, I would like to point out that one data source must be considered authoritative, and that can only be the main data depository. Even today, thick whois registries are factually authoritative for the part of the whois that they output, namely the data the holds the most basic registration data. For illustration purposes, I have pasted the specific part of the whois of a random domain for which the thick whois operator is authoritative: Domain Name: INTERNIC.NET Registrar: GODADDY.COM, LLC Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com Name Server: NS.ICANN.ORG Name Server: NS.RIPE.NET Name Server: NS1.CRSNIC.NET Name Server: NS2.NSIREGISTRY.NET Name Server: SEC1.APNIC.NET Name Server: SEC3.APNIC.NET Status: clientDeleteProhibited Status: clientRenewProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 10-jan-2012 Creation Date: 01-jan-1993 Expiration Date: 18-oct-2021 As registries may and do change registrars, sometimes forgetting to inform the current registrar (less of a problem now, but it happened until quite recently), a registrars' whois data can only be considered authoritative for the data elements it itself holds and then only in as much as the registry whois details point to the registrar. Changing to thick whois, the registry will hold the entire data set, and is able to change the data without informing the registrar (due to closed court orders or similar events). Therefore, the only authoritative data source can be the registry as it holds the ultimate sway over the data. A registrar may update the data at customer request, but such changes would only become authoritative once the registry whois reflects the change. The registration of a domain name only becomes active once the registry confirms and enacts the registrar creation request. The same applies to any updates of the data by the registrar. This is saying nothing about ownership of the data, which is a wholly different topic and one I think we should not touch at all. Authoritative should be interpreted as "the data set to be relied upon in case of doubt". In that context, no other entity but the registry can be considered the authoritative data source. That said, I think the question of defining a data set as authoritative is moot, as the implementation will create reality around it. We do not need to define authoritativeness as it will define itself due to the realities of how whois works in a thick registry. Volker Authoritativeness subgroup members, A review of the comments received on this topic from stakeholder groups, constituencies and others may help advance our work. These are collected in the chart prepared by staff, beginning at item 52 (in the most recent version circulated today). A threshold question is whether it is necessary for this PDP to define which Whois data is authoritative in the thick Whois environment. ALAC questions whether this is necessary, while NPOC seems to think it is. (We still have no data on the prevalence of data discrepancies between registry and registrar Whois in the thick Whois setting, other than the transition report from PIR which seems to indicate it is not a problem.) As to which set of Whois data should be authoritative, only the NCUC clearly asserts that registrar data is authoritative. ALAC notes the registrar data is treated as authoritative in the UDRP setting. (Note, though, that since the vast majority of UDRP cases involve registrations in thin Whois gTLDs -- .com and .net - the question of authoritativeness as between registry and registrar may not arise.) On the other hand, the registry data is authoritative, according to BC, R'rSG, and PIR in their submissions. Verisign's comments indicate that registry data should be authoritative for technical purposes. Several commentators note that registrars remain responsible for collecting the data and for its accuracy (although I note that "responsible" might overstate registrars' accuracy obligations under the current RAA). For NCUC this seems to dictate a finding that registrar Whois is authoritative, while for the registrar and registry commentators, this fact does not appear inconsistent with the conclusion that registry Whois is authoritative. As a platform for discussion, let me pose two questions, informed by these responses: (1) Does this PDP need to determine authoritativeness? If no policy establishing authoritativeness (other than in the UDRP context) has been adopted during all the years that thick Whois systems have been in operation, does this indicate that resolving authoritativeness is a "solution in search of a problem"? (2) If the answer to Q. 1 is "yes," then would the fact that registrars remain responsible for collecting the data in question from registrants (and for updating the same) disqualify the registry data (all received from registrars) from being considered authoritative? Why or why not? Put another way, is there an inherent contradiction if registrars continue to collect all data but the registry database were authoritative? Looking forward to your responses (or to other views of the comments we have received). Steve Metalitz Attachment:
DRAFT sub-team report 031113 (5187650).DOCX |