Re: [gnso-dow123] Regarding accuracy issues and outcome of discussion in Cape Town

[Thomas Keller <tom@xxxxxxxxxx>]

Steve,

I mean complaints of false Whois data.

tom

Am 09.03.2005 schrieb Steven J. Metalitz IIPA:
>  Tom,
> 
> When you refer to ccTLD operators' practices, are you talking about a
> process for dealing with complaints of false Whois data, or some other
> kind of complaints?  
> 
> Steve Metalitz  
> 
> -----Original Message-----
> From: owner-gnso-dow123@xxxxxxxxx [mailto:owner-gnso-dow123@xxxxxxxxx]
> On Behalf Of Thomas Keller
> Sent: Wednesday, March 09, 2005 5:15 AM
> To: Tim Ruiz
> Cc: Bruce Tonkin; gnso-dow123@xxxxxxxxxxxxxx
> Subject: Re: [gnso-dow123] Regarding accuracy issues and outcome of
> discussion in Cape Town
> 
> Hello all,
> 
> I absolutely concure with Tims observation. The issue of malicious
> complaints which in the worst case might even lead to some kind of
> denial of service attack is a very serious one and needs our attention.
> In the ccTLD world such requests are in general channeled through the
> TLD operator which makes some sanity checks before passing the request
> and obligation to fix the problem on to the sponsoring registrar. Since
> there are some TLD operators (i.e. .de .uk) that already have a process
> in place to deal with this issue, we should consider to shedule a
> consultation with them to learn from their experience.
> 
> Best,
> 
> tom
> 
> Am 08.03.2005 schrieb Tim Ruiz:
> > Bruce,
> > 
> > I recall a few other issues discussed in regards to item 2, especially
> 
> > if registrars are required to strictly apply it.
> > 
> > How do we protect against frivilous complaints? Should the party 
> > filing the complaint be required to identify themselves? Should they 
> > become responsible to some degree if the complaint turns out to be 
> > frivilous or malicious? Is the registrar required to take the 
> > complaint on face value, even if the contact data appears to be
> complete and accurate?
> > Should the third party filing the complaint be required to include a 
> > specific reason why they believe the data to be inaccurate?
> > 
> > There is a huge risk here that registrars are being expected to take.
> > There has to be something in place to protect against this situation 
> > putting one of them out of business.
> > 
> > Tim
> > 
> >  
> > -------- Original Message --------
> > Subject: [gnso-dow123] Regarding accuracy issues and outcome of 
> > discussion in Cape Town
> > From: "Bruce Tonkin" <Bruce.Tonkin@xxxxxxxxxxxxxxxxxx>
> > Date: Tue, March 08, 2005 5:12 am
> > To: gnso-dow123@xxxxxxxxxxxxxx
> > 
> > Hello All,
> > 
> > Given difficulties in making progress on the issue of improving the 
> > accuracy of contact information displayed in the WHOIS service, a 
> > breakfast meeting was held amongst interested individuals in Cape
> Town.
> > I recall this meeting as being constructive, but it appears everyone 
> > thought someone else was taking notes.  I will ensure this doesn't 
> > happen again.
> > 
> > As I understand it, this is the current status of discussion on
> > accuracy.   All those on task force 3 should feel free to correct or
> > improve my impressions.
> > 
> > (1) Although some in the ICANN community would like to see registrars 
> > carry out verification of registrant contact information at the time 
> > of registration, there was little support for doing so from the
> registrars.
> > The feeling was that most registrants provided accurate information in
> 
> > good faith, and that it was a minority of registrants that 
> > deliberately provided false information.  Requiring verification of 
> > contact data for all registrations, would raise the cost of 
> > registrations for all registrants.
> > 
> > 
> > (2) The focus of the discussion has more recently been on what to do 
> > when an Internet user that wishes to get in contact with a registrant 
> > can't do so because of inaccurate WHOIS information.
> > 
> > The current mechanisms essentially requires a registrar to contact a 
> > registrant and ask them to correct the information.  If the registrant
> 
> > does not reply within 15 days, a registrar may take further action.
> > The business processes vary greatly amongst registrars, and this makes
> 
> > it difficult for an Internet user to understand what process should 
> > occur after reporting inaccurate contact information.
> > 
> > From what few notes I could find, I believe the following business 
> > process was discussed in Cape Town.
> > 
> > A registrar would attempt to contact the registrant.
> > If the registrant did not respond within 15 days, the name would be 
> > put on HOLD (ie removed from the zonefile and made in-active).
> > The registrant would then be advised by the registrar that if the 
> > contact information is not updated, that the name would be cancelled 
> > after an additional 15 (or possible 30) day period.
> > 
> > A registrar would be free to use one or more of the contact elements 
> > in an attempt to contact the registrant.  The various methods used 
> > would likely be a matter of agreement between the registrant and
> registrar.
> > E.g for low priced registrations a registrar may only use email, and 
> > the registrant would be required to keep the email up-to-date and 
> > monitor the email.  For higher priced registrations (e.g for larger 
> > corporates) a registrar may use all means available to contact the 
> > registrant to get the information corrected.
> > 
> > 
> > (3) The process described in (2) above is appropriate for dealing with
> > inaccurate contact information.   There is another issue in the
> > community that relates to the use of domain names for intellectual 
> > property infringement (e.g to place a pirated copy of a new release 
> > movie on the Internet) or for the purposes of committing a crime that 
> > may harm many Internet users (e.g phishing scams aimed a banks).  In
> > such cases a 15 - 45 day process would be inadequate.   I believe
> these
> > issues are outside of the scope of ICANN (ie don't relate to security 
> > and stability), however the issues do need to be addressed by the 
> > domain name industry in collaboration with the intellectual property 
> > and law enforcement community.  There are some processes such as the 
> > courts that could be used (but even these processes may be too slow).
> 
> > The meeting in Cape Town identified this problem area as need further
> work.
> > 
> > With respect to (3) above, it might be worth establish a working group
> 
> > outside of the ICANN processes to consider some practical means of 
> > addressing the issue.  E.g some registrars choose to include 
> > acceptable use policies in their agreements and have been prepared to 
> > suspend or cancel some names, other registrars have required third 
> > parties to indemnify them from legal action if the registrar suspends 
> > of cancels a name (this would assume the registrar believes that the 
> > third party has sufficient funds to cover any costs incurred from a
> court action).
> > 
> > Regards,
> > Bruce Tonkin
> > 
> > 
> > 
> 
> Gruss,
> 
> tom
> 
> (__)        
> (OO)_____  
> (oo)    /|\   A cow is not entirely full of
>   | |--/ | *    milk some of it is hamburger!
>   w w w  w  
> 
> 


Gruss,

tom

(__)        
(OO)_____  
(oo)    /|\     A cow is not entirely full of
  | |--/ | *    milk some of it is hamburger!
  w w w  w