RE: [gnso-irtp-pdp-jun08] Poll Message Feedback from Registries Constituency

["Diaz, Paul" <pdiaz@xxxxxxxxxxxxxxxxxxxx>]

Hi Barbara,

I believe the key issue re: registrant email addresses is that this is not a 
required WHOIS field in the largest TLDs.  Registrars can publish it if they 
choose.  Requiring that this address be made publicly available raises privacy 
and security concerns - and is most likely beyond the mandate of this WG. 

When the WG discusses the timeline on Tuesday's call, we can decide whether we 
want to meet with the GNSO Council in Cairo.

Regards, P

________________________________________
From: owner-gnso-irtp-pdp-jun08@xxxxxxxxx 
[mailto:owner-gnso-irtp-pdp-jun08@xxxxxxxxx] On Behalf Of Steele, Barbara
Sent: Thursday, August 21, 2008 3:06 PM
To: James M. Bladel; Gnso-irtp-pdp-jun08@xxxxxxxxx
Subject: RE: [gnso-irtp-pdp-jun08] Poll Message Feedback from Registries 
Constituency

James,
Additional feedback that I received from various members of the Registries 
Constituency indicated that registrars may not be prevented from including the 
registrant e-mail address information from the Whois record.  Do you, or other 
registrars, have any other feedback relating to this?  There was also 
discussion in our constituency regarding the use of the AutoInfo code to 
authenticate transfers instead of the registrant or admin contact e-mail 
addresses.  This may be another avenue that we could investigate.
 
Paul,
On another note, Chuck Gomes suggested that if we anticipate that we may want 
to have a working group meeting with the GNSO Council during the meeting in 
Cairo, we should let the GNSO know as soon as possible in order to make sure 
that the GNSO Council agenda/schedule can accommodate it.
 
-------------------------------------------------------
Barbara Steele
Compliance Officer
VeriSign Information Services
bsteele@xxxxxxxxxxxx
Direct: 703.948.3343
Mobile: 703.622.1071
Fax: ; 703.421.4873
21345 Ridgetop Circle
Dulles, VA  20166

Notice to Recipient:  This e-mail contains confidential, proprietary and/or 
Registry Sensitive information intended solely for the recipient and, thus may 
not be retransmitted, reproduced or disclosed without the prior written consent 
of VeriSign Naming and Directory Services.  If you have received this e-mail 
message in error, please notify the sender immediately by telephone or reply 
e-mail and destroy the original message without making a copy.  Thank you.

________________________________________
From: owner-gnso-irtp-pdp-jun08@xxxxxxxxx 
[mailto:owner-gnso-irtp-pdp-jun08@xxxxxxxxx] On Behalf Of James M. Bladel
Sent: Wednesday, August 20, 2008 4:55 PM
To: Gnso-irtp-pdp-jun08@xxxxxxxxx
Subject: RE: [gnso-irtp-pdp-jun08] Poll Message Feedback from Registries 
Constituency
Barbara and Group:

Thank you for gathering this data and feedback from your internal folks and the 
RyC. Does the fact that some TLDs require a registrant email address, and post 
this to WHOIS, challenge the premise of Question I? 

I agree, modifying the RFCs would be impractical.  But perhaps we wouldn't need 
to take such a drastic step.  The provisioning system could be extended (the 
"E" in "EPP") to incorporate this functionality, and could be done on a per-TLD 
basis via feature release, funnel request or other updates.  

That said, I am certainly not convinced that this is the right (or only) 
approach.  But with respect to Question I., it does seem that our options are 
limited to one of the following:

1.  Use an existing Registry / Registrar or Registrar/Registrar communication 
channel
2.  Create a new Ry/Rr or Rr/Rr communication channel and require its adoption 
by all parties.
3.  Status Quo

While noting earlier discussions that any approval chain that involves or 
requires one or more email exchanges is inherently insecure and unathenticated.

J.

-------- Original Message --------
Subject: [gnso-irtp-pdp-jun08] Poll Message Feedback from Registries
Constituency
From: "Steele, Barbara" <BSteele@xxxxxxxxxxxx>
Date: Mon, August 18, 2008 12:14 pm
To: <Gnso-irtp-pdp-jun08@xxxxxxxxx>

All,
In follow up to my action item relating to whether or not the EPP poll
message functionality could be expanded to allow for the passing of
registrant e-mail address between registrars, either directly or via the
registry, I have received confirmation that the RFC (ie. 3730) did not
contemplate the use of poll messages in this way. In addition, I have
been advised that a modification of the RFC would be required in order
to even consider this as an option and experience has been that
modfications to RFCs require very long lead times. Therefore, the
general consensus of the Registries Constituency is that this is not a
viable option.

In the case of Afilias, which operates EPP systems for .info, .org,
.aero, .mobi and .asia, they allow a registrar to retrieve the
registrant e-mail addresses via EPP if the registrar possesses the
domain's auth_info code. Note that a legitimate gaining registrar
should possess the auth_info code as they would have obtained it from
the registrant. This particular solution was done to facilitate the
registrar-to-registrar transfer process while involving the registrant's
assent.

Members of the RyC who provided feedback also indicated that ICANN
Registry Agreements require that the registrant e-mail address field be
displayed in the WHOIS of most gTLDs and sTLDs and most of those
registries make submission and display of registrant e-mail address
mandatory. Of course, this would only be possible if the registry is
'thick'. 

Finally, below is a table denoting which registries are operating using
EPP, as compiled to date. I will continue to follow up with those that
have not yet responded.

Registry Operator TLD EPP
Registry Whois Publishes the Registrant e-Mail (Port 43) Notes
VeriSign .com Yes
No
VeriSign .net Yes
No 
Registry Pro .pro Yes 
Neustar .biz Yes Yes 
Afilias .info Yes Yes 
PIR .org Yes
Yes
EPP Provided by Afilias
Global Name Registry .name Yes
EPP provided by VeriSign
MuseDoma .museum Yes 
Dot Coop .coop Yes
Yes 
SITA .aero Yes
EPP provided by Afilias
Employ Media .jobs Yes No
EPP provided by VeriSign
mTLD .mobi Yes
Yes
EPP provided by Afilias
PuntCAT .cat 
Tralliance Corp. .travel 
Telnic Ltd. .tel 
Dot Asia .asia Yes
Yes
EPP provided by Afilias


-------------------------------------------------------
Barbara Steele
Compliance Officer
VeriSign Information Services
bsteele@xxxxxxxxxxxx
Direct: 703.948.3343
Mobile: 703.622.1071
Fax: 703.421.4873
21345 Ridgetop Circle
Dulles, VA 20166


Notice to Recipient: This e-mail contains confidential, proprietary
and/or Registry Sensitive information intended solely for the recipient
and, thus may not be retransmitted, reproduced or disclosed without the
prior written consent of VeriSign Naming and Directory Services. If you
have received this e-mail message in error, please notify the sender
immediately by telephone or reply e-mail and destroy the original
message without making a copy. Thank you.