[gnso-raa-dt] RE: [gnso-rap-dt] WHOIS availability
- To: "'Greg Aaron'" <gaaron@xxxxxxxxxxxx>, <gnso-rap-dt@xxxxxxxxx>, <gnso-raa-dt@xxxxxxxxx>
- Subject: [gnso-raa-dt] RE: [gnso-rap-dt] WHOIS availability
- From: "Mike Rodenbaugh" <icann@xxxxxxxxxxxxxx>
- Date: Mon, 16 Nov 2009 10:00:57 -0800
Thanks Greg. I am cross-posting this to the RAA working group, looking at
prospective amendments to the RAA. It certainly seems reasonable to me that
the RAA contain an SLA provision re WHOIS, just like the registry contracts
do. This work appears in the mandate of both of these WGs, so I will
continue to cross-post on this issue, as your research develops and as the
discussion develops in either or both "pre-PDP" groups.
548 Market Street
San Francisco, CA 94104
From: owner-gnso-rap-dt@xxxxxxxxx [mailto:owner-gnso-rap-dt@xxxxxxxxx] On
Behalf Of Greg Aaron
Sent: Monday, November 16, 2009 9:43 AM
Subject: [gnso-rap-dt] WHOIS availability
I have a uniformity of contracts item I'd like to look into. It is also a
WHOIS issue, but it is directly relevant to our examinations of registration
abuse topics, and avoids duplication of the current GNSO study efforts
regarding WHOIS. I therefore think it's in scope for RAPWG, and am happy to
hear your thoughts.
As you know, WHOIS is a vital tool when examining reports of malicious use.
In "thick" registries, the registry contains the contact data, and provides
authoritative WHOIS information. But in the "thin" .COM/.NET registry, the
contact data is held by the registrars. Abuse statistics show us that a
significant portion of the malicious activity on the Internet takes place on
.COM/.NET domains and nameservers, and so the accessibility of .COM/.NET
WHOIS contact data is vitally important.
Registry operators are contractually required to meet WHOIS Service Level
Agreements (SLAs) -- ensuring that their WHOIS services are up for a certain
amount of time each month, and respond at a certain minimum speed. However,
registrars have no WHOIS SLA requirements. (See section 3.3 of the RAA at:
In my professional work, I sometimes come upon registrars who do not appear
to meet their existing contractual requirements, or whose WHOIS services
appear to be functional only part of the time. This is anecdotal. I would
therefore like to quantify the issues by seeing how a representative set of
registrars make WHOIS available. Would anyone like to join me in this work?
All comments appreciated.
With best wishes,
Director, Key Account Management and Domain Security
The information contained in this message may be privileged and confidential
and protected from disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please notify
us immediately by replying to the message and deleting it from your