Re: [gnso-thickwhoispdp-experts] First set of questions from the 'thick' Whois WG

[Christopher Browne <cbbrowne@xxxxxxxxxxxx>]

On Thu, Mar 14, 2013 at 1:30 PM, Andrew Sullivan <ajs@xxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Mar 13, 2013 at 06:56:53AM -0700, Marika Konings wrote:
>> Authoritativeness Sub-Team
>>
>> the thick EPP model."  The report indicates that there were no such
>> discrepancies. Does this mean that (to PIR's knowledge) there were no
>> differences between the Whois data held by registrars and that held by the
>> registry, at least through June 2004, when the report was filed?  If so this
>
> I wasn't involved in the preparation of this report, as far as I
> remember, but it isn't surprising that there'd be no discrepancy.
> During the transition, registrars added contact data to the registry.
> By definition, whatever the registrar put in would have been the
> authoritative data.  I don't know whether there were any tests that
> compared the former registrar whois data with the new registry-based
> data.

I don't recall there being any comparisons done between former
registrar-based WHOIS data and the "centralized" registry-based
data, and I'd be pretty surprised if there were.  With variations
in format, I would expect such a comparison to find extraordinary
numbers of differences, with telno values being an unfortunately
excellent starting point.[1]

The processes that were involved in the RRP-to-EPP migration
were targeted towards evaluating how many domains had EPP-
mandated data, so it is pretty likely that the "zero discrepancies"
indicates that the registrars were conforming successfully with the
requirement to attach contacts to all objects.  We had processes
directed towards getting thick contacts attached to all domains.[2]

>> were "relating to privacy issues." Is any detail available on these
>> complaints, or do the experts have any recollections regarding them?
>
> I don't have any recollection, but I don't remember complaints about
> privacy being a big problem.  I do remember people complaining about
> harvesting of email addresses out of the whois, which is why we added
> the rate limiting to the whois code base.  Those may not have been
> classified as a "privacy" issue.

I have a similar lack of recollection.  We had some speculative talk,
internally, but if there were outside complaints, they didn't pass inwards
far enough for me to see it.

Andrew's comments about WHOIS rate limiting agree with my
understanding; rate limiting fell, as a requirement, out of discomfort
with people doing mass "data mining" from WHOIS, and it's not too
difficult to imagine that to be a form of "privacy issue."  But that
could be too distant from what Marika Konings had in mind.

Notes:
----------

[1] The EPP standard mandates a precise format for telephone
numbers, and data I have recieved from other sources than
standards-conforming EPP clients almost exclusively fail
to follow ITU E164.

[2] It's likely that *some* domains were still exceptions at that time;
the RACE-encoded IDNs were locked down rather tightly,
pending coming up with something to do with them (e.g. - migrate
to PunyCode).
-- 
Christopher Browne