Re: [gnso-thickwhoispdp-wg] i've started drawing pictures -- here's the first one

[Alan Greenberg <alan.greenberg@xxxxxxxxx>]

I'll approach this from another angle. If "secret data" means 
information about the registrant that is not in Whois, it may well 
exist, but it is unclear to me what the relevance of such data is 
since it is not in Whois.
It could include:

- My mother's maiden name or birth date or the name of a first pet, 
which the registrar or proxy provider asks for as a means of 
verifying identity. The registrar does what it wants with this data. 
Hides it away, plasters it on a public sign, whatever. It does not 
come into the Whois equation in any way.
- The registrant's real contact information if provided via a privacy 
or proxy service. The P/P service takes this data and substitutes its 
own for the purposes of the registration. It is this information that 
appears in the registrar's whois database if they maintain one, and 
in the registry's whois database for a thick registry. How safe or 
private the registrants information is depends on the P/P provider 
(which may be an arm of the registrar, or a separate entity 
altogether. Nothing in any current ICANN rule talks about what 
happens to this information and certainly nothing forces it to move 
anywhere. That is governed by the terms and conditions of the P/P 
server to its customers  which presumably also reflect the legal 
regime under which it operates. Information *may* be revealed in a 
UDRP or other dispute *if* a proxy provider does not want to take 
full responsibility for how the domain is being used - but nothing to 
do with thick or thin whois models.
- The registrant's real name. Identical treatment as the contact 
information above.
I have been told, but have never tried to verify the accuracy, that 
there are also current cases where a registrar may accept money for a 
(say) ten year registry but only present one year to the registry, 
resulting in different expiration dates. But that situation would be 
identical in both thin and thick as the expiration date is one of the 
items that is supposedly echoed in both Whois's regardless of model.
Regarding "authoritative", it is not clear to me who is authoritative 
in a thick model. I am not even sure exactly what the term means. If 
it means who holds the version to be trusted and is correct if the 
two version differ, there seem to be various takes on this. The UDRP 
tells dispute providers to go to the registrar to find out registrant 
information. I suspect (but do not know for sure) that this is an 
outcome of the only whois model that existed at the time the UDRP was 
created was thin.  I have heard that it is not uncommon for a 
registry to make a chance in a thick model (such as a transfer 
ordered by a court) that for whatever reason does not get reflected 
in the registrar's data.
Alan


At 02/02/2013 07:14 PM, Rick Wesson wrote:

> Largely incorrect. There are not any definitions of personal data,
> only registrant data. A proxy is often a subshell of the registrar
> that preforms proxy functions for the 4 delivery mechanisms which are
> postal, email, telephone and fax to reach one of the 4 potential
> contact linked to a domain registration. Within the registrar they
> function the same regardless of thick or thin whois style.
>
> The escrow contains all the same data in the whois record, it is
> encrypted and help in an archive for backup and business failure.
>
> If there is business data that isn't in the whois document then
> whatever business data you are referring to is also not escrowed or
> specified as being required for publishing.
>
> Could you please, rather than draw a picture, simply enumerate this
> data elements of which you speak that "never finds its way into the
> whois." Please, if you could also include a link to a contractual
> document specifying said data should be published and escrowed.
>
> thanks,
> -rick
>
>
>
> On Sat, Feb 2, 2013 at 3:46 PM, Mike O'Connor <mike@xxxxxxxxxx> wrote:
> > i'm a big fan of pictures, especially in policy papers, because 
> they give me
> > a chance to think about things in a different way as i draw them.
> >
> > i've been rereading the comments-summary document that Marika, Berry and
> > Lars prepared and realized that i think a lot of the issues that are being
> > raised are about the handling of data that never finds its way into Whois.
> > so here's a thick-Whois based drawing to illustrate that.  as with
> > everything else i do, it's likely to be wrong until the rest of you hammer
> > on it a little bit.
> >
> > hammer away.
> >
> > mikey
> >
> >
> >
> >
> > PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
> > OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
> >
> >