Re: [gnso-thickwhoispdp-wg] i've started drawing pictures -- here's the first one

[Rick Wesson <rick@xxxxxxxxxxxxxxxxxxxxxxxx>]

all of the types of data collected by a registrar (or worse a
reseller) are not governed by the RAA. Data coverend by thick-whois
elements are in-scope for this discussion, all other data are
out-of-scope.

For instance your mother's maden name if collected would have no
bearing on moving from thin to thick whois. Whois is about publishing.

The move from thick to thin has no barring on the security of proxy
protected registrations.


-rick


On Sat, Feb 2, 2013 at 8:15 PM, Alan Greenberg <alan.greenberg@xxxxxxxxx> wrote:
> I'll approach this from another angle. If "secret data" means information
> about the registrant that is not in Whois, it may well exist, but it is
> unclear to me what the relevance of such data is since it is not in Whois.
>
> It could include:
>
> - My mother's maiden name or birth date or the name of a first pet, which
> the registrar or proxy provider asks for as a means of verifying identity.
> The registrar does what it wants with this data. Hides it away, plasters it
> on a public sign, whatever. It does not come into the Whois equation in any
> way.
>
> - The registrant's real contact information if provided via a privacy or
> proxy service. The P/P service takes this data and substitutes its own for
> the purposes of the registration. It is this information that appears in the
> registrar's whois database if they maintain one, and in the registry's whois
> database for a thick registry. How safe or private the registrants
> information is depends on the P/P provider (which may be an arm of the
> registrar, or a separate entity altogether. Nothing in any current ICANN
> rule talks about what happens to this information and certainly nothing
> forces it to move anywhere. That is governed by the terms and conditions of
> the P/P server to its customers  which presumably also reflect the legal
> regime under which it operates. Information *may* be revealed in a UDRP or
> other dispute *if* a proxy provider does not want to take full
> responsibility for how the domain is being used - but nothing to do with
> thick or thin whois models.
>
> - The registrant's real name. Identical treatment as the contact information
> above.
>
> I have been told, but have never tried to verify the accuracy, that there
> are also current cases where a registrar may accept money for a (say) ten
> year registry but only present one year to the registry, resulting in
> different expiration dates. But that situation would be identical in both
> thin and thick as the expiration date is one of the items that is supposedly
> echoed in both Whois's regardless of model.
>
> Regarding "authoritative", it is not clear to me who is authoritative in a
> thick model. I am not even sure exactly what the term means. If it means who
> holds the version to be trusted and is correct if the two version differ,
> there seem to be various takes on this. The UDRP tells dispute providers to
> go to the registrar to find out registrant information. I suspect (but do
> not know for sure) that this is an outcome of the only whois model that
> existed at the time the UDRP was created was thin.  I have heard that it is
> not uncommon for a registry to make a chance in a thick model (such as a
> transfer ordered by a court) that for whatever reason does not get reflected
> in the registrar's data.
>
> Alan
>
>
>
> At 02/02/2013 07:14 PM, Rick Wesson wrote:
>
>> Largely incorrect. There are not any definitions of personal data,
>> only registrant data. A proxy is often a subshell of the registrar
>> that preforms proxy functions for the 4 delivery mechanisms which are
>> postal, email, telephone and fax to reach one of the 4 potential
>> contact linked to a domain registration. Within the registrar they
>> function the same regardless of thick or thin whois style.
>>
>> The escrow contains all the same data in the whois record, it is
>> encrypted and help in an archive for backup and business failure.
>>
>> If there is business data that isn't in the whois document then
>> whatever business data you are referring to is also not escrowed or
>> specified as being required for publishing.
>>
>> Could you please, rather than draw a picture, simply enumerate this
>> data elements of which you speak that "never finds its way into the
>> whois." Please, if you could also include a link to a contractual
>> document specifying said data should be published and escrowed.
>>
>> thanks,
>> -rick
>>
>>
>>
>> On Sat, Feb 2, 2013 at 3:46 PM, Mike O'Connor <mike@xxxxxxxxxx> wrote:
>> > i'm a big fan of pictures, especially in policy papers, because they
>> > give me
>> > a chance to think about things in a different way as i draw them.
>> >
>> > i've been rereading the comments-summary document that Marika, Berry and
>> > Lars prepared and realized that i think a lot of the issues that are
>> > being
>> > raised are about the handling of data that never finds its way into
>> > Whois.
>> > so here's a thick-Whois based drawing to illustrate that.  as with
>> > everything else i do, it's likely to be wrong until the rest of you
>> > hammer
>> > on it a little bit.
>> >
>> > hammer away.
>> >
>> > mikey
>> >
>> >
>> >
>> >
>> > PHONE: 651-647-6109, FAX: 866-280-2356, WEB: www.haven2.com, HANDLE:
>> > OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)
>> >
>> >
>
>