Re: [gnso-thickwhoispdp-wg] i've started drawing pictures -- here's the first one

[Volker Greimann <vgreimann@xxxxxxxxxxxxxxx>]

Hi Alan,
> Regarding "authoritative", it is not clear to me who is authoritative 
> in a thick model. I am not even sure exactly what the term means. If 
> it means who holds the version to be trusted and is correct if the two 
> version differ, there seem to be various takes on this. The UDRP tells 
> dispute providers to go to the registrar to find out registrant 
> information. I suspect (but do not know for sure) that this is an 
> outcome of the only whois model that existed at the time the UDRP was 
> created was thin.  I have heard that it is not uncommon for a registry 
> to make a chance in a thick model (such as a transfer ordered by a 
> court) that for whatever reason does not get reflected in the 
> registrar's data.
Autoritativeness is a nut to crack, but all things considered, it will 
have to be the registry that is authoritative, i.e. the party holding 
the data that can and should be relied upon when referencing that data. 
That data will have to be provided by a registrar at some point 
(registration, modification, ownerchange, etc), so for that to be 
possible, the registry must also accept the modification commands from 
the registrar as quasi-authoritative, but that is an internal matter 
altogether, with no third-party relevance.
As the registry is able to unilaterally change registration details 
without registrar assistance (as performed in compliance with court 
orders), thin registries are even today partly authoritative for certain 
data, namely the part of the whois that is provided by the registry 
concerning the identity of the sponsoring registrar, name servers and 
whois servers. Depending on the content of this data, the output of a 
given registrar for this data may be authoritative or not even today 
(for example if the domain name was transferred to another registrar by 
the registry without notifying the previous registrar, that registrar 
may be unaware of this transfer and provide false whois data. As that 
whois server would however no longer be referenced by the registry 
whois, no queries for that domain would reach that server, making it's 
data irrelevant).
With regard to the UDRP, I do not think that there would be too much of 
a change. The source of the initial whois query of the provider would 
become the registy, but the registrar would still be able to confirm 
this data prior to locking the domain name. In fact, the handling of 
UDRP cases (at least on the registrar side) does not differ between 
thick and thin registries. The procedure for a .COM UDRP is identical to 
that of a .ORG UDRP for us. For this reason, there should be no need for 
change based on a transition from thick to thin.
Best,

Volker