[gnso-whois-wg] Comments on WWG report draft 1.5

["Metalitz, Steven" <met@xxxxxxx>]

 Since we have already discussed Sections 1-3 of version 1.5 on last
week's call, and understand that some modifications will be forthcoming
in version 1.6,  we'd just like to offer a few observations as IPC
representatives to the Working Group.  

In general, we support most of the AGREED statements in Sections 1-3 of
the report. To be more specific, we think it essential that the
responsibilities of the OPOC include RELAY in virtually all cases, and
REVEAL when the requester presents reasonable evidence of actionable
harm, or when there has been a demonstrable failure of the RELAY
process.  The REMEDY responsibility should apply only to a narrow class
of abuses in which immediate action is required; there has been little
progress in defining the boundaries of this class.   

We also believe it is essential that the OPOC acknowledge and consent to
its role and to these responsibilities.  The draft report sets out a
feasible and lightweight method for doing so, in our view.  

These observations form the basis for our comments on the remaining
sections of the report, as follows: 

Section 4:  While we AGREE with the general statement made on lines
357-366, it might clarify matters to state that the registrar's
obligation to REVEAL arises from a failure of an OPOC to REVEAL or to
RELAY.  Any other actions listed would occur (if at all) only for
failure of the OPOC to REMEDY in the narrow class of cases to which that
action applies.  We note again that that class had not been defined yet.


Section 5:  We generally agree with the AGREED statements in this
section, in the context of OPOC roles and responsibilities as outlined
above.  

Section 6:   In the AGREED statement in section 6.1, the parenthetical
should read "(web-based, Port 43 or bulk)" to reflect the status quo.
While we think it could be fruitful to discuss modification of the
current requirement for providing Port 43 access, that discussion should
take place in a venue other than this Working Group.  

We generally agree with the AGREED statements in section 6.5 and 6.6.
Entities other than law enforcement need a practical mode of access to
data that would be removed from public access under the OPOC proposal,
and no viable means of third-party authentication has been proposed
(without prejudice to the various proposals for authentication on behalf
of bank requesters, which have not been discussed in much detail).  The
self-declaration route, which has not been discussed in depth, should
include safeguards against abuse.  

Steve Metalitz (for himself and Kristina Rosette and Ute Decker), IPC
representatives to Working Group