RE: [gnso-whois-wg] Draft outcomes report v 1.6

[Dan Krimm <dan@xxxxxxxxxxxxxxxx>]

There were two independent issues considered in the report at this point:
consent and verification, two different things.

Auto-verification of a working email address by a registrar (as a necessary
component of a domain registration process) need not come with a formal
consent agreement with the registrar.  Conflation of these two items is
either mistaken or misleading.

If the cost of "broader support" is a system that has too much spurious
detritus in it to support its own weight without collapsing, then it is too
high a price to pay.

I don't see that involving registrars in formal consent processes is at all
necessary to avoid "disrupt[ing] the operation of the rule of law."  That
analysis is specious, in my view.

Dan



At 11:12 AM -0600 8/10/07, Scoville, Adam wrote:
>Tom -
>
>? and the elimination of an obligation to include accurate contact
>information for the registrant of a domain is likewise "a very big change"
>in the legal environment that currently promotes accountability and
>consumer protection on the Internet and facilitates the enforceability of
>national laws.
>
>What we're talking about here is the kind of simple e-mail verification
>and consent to terms that numerous on-line businesses, from
>YouTube/Blogger/Google to FaceBook to PayPal (which of course also uses
>more robust means of verification for financial information) use as a
>prerequisite to signing-up for their on-line services... and as previosly
>discussed, we've even conceded that it could happen afterward, so as not
>to delay the registration of the domain. I find it hard to see why this is
>such a technical or legal hardship for either registrars or registrants.
>
>Of course, I would have thought that a robust and enforceable set of OPoC
>responsibilities would be a small price to pay for a system that had a
>chance of broader support. Put another way, I think there are ways of
>making Whois more privacy protective/less vulnerable to spam that could be
>acceptable to a broad spectrum of stakeholders. With that in mind,
>insisting on making the regime maximally disruptive to the operation of
>the rule of law on the Internet seems unlikely to move the issue forward.
>
>Have a good weekend, everyone,
>- Adam
>
>-----Original Message-----
>From: owner-gnso-whois-wg@xxxxxxxxx [mailto:owner-gnso-whois-wg@xxxxxxxxx]
>On Behalf Of Thomas Keller
>Sent: Friday, August 10, 2007 3:40 AM
>To: Dan Krimm
>Cc: gnso-whois-wg@xxxxxxxxx
>Subject: Re: [gnso-whois-wg] Draft outcomes report v 1.6
>
>I agree with Dan. A formal recorded consent of the OPOC would, as
>already pointed out by several of my registrar colleagues, be a
>very big change in the registration process of every registrar and
>reseller. As the registrant is finally responsible for all contacts
>attached to a registered name it should be in his sole responsibility
>to make sure of the consent of the OPOC.
>
>Best,
>
>tom
>
>Am 09.08.2007 schrieb Dan Krimm:
>> At 6:43 PM -0400 8/9/07, Michael Warnecke wrote:
>>
>> > ... If we cannot
>> >agree, as a baseline proposition, that an OPOC must consent to being an
>> >OPOC, it calls into question the credibility of the OPOC system.
>>
>> I don't at all see why this should be the case.
>>
>> I can envision an OPoC *system* that is entirely credible without requiring
>> anyone (other than a registrant) to ensure consent of an OPoC.  If the
>> registrant bears the responsibility and liability for the OPoC's actions,
>> then it is in the registrant's interest to choose an OPoC who consents to
>> fulfilling that role for the registrant.  If the registrant fails to do so,
>> the registrant can bear the full liability if and when the OPoC fails to
>> perform expected tasks.  If a registrant designates an OPoC in bad faith,
>> that can and will come back to haunt the registrant eventually, when the
>> OPoC fails to perform its tasks.
>>
>> This consent requirement constitutes unnecessary and spurious complexity
>> that just bogs down the whole system and creates disagreement among us.  If
>> the mission here is to erode consensus, then it is quite effective.
>>
>> Dan
>>
>> PS -- In the event that anyone were to be held formally liable for explicit
>> (and perhaps formal) OPoC *consent* in and of itself, separate from the
>> *tasks* that an OPoC will perform, it is perfectly credible for the system
>> to assign that responsibility to the registrant exclusively.  But I see no
>> need for a formal consent requirement, because the functional incentives
>> can be enough to establish this if we design the rest of the system
>> properly.
>>
>>
>>
>
>Gruss,
>
>tom
>
>(__)
>(OO)_____
>(oo)    /|\ A cow is not entirely full of
>  | |--/ | *    milk some of it is hamburger!
>  w w w  w