[gnso-rds-pdp-wg] Apologies, and some reflections on requirements

Andrew Sullivan ajs at anvilwalrusden.com
Thu Jun 30 17:56:50 UTC 2016


On Thu, Jun 30, 2016 at 08:20:50AM +0000, Gomes, Chuck wrote:
> I would be happy to be wrong about the need for a charter change so we will explore that further. If the main thing we are talking about is Federated v. Distributed, then I don't think a charter change would be needed.     Am I correct that is the main issue or is there more to what Andrew is suggesting?
> 

Well, there may be more or less.

If you look at the model diagrams I sent, you'll notice that they all
include the registration side of this as well.  Some of our
conversations have been framed as though there is some _other_ place
where the registration data gets collected, but there isn't.  It's all
collected through registrars and registries.

This is part of why I was trying to suggest that, "What data is
collected?" is not one question, but many.  Only in Model I -- which
hasn't existed for years -- do we have a system in which you can
meaningfully ask, "What is collected?" without also asking, "Who
collects it?"

In Model II, registrars (and only registrars) collect all the data
that comes from a registrant.  They pass _some_ data along to the
registries.  In Model IV, the same approach can be used.

In Model III, registrars collect all the data, but they also pass
almost all of it along to registries.  So, three parties (including
the registrant) have the data, and one of those parties (the registry)
has no direct agreement with the originator of the data.  Model IV can
also use this approach.

Model IV has the additional property that, depending on the
authentication of who asks the question, the protocol can provide more
or less data in the response.  It can do this regardless of who
collected the data.

Therefore, the issue here is really two dimensional: which parties
have any given set of data at any time, and how much of that data will
it disclose.  As Jay Daley said in the meeting the other day, the
second of those dimensions can be answered in steps: "assume
completely unauthenticated access; how much is revealed?", and so on.
The answer to those issues is _unrelated_ to the first dimension if
you pick the right protocol to start with, because you can specify
from the beginning that any protocol that could possibly meet our
needs must work in a distributed fashion.  In that case, you're sort
of stuck with RDAP, or with inventing one yourself, because our
experience with whois (the protocol, port 43 and webby things built
atop it) is that it doesn't work that reliably.

Does this answer your question?

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com



More information about the gnso-rds-pdp-wg mailing list