[gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative

Greg Aaron gca at icginc.com
Tue Apr 4 21:17:47 UTC 2017 

Thanks, Mike.  A few notes to contribute as people consider "authoritative":

Registries exist to be authoritative repositories of data; that's what they are designed to do.  (So, for example, two different people can't register the same domain name, or so a domain won't resolve to the wrong nameservers.)  Domain registries are generally considered authoritative for at least the thin data.  (Domain, sponsoring registrar, dates, statuses, nameservers.)  The registry creates or is the original recorder of record for most of those fields (domain, sponsoring registrar, dates).  And the registry is authoritative for status and nameserver data, using them to enable and control resolution, or to prevent certain actions from taking place in the registry (such as deletions, and registrar-to-registrar transfers).

The Thick WHOIS PDP decided that all gTLD registries should be thick.  One reason was to ensure that there won't be any more disagreements (discrepancies)  between what the registrar says the data is and what the registry says it is (and as seen via WHOIS or a successor system).  Another reason was to hold contact data in one place reliably, so it could be served from one (authoritative) place; as a consequence registrar port 43 service will eventually go away.   In other words, all registries should become authoritative for all the data we see in WHOIS, if they are not already.  That was the desired policy and operational outcome.

So the current situation seems to be pretty simple, and is on the path to getting even simpler:

  1.  If the registry is thick, the registry is authoritative for all data we see in WHOIS today.
  2.  If the registry is thin, the registry is authoritative for the thin data, and the contact data held by the registrar is authoritative.  The remaining thin registries will go thick in a couple of years, which makes things simpler.

However, the RDP WG could create complications.  For example, in order to protect the personal data of natural persons, the WG could approve a model in which registrars hold back contact data from registries.  That would effectively nullify the Thick WHOIS PDP...

All best,
--Greg

(P.S.: the UDRP Rules say that the contact data in the "Registrar's WHOIS" must be relied upon for proceedings (i.e. the registrar is authoritative for  contact data).  That was written in 1999, back before thick gTLD registries even existed.  I believe that language should eventually be changed to meet evolving reality.))



From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Michael D. Palage
Sent: Tuesday, April 4, 2017 1:24 PM
To: 'RDS PDP WG' <gnso-rds-pdp-wg at icann.org>
Subject: [gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative

Hello All,

While I will work with the smaller group on a more concise definition of "Authoritative," I wanted to provide these broad brush strokes on my perspective of this concept to the entire group.

Authoritative Data used in the context of the RDS WG is intend to define the concept of which data shall deemed to be controlling(authoritative) when confronted with data elements that are NOT identical (i.e. are inconsistent).

Currently there are multiple parties in the domain name eco system that possess (disseminate/make available) Whois data records associated with a domain name, some under ICANN contract (registries and registrars) and those that are not (i.e. third party proxy agents, historical whois aggregators, etc.)

The "authoritativeness" of all Whois data elements are NOT necessary treated equal.  The Registry is absolutely Authoritative in connection with the name servers published in the zone file. However, inconsistencies in other data elements can and do happen, i.e. Registrars that update domain name Whois locally without timely updating the information at the Registry, historical thin/thick registries; Registrants that provide false and inaccurate information; Registrant data that unintentional because outdate/inaccurate, etc.

Standard Registry Agreements have legal provisions in their RRA which dictate which data will control (i.e. be authoritative). See for example the following provision from VeriSign's RRA: "2.11. Time. Registrar agrees that in the event of any dispute concerning the time of the entry of a domain name registration into the registry database, the time shown in the Verisign records shall control."

In making a legal determination as to the "authoritativeness" of Whois data elements there are some rebuttable presumptions. Per the standard RRA, there should be a presumption of authoritativeness of the data in the Registry database.  This presumption of authoritativeness can be challenged using data residing in the Registrar database in certain circumstances.

Regarding third party aggregated historical Whois data elements, there is a widely accepted presumption within the industry that this data is historically accurate in the absent of any conflicting Registry/Registrar authoritative data.

So for those members looking for a nice neat definition of "authoritative" sorry for this rambling soliloquy.

I would also encourage WG members to read this currently pending ICANN reconsideration request dealing with the "authoritativeness" of whois data elements, see https://www.icann.org/resources/pages/reconsideration-17-1-smith-request-2017-03-16-en

Best regards,

Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170404/9d6cc819/attachment.html>

More information about the gnso-rds-pdp-wg mailing list