[gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative
Greg Aaron
gca at icginc.com
Wed Apr 5 20:07:49 UTC 2017
Thanks, Scott. So a system where all registries allow thick records, but some domain records are thin and some are thick, basically depending upon where the registrar is? Or where the registrant is? Or both?
All best,
--Greg
Domain Name: PIR.ORG
Registry Domain ID: D96207-LROR
Registrar WHOIS Server: [field is blank, because the registry is the authoritative source of data, and the registrar does not serve WHOIS data itself for domains in this thick TLD]
Registrar URL: http://www.godaddy.com
Updated Date: 2017-02-20T01:51:21Z
Creation Date: 1996-02-18T05:00:00Z
Registry Expiry Date: 2018-02-19T05:00:00Z
Registrar Registration Expiration Date: [field is blank, as it is irrelevant and the Registry Expiry Date is to be relied upon]
From: Hollenbeck, Scott [mailto:shollenbeck at verisign.com]
Sent: Wednesday, April 5, 2017 2:55 PM
To: Greg Aaron <gca at icginc.com>; 'stephanie.perrin at mail.utoronto.ca' <stephanie.perrin at mail.utoronto.ca>; 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
Subject: RE: [gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative
Points below as appropriate (from my perspective).
Scott
From: Greg Aaron [mailto:gca at icginc.com]
Sent: Wednesday, April 05, 2017 2:26 PM
To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>; 'stephanie.perrin at mail.utoronto.ca' <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>>; 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: [EXTERNAL] RE: [gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative
Dear Scott:
My point was: where was the EWG's RDDS going to get data? From the registries, not directly from registrars.
[SAH] ...and validators (see page 112 of the final report for a figure of the model), but yes, you're correct about registrar data flowing through the registry. However, see page 115 where it's noted that "To maintain redundant systems and eliminate the single point of failure, the data must reside at multiple locations (i.e., Validator, Registrar, Registry, Escrow Provider, and RDS Provider)". Anyway...
The "Registrar Registration Expiration Date" field is mention is relevant to just the three thin gTLD registries (.COM, .NET, .JOBS) -- the thin model that's going away (and has been for years). In the other 1,200+ gTLD registries, the expiration date is not provisioned by registrars, it's generated by the registries (as you know).
[SAH] Not quite. The "Registrar Registration Expiration Date" is also published by thick registries. You can see an example (that happens to be blank) by doing a WHOIS query for a thick registry .info domain like "pir.info". This is not the same thing as the registry-produced expiration date!
So anyway, you're advocating that in the future, contact data should remain at registrars and never go to registries, and that ICANN should send all gTLDs to the thin model? After the community decided to go to an all-thick model in 2013, and Verisign just recently agreed to the thick implementation plan for .COM and .NET?
[SAH] No, that's not what I'm suggesting. I'm suggesting that there will be situations in which some registrars will push data to registries in much the same way the thick model works today, and other registrars will not be able to do so completely due to a need to comply with local laws or regulations. We may ultimately need to consider how an RDDS works when some data must remain with the registrar.
To better understand, I would like your views on these questions:
1. How the thin registry model is required under privacy law.
[SAH] It's not.
1. An issue is personal data crossing from (being collected from) one jurisdiction to another. Under the evolving privacy laws you are concerned about, won't a registrar sometimes be barred from accepting domain registrations from registrants outside its jurisdiction? For example, how could GoDaddy, a U.S. registrar, accept registrations (and the accompanying contact data) from registrants in Europe? Could GoDaddy serve that contact data via an RDS under any circumstances?
[SAH] Being barred may well be the case unless the registrar sets up shop in Europe and is willing to comply with the requirements for doing so.
1. What has changed in privacy law recently that overrides the considerations of privacy law that the EWG and the Thick PDP WG made?
[SAH] One example: http://europa.eu/rapid/press-release_MEMO-17-15_en.htm
There's also an existing ICANN process for dealing with conflicts that acknowledges that exceptions may be made:
https://whois.icann.org/en/icann-procedure-handling-whois-conflicts-privacy-law
All best,
--Greg
[SAH] Likewise!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170405/d54b6105/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list