[gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative

Hollenbeck, Scott shollenbeck at verisign.com
Thu Apr 6 11:07:23 UTC 2017 

> Registrar Registration Expiration Date: [field is blank, as it is irrelevant and the Registry Expiry Date is to be relied upon]



We've strayed from the original discussion of "authoritative", but I do want to respond to the comment enclosed in brackets above.



In this specific case the "Registrar Registration Expiration Date" field is blank because it doesn't have a value assigned by the registrar, not because it's irrelevant. Here's one concrete example where a registrar might want to provide a value for this field:



There is a registrar today who offers a 100 year domain registration service*. If someone signs up for this service, the registrar can register and renew a domain with the registry for no more than 10 years at a time. If the registrar is so inclined to push the information to the registry, and if the registry supports it (the operator of .org apparently does), it is possible to display both the 100 year expiration date and the registry's 10-years-or-less expiration date in the registry's WHOIS service.



I'm not a fan of seeing this type of information in a registry's RDDS. It's confusing to data consumers (witness this email thread), and it's a prime example of the type of information that is better published by the registrar entity that is responsible for producing and managing it.



Scott



* https://www.networksolutions.com/domain-name-registration/popup-100-yr-term.jsp



From: Greg Aaron [mailto:gca at icginc.com]
Sent: Wednesday, April 05, 2017 4:08 PM
To: Hollenbeck, Scott <shollenbeck at verisign.com>; 'stephanie.perrin at mail.utoronto.ca' <stephanie.perrin at mail.utoronto.ca>; 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] RE: [gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative



Thanks, Scott.  So a system where all registries allow thick records, but some domain records are thin and some are thick, basically depending upon where the registrar is?  Or where the registrant is?  Or both?



All best,

--Greg



Domain Name: PIR.ORG

Registry Domain ID: D96207-LROR

Registrar WHOIS Server: [field is blank, because the registry is the authoritative source of data, and the registrar does not serve WHOIS data itself for domains in this thick TLD]

Registrar URL: http://www.godaddy.com

Updated Date: 2017-02-20T01:51:21Z

Creation Date: 1996-02-18T05:00:00Z

Registry Expiry Date: 2018-02-19T05:00:00Z

Registrar Registration Expiration Date: [field is blank, as it is irrelevant and the Registry Expiry Date is to be relied upon]







From: Hollenbeck, Scott [mailto:shollenbeck at verisign.com]
Sent: Wednesday, April 5, 2017 2:55 PM
To: Greg Aaron <gca at icginc.com<mailto:gca at icginc.com>>; 'stephanie.perrin at mail.utoronto.ca' <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>>; 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: RE: [gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative



Points below as appropriate (from my perspective).



Scott



From: Greg Aaron [mailto:gca at icginc.com]
Sent: Wednesday, April 05, 2017 2:26 PM
To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>; 'stephanie.perrin at mail.utoronto.ca' <stephanie.perrin at mail.utoronto.ca<mailto:stephanie.perrin at mail.utoronto.ca>>; 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>>
Subject: [EXTERNAL] RE: [gnso-rds-pdp-wg] Proposed Definition/Background for Authoritative



Dear Scott:



My point was: where was the EWG's RDDS going to get data?  From the registries, not directly from registrars.

[SAH] ...and validators (see page 112 of the final report for a figure of the model), but yes, you're correct about registrar data flowing through the registry. However, see page 115 where it's noted that "To maintain redundant systems and eliminate the single point of failure, the data must reside at multiple locations (i.e., Validator, Registrar, Registry, Escrow Provider, and RDS Provider)". Anyway...



The "Registrar Registration Expiration Date" field is mention is relevant to just the three thin gTLD registries (.COM, .NET, .JOBS) -- the thin model that's going away (and has been for years).  In the other 1,200+ gTLD registries, the expiration date is not provisioned by registrars, it's generated by the registries (as you know).

[SAH] Not quite. The "Registrar Registration Expiration Date" is also published by thick registries. You can see an example (that happens to be blank) by doing a WHOIS query for a thick registry .info domain like "pir.info". This is not the same thing as the registry-produced expiration date!



So anyway, you're advocating that in the future, contact data should remain at registrars and never go to registries, and that ICANN should send all gTLDs to the thin model?   After the community decided to go to an all-thick model in 2013, and Verisign just recently agreed to the thick implementation plan for .COM and .NET?

[SAH] No, that's not what I'm suggesting. I'm suggesting that there will be situations in which some registrars will push data to registries in much the same way the thick model works today, and other registrars will not be able to do so completely due to a need to comply with local laws or regulations. We may ultimately need to consider how an RDDS works when some data must remain with the registrar.





To better understand, I would like your views on these questions:

1.      How the thin registry model is required under privacy law.

[SAH] It's not.

2.      An issue is personal data crossing from (being collected from) one jurisdiction to another.  Under the evolving privacy laws you are concerned about, won't a registrar sometimes be barred from accepting domain registrations from registrants outside its jurisdiction?   For example, how could GoDaddy, a U.S. registrar, accept registrations (and the accompanying contact data) from registrants in Europe?  Could GoDaddy serve that contact data via an RDS under any circumstances?

[SAH] Being barred may well be the case unless the registrar sets up shop in Europe and is willing to comply with the requirements for doing so.

3.      What has changed in privacy law recently that overrides the considerations of privacy law that the EWG and the Thick PDP WG made?

[SAH] One example: http://europa.eu/rapid/press-release_MEMO-17-15_en.htm



There's also an existing ICANN process for dealing with conflicts that acknowledges that exceptions may be made:



https://whois.icann.org/en/icann-procedure-handling-whois-conflicts-privacy-law



All best,

--Greg



[SAH] Likewise!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170406/d30dd441/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list