[gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data

Andrew Sullivan ajs at anvilwalrusden.com
Mon Apr 24 17:14:51 UTC 2017 

On Mon, Apr 24, 2017 at 12:46:31PM -0400, allison nixon wrote:
> investigative purposes. The registrant identifier of "C270-LRMS" does yield
> more than one domain in a search but it's unclear if this means they are
> all on the same one paying account at the registrar, or if that happens to
> be a hash of some identifier coincidentally used by multiple different
> people.

No, it isn't unclear at all, though it might be unclear to you.

The ROIDs are _Repository_ Object IDentifiers.  They're generated by
the Repository (i.e. the registry), and as Scott has already pointed
out EPP (which every ICANN contracted party is required to use) says
they have to be unique.  Since nobody seems to be inclined to go and
read the relevant documentation, I quote it here:

   Globally unique identifiers can help facilitate object-information
   sharing between repositories.  A globally unique identifier MUST be
   assigned to every object when the object is created; the identifier
   MUST be returned to the client as part of any request to retrieve the
   detailed attributes of an object.  Specific identifier values are a
   matter of repository policy, but they SHOULD be constructed according
   to the following algorithm:

   a.  Divide the provisioning repository world into a number of object
       repository classes.

   b.  Each repository within a class is assigned an identifier that is
       maintained by IANA.

   c.  Each repository is responsible for assigning a unique local
       identifier for each object within the repository.

   d.  The globally unique identifier is a concatenation of the local
       identifier, followed by a hyphen ("-", ASCII value 0x002D),
       followed by the repository identifier.

These identifiers uniquely identify a single object (e.g. a contact or
a domain name or whatever) within the repository.  It is of course
possible that a registrar creates new contact objects every single
time they have a contact to manage, but such contact object non-reuse
presents a burden to the registrar, too, so many will not do this.

This is not to say that the problem of someone putting (for example) a
phony address in a contact object is solved.  And none of this
guarantees a strong mapping from registry object data to actual humans
in the world (indeed, that's really unlikely: registrars typically do
not want to use the contact object of a different registrar, even when
permitted, because it presents intractable data-management problems).
But at least the problem of, "Given this registrant, what other
domains are registered?" is a solved problem, and has been since the
early 2000s.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list