[gnso-rds-pdp-wg] authoritative

Hollenbeck, Scott shollenbeck at verisign.com
Mon May 1 15:11:44 UTC 2017 

From: Greg Aaron [mailto:gca at icginc.com]
Sent: Monday, May 01, 2017 10:14 AM
To: Paul Keating <paul at law.es>; Hollenbeck, Scott <shollenbeck at verisign.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: [EXTERNAL] RE: authoritative



Folks are discussing the original source of data, and the repositories of data.  For a domain record, some (not all) data starts with a registrant.  Some data in a domain record is collected from the registrant by a registrar (the first repository of that data).  Some of that data is then placed in the registry (the second repository).   And some data in a domain record is created and held originally at the registry.



For legal purposes, and for some technical purposes, the definition of “authoritative” is the fourth (and maybe also third) definition that Paul gave.  That meaning of “authoritative” is: what is to be relied upon as the data of record, what is official, what rules if there’s a discrepancy.   This setup answers questions like: who’s the registrant of record?  What nameservers does this domain resolve to?  When does the domain expire?



In practical terms, “what data is to be relied upon, what is official, what rules” resides in the registry.  Certainly for thin data, and I think also for thick data in a thick regime, which is what ICANN has been moving to.



Registries exist to be authoritative repositories of data; that’s is their function and what they are designed to do.  (So, for example, two different people can’t register the same domain name, or so a domain won’t resolve to the wrong nameservers.)  Domain registries are generally considered authoritative for at least the thin data.  (Domain, sponsoring registrar, dates, statuses, nameservers.)  The registry creates or is the repository of record for most of those fields (domain, sponsoring registrar, dates).  And the registry is authoritative for status and nameserver data, using them to enable and control resolution, or to prevent certain actions from taking place in the registry (such as deletions, and registrar-to-registrar transfers). Registries are the ones that publish TLD zone files; that is one of their core functions.



The Thick WHOIS PDP decided that all gTLD registries should be thick.  One reason was to ensure that there won’t be any more disagreements (discrepancies)  between what the registrar says the data is and what the registry says it is (and as seen via WHOIS or a successor system).  Another reason was to hold contact data in one place reliably, so it could be served from one (to-be-trusted) place and can be escrowed reliably; as a consequence registrar port 43 WHOIS service will eventually go away.



So the current situation seems to be pretty simple, and is on the path to getting even simpler:

1.            If the registry is thick, the registry is authoritative (to be relied upon, official) for all data we see in WHOIS today.

2.            If the registry is thin, the registry is authoritative (to be relied upon, official) for the thin data, and the contact data held by the registrar is authoritative (to be relied up[on, official).  The remaining thin registries will go thick in a couple of years, which makes things simpler.



In other words, all registries should be considered authoritative (to be relied upon, official) for all the data we see in WHOIS, if they are not already.  That was the desired policy and operational outcome.  It is also the most practical and elegant solution.



[SAH] That might be the desired policy, but it’s more of a matter of convenience than anything else. Putting registrar-produced data in a registry for public access doesn’t make the registry the most knowledgeable source of information about that data. An “authoritative” source should be able to respond with direct knowledge if questions about the data arise, and in this situation the registrar is source of original knowledge even in the case of a thick registry. There is data for which the registry is the definitive source, there is data for which the registrar is the definitive source, and there is data for which the registrant is the definitive source. Data exchange between these parties doesn’t change the definitive sources!



Scott

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170501/f2c8cc55/attachment.html>

More information about the gnso-rds-pdp-wg mailing list