<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Dear Mikey:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Regarding #1: gTLD transfers have generally worked over the years because all registrars have provided contact data via WHOIS. There has been pain because the data was not always uniform in format, and not all registrars provide thick data via port 43, but generally the contact data was obtainable and life went on. IRTP helped and the 2013 RAA irons out format issues.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Regarding #2: See above; transfers will muddle on in the meantime. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I note that the Board asked that the EWG address key questions posed in SAC055. So when the EWG’s final report comes out, it would be logical to compare it to both SAC055 and SAC061.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>All best,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>--Greg<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Mike O'Connor [mailto:mike@haven2.com] <br><b>Sent:</b> Sunday, February 16, 2014 7:35 PM<br><b>To:</b> Greg Aaron<br><b>Cc:</b> Stephanie Perrin; GNSO SSR List<br><b>Subject:</b> Re: [Gnso-ssr] discussion -- SAC061 -- SSAC Comment on ICANN's Initial Report from the Expert Working Group on gTLD Directory Services<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>hi Greg,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>you raise a couple of interesting questions.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>1) in the case of a thin registry, how does the gaining registrar do that 2013 RAA verification and validation? it’s my understanding that job is easier if both registrars are under the 2013 RAA, because then they are both obligated to provide uniform Whois display. so a script could be written to pull that data from the losing registrar and that script could count on success. but what if the losing registrar isn’t a signatory to 2013 RAA yet? that looks like another in that pile of dependencies, no?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>2) what about all the European registrars (like Michele) who <stirring up a hornet’s nest> haven’t signed the 2013 RAA yet because of the conflict with European privacy law? yet another dependency, i bet.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>OK. what i’ve learned from this topic so far is;<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>- EWG still has substantial work to do, which certainly won’t be finished by Singapore — but maybe London<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>- we should wait to see how SAC061 advice is incorporated into that EWG report before trying to decide what the next step is for the GNSO - so again, maybe London<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>fair summary? is there anything in SAC061 the GNSO should look at in Singapore?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>mikey<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><div><p class=MsoNormal>On Feb 16, 2014, at 3:30 PM, Greg Aaron <<a href="mailto:greg@illumintel.com">greg@illumintel.com</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><br><br><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The 2013 RAA says that when a domain is transferred between registrars, OR when a domain is transferred between registrants, “both Whois information and the corresponding customer account holder contact information related to such Registered Name” must be verified and validated. So it must happen with inter-registrar AND inter-registrant transfers. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><a href="http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois-accuracy">http://www.icann.org/en/resources/registrars/raa/approved-with-specs-27jun13-en.htm#whois-accuracy</a> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Registrars who have signed the 2013 RAA sponsor most of the gTLD domains that exist. </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>The community must understand what the current policies are, see if proposed new policies are superior, what the implications of any new proposals are, etc. If the EWG final report doesn’t lay out all of that, then the GSNO will have to make sure it’s done, because it’s tasked with making/approving the policies that come out of the EWG work. I suspect that there are dependencies that have not been documented and discussed yet. And I note that the “ central repository” of WHOIS policies is not complete. <a href="http://whois.icann.org">http://whois.icann.org</a> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>All best,</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>--Greg</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> <a href="mailto:gnso-ssr-bounces@icann.org">gnso-ssr-bounces@icann.org</a> [<a href="mailto:gnso-ssr-bounces@icann.org">mailto:gnso-ssr-bounces@icann.org</a>] <b>On Behalf Of </b>Stephanie Perrin<br><b>Sent:</b> Sunday, February 16, 2014 8:57 AM<br><b>To:</b> Mike O'Connor<br><b>Cc:</b> GNSO SSR List<br><b>Subject:</b> Re: [Gnso-ssr] discussion -- SAC061 -- SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services</span><o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Sorry forgot to answer your key question....as you pointed out in Buenos Aires from the mike, some people are doing all the work in the working groups. Absent that connective tissue, I have not seen any other mechanism. There is a lot of material to cover....hard to catch everything, if you are just sitting around reading all the minutes and notices etc. Transparency is not enough....<o:p></o:p></p><div><p class=MsoNormal>cheers Stephanie<o:p></o:p></p><div><div><p class=MsoNormal>On 2014-02-16, at 8:42 AM, Stephanie Perrin wrote:<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'> <o:p></o:p></p><div><p class=MsoNormal>That does raise interesting questions. First one I have, is do all registrars get to look at all data, or do they only get to look at a particular transaction? I would hope the latter, because that would be compliant with data protection law, if they get to look at all data that would not, in my view, be compliant. It would have been easy to engineer a consent mechanism in there to get around this problem, which would be normal in other commercial transactions, and would also perform a security function.<o:p></o:p></p><div><p class=MsoNormal>The second question of course, remains begging in my view, with respect to the EWG work. How on earth are we going to accredit actors to look at the ARDS? Do all registrars get to look at all data all the time, if not how is it going to be policed? How many miscreant registrars are there out there?<o:p></o:p></p></div><div><p class=MsoNormal>AS always, pardon the naivete of my questions. <o:p></o:p></p></div><div><p class=MsoNormal>Stephanie<o:p></o:p></p><div><div><p class=MsoNormal>On 2014-02-16, at 8:29 AM, Mike O'Connor wrote:<o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'> <o:p></o:p></p><div><p class=MsoNormal>thanks Stephanie and Greg for kicking this thread off so well.<o:p></o:p></p><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>let me add another dimension to the discussion — i’m going to combine a couple of fuzzy terms to coin a new one and see if it sticks. “Policy Architecture” <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>i’m involved in several WG’s that touch (or depend on) Whois, or its replacement. the most interesting puzzler is the IRTP-C PDP, which introduced the notion of “inter REGISTRANT transfer” to the existing inter REGISTRAR transfer policy. IRTP-C is now in the implementation process and there are turning out to be a lot of dependencies in there. <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>one of the fundamental notions that IRTP-C introduced was the idea that registrars need determine whether the transfer is just inter-registrar, or whether it’s also inter-registrant. the question is, how will registrars determine whether the registrant is changing or not? one answer, which works in thick Whois environments, is to go look at whois data at the registry and see if registrant data is changing. if it is, then it’s an inter-REGISTRANT transfer and new safeguards apply. if not, it’s just an inter-registrar transfer.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>when we wrote that section of the report, we knew that it was hard to do that — but we were (correctly) counting on some things changing fairly soon. sure enough, the Thick Whois PDP has just been approved by the Board, which means that “go look at registry data” option will exist for all TLDs. <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>the puzzler for me is who looks after these meta-level dependencies? what if Thick Whois had gone the other way? what if the EWG process concludes that registrars can’t look at that data? who minds that “architectural” framework in the policy-making process?<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>mikey<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p><div><p class=MsoNormal><br><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif"'>PHONE: 651-647-6109, FAX: 866-280-2356, WEB: <a href="http://www.haven2.com/">www.haven2.com</a>, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)</span> <o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal>_______________________________________________<br>Gnso-ssr mailing list<br><a href="mailto:Gnso-ssr@icann.org">Gnso-ssr@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-ssr">https://mm.icann.org/mailman/listinfo/gnso-ssr</a><o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal>_______________________________________________<br>Gnso-ssr mailing list<br><a href="mailto:Gnso-ssr@icann.org">Gnso-ssr@icann.org</a><br><a href="https://mm.icann.org/mailman/listinfo/gnso-ssr">https://mm.icann.org/mailman/listinfo/gnso-ssr</a><o:p></o:p></p></div><p class=MsoNormal> <o:p></o:p></p></div></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal><br><span style='font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black'>PHONE: 651-647-6109, FAX: 866-280-2356, WEB: <a href="http://www.haven2.com">www.haven2.com</a>, HANDLE: OConnorStP (ID for Twitter, Facebook, LinkedIn, etc.)</span> <o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>