<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-7"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:908658519;
mso-list-type:hybrid;
mso-list-template-ids:-2083256902 1852704970 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:Arial;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Dear EWG,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>First of all, we would like to express our appreciation for embarking on this endeavor. We fully agree that starting with a clean slate is crucial for defining the next generation of registration data and we encourage you to collaborate with the community in order to bring a better, holistic product.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>RSA’s Anti-Fraud Command Center (AFCC) is a veteran player in the infosec landscape, focusing on fighting online fraud and malicious activities.<o:p></o:p></p><p class=MsoNormal>Analyzing WHOIS data is the bread and butter of our business so we find it as a great opportunity to contribute and to shape the next generation of the WHOIS infrastructure.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>We have carefully read the relevant documents and FAQ and would like to share our inputs and raise some questions:<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>Purpose-Driven Data Access and Disclosure</b> – <o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>We suggest to employ a flexible RBAC that will enable authorized users to obtain full information and even bypass privacy protection services, especially users like LEA, non-LEA, white hats, etc.;<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Will the ARDS enforce query limits?<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>New Data Set</b> – <o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>It is not entirely clear how is the new registration data set look like and which data elements are mandatory;<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>When can we expect to see the new format?;<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Will RDS be available just as a text or in additional formats (e.g.: XML)?;<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>Resellers</b> – we often see not only proxy/privacy providers but also resellers; we believe that resellers should disclose their end subscriber as well;<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>ccTLDs</b> –<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>This comment is general to ICANN as we get the appreciation that guidelines and regulations legislated by ICANN are mandatory for gTLDs and not always being respected by ccTLDs registries. Sometimes they absorb or comply with these guidelines in a significant delay. We do not fully understand that in general and wonder if the RDS is the next generation ‘WHOIS’ for all types of domain names, or not;<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Nowadays we encounter plenty of ccTLD registries that maintain registration information in the local language (e.g.: Brazil, Taiwan, China, and more); we suggest to enforce a rule to require uniform registration form in English (perhaps in addition to the local language);<o:p></o:p></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Would RDS be a ‘one stop shop’? Would it be possible to query all registries (of both gTLDs and ccTLDs) under one roof?<o:p></o:p></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>Registration Data Elements</b> – we suggest to consider the following data elements as mandatory and to audit them on a regular basis:<b><o:p></o:p></b></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>The domain’s purpose or the domain’s usage purpose. While we believe that scammers and fraudsters who register domains to commit online fraud wouldn’t be honest in filling this field, we also believe that if this field is mandatory <u>and</u> if provision of false information would be considered as breaking the terms of registration, it would be an effective avenue to reduce fraud;<b><o:p></o:p></b></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Clearer and more conclusive statuses. The current statuses (e.g. ClientTransferProhibited et al) are sometimes vague;<b><o:p></o:p></b></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Registrant identifier – serial number, ID or any other unique identifier;<b><o:p></o:p></b></p><p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in;mso-list:l0 level2 lfo1'><![if !supportLists]><span style='font-family:"Courier New"'><span style='mso-list:Ignore'>o<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span>Registrar identifier – serial number, ID or any other unique identifier. We encounter multiple variations of the same entity; <b><o:p></o:p></b></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>Tracking</b> – it would be handy to be able to see previous versions of the RDS record. When a registrant update something in the registration info (even just extends the registration) it shows when the WHOIS ‘last updated’ but there is no reference to <u>what</u> updated;<b><o:p></o:p></b></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>API</b> – would it be possible to obtain RDS info via API?<b><o:p></o:p></b></p><p class=MsoListParagraph style='text-indent:-.25in;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-family:Symbol'><span style='mso-list:Ignore'>·<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span dir=LTR></span><b>Implementation</b> – would RDS apply only for new domain names or for existing domain names as well? How much time do you believe it will take to transfer the existing registration info into RDS?<b><o:p></o:p></b></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>We are looking forward to collaborating with you.<o:p></o:p></p><p class=MsoNormal>Thank you for opening this important initiative to public comments.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Kind Regards,<o:p></o:p></p><p class=MsoNormal>Oren David<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><b><span style='font-size:9.0pt;font-family:"Tahoma","sans-serif"'>Oren David</span></b><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:#5F5F5F'> </span></b><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#5F5F5F'>| AFCC Operations Manager | Online Threats Managed Services (OTMS) | </span></b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:white;background:red'>RSĖ</span><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#5F5F5F'>, The Security Division of EMC |</span></b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:#5F5F5F'> <b>O: +972-9-9732237; M: +972-54-3076670 | e:</b></span><b><span style='font-size:7.5pt;font-family:"Tahoma","sans-serif";color:red'> </span></b><span style='font-family:"Tahoma","sans-serif"'><a href="mailto:oren.david@rsa.com"><b><span style='font-size:7.5pt;color:blue'>oren.david@rsa.com</span></b></a><o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p></div></body></html>