<div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:#000000">Volker,</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:#000000">Thanks. This is very helpful and also a bit different. I think the policy you are saying currently exists and that you want to continue is:</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default"><blockquote style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:small;margin:0px 0px 0px 40px;border:none;padding:0px"><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:#000000">A registrar <u>must</u> perform operational validation and <u>may</u> choose to perform identity validation.</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:#000000"><br></div></blockquote><font color="#000000" face="arial, sans-serif">In our notation, this is precisely expressed as V2..V3. i.e. V2 or V3. Further, if the ICANN policy is V2..V3, an individual registrar is free to set its own policy to be V2, V3, or V2..V3. Expressing this in words, an individual registrar may choose to always do operational validation, may choose to always do identity validation, or may choose to do operational validation on some registrations and identity validation on other registrations.</font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif"><br></font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif">As I said previously, I'm not arguing in favor of any particular policy; I'm just trying for precision and consistency across the documents.</font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif"><br></font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif">Steve</font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif"><br></font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif"><br></font></div><div class="gmail_default"><font color="#000000" face="arial, sans-serif"><br></font></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 19, 2021 at 1:34 PM Volker Greimann <<a href="mailto:volker.greimann@centralnic.com" target="_blank">volker.greimann@centralnic.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi Steve,</div><div><br></div><div>being one of the negotiators of the RrSG team for the 2013 RAA, I can shed a bit of light on that section:</div><div>IIRC, originally ICANN wanted an automatic suspension in case the verification failed (no response trigger was received). We pushed back on that, citing how this may lead to problems for important domain names due to clerical oversights within the registrant organizations, for example after transfers. The compromise we ended up with that instead of automatic suspension, the registrar may first try to clear up the issue with their customer, if deemed necessary. Most registrars suspend right away, but some, like corporate service registrars will usually verify the details with their customers. This was intended only as an "out" of the automated suspension, not as an obligation to verify. <br></div><div><br></div><div>Best,<br></div><div><br></div><div><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><span lang="EN-US">-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: </span><a href="http://www.key-systems.net/" style="color:rgb(17,85,204)" target="_blank"><span lang="EN-US">www.key-systems.net</span></a><span lang="EN-US"><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<br><br></span><span style="font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgb(248,249,250)">This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.</span></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 19, 2021 at 7:21 PM Steve Crocker <<a href="mailto:steve@shinkuro.com" target="_blank">steve@shinkuro.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">Volker and Sarah,</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">I think you are in agreement that you do check whether email or phone number is operational and you do <u>not</u> check whether either actually reaches the person. And I agree the terms operational/operable validation/verification correctly specifies this. The only piece of this puzzle that seems inconsistent is section f, particularly the last paragraph:</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><blockquote style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;margin:5pt 0cm 5pt 30pt"><div><div><p class="MsoNormal"><span style="font-size:7.5pt;font-family:Helvetica,sans-serif;color:rgb(51,51,51)">In either case, if Registrar does not receive an affirmative response from the Registered Name Holder, Registrar shall either verify the applicable contact information manually or suspend the registration, until such time as Registrar has verified the applicable contact information. If Registrar does not receive an affirmative response from the Account Holder, Registrar shall verify the applicable contact information manually, but is not required to suspend any registration.</span><span style="font-family:Arial,sans-serif;color:black"><u></u><u></u></span></p></div></div></blockquote><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif"><p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><u></u> I'm not taking a position as to whether the registrar should or should not use a higher level of verification. I'm only focused here on consistency of the relevant documents.</span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><br></span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black">Steve</span></p><p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif;color:black"><br></span></p></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 19, 2021 at 1:15 PM Volker Greimann <<a href="mailto:volker.greimann@centralnic.com" target="_blank">volker.greimann@centralnic.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi Steve,</div><div><br></div><div>no, the Spec does not require identity verification. The requirement is that the email address or phone number is functional and the recipient provides a trigger-response, but it does not require any verification of identity who is providing this response. So one could argue that the operational definition is broader than that in SAC 058, but on the other hand we did not look at SAC 058 when we drafted the language of the RAA. Note that the RAA speaks of "verification" here, not "validation" as the SAC does.. <br></div><div><br></div><div>Ultimately, all that is checked is the operationality (can the email address receive messages that are being read?), but that is a far way off from actual identity validation. <br></div><div><br></div><div>Best,<br></div><div><br></div><div><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><span lang="EN-US">-- <br>Volker A. Greimann<br>General Counsel and Policy Manager<br><b>KEY-SYSTEMS GMBH</b><br><br>T: +49 6894 9396901<br>M: +49 6894 9396851<br>F: +49 6894 9396851<br>W: </span><a href="http://www.key-systems.net/" style="color:rgb(17,85,204)" target="_blank"><span lang="EN-US">www.key-systems.net</span></a><span lang="EN-US"><br><br>Key-Systems GmbH is a company registered at the local court of Saarbruecken, Germany with the registration no. HR B 18835<br>CEO: Oliver Fries and Robert Birkner<br><br>Part of the CentralNic Group PLC (LON: CNIC) a company registered in England and Wales with company number 8576358.<br><br></span><span style="font-family:Roboto,sans-serif;font-size:14px;white-space:pre-wrap;background-color:rgb(248,249,250)">This email and any files transmitted are confidential and intended only for the person(s) directly addressed. If you are not the intended recipient, any use, copying, transmission, distribution, or other forms of dissemination is strictly prohibited. If you have received this email in error, please notify the sender immediately and permanently delete this email with any files that may be attached.</span></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 19, 2021 at 6:55 PM Steve Crocker <<a href="mailto:steve@shinkuro.com" target="_blank">steve@shinkuro.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">Sarah,</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">Doesn't section f of the Whois Accuracy Specification require <i style="font-weight:bold">identity validation</i>, not just <i><b>operational (operable) validation</b></i>?</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">If the RrSG is proposing <b><i>operational validation</i></b>, this seems to me a weakening of the current validation requirement and would not be consistent with section f. On the other hand, if the RrSG is proposing validation consistent with section f, the terminology <i style="font-weight:bold">identity validation</i> would be consistent.</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">Here's the text of section f:</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div></div><blockquote style="margin:0px 0px 0px 40px;border:medium none;padding:0px"><div><div class="gmail_default" style="font-family:arial,sans-serif;color:rgb(0,0,0)"><font size="1">f. Verify:</font></div></div></blockquote><blockquote style="margin:0px 0px 0px 40px;border:medium none;padding:0px"><font size="1"><ol><li><font size="1">the email address of the Registered Name Holder (and, if different, the Account Holder) by sending an email requiring an affirmative response through a tool-based authentication method such as providing a unique code that must be returned in a manner designated by the Registrar, or<br></font><br></li><li>the telephone number of the Registered Name Holder (and, if different, the Account Holder) by either (A) calling or sending an SMS to the Registered Name Holder's telephone number providing a unique code that must be returned in a manner designated by the Registrar, or (B) calling the Registered Name Holder's telephone number and requiring the Registered Name Holder to provide a unique code that was sent to the Registered Name Holder via web, email or postal mail.</li></ol></font></blockquote><blockquote style="margin:0px 0px 0px 40px;border:medium none;padding:0px"><div><div class="gmail_default" style="font-family:arial,sans-serif;color:rgb(0,0,0)"><span style="color:rgb(51,51,51);font-family:helvetica,arial,sans-serif"><font size="1">In either case, if Registrar does not receive an affirmative response from the Registered Name Holder, Registrar shall either verify the applicable contact information manually or suspend the registration, until such time as Registrar has verified the applicable contact information. If Registrar does not receive an affirmative response from the Account Holder, Registrar shall verify the applicable contact information manually, but is not required to suspend any registration.</font></span></div></div></blockquote><font size="1" face="helvetica, arial, sans-serif" color="#333333"><span class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><div><font size="1" face="helvetica, arial, sans-serif" color="#333333"><span class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></span></font></div>In SAC 058, the following definitions are provided:</span></font><div><font face="arial, sans-serif" color="#000000"><br></font><blockquote style="margin:0px 0px 0px 40px;border:medium none;padding:0px"><div><div class="gmail_default" style="font-family:arial,sans-serif;color:rgb(0,0,0)"><b>Operational Validation</b> refers to the assessment of data for their intended use in
their routine functions. Examples of operational validation include 1) checking
that an email address or phone number can receive email or phone calls; 2)
checking that a postal address can receive postal mail; 3) checking that the data
entered are self-consistent, i.e. that all data are logically consistent with all other
data. It is expected that many operational validation checks would be automated
and some could be executed inline with a registration process.<br><br><b>Identity validation</b> refers to the assessment that the data corresponds to the real
world identity of the entity. It involves checking that a data item correctly
represents the real world identity for the registrant. In general, identity validation
checks are expected to require some manual intervention.<span style="color:rgb(51,51,51);font-family:helvetica,arial,sans-serif"><font size="1"><br></font></span></div></div></blockquote><div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">Thanks,</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)">Steve</div><div class="gmail_default" style="font-family:arial,sans-serif;font-size:small;color:rgb(0,0,0)"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Oct 19, 2021 at 8:50 AM Sarah Wyld <<a href="mailto:swyld@tucows.com" target="_blank">swyld@tucows.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div lang="EN-CA"><div><div><p class="MsoNormal"><span style="font-family:Arial,sans-serif;color:black">Hello all,<u></u><u></u></span></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm"><span style="font-family:Arial,sans-serif;color:black">The RrSG members of the Accuracy Scoping team propose the following definition of “accuracy” for domain name registration data, as per our homework assignment:</span><u></u><u></u></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm"><b><span style="font-family:Arial,sans-serif;color:black">"<i>Accuracy shall be strictly defined as syntactical accuracy of the registration data elements provided by the Registered Name Holder as well as the operational accuracy of either the telephone number or the email address.</i>"</span></b><u></u><u></u></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm"><span style="font-family:Arial,sans-serif;color:black">To be determined to be <b>syntactically accurate</b>, the contact must satisfy all requirements for validity (see </span><a href="https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois-accuracy" target="_blank"><span style="font-family:Arial,sans-serif;color:rgb(17,85,204)">Whois Accuracy Program Specification</span></a><span style="font-family:Arial,sans-serif;color:black"> Sections 1b-d). E.g. for email addresses, all characters must be permissible, the “@” symbol is required, there must be characters before the “@” symbol (the “local” component), there must be a valid top-level domain at the end, and there must be a valid domain after the “@” symbol, but before a “.” and the valid top-level domain.</span><u></u><u></u></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm"><span style="font-family:Arial,sans-serif;color:black">To be determined to be <b>operably accurate</b>, the contact must be operable as defined in the </span><a href="https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#whois-accuracy" target="_blank"><span style="font-family:Arial,sans-serif;color:rgb(17,85,204)">Whois Accuracy Program Specification</span></a><span style="font-family:Arial,sans-serif;color:black"> Section f; in other words, the email must be deliverable, the telephone number has to connect without an error message such as that the number is invalid or disconnected, and the postal address must be mailable.</span><u></u><u></u></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm"><span style="font-family:Arial,sans-serif;color:black">The RAA currently requires validation of syntactical accuracy and verification of operational accuracy for either email or phone.<u></u><u></u></span></p><p style="margin-right:0cm;margin-bottom:12pt;margin-left:0cm"><span style="font-family:Arial,sans-serif;color:black">Thank you,</span></p></div><p class="MsoNormal"><u></u> <u></u></p><pre><span style="font-family:Verdana,sans-serif">-- <u></u><u></u></span></pre><pre><b><span style="font-family:Verdana,sans-serif">Sarah Wyld</span></b><span style="font-family:Verdana,sans-serif">, CIPP/E<u></u><u></u></span></pre><pre><span style="font-family:Verdana,sans-serif"><u></u> <u></u></span></pre><pre><span style="font-family:Verdana,sans-serif">Policy & Privacy Manager<u></u><u></u></span></pre><pre><span style="font-family:Verdana,sans-serif">Pronouns: she/they<u></u><u></u></span></pre><pre><span style="font-family:Verdana,sans-serif"><u></u> <u></u></span></pre><pre><span style="font-family:Verdana,sans-serif"><a href="mailto:swyld@tucows.com" target="_blank">swyld@tucows.com</a> <u></u><u></u></span></pre><pre><span style="font-family:Verdana,sans-serif">+1.416 535 0123 Ext. 1392<u></u><u></u></span></pre><p class="MsoNormal"><span style="font-size:10pt;font-family:"Courier New""><u></u> <u></u></span></p><p class="MsoNormal"><img style="width: 1.0416in; height: 0.2239in;" id="gmail-m_6833988587641389446gmail-m_-2911995027630622348gmail-m_-6525660983108149414gmail-m_-4234920059598265247gmail-m_3777497051363071774gmail-m_3142270449504956758Picture_x0020_3" src="cid:17c9964463f61447d01" width="100" height="22" border="0"><u></u><u></u></p><p class="MsoNormal"><u></u> <u></u></p></div></div>_______________________________________________<br>
GNSO-Accuracy-ST mailing list<br>
<a href="mailto:GNSO-Accuracy-ST@icann.org" target="_blank">GNSO-Accuracy-ST@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-accuracy-st" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-accuracy-st</a><br>
<br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div></div></div>
_______________________________________________<br>
GNSO-Accuracy-ST mailing list<br>
<a href="mailto:GNSO-Accuracy-ST@icann.org" target="_blank">GNSO-Accuracy-ST@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-accuracy-st" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-accuracy-st</a><br>
<br>
_______________________________________________<br>
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a href="https://www.icann.org/privacy/policy" rel="noreferrer" target="_blank">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a href="https://www.icann.org/privacy/tos" rel="noreferrer" target="_blank">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.</blockquote></div>
</blockquote></div>
</blockquote></div>
</blockquote></div>