[gnso-rds-pdp-wg] Some reg'n data I think necessary (was Re: GNSO Next-Gen RDS PDP Working Group teleconference)

Holly Raiche h.raiche at internode.on.net
Sun Mar 20 21:41:23 UTC 2016 

Hi Andrew

A really big thank you for this explanation.  It is exactly what I was looking for.  Mine was a genuine question - what information is needed and why.  And it puts us just where we need to be - what information is exposed - or not.

So thank you for the time, effort and full explanation

Holly
On 21 Mar 2016, at 4:16 am, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:

> Dear colleagues,
> 
> On Sun, Mar 20, 2016 at 09:30:41AM -0500, Carlton Samuels wrote:
> 
>> Is there a need for the collection of registration data, and, to
>> what end?
> 
> It is important for operators on the Internet to be able to contact
> operators of other domains, in order to deal with abuse, network
> misconfiguration, and so forth.  Most obviously, for instance, if a
> domain has some sort of mail loop problem there is literally no way to
> contact the operator of the domain except off-Internet.
> 
> Some participants in this discussion appear to believe that we need to
> prove everything from first principles before moving on to practical
> questions.  Even if I understand such an impulse, I think it amounts
> to a denial of service on this effort.  Therefore, I hereby offer some
> basic assertions, which I make in decreasing order of (my) commitment
> to them.  I believe that each of these is relevant to technical
> operations of Internet domains.  Accepting even one of these premises
> allows us to cut off (by entailment) any discussion of whether any
> registration data needs to be collected at all, and starts us on a
> discussion of how such data ought to be exposed.  (I am leaving aside
> issues of trademark and so on, because quite frankly I think the
> extension of trademark issues into the domain name space was a
> terrible mistake; but I'm sure someone else could come up with a list
> similar to what I offer here while including trademarks.  There are
> many lists in the world; this is mine):
> 
> • Every domain on the Internet must have name servers in order to
> function.  The RDS ought to contain those name servers so that, in the
> event of technical problems, other operators can detect whether there
> is a gap between what the registry contains and what the authoritative
> servers contain.
> 
> • Many domans are signed, and in a signed domain that delegates the
> delegation will have a DS record.  The RDS ought to contain the DS
> record for the same reason the RDS ought to contain the name servers.
> In signed domains today, this may be even more important than the NS
> records, given the frequency of DNSSEC misconfiguration (but I expect
> this issue to decline over time).
> 
> • Every name server has someone responsible for its operation.  The RDS
> ought to contain contact information for a given domain or the name
> server or (preferably) both, so that in the event of serious
> malfunction such that interoperation is impossible there is some
> mechanism for out-of-band contact in order to rectify the problem.
> 
> • In shared registration systems, it is usually (always?) the case
> that registrations are not single-occasion, but instead are
> registration at a point in time for some term.  It is therefore
> necessary, for troubleshooting interoperation, to know when a name's
> registration is expiring and also when it was last updated (to
> troubleshoot recent problems that might be related to changes).
> 
> • In any registry using EPP, every domain has an authInfo associated
> with it in order to help authorize transfer requests.  This data must
> be collected by the registry (it's part of the protocol.  Please don't
> tell me we're going to investigate whether EPP is the correct
> protocol.  It's the one we have).
> 
> • In gTLDs, most (all?  I know there have been exceptions in the past,
> because I made the entries in the relevant database) registrations are
> registered through a registrar.  There are two reasons to be able to
> learn the registrar of a name.  It is necessary for other Internet
> parties to be able to learn the registrar in order to deal with
> registration problems and other operational problems where the name
> server contact was inadequate.  It is necessary for other registrars
> to be able to learn the existing registrar in order to facilitate
> registrant-demanded transfers.  (This second reason of course doesn't
> require the appearance in the RDS, but we are talking about why
> registration data needs to be collected in the first place.)
> 
> • Every registration is a registration by someone.  Some registrations
> are the source of abuse against other networks, and it is sometimes
> necessary to be able to learn the real information about such a
> registrant in order to stop such abuse.  Note that this is not an
> argument that such data need automatically be available anonymously
> through an RDS; just that it be collected.
> 
> • In gTLDs, most (all?  I know there have been exceptions in the past,
> because I made the entries in the relevant database) registrations
> include some cost that accrues to the registrant in exchange for the
> registration.  The identities of the parties responsible for keeping
> the data up to date and for paying the registration are required in
> order to ensure continued operation by the same party at the time of
> expiry of a registration term.  This ensures the utility of a domain
> name, by making it a useful name for a particular network over time
> (imagine the operational confusion if, when sending email to someone,
> you first had to figure out whether they were at the same domain name
> as yesterday).  Note that this is not an argument that such data need
> automatically be available anonymously through an RDS; just that it be
> collected at least by the registrar.
> 
>> Let us exercise good common-sensical judgment and resist the temptation to
>> re-invent wheels.
> 
> I agree.  AFAICT, the above list covers what is normally accessible in
> the whois output of contracted thick registries today, and indicates
> places where anonymous access seems optional.
> 
> Best regards,
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list