[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy

Greg Aaron gca at icginc.com
Thu Feb 15 14:03:49 UTC 2018 

Dear Andrew:

Well... no.    We can certainly agree that a move to RDAP is sorely needed.  But deficiencies in the WHOIS protocol were not the problem.  Rather it was failure by many registrars to implement properly and uniformly -- not just "bad actors" but the many more that were inattentive or not competent.  

The Thick WHOIS PDP laid out the reasons for going thick.  They included:

"Historically, the centralized databases of thick Whois registries are operated under a single administrator that sets conventions and standards for submission and display, archival/restoration and security have proven easier to manage. By contrast, registrars set their own conventions and standards for submission and display, archival/restoration and security registran tinformation under a thin Whois model....
 The thin model is thus criticized for introducing variability among Whois services, which can be problematic for legitimate forms of automation. It is this problem that prompted the IRTP B Working Group to recommend requiring thick Whois across incumbent registries - in order to improve security, stability and reliability of the domain transfer process...
A thick Whois model also offers attractive archival and restoration properties.... A thick Whois model also reduces the degree of variability in display formats. Furthermore, a thick registry is better positioned to take measures to analyze and improve data quality since it has all the data at hand."

In other words: security, stability, and usability reasons.

The accuracy of the data is a completely separate matter.

A distributed system relies on the competence, robustness, and good faith of all the parties involved.  Centralizing some aspects can mitigate failures, incompetence, and bad faith.

All best,
--Greg


-----Original Message-----
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Andrew Sullivan
Sent: Wednesday, February 14, 2018 5:13 PM
To: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy

On Wed, Feb 14, 2018 at 05:14:28PM +0100, Volker Greimann wrote:
> 
> Heretic thought of the day: We will probably be looking at a 
> thin/distributed model again, or at least a model where data does not 
> leave certain jurisdictions without legitimate reasons/justification.

As I have argued repeatedly, the only justifications for centralisation and "thick" registries in the first place were (1) deficiencies in the whois protocol that made distributed operation hard and (2) bad-actor registrars who wouldn't keep their data in good shape.

(1) is, of course, solved by ditching whois for a better protocol, which protocol we already have built and waiting for use.  One could even put a whois "gloss" on such a protocol (which would in that case, of course, only hand out the minimal data), so that people's tools don't all break overnight.  This is all well understood by anyone remotely familiar with network operations (cf. Scott H's excellent testbed).

(2) is, of course, not solved at all by centralisation, since the
(competent) bad actors just lie when they upload the data.  There never was an advantage there, as anyone familiar with network fraud told people even at the time.

So I don't think the idea is heretical at all.  I think it's a good idea.

Best regards,

A

--
Andrew Sullivan
ajs at anvilwalrusden.com
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list