[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy

Michele Neylon - Blacknight michele at blacknight.com
Thu Feb 15 14:21:07 UTC 2018 

Greg

There was no contractual obligation for uniformity in the whois output until the introduction of the 2013 contract. The lack of uniformity etc., was not a matter of "failure" by registrars to do anything - there was nothing agreed for them to do or adhere to nor any contractual obligation to do it.


Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/ 
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
On 15/02/2018, 14:04, "gnso-rds-pdp-wg on behalf of Greg Aaron" <gnso-rds-pdp-wg-bounces at icann.org on behalf of gca at icginc.com> wrote:

    Dear Andrew:
    
    Well... no.    We can certainly agree that a move to RDAP is sorely needed.  But deficiencies in the WHOIS protocol were not the problem.  Rather it was failure by many registrars to implement properly and uniformly -- not just "bad actors" but the many more that were inattentive or not competent.  
    
    The Thick WHOIS PDP laid out the reasons for going thick.  They included:
    
    "Historically, the centralized databases of thick Whois registries are operated under a single administrator that sets conventions and standards for submission and display, archival/restoration and security have proven easier to manage. By contrast, registrars set their own conventions and standards for submission and display, archival/restoration and security registran tinformation under a thin Whois model....
     The thin model is thus criticized for introducing variability among Whois services, which can be problematic for legitimate forms of automation. It is this problem that prompted the IRTP B Working Group to recommend requiring thick Whois across incumbent registries - in order to improve security, stability and reliability of the domain transfer process...
    A thick Whois model also offers attractive archival and restoration properties.... A thick Whois model also reduces the degree of variability in display formats. Furthermore, a thick registry is better positioned to take measures to analyze and improve data quality since it has all the data at hand."
    
    In other words: security, stability, and usability reasons.
    
    The accuracy of the data is a completely separate matter.
    
    A distributed system relies on the competence, robustness, and good faith of all the parties involved.  Centralizing some aspects can mitigate failures, incompetence, and bad faith.
    
    All best,
    --Greg
    
    
    -----Original Message-----
    From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Andrew Sullivan
    Sent: Wednesday, February 14, 2018 5:13 PM
    To: gnso-rds-pdp-wg at icann.org
    Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy
    
    On Wed, Feb 14, 2018 at 05:14:28PM +0100, Volker Greimann wrote:
    > 
    > Heretic thought of the day: We will probably be looking at a 
    > thin/distributed model again, or at least a model where data does not 
    > leave certain jurisdictions without legitimate reasons/justification.
    
    As I have argued repeatedly, the only justifications for centralisation and "thick" registries in the first place were (1) deficiencies in the whois protocol that made distributed operation hard and (2) bad-actor registrars who wouldn't keep their data in good shape.
    
    (1) is, of course, solved by ditching whois for a better protocol, which protocol we already have built and waiting for use.  One could even put a whois "gloss" on such a protocol (which would in that case, of course, only hand out the minimal data), so that people's tools don't all break overnight.  This is all well understood by anyone remotely familiar with network operations (cf. Scott H's excellent testbed).
    
    (2) is, of course, not solved at all by centralisation, since the
    (competent) bad actors just lie when they upload the data.  There never was an advantage there, as anyone familiar with network fraud told people even at the time.
    
    So I don't think the idea is heretical at all.  I think it's a good idea.
    
    Best regards,
    
    A
    
    --
    Andrew Sullivan
    ajs at anvilwalrusden.com
    _______________________________________________
    gnso-rds-pdp-wg mailing list
    gnso-rds-pdp-wg at icann.org
    https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
    
    _______________________________________________
    gnso-rds-pdp-wg mailing list
    gnso-rds-pdp-wg at icann.org
    https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list