[gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy

Greg Aaron gca at icginc.com
Thu Feb 15 15:34:49 UTC 2018 

No, I'm not talking about the "registrar expiration date" and renewal date stuff.  I'm talking more serious variances.  Such as variances in a domain's delegated nameservers that are not attributable to race conditions, and failures to update contact data up to the registry.  Recently I even saw a registrar who gave multiple different IANA ID numbers for itself in its WHOIS output, depending on various factors.  That kind of thing is ridiculous and it happens.

Flipping this to a private venue isn’t the answer.  It's a public issue that one PDP already addressed, and has come up here again.  The point is that thick registries provide advantages by acting as authoritative repositories of data and by serving authoritative RDS.



-----Original Message-----
From: Michele Neylon - Blacknight [mailto:michele at blacknight.com] 
Sent: Thursday, February 15, 2018 9:34 AM
To: Greg Aaron <gca at icginc.com>; Andrew Sullivan <ajs at anvilwalrusden.com>; gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy

Greg

That's not entirely the registrar's fault. In order to offer 30 days grace the registrar has to renew the domain with the registry and then delete it if they don't get paid, so registry shows +1 year in some cases.

Nameserver records - those should be in sync - again I'm not sure if that's entirely a registrar issue or a joint one.

And tbh I really don't think that this conversation is helping anyone - the RrSG has been working the RySG on addressing operational issues together. If you're still affiliated with a registry please join.

Regards

Michele


--
Mr Michele Neylon
Blacknight Solutions
Hosting, Colocation & Domains
https://www.blacknight.com/
http://blacknight.blog/
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Personal blog: https://michele.blog/
Some thoughts: https://ceo.hosting/
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845 On 15/02/2018, 14:31, "Greg Aaron" <gca at icginc.com> wrote:

    Michele:   Not talking about that so much (although the PDP did address it).  The bigger problem, as you know, was that some registrars serve different data for a domain than the registry is -- such as expiration dates that do not match, and differing nameserver records.  That kind of thing is still happening with .com and .net records.
    
    
    
    -----Original Message-----
    From: Michele Neylon - Blacknight [mailto:michele at blacknight.com] 
    Sent: Thursday, February 15, 2018 9:21 AM
    To: Greg Aaron <gca at icginc.com>; Andrew Sullivan <ajs at anvilwalrusden.com>; gnso-rds-pdp-wg at icann.org
    Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy
    
    Greg
    
    There was no contractual obligation for uniformity in the whois output until the introduction of the 2013 contract. The lack of uniformity etc., was not a matter of "failure" by registrars to do anything - there was nothing agreed for them to do or adhere to nor any contractual obligation to do it.
    
    
    Regards
    
    Michele
    
    
    --
    Mr Michele Neylon
    Blacknight Solutions
    Hosting, Colocation & Domains
    https://www.blacknight.com/
    http://blacknight.blog/
    Intl. +353 (0) 59  9183072
    Direct Dial: +353 (0)59 9183090
    Personal blog: https://michele.blog/
    Some thoughts: https://ceo.hosting/
    -------------------------------
    Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
    Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845 On 15/02/2018, 14:04, "gnso-rds-pdp-wg on behalf of Greg Aaron" <gnso-rds-pdp-wg-bounces at icann.org on behalf of gca at icginc.com> wrote:
    
        Dear Andrew:
        
        Well... no.    We can certainly agree that a move to RDAP is sorely needed.  But deficiencies in the WHOIS protocol were not the problem.  Rather it was failure by many registrars to implement properly and uniformly -- not just "bad actors" but the many more that were inattentive or not competent.  
        
        The Thick WHOIS PDP laid out the reasons for going thick.  They included:
        
        "Historically, the centralized databases of thick Whois registries are operated under a single administrator that sets conventions and standards for submission and display, archival/restoration and security have proven easier to manage. By contrast, registrars set their own conventions and standards for submission and display, archival/restoration and security registran tinformation under a thin Whois model....
         The thin model is thus criticized for introducing variability among Whois services, which can be problematic for legitimate forms of automation. It is this problem that prompted the IRTP B Working Group to recommend requiring thick Whois across incumbent registries - in order to improve security, stability and reliability of the domain transfer process...
        A thick Whois model also offers attractive archival and restoration properties.... A thick Whois model also reduces the degree of variability in display formats. Furthermore, a thick registry is better positioned to take measures to analyze and improve data quality since it has all the data at hand."
        
        In other words: security, stability, and usability reasons.
        
        The accuracy of the data is a completely separate matter.
        
        A distributed system relies on the competence, robustness, and good faith of all the parties involved.  Centralizing some aspects can mitigate failures, incompetence, and bad faith.
        
        All best,
        --Greg
        
        
        -----Original Message-----
        From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Andrew Sullivan
        Sent: Wednesday, February 14, 2018 5:13 PM
        To: gnso-rds-pdp-wg at icann.org
        Subject: Re: [gnso-rds-pdp-wg] Using the GDPR as a basis for RDS Policy
        
        On Wed, Feb 14, 2018 at 05:14:28PM +0100, Volker Greimann wrote:
        > 
        > Heretic thought of the day: We will probably be looking at a 
        > thin/distributed model again, or at least a model where data does not 
        > leave certain jurisdictions without legitimate reasons/justification.
        
        As I have argued repeatedly, the only justifications for centralisation and "thick" registries in the first place were (1) deficiencies in the whois protocol that made distributed operation hard and (2) bad-actor registrars who wouldn't keep their data in good shape.
        
        (1) is, of course, solved by ditching whois for a better protocol, which protocol we already have built and waiting for use.  One could even put a whois "gloss" on such a protocol (which would in that case, of course, only hand out the minimal data), so that people's tools don't all break overnight.  This is all well understood by anyone remotely familiar with network operations (cf. Scott H's excellent testbed).
        
        (2) is, of course, not solved at all by centralisation, since the
        (competent) bad actors just lie when they upload the data.  There never was an advantage there, as anyone familiar with network fraud told people even at the time.
        
        So I don't think the idea is heretical at all.  I think it's a good idea.
        
        Best regards,
        
        A
        
        --
        Andrew Sullivan
        ajs at anvilwalrusden.com
        _______________________________________________
        gnso-rds-pdp-wg mailing list
        gnso-rds-pdp-wg at icann.org
        https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
        
        _______________________________________________
        gnso-rds-pdp-wg mailing list
        gnso-rds-pdp-wg at icann.org
        https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list