[gnso-rds-pdp-wg] The Whois roles are not well defined

[Rob Golding]

Hi Steve 

A few inline comments ...

> I don't know if there is widely agreed upon name
> of this role, so I'll call her the domain controller.  

Account Holder is the term Registrars generally use (and that we've managed to train ICANN Compliance to understand)

> It's the domain controller who populates the registrant, admin and tech
> fields

In some cases, but in a great number (like the millions of domains handled by resellers) no - it's whomever is ordering it, which can be many levels down from the actual account holder

> In
> the extreme, the controller can put in the names of people who have NO
> relationship with the domain.  

That happens (both inadvertently and deliberately) , and due to the IRTP_C "change of control" misinterpretation by ICANN staff, is now almost impossible to fix
 - for reasons unknown the rodent living in the enchanted castle appears reluctant to follow the change of control process which would remove him as the contact

> The list of contacts was intended to make it easy
> for the relevant people in authority to get in touch with each other when
> there was a problem.

Indeed, although the days of going "oi, john, you made a typo on that A record, all your FTP connections are hitting my server, can you fix, and BTW 'Passw0rd' is probably not that secure! " ended last millennium, now your IDS just drops the entire ASN at the edge automatically, and any attempt to be helpful is usually followed by a UDRP, domain hijack attempt or ending up on a spam blacklist.

> There is, of course, one particular role that is well defined.  It's the billing
> contact.  If the registrar sends a message to the billing contact and says the
> bill hasn't been paid, the billing contact either takes care of the problem or
> the registrar shuts down the account.

The billing contact on a domain has not had anything at all to do with who gets invoiced (or whatever) since the introduction of multiple registrars (so mid-90s)

> what happens if we simply remove the admin and tech contacts? 

If you lose the idea of that "role" having specific things they can "do" then those of us that like structures/heirarchies/standards/etc would lose another small piece of our souls' but t'interwebbyfacetweetnet would still work just fine :)

> Because the name
> server operator sometimes needs to change the information in the registry
> that's associated with the domain name

Almost never (simply due to the disruption it can cause) would there be a mass changing of the nameservers needed on a domain - the cost of a record in a db or maintaining an old "brand name" domain for nameserver use is so minimal in comparison.

They do need to update the "nameserver registration" data though (less disruptive but more frequently depending on their size/operations) - although the need to "register" nameservers in order to use them (as opposed to self-reference them) is simply a 30 year old design fault for gTLDs

> it will be the name server operator that will generate a new
> key and create a new DS record on a regular schedule and .  This requires
> putting the new DS record in the parent.  Again, since the only path is
> through the registrar...

Another design flaw [ and a good reason not to use the "it-solves-no-known-problem" DNSSEC system ]

As you said, ideas for solutions to that flaw (allowing a special category of contact/access/api-user) have been bounced around for years, but not really gained support (for security reasons more than anything)

Rob





---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus