[gtld-tech] RDE (Registrar Data Escrow) specs, verification, data handling
Thomas Corte (COREhub support)
Thomas.Corte at knipp.de
Mon Jun 20 17:20:23 UTC 2022
Hello,
lately we've received some new warnings in the response e-mails we're
receiving from our RDE Agent (IronMountain/NCC) after making a deposit.
They seem to indicate that ICANN is starting a stricter verification of
the RDE CSV data than what was previously applied, to check compliance
with https://www.icann.org/en/system/files/files/rde-specs-09nov07-en.pdf
and a new document entitled "Registrar Data Escrow Guidelines" which
we've received from NCC but which doesn't seem to be published anywhere
online.
In this context, we were wondering about some of the involved data
handling that seems to be implied by the verification messages, and what
other registrars on this list may be doing in this regard. In particular,
1) Do you locally store the data of non-sponsored contact objects
referenced by your domains?
For thick registries, it is usually perfectly legal for a domain
sponsored by registrar A to use a contact sponsored by registrar B, e.g.
after a transfer. Thanks to GDPR and other data protection policies, the
data of such foreign contact can usually not be inquired by the
non-sponsoring registrar, which makes its local storage impossible.
Nevertheless, the Escrow guidelines seem to dictate that registrar A's
RDE deposits should include the data of registrar B's contact, which in
most cases cannot be known by registrar A. Of course, one way to solve
this would be to require registrars to only use their own contacts in all
of their domains, but this somewhat breaks the relation model between
domains and contacts (as obviously intended by the inventors of EPP) as
far as its cross-registrar application is concerned.
2) How to you handle domains which are lacking certain contact types?
The contact types for which some data is expected in the RDE deposit are
still the usual four: registrar, admin, tech, billing. However, some
gTLDs are no longer requiring billing contacts thanks to GDPR (they never
made much sense in the first place), and even admin and tech are
oftentimes no longer required (e.g., CentralNic doesn't seem to enforce
admin contacts anymore).
If anyone from ICANN is reading this, any input would also be highly
appreciated, especially regarding the new document "Registrar Data Escrow
Guidelines" which seems to also introduce some new requirements regarding
proxy contacts.
Generally, this could be a good opportunity to standardize, streamline
and modernize the RDE data format, which was so far highly
underspecified. Unfortunately, the new documents that popped up recently
(see above) are not helping with this issue, on the contrary: they are
creating even more uncertainty instead.
Best regards,
Thomas Corte
on behalf of COREhub
--
--=== COREhub Technical Support ===-------------------------------------
Thomas.Corte at knipp.de Thomas Corte
COREhub, IANA ID 15
More information about the gtld-tech
mailing list