[registrars] WHOIS access tiers
Bruce Tonkin
Bruce.Tonkin at melbourneit.com.au
Fri Oct 27 00:30:03 UTC 2006
Hello All,
Further to Tim's comments on the OPOC proposal I would like to see some
more consideration of access tiers.
The three tiers that I can think of are:
(1) Anonymous, public access via port-43 and Web - OPOC proposal
(2) Authenticated access - build on concepts used for zonefile access
- requires the physical signing of an agreement that requires no use for
marketing (equivalent of WHOIS Marketing Restriction Policy that applies
to bulk WHOIS http://www.icann.org/registrars/wmrp.htm) - should
authenticate the name, phone, email and postal address of the
organisation signing such an agreement - e.g equivalent to having a
strong digital certificate. A fee can be charged to get this level of
access, to cover authentication and monitoring of use. For com/net
distributed WHOIS, a digital certificate could be issued by the com/net
registry that could be used by registrars to accept access, but a
registrar would also have the right to withdraw access if they suspect
misuse of the information for marketing purposes.
- this could access roughly the same information as collected by
registrars now (registrant name and postal address, admin, tech name,
postal address, phone and email).
- data can still be protected by private registration services offered
by registrars, but most of these result in the privacy turned off in the
context of any legal complaints
- ideally replace port-43 WHOIS with IRIS (RFC3981) for this purpose.
Web Based access also possible but requires authentication and possibly
human readable text to be entered.
- intended to meet the requirements of registrars, ISPs, IP attorneys,
brand owners, and law enforcement
- personally I would like transparency at the registry level where they
publish who has signed such an agreement and the number of queries per
entity with access
(3) Court order access - build on concepts of IPC "special
consideration" proposal
- requires demonstration of need for anonymous registration
- is identified in the WHOIS as "anonymous" registration, but publish
other technical information
- requires court order to obtain access
- intended to meet the requirements of those wanting to protect freedom
of speech, rape crisis centers etc - ie the usual scenarios described by
the non-commercial constituency
I am interested what others think of this approach.
Regards,
Bruce Tonkin
More information about the registrars
mailing list