[registrars] WHOIS access tiers

Bruce Tonkin Bruce.Tonkin at melbourneit.com.au
Fri Oct 27 00:30:03 UTC 2006 

Hello All,

Further to Tim's comments on the OPOC proposal I would like to see some
more consideration of access tiers.

The three tiers that I can think of are:

(1) Anonymous, public access via port-43 and Web - OPOC proposal


(2) Authenticated access - build on concepts used for zonefile access

- requires the physical signing of an agreement that requires no use for
marketing (equivalent of WHOIS Marketing Restriction Policy that applies
to bulk WHOIS http://www.icann.org/registrars/wmrp.htm) - should
authenticate the name, phone, email and postal address of the
organisation signing such an agreement - e.g equivalent to having a
strong digital certificate.   A fee can be charged to get this level of
access, to cover authentication and monitoring of use.   For com/net
distributed WHOIS, a digital certificate could be issued by the com/net
registry that could be used by registrars to accept access, but a
registrar would also have the right to withdraw access if they suspect
misuse of the information for marketing purposes.

- this could access roughly the same information as collected by
registrars now (registrant name and postal address, admin, tech name,
postal address, phone and email).   

- data can still be protected by private registration services offered
by registrars, but most of these result in the privacy turned off in the
context of any legal complaints

- ideally replace port-43 WHOIS with IRIS (RFC3981) for this purpose.
Web Based access also possible but requires authentication and possibly
human readable text to be entered.

- intended to meet the requirements of registrars, ISPs, IP attorneys,
brand owners, and law enforcement

- personally I would like transparency at the registry level where they
publish who has signed such an agreement and the number of queries per
entity with access


(3) Court order access - build on concepts of IPC "special
consideration" proposal

- requires demonstration of need for anonymous registration

- is identified in the WHOIS as "anonymous" registration, but publish
other technical information

- requires court order to obtain access

- intended to meet the requirements of those wanting to protect freedom
of speech, rape crisis centers etc - ie the usual scenarios described by
the non-commercial constituency


I am interested what others think of this approach.

Regards,
Bruce Tonkin

More information about the registrars mailing list