[registrars] WHOIS access tiers

[Paul Lecoultre]

Hi,

I would support your comments and also Tim's comments.

I just would like to see "penalties" for those who will
abuse the system. You mention the fact that registries
and even registrars will have the possibility to restrict
the access in case of misuses. For me this solution doesn't
really give an answer to the problematic of Registrars
abusing the whois, it will only allow them to sell an
additional products.

In addition I don't see how registries would be able to act
in case of abuses from registrars or individual, on which
basis? Complaints from individuals, registrars? Abuse in the
numbers of requests? What would be the tool to constrain the
abuse, temporary or definitive restrictions? I am personally
unsure to trust some registrars behaviors.

I understand that you would like to differentiate normal requests
from systematic requests. I'm afraid that it will only require
some more time to adapt their abuses of the system to the minimum
daily request allowed, or to extend their existing database but it
won't give an answer to those who misbehave.

Best regards,
Paul Lecoultre

















Bruce Tonkin wrote:
> Hello All,
> 
> Further to Tim's comments on the OPOC proposal I would like to see some
> more consideration of access tiers.
> 
> The three tiers that I can think of are:
> 
> (1) Anonymous, public access via port-43 and Web - OPOC proposal
> 
> 
> (2) Authenticated access - build on concepts used for zonefile access
> 
> - requires the physical signing of an agreement that requires no use for
> marketing (equivalent of WHOIS Marketing Restriction Policy that applies
> to bulk WHOIS http://www.icann.org/registrars/wmrp.htm) - should
> authenticate the name, phone, email and postal address of the
> organisation signing such an agreement - e.g equivalent to having a
> strong digital certificate.   A fee can be charged to get this level of
> access, to cover authentication and monitoring of use.   For com/net
> distributed WHOIS, a digital certificate could be issued by the com/net
> registry that could be used by registrars to accept access, but a
> registrar would also have the right to withdraw access if they suspect
> misuse of the information for marketing purposes.
> 
> - this could access roughly the same information as collected by
> registrars now (registrant name and postal address, admin, tech name,
> postal address, phone and email).   
> 
> - data can still be protected by private registration services offered
> by registrars, but most of these result in the privacy turned off in the
> context of any legal complaints
> 
> - ideally replace port-43 WHOIS with IRIS (RFC3981) for this purpose.
> Web Based access also possible but requires authentication and possibly
> human readable text to be entered.
> 
> - intended to meet the requirements of registrars, ISPs, IP attorneys,
> brand owners, and law enforcement
> 
> - personally I would like transparency at the registry level where they
> publish who has signed such an agreement and the number of queries per
> entity with access
> 
> 
> (3) Court order access - build on concepts of IPC "special
> consideration" proposal
> 
> - requires demonstration of need for anonymous registration
> 
> - is identified in the WHOIS as "anonymous" registration, but publish
> other technical information
> 
> - requires court order to obtain access
> 
> - intended to meet the requirements of those wanting to protect freedom
> of speech, rape crisis centers etc - ie the usual scenarios described by
> the non-commercial constituency
> 
> 
> I am interested what others think of this approach.
> 
> Regards,
> Bruce Tonkin
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>