RE: [nc-impwhois] Starting point for WHOIS implementation discussions

["Tim Ruiz" <tim@godaddy.com>]

Rick,

Regarding 11: If we use those definitions renewing a domain will become
unacceptably complicated. During a renewal a registrant should only be
required to review their data and confirm that it is still correct, and be
provided a way to make changes if necessary.

As I have always maintained, any method we use to try to validate the
accuracy in the manner you seem to suggest is going to increase the cost of
registrations substantially. There is no way around that. And I have not
seen anyone offer any tools, methods, etc. to assist with this that are
reliable, up to date, 100% accurate, and internationl in scope.

I strongly believe that for the average person, privacy is the pirmary
reason for not giving full data, or inaccurate data. Without addressing
their privacy concerns they will only become more adept at giving false
data, giving us all a false sense of having accomplished something.

If such validation is expected to help identify, contact, or dissuade
spammers, or other criminal elements, we are already deluded. The approach
for such abuse needs to take a completely different direction.

Tim

 -------- Original Message --------
   Subject: RE: [nc-impwhois] Starting point for WHOIS implementation
discussions
   From: Rick Wesson <wessorh@ar.com>
   Date: Mon, January 13, 2003 10:19 pm
   To: Tim Ruiz <tim@godaddy.com>


   Tim,

   comments in-line.

   On Mon, 13 Jan 2003, Tim Ruiz wrote:

   > RE: [nc-impwhois] Starting point for WHOIS implementation
   > discussionsBulk Access
   > I agree with Elana that abuse of port 43 is a serious problem and
   > should be addressed. However, I am concerned that the wording below
   > may dissuade implementation of the bulk whois recommendation. I
   > don't believe that further restricting the use of bulk whois will
   > affect port 43 abuse one way or the other. All but one instance of
   > the port 43 abuse that we have identified has come from parties who
   > have never requested our bulk whois.
   >
   > The recommendation as stated is reasonable and can be implemented
   > with very little impact on registrars.
   >
   > Whois Accuracy
   > 11. The implementation issue here is definition of "validate." I
   > would recommend that it be simply a check box, button, or method for
   > the registrant to confirm that yes, the data is current and correct,
   > e.g. in a fashion similar to what a registrar requires for
   > confirmation of acceptance of the Registration Agreement.

   I agree that simple acknowledgment by the registrant that the data is
   accurate is sufficient; however what of the case when the registrant
   lies and the data is not accurate, what should the registrar do?

   using the above logic I propose we use the following definitions.

     VERIFIED  - The registrant has acknowledged that the information is
     true
                 and correct.

     VALIDATED - VERIFIED by a 3rd party that the data is syntactically
                 and semanticly ACCURATE.

     ACCURATE  - Free from error, conforming to local, geographical and
                 political postal addressing, international PSTN dialing
                 and RFC2822 standards.


   > 12. I think this is fine as stated. The Deletes TF will deal the
   > details of the verification procedure or documentation. This deals
   > simply with the fact that proof of verification must be submitted to
   > redeem a domain from the RGP "if" it has been deleted due to false
   > data.

   agreeded, I'm happy to point to a definition or existing procedure for
   defining "proof" if one exists. If there is no normative refrence we
   should have some guidance for those developing such, mabe we could
   even have a confrence with the delete TF to go over the mater.

   > 13. Here I believe that the documentary proof must be of the same
   > nature as that required to redeem a name from the RGP when deleted
   > for false data. I don't think we need more than one description or
   > policy detailing what is acceptable verification. Again, the Deletes
   > TF is dealing with this.

   I may agree if we can see what the Deletes TF is doing and as long as
   they have something we can point to thats fine; we should tell them we
   are punting on the topic and relying on them to produce it.


   > Tim
   >
   >   -----Original Message-----
   >   From: owner-nc-impwhois@dnso.org
   >   [mailto:owner-nc-impwhois@dnso.org]On
   > Behalf Of Elana Broitman
   >   Sent: Friday, January 10, 2003 2:18 PM
   >   To: 'Bruce Tonkin'; nc-impwhois@dnso.org
   >   Cc: SMiholovich@networksolutions.com
   >   Subject: RE: [nc-impwhois] Starting point for WHOIS implementation
   > discussions
   >
   >
   >   I was asked to provide language noting the concern with
   >   eliminating Bulk
   > Whois for marketing purposes WITHOUT dealing with abuse of public
   > and Port 43 Whois:
   >
   >   While there are many concerns with marketing uses of Bulk Whois,
   >   it must
   > be noted that there is an equal - if not worse - problem created by
   > spammers and unscrupulous marketers downloading contact data from
   > the publicly available and Port 43 Whois and using it for
   > unauthorized communications. This is a worse situation than
   > marketing off Bulk Whois because it is done clandestinely.
   > Registrars are not aware that customers' data has been "stolen"
   > until hearing from the customers that they have been harmfully
   > impacted.  Abuse of public and Port 43 Whois is much more difficult
   > to protect, it is almost impossible to warn customers, or to stop
   > the abusers. There is a growing number of legal cases stemming from
   > this abuse.
   >
   >   Additionally, the abuse of Port 43 causes technical problems.  The
   >   Whois
   > access can be unavailable for legitimate reasons.
   >
   >   The implementation committee, therefore, recommends that this
   >   issue be
   > promptly reviewed by the task force, and if possible, in parallel
   > with ICANN's review of bulk whois license agreement changes.  The
   > reason for this is that the deletion of bulk requirements in the
   > contract may inadvertently push marketers, etc., to use other
   > methods, such as public and Port 43 Whois.  Therefore, we may
   > inadvertently escalate the problem we are trying to solve if we do
   > not use a comprehensive approach.
   >
   >
   >
   >   -----Original Message-----
   >   From: Bruce Tonkin [mailto:Bruce.Tonkin@melbourneit.com.au]
   >   Sent: Wednesday, January 08, 2003 2:16 AM
   >   To: nc-impwhois@dnso.org
   >   Cc: SMiholovich@networksolutions.com
   >   Subject: [nc-impwhois] Starting point for WHOIS implementation
   >   discussions
   >
   >
   >
   >   Hello All,
   >
   >   Following a discussion with the WHOIS task force today, I attach a
   >   summary
   > of the recommendations of the WHOIS task force (extracted from the
   > task force report) for:
   >
   >   - bulk access
   >   - accuracy
   >
   >   We should focus our meeting on discussing the implementation
   >   details of
   > these specific recommendations.
   >
   >   Regards,
   >   Bruce