RE: [nc-impwhois] Starting point for WHOIS implementation discussions

["Tim Ruiz" <tim@godaddy.com>]

Rick,

No FUD, just some practical concern. I'll elaborate a bit.

Recommendation 11 currently reads:
"Registrars must require Registrants to review and validate all WHOIS data
upon renewal of a registration. (effectively an extension of RAA clause
3.7.7.1 above) The specifics of required validation remain to be determined
by this Task Force or another appropriate body."

You suggest we define VALIDATE as: "VERIFIED by a third party that the data
is syntactically and semantically ACCURATE." You suggest ACCURATE be defined
as "Free from error, conforming to local, geographical and political postal
addressing, international PSTN dialing and RFC2822 standards."

I don't have a problem with those particular definitions as such. I have a
problem with how they relate to renewals as stated in recommendation 11. How
does the Registrant VALIDATE using the suggested definition? Who is the
third party that they will use to verify the syntax and semantics? Is it the
Registrar? If so, what tools do we use to accomplish this for an
international community?

So perhaps the definitions are reasonable, but the term validate needs to
come out of the recommendation. It may then be implemented as:

"Upon renewal of a registration, Registrars must require Registrants to
review and explicitly confirm that all WHOIS data is current and ACCURATE."

Rick, I'm not opposed to improving data accuracy. I just want to be sure I
can implement the requirements that come out of this without having to pass
significant costs on to our customers. And since one of this groups mandates
is to consider the cost of implementation, if VALIDATE is left in
recommendation 11, we'll need to start looking at more specifics on how to
VALIDATE based on the definition of ACCURATE.

Tim

-----Original Message-----
From: Rick Wesson [mailto:wessorh@ar.com]
Sent: Tuesday, January 14, 2003 9:59 AM
To: Tim Ruiz
Cc: ebroitman@register.com; Bruce.Tonkin@melbourneit.com.au;
nc-impwhois@dnso.org; SMiholovich@networksolutions.com
Subject: RE: [nc-impwhois] Starting point for WHOIS implementation
discussions



Tim,

On Tue, 14 Jan 2003, Tim Ruiz wrote:

> Rick,
>
> Regarding 11: If we use those definitions renewing a domain will become
> unacceptably complicated. During a renewal a registrant should only be
> required to review their data and confirm that it is still correct, and be
> provided a way to make changes if necessary.

could you explain how things would get unacceptably complicated?

I continue to believe that a registrant acknologement is all that would be
required -- I don't understand how you come to the conclusion you did,
please elaborate as the definitions provided are only to add clarity to
the discussion.

     VERIFIED  - The registrant has acknowledged that the information is
                 true and correct.

     VALIDATED - VERIFIED by a 3rd party that the data is syntactically
                 and semanticly ACCURATE.

     ACCURATE  - Free from error, conforming to local, geographical and
                 political postal addressing, international PSTN dialing
                 and RFC2822 standards.


example: The registrant VERIFIED that the contact details are ACCURATE.

now that sounds like what you orgionally suggested, and I asked what
happens when you find out that the registrant lied and the data was
VALIDATED by a 3rd party and found not to be accurate, or someone
complains via the Internic site, how do you prove that the data is or can
be VALIDATED?

> As I have always maintained, any method we use to try to validate the
> accuracy in the manner you seem to suggest is going to increase the cost
of
> registrations substantially. There is no way around that. And I have not
> seen anyone offer any tools, methods, etc. to assist with this that are
> reliable, up to date, 100% accurate, and internationl in scope.

FUD does us no good in dealing with these issues. nothing is 100% accurate
that why we pay discount rates =) Lets work towards understandable
language that solves these problems and isn't costly to anyones business.

> I strongly believe that for the average person, privacy is the pirmary
> reason for not giving full data, or inaccurate data. Without addressing
> their privacy concerns they will only become more adept at giving false
> data, giving us all a false sense of having accomplished something.

As I have written in my letters to the TF and in other forum, Privacy is a
big issue and I can't see why the TF failed to address it. Lets see if we
can add this to the issues we have with :43 access and see where we get.
The registrants would love it if we could add privacy protections for
their domains.

-rick