Re: [registrars] Teleconference Invitation: Whois
I may be able to contribute, depending on the call-time (I've a kindergarden
field trip to a nature preserve here in Maine that day).
I can summarize what I've learned in three years of whois-ing.
o as co-chair of the IETF-51 "whois-fix" bof, almost half-a-dozen
"fix, replace or related" activities have started in the IETF,
none has changed the whois we deal with -- RFC 954.
o as a contributor to the P3P Spec WG, importing the data protection
framework into the IETF PROVREG WG has been above difficult, there
are corporate agendas to evade collector responsibility, and there
are widely held and rigid belief-systems of exclusive registrant
responsiblity, both of which affect the mechanisms that that body
is able to specify.
o as a contributor to the IRTRF's Anti-Spam activity, the role of
registrars and registries in spam abatement, and spam policy
enforcement appears to be non-trivial, but neither is is obviously
a controlling role (we can't solve the problem alone).
o the role of the existing whois data in the current spam problem is
not controlling, there is a nice study to this effect from a WDC
social policy advocacy group who's name and the author's name
escapes me pre-coffee, though we were on the same flight from
Chicago to Montevideo -- ah, Ari Schwartz, CDT.
Comments on the straw-person Principle proposals:
The access control mechanism has to scale. Every PD in Maine would be hard,
every law-enforcement and trademark "consultant" on the surface of the earth
would be above hard.
Coordination is very hard, and assumes some policy and business model rules
not in evidence, just to make it wicked difficult.
Query assumes that the controlling use-case is asychronous access, and I
just can't figure out why the IPC needs instant gratification, particularly
in a form that has non-trivial side-effects.
Comments on the straw-person Requirement proposals:
Let's not pretend that we (VGRS/NeuStar/GNR/Tucows/RCOM) didn't create EPP
and then move it to the IETF, like most other rational industry groups. A
bit of ownership is prudent, this isn't something to be "solved" by fobbing
it off on non-stakeholders long on attitude and short on clue.
I suggest we implement first, test deploy, and then "standardize", using a
modicum of legal steering to avoid the obvious anti-trust shoals.