GNSO Council WHOIS Implementation Committee Teleconference on 30 January 2003 - minutes

31 January 2003


Registrar - Bruce Tonkin
Registrar - Ken Stubbs
Registrar - Donna McGehee
Registrar - Elana Broitman
Registrar - Tim Ruiz
Registrar - Steve Miholovich
Registry - Bruce Beckwith
WHOIS Task Force member - Steve Metalitz
WHOIS Task Force member - Thomas Roessler
GNSO Secretariat

Chuck Gomes


Bruce Tonkin asked for comments on the WHOIS Final Implementation committee report.

Elana Broitman asked whether the Bulk WHOIS is still required for non marketing purposes.
Bruce Tonkin referred to the Registars' suggestion in the notes, that consideration be given to a sliding scale for the maximum fee, currently $10, 000 chargeable for the WHOIS data with a fee based on 1 cent per name.
Recommendations 3 and 4 will contribute to developing an issue report.
The process would be that an issue report, which may be proposed by anyone, must be prepared that will go to the GNSO Council to decide on further action.
Thomas Roessler reported that the WHOIS Task Force was preparing an issue report on bulk access and would include the comments from Tim Ruiz:
.< Would it be appropriate to include at least a comment about the fee registrars are allowed to charge for bulk whois access. Right now the maximum allowable fee amounts to 1 cent per record for a registrar with a million names.
Then consider that a number of registrars have multiple millions and it becomes apparent that the fee is ridiculously low for larger registrars.
I suggest the allowable fee be up to $10,00 for registrars with up to 1 million records. Registrars with over 1 million records would be allowed to charge up to 1 cent per record.
2. I thought we had some suggestion or comment about the possibility of making bulk whois inclusion an opt-in process for registrants, versus an opt-out. Opt-in is much more in line with current privacy standards. >
Ken Stubbs remarked that the WHOIS task force could advantage the position within the task force.
Thomas Roessler commented that opt-in in WHOIS says if WHOIS is not provided for, marketing opt-in is appropriate.

Steve Miholovich mentioned autorenewal as an issue which many customers had. How to validate on autorenewal, and at what point should the registrant validate on autorenewal? How would notices be implemented prior to expiry date.

Bruce Tonkin replied that validation does not have to be tied to the instant of autorenewal. A check should be done regularly.

Bruce Tonkin stated that a domain name could be used maliciously if the data is accurate or inaccurate and the accuracy provisions could be used as a back door for malicious use of the domain name. A real e-mail address does not give information as to who the person is and leaves all sorts of ways for a spammer to gain the system.
It was thus suggested to remove the part of the recommendation pertaining to dispute resolutions.
Recommendation 3 -
removal of dispute process, removal of the specific time-limit, a requirement that a registrar require justification of a new address is it fails automated checks (which MAY be documentary evidence), and a requirement that after a name is put on HOLD status, that it may not be returned to active status until the registrar has confirmed that the registrant is contactable.
- a separate recommendation regarding the time limit - to decouple from recommendation 3

Ken Stubbs proposed a stratified approach to protect the registrar from liability.
Discussion followed on verification of data from an e-mail and a postal address. Postal address verification was considered to be burdensome to the registrar and entailed additional costs. Requiring that the registrant pay, imposes the burden of collecting these costs on the registrar. Much would depend on the volume of such requests whether it could be done on a manual basis and whether it could be on a cost recovery basis.
Bruce Tonkin's suggested alternative was to have an automated process, also relying on the registrant's good faith.

Bruce Tonkin suggested that the dispute resolution statement should be dropped.
AGREED by all members on the call

On the point of Registrar Hold, Bruce Tonkin said that the only way to get it off Registrar Hold was to update the contact details. The registrant would respond to a new massage that would come to the Registrar via a new e-mail address that would prove the person is contactable, but it would not necessarily say whether the postal address is correct.
Elana Broitman asked if the details are confirmed, if the message comes back, what is the proactive responsibility on the registrar, to which Bruce Tonkin said commercially reasonable steps. These may however vary from country to country.
Steve Metalitz from the task force suggested that if the data is implausible, it should be put on registrar hold unless the registrar can obtain and review documentation verification, at which point a human being should be involved.

Steve Miholovich felt that the registrant should have the benefit of the doubt and that the plausibility check not be used for registrar hold.
Bruce Tonkin said that there should be another policy for malicious domain name use, rather than involve accuracy. An independent mechanism is needed that defines what is malicious, and then the name can be taken down. The issue is cost of accuracy to the registrars versus malicious domain name use.

Time line and reports

Bruce Tonkin said that he would do another draft, put it out for comment for 24 hours, before he sent it the Council as the process had to be finished before the end of January.
Thomas Roessler said that there was convergence with the task force, except on the 15 day versus 30 days suggested by the implementation committee.
Steve Metalitz said that 30 days meant the inaccurate data would stay in the system longer and that it was hard to accept as a process for a task force looking at accuracy.
Bruce Tonkin maintained that the registrars and registries would not move on the 30 day period, and there was now a formal process
around inaccurate data which is an improvement. Registrars can contact registrants in a defined process.
The next step would be to look at the malicious domain name use.
Thomas Roessler mentioned that the key issue was involving judgment on content. ICANN's strength, up to now has been that it has not been involved in judging content.

Bruce Tonkin mapped out the consensus process:
- the WHOIS Task Force has made recommendations,
- the Whois implementation committee has proposed alternate suggestions and
implementation issues.
- Council members could decide to put the WHOIS recommendations as they are to the vote
- Council could put alternate recommendations suggested by the implementation committee up to the vote.

The definition of Consensus policy:
- Show consensus and show the Council vote on the consensus
In the task Force there is no consensus thus even if the council voted, it would not meet the consensus policy requirements.
The sections where consensus has been shown:
- marketing
- updating data at regular intervals

Thomas Roessler suggested redrafting the redemption grace period text which was policy, but he process was not, suggesting that process moved to practical advice and Bruce Tonkin suggested that the time period be defined as in the Registrars Accreditation Agreement.
Ken Stubbs expressed concern that "studying an approach" led to procrastination and that in all processes the registrars had to write codes and operational procedures, so it should not be put off for too long.

Bruce Tonkin summed up and said the task force was concerned about malicious data staying in the system for 30 days if the period of time was extended from 15 to 30, while Steve Metalitz said documented proof of 30 days would be required to satisfy the task force.
Bruce Tonkin went on to say that there was an overall improvement coming from the automated process, the registrant is contacted, the name put on hold is more desirable than delete, there are commercially reasonable steps to check and in general there is greater registrar involvement in the process.

Bruce Tonkin thanked everyone for their participation.

The call ended at 22:30 Thursday 30, CET, 8:30 Friday 31, Melbourne

Information from:
GNSO Council