LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: [PC-NCSG] Public comment period on RDAP closing 18/03
From:	Amr Elsadr <[log in to unmask]>
Reply To:	Amr Elsadr <[log in to unmask]>
Date:	Sat, 19 Mar 2016 10:28:52 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (47 lines)
Hi Ayden,

Comments in-line below:

> On Mar 19, 2016, at 1:30 AM, Ayden Férdeline <[log in to unmask]> wrote:
> 
> Hello, all-
> 
> Thank you to all who have commented in this thread. I have been trying to get up to speed on this topic today and have found your comments to be an extremely useful primer — and a special thank you to Amr for clarifying that we actually have two different topics out for public comment (though the distinction between the two still isn't entirely clear to me,

The public comment on the implementation of “thick” whois was a mandatory public comment period that the Global Domain Division (GDD) have to hold before proceeding with an implementation plan of an existing policy. The plan was developed in coordination with an Implementation Review Team (IRT). In other words, this specific public comment period is not for an ongoing PDP, but rather one that has been completed in late 2013, and they are still not done implementing it.

The other public comment on the RDAP operational profile was not that product of a PDP, and hence the many comments opposed to it in the absence of a policy requirement developed by the community. This, as far as I can tell, is a staff-led initiative.

> nor is the distinction between the acronyms 'RDDS' and 'RDS' which seem to be used in similar contexts by different stakeholders).

This is confusing to many. I’m not sure I understand it entirely myself, but will have a go at attempting to explain it. Both RDS (Registration Data Services) and RDDS (Registration Data and Directory Services) are replacement nomenclatures for WHOIS. I believe that the distinction between the two is a valid one because WHOIS (or RDDS) does not only include domain name registration data, but includes some other fields/data. Some more info on this here: https://en.wikipedia.org/wiki/WHOIS. Check out the example of the WHOIS lookup at whois.iana.org. The 2013 RAA defines RDDS as the collective of WHOIS and web-based WHOIS services. Don’t ask me!! :)

> From what I have heard about the history of WHOIS/RDS/RDDS systems, the community has invested significant resources over the past two decades only to achieve minimal change. We now have the Next-Generation Registration Directory Service PDP working group where we have the capacity to make real, meaningful recommendations. Why, then, would we respond to either of these consultations which could prejudice the working group's capacity to comprehensively reform how and when domain name registration data is collected and shared? (I feel like this question has been asked by someone else but I cannot remember who — apologies for the lack of attribution.)

Well…, comments on the implementation of “thick” whois is are rather significant. It is important for the IRT and the community to ensure that GDD is implementing the policy in the manner it was intended when it was developed and adopted. As we’ve seen, a number of commenters have indicated that the implementation plan has gone beyond the scope of the original policy. And BTW…, “thick” whois is one of the policies that is within scope of the next gen. RDS PDP. You will find references to it in the issues report as well as the PDP WG wiki page.

The rolling out of RDAP may have also been worth commenting on pretty much because of the reason you mentioned: the premature requirement of its use may in fact prejudice the community’s ability (or at least discussion) on reforming WHOIS. For contracted parties (registrars and registries), I assume there is also an issue of having to pay for rolling out RDAP. My guess is that they are aware that it is most likely inevitable, but would prefer to delay the costs and hassles of implementation until there is an absolute need to do so (i.e.: a consensus policy requirement).

> If we were to comment — and I know that Marília has said we are not in a position to do so today because we do not quite have consensus, and I would like to echo that stance because I don't think we should be responding out of principle to either of these consultations — I'd like to add on to what Sana said by suggesting that we lay out our stance on minimisation in two respects: firstly, on data, and secondly, on the use of community resources ;-) . 
> 
> To the former this has been hammered home by quite a few respondents, and I particularly liked how Antoin Verschuren (a registrar) in his submission implied if the registrar registration expiration date was to be stored in the open registration directory service, what could be next - the registrant's credit card expiry date? There has to be a limit somewhere and a move to make data in the registrar-registrant contract, public, is not the path I would want us to be going down. The less data collected the better, in my view.

Again…, the issue with the registrar registration expiration date is that there is no policy requirement making this a registrar obligation. The same is true, for example, for the domain name abuse contact details of the registrar. The latter is required by the 2013 RAA, but only to publish on the registrar’s website, not to include it in the whois. So when GDD unilaterally suggests mandatory requirements, this is certainly discomforting to say the least. But yes…, the less data collected the better. Data that is collected should only be collected because there are specific reasons to do so, and they should not be used beyond the intended purpose. We’ll have to work on that on the post-EWG PDP (next gen. RDS PDP).

> To the second point on community resources, if we have two topics so similar out for public comment (and from reading the submitted comments, it seems quite a few respondents are treating them as one and the same), perhaps they could have been amalgamated in the first place?

Not possible because of the mandatory requirement for a public comment period for “thick” whois implementation as I have explained above.

> And why are we even discussing these issues when we have over 100 community members actively participating in the Next-Generation RDS PDP working group? I hope we are not living a skit from Yes Minister where a WG has been formed merely to go through the 'charade of discussions’…

I always loved that show. :)

> I hope I am not contributing to any confusion here with my comments. I just wanted to put it on the record within our mailing list at least that I don't think we need to be responding to either of these consultations given the activities being explored by the Next-Generation RDS PDP working group.

I don’t find your contributions confusing at all. On the contrary. If anything, I’m glad and grateful that you’ve taken the time to pay so much attention to this topic. There is a wealth of knowledge and experience on this list, and it is unlikely that folks will share their insights unless prompted by emails like the one you sent, so please keep it up.

Anyway…, I hope my comments are helpful.

Thanks.

Amr
ATOM RSS1 RSS2
LISTSERV.SYR.EDU