To:
"Paul M. Kane" <Paul.Kane@REACTO.com>
cc:
"Hollenbeck, Scott" <shollenbeck@verisign.com>, Edward Lewis <lewis@tislabs.com>, ietf-provreg@cafax.se
From:
Jaap Akkerhuis <jaap@sidn.nl>
Date:
Thu, 05 Apr 2001 11:06:57 +0200
In-reply-to:
Your message of Thu, 05 Apr 2001 08:05:22 +0100. <3ACC1932.954BED5D@REACTO.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [cctld-tech] Re: Generic Registry Registrar Protocol requirements
Hi Paul, First some administrativia: I announced this last call to various mailinglists, with the intention that people should again be aware of the work taking place at the provreg mailinglist. But it wasn't my intention that the discussion should take place on the various lists but should be contained on the ietf-provreg mailing list only. Therefore, I bounced your message to this mailing list AND took the liberty to subscribe you to the list as well. Furthermore, I removed the cc's to the other mailing lists (tech@lists.centr.org, dnr-forum@lists.centr.org & cctld-tech@wwtld.org) in this message. Hi Scott, This spec does not contain the framework of individual contact identification. Why is it missing? When a registrar causes a serious trouble, the registry does not have a way to identify a registrant... suggestions?? The draft doesn't specify it explicitly but it can be included in the ``social data'' (it is a MAY, but I citate from memory so I might have this detail wrong). It is up to the registry enforce this data. For registries based in Europe, EU directive 95/46/EC, says "data subjects (registrants) must have the ability to inspect and modify information (including its deletion) directly with the Data User" (registry).... This direct inspect/modify provision is in addition to the Registrar which may be the preferred path by many registries - suggestions?? In the ccTLDs we operate from the UK we use passwords as a means of identification, other registries use certificates and others keys..... For gTLD registries based in Europe they will need something!! First, to be strict, the protocol is a registry/registrar protocol, so this is outside the scope of this particular protocol. If you want to do allow this, one needs a registry/registrant protocol. Furthermore, after consultation with Bart Boswinkel, we (Bart & I) came to the conclusion that this EU directive can be interpret on in various ways and not necessarily dictates a direct registry/registrant relation. jaap