To:
"'Jaap Akkerhuis'" <jaap@sidn.nl>, "Paul M. Kane" <Paul.Kane@REACTO.com>
Cc:
Edward Lewis <lewis@tislabs.com>, ietf-provreg@cafax.se
From:
"Hollenbeck, Scott" <shollenbeck@verisign.com>
Date:
Thu, 5 Apr 2001 07:00:21 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
RE: [cctld-tech] Re: Generic Registry Registrar Protocol requirements
>-----Original Message----- >From: Jaap Akkerhuis [mailto:jaap@sidn.nl] >Sent: Thursday, April 05, 2001 5:07 AM >To: Paul M. Kane >Cc: Hollenbeck, Scott; Edward Lewis; ietf-provreg@cafax.se >Subject: Re: [cctld-tech] Re: Generic Registry Registrar Protocol >requirements > > > >Hi Paul, > >First some administrativia: I announced this last call to various >mailinglists, with the intention that people should again be aware >of the work taking place at the provreg mailinglist. But it wasn't >my intention that the discussion should take place on the various >lists but should be contained on the ietf-provreg mailing list >only. Therefore, I bounced your message to this mailing list AND >took the liberty to subscribe you to the list as well. Furthermore, >I removed the cc's to the other mailing lists (tech@lists.centr.org, >dnr-forum@lists.centr.org & cctld-tech@wwtld.org) in this message. > > Hi Scott, > > This spec does not contain the framework of individual contact > identification. Why is it missing? > > When a registrar causes a serious trouble, the registry does > not have a way to identify a registrant... suggestions?? > >The draft doesn't specify it explicitly but it can be included in >the ``social data'' (it is a MAY, but I citate from memory so I >might have this detail wrong). It is up to the registry enforce >this data. Maybe I'm misunderstanding the question, but the draft has very clear requirements for contact identification, see 3.4.2-[6] where the more generic term "social data" is used to describe what is commonly referred to as a "contact". 3.4.3-[3] describes a requirement for associating "social data", such as registrant information, with other objects such as domain names. > For registries based in Europe, EU directive 95/46/EC, says > "data subjects (registrants) must have the ability to inspect > and modify information (including its deletion) directly with > the Data User" (registry).... This direct inspect/modify > provision is in addition to the Registrar which may be the > preferred path by many registries - suggestions?? In the ccTLDs > we operate from the UK we use passwords as a means of > identification, other registries use certificates and others > keys..... For gTLD registries based in Europe they will need > something!! > >First, to be strict, the protocol is a registry/registrar protocol, >so this is outside the scope of this particular protocol. If you >want to do allow this, one needs a registry/registrant protocol. > >Furthermore, after consultation with Bart Boswinkel, we (Bart & I) >came to the conclusion that this EU directive can be interpret on >in various ways and not necessarily dictates a direct >registry/registrant >relation. Jaap's interpretation is correct, but I'd also like to suggest that a registry may choose to allow direct access by registrants. There aren't any requirements that preclude this, and in fact the protocol documents that I've been working on don't use the terms "registry", "registrar", or "registrant" at all -- the parties are known as "client" and "server", and the definition of client is a matter of local policy. <Scott/>