To:
ietf-provreg@cafax.se
From:
Hong Liu <lhongsms@yahoo.com>
Date:
Sat, 7 Dec 2002 05:58:16 -0800 (PST)
In-Reply-To:
<a05111b11ba16dfd8af91@[192.149.252.235]>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: lastVerified: optional vs. extension
Ed, Michael, Just like Scott, I am not a big fan of ROID either. Its usage in EPP is vague at best. But that is a different thread of discussion. What I would like to say is while the syntax of lastVerified may look simple, the policy issues around its usage is not. In fact, even the technical changes to be made is _not_ as trivial as it seems. At least three EPP commands will be affected: create/update/info. In addition, you also need to add <verID> for the entity who performs the verification. Depending on the specific policy, this entity may be a third party that is neither the registry nor a registrar, and there could be more than one such entity. One can imagine a scenario where the address info is verified by a Business Bureau or a post office, the tel and fax numbers are verified by a telephone carrier, and the email address is verified by an ISP. And each of these may have a different <verDate> associated with it. Now, is lastVerified sufficient to represent all these information? Of course not! That is why we need an extension mechanism for a registry to define what information elements are needed in order to comply for a specific policy framework. This may look like an extreme case. The point I want to make is that it is _very_ dangerous to fix something in the protocol (i.e., assuming a specific model) without knowing what the policy framework is for its collection and usage. This is very similar to the privacy issue we are dealing with. For the latter, the WG seems to going down the path of extension. If your guys want to know the complexity of this type of information gathering and validation, you can ask the ENUM folks about telephone number validation. The bottom line: if we all agree on Ed's metric and apply it to this issue, the only sensible way to deal with it is to use extension. --Hong --- Edward Lewis <edlewis@arin.net> wrote: > At 20:49 +0000 12/6/02, Michael Graff wrote: > >I hate to keep bringing up old topics, but I don't > see how ROIDs can be > >left in the draft as they are now, when something > that is trivial to define > >(last verified date) is an extension, but ROIDs are > required and at least > >two implementors have stood up and said they're > problems. > > That's not an old topic - it's a current one... > > BTW - if there are folks unhappy with the > declaration of consensus > about last-verified, speak up. I've heard > murmurs... > -- > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Edward Lewis > +1-703-227-9854 > ARIN Research Engineer __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com