Re: lastVerified: optional vs. extension

[Hong Liu <lhongsms@yahoo.com>]

Ed, Michael,

Just like Scott, I am not a big fan of ROID either.
Its usage in EPP is vague at best. But that is a
different thread of discussion.

What I would like to say is while the syntax of
lastVerified may look simple, the policy issues around
its usage is not. In fact, even the technical changes
to be made is _not_ as trivial as it seems. At least
three EPP commands will be affected:
create/update/info. In addition, you also need to add
<verID> for the entity who performs the verification.
Depending on the specific policy, this entity may be a
third party that is neither the registry nor a
registrar, and there could be more than one such
entity. 

One can imagine a scenario where the address info is
verified by a Business Bureau or a post office, the
tel and fax numbers are verified by a telephone
carrier, and the email address is verified by an ISP.
And each of these may have a different <verDate>
associated with it. Now, is lastVerified sufficient to
represent all these information? Of course not! That
is why we need an extension mechanism for a registry
to define what information elements are needed in
order to comply for a specific policy framework.

This may look like an extreme case. The point I want
to make is that it is _very_ dangerous to fix
something in the protocol (i.e., assuming a specific
model) without knowing what the policy framework is
for its collection and usage. This is very similar to
the privacy issue we are dealing with. For the latter,
the WG seems to going down the path of extension.

If your guys want to know the complexity of this type
of information gathering and validation, you can ask
the ENUM folks about telephone number validation.

The bottom line: if we all agree on Ed's metric and
apply it to this issue, the only sensible way to deal
with it is to use extension.

--Hong

--- Edward Lewis <edlewis@arin.net> wrote:
> At 20:49 +0000 12/6/02, Michael Graff wrote:
> >I hate to keep bringing up old topics, but I don't
> see how ROIDs can be
> >left in the draft as they are now, when something
> that is trivial to define
> >(last verified date) is an extension, but ROIDs are
> required and at least
> >two implementors have stood up and said they're
> problems.
> 
> That's not an old topic - it's a current one...
> 
> BTW - if there are folks unhappy with the
> declaration of consensus 
> about last-verified, speak up.  I've heard
> murmurs...
> -- 
>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Edward Lewis                                        
>  +1-703-227-9854
> ARIN Research Engineer


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com