ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] Whois more in detail

  • To: "Dominik Filipp" <dominik.filipp@xxxxxxxx>, "ga" <ga@xxxxxxxxxxxxxx>
  • Subject: Re: [ga] Whois more in detail
  • From: "kidsearch" <kidsearch@xxxxxxxxxxxxx>
  • Date: Mon, 8 Jan 2007 12:51:27 -0500
  • References: <CA68B5E734151B4299391DDA5D0AF9BF1078B0@mx1.dsoft.sk>
  • Sender: owner-ga@xxxxxxxxxxxxxx

I see that as completely doable Dominik and appreciate the time you spent on that. One question is would it be enforceable? I mean say I registered a domain nameand said i was a nonprofit or noncomm, but then built a commercial website anyway. There could be a link in the whois, "report this website as noncompliant with whois rules" where users can report that it is a commercial website and not a noncomm.

Chris McElroy aka NameCritic
http://www.articlecontentprovider.com

----- Original Message ----- From: "Dominik Filipp" <dominik.filipp@xxxxxxxx>
To: "ga" <ga@xxxxxxxxxxxxxx>
Sent: Monday, January 08, 2007 7:49 AM
Subject: [ga] Whois more in detail



Hi all,

after reviewing the posts sent here so far, I also tend to prefer
privacy to data disclosure in the whois. However, to satisfy the Chris's
(and also my) need, the privacy on whois data should be something that
individuals and, possibly, non-com organizations should be allowed to
qualify for only.
To be more explicit, my opinion on how the whois record could be
accessed and dealt with (including the ideas from GA) is as follows

Basically, I agree with dividing the whois record into the Holder
contact and the OPoC contact parts as proposed in the Preliminary Draft.
Furthermore, I see three distinct modes in which to access the whois
data

Access Modes
------------

a) 'Exposed' mode; data is publicly visible when visiting the whois page
(much like it works now).

b) 'On-Request' mode; data is still publicly accessible but obtainable
solely via explicit request sent to the registrar that will send the
requested data back to the requester's email address. In this case the
request (email, IP?) could be logged. The access should avoid automatic
data harvesting and make data access more difficult for
spammers/scammers.
The 'request-response' mechanism could be improved by requiring to input
an image-code before sending the request, and/or an email confirmation
by the requester prior sending the requested data from the registrar
back to the requester.

c) 'Locked' mode; data is inaccessible to public but obtainable on
behalf of explicit eligible requests (subpoena, law enforcement) from
registrar (or thick registry).

WhoIs Data
----------

1. Holder Part
Holder may at his/her own discretion publish all data (Holder's full
address, phone number and email address), but also

a) if Holder is an individual or a non-com organization then he/she may
just publish the name and country/state (short form), or to suppress
data publication at all. In such a case the whois record would contain
(in the Holder's part) just an assigned Holder's ID.
The fact that the Holder is an individual or a non-com org could be
specified during the domain registration.
All three 'Exposed', 'On-Request', and 'Locked' access are applicable
here.

b) if Holder is a commercial organization then the necessary minimum of
data published is company name and country/state (but, perhaps, more).
Only 'Exposed' access mode is applicable here.

2. OPoC Part
OPoC contact part could contain full contact information (including
address, phone, and email). However, not all data would be directly
exposed to the public (e.g., phone and email).
The 'Exposed' and 'On-Request' access modes are applicable here.
However, for commercial companies, all OPoC entries should be 'Exposed',
except email that could be 'On-Request' (anti-spam precaution).

As for the granularity of the access modes, one (extreme) possibility is
to allow to set up specific access mode for each data entry (address,
phone, email, etc.); or to specify a set of blocks each sharing the same
access mode, etc.

A whois record could look like

a) Individual Holder (opting the private whois form)

I. variant                          II. Variant
----------                          -----------
HOLDER CONTACT [Locked]             HOLDER CONTACT [Locked]
Holder ID: 4523857                  Holder ID: 4523857

OPERATIONAL CONTACT                 OPERATIONAL CONTACT [On-Request]
Name: MyPrivacy Company Ltd.        OPOC ID: 44323578
Postal Address: My Street 123
City: My City
State/Region: My State
Country: My Country
Phone: [On-Request]
Fax: [On-Request]
Email: [On-Request]

b) Commercial company Holder (opting the maximum allowable private form)

HOLDER CONTACT
Name: MyComm Company Ltd.
State/Region: My State
Country: My Country
<perhaps more>

OPERATIONAL CONTACT
Name: MyContact Company Ltd.
Postal Address: My Street 123
City: My City
State/Region: My State
Country: My Country
Phone: +121546589
Fax: +121546589
Email: [On-Request]

Obviously, the more data specified in the Holder part the more eligible
the com-company could be treated as.

And, of course, I suppose the full Holder's and OPoC's contact data are
stored somewhere at registrar.

Dominik






<<< Chronological Index >>>    <<< Thread Index >>>