<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [registrars] WHOIS access tiers
Hi,
I would support your comments and also Tim's comments.
I just would like to see "penalties" for those who will
abuse the system. You mention the fact that registries
and even registrars will have the possibility to restrict
the access in case of misuses. For me this solution doesn't
really give an answer to the problematic of Registrars
abusing the whois, it will only allow them to sell an
additional products.
In addition I don't see how registries would be able to act
in case of abuses from registrars or individual, on which
basis? Complaints from individuals, registrars? Abuse in the
numbers of requests? What would be the tool to constrain the
abuse, temporary or definitive restrictions? I am personally
unsure to trust some registrars behaviors.
I understand that you would like to differentiate normal requests
from systematic requests. I'm afraid that it will only require
some more time to adapt their abuses of the system to the minimum
daily request allowed, or to extend their existing database but it
won't give an answer to those who misbehave.
Best regards,
Paul Lecoultre
Bruce Tonkin wrote:
Hello All,
Further to Tim's comments on the OPOC proposal I would like to see some
more consideration of access tiers.
The three tiers that I can think of are:
(1) Anonymous, public access via port-43 and Web - OPOC proposal
(2) Authenticated access - build on concepts used for zonefile access
- requires the physical signing of an agreement that requires no use for
marketing (equivalent of WHOIS Marketing Restriction Policy that applies
to bulk WHOIS http://www.icann.org/registrars/wmrp.htm) - should
authenticate the name, phone, email and postal address of the
organisation signing such an agreement - e.g equivalent to having a
strong digital certificate. A fee can be charged to get this level of
access, to cover authentication and monitoring of use. For com/net
distributed WHOIS, a digital certificate could be issued by the com/net
registry that could be used by registrars to accept access, but a
registrar would also have the right to withdraw access if they suspect
misuse of the information for marketing purposes.
- this could access roughly the same information as collected by
registrars now (registrant name and postal address, admin, tech name,
postal address, phone and email).
- data can still be protected by private registration services offered
by registrars, but most of these result in the privacy turned off in the
context of any legal complaints
- ideally replace port-43 WHOIS with IRIS (RFC3981) for this purpose.
Web Based access also possible but requires authentication and possibly
human readable text to be entered.
- intended to meet the requirements of registrars, ISPs, IP attorneys,
brand owners, and law enforcement
- personally I would like transparency at the registry level where they
publish who has signed such an agreement and the number of queries per
entity with access
(3) Court order access - build on concepts of IPC "special
consideration" proposal
- requires demonstration of need for anonymous registration
- is identified in the WHOIS as "anonymous" registration, but publish
other technical information
- requires court order to obtain access
- intended to meet the requirements of those wanting to protect freedom
of speech, rape crisis centers etc - ie the usual scenarios described by
the non-commercial constituency
I am interested what others think of this approach.
Regards,
Bruce Tonkin
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|