I agree with Tim on this one. There are legitimate uses for the expiration information besides the ones Tim talks about. For example, if you know when a name (where you are not the registrar-of-record) expires, then you do not have to do as many (some would say “any”) availability checks (zone file or real-time) until after expiration. This technique speeds up the many checks that all of us do when users type in domain names to see if they are taken (because we check that name in all the TLDs, and check all derivatives of the name). We can’t use the PIR whois because of the severe restrictions on the number of queries from an IP address (and I understand why they have these). ICANN, can we registrars implement the same severe restrictions (threshold limitation on number of queries) on our whois output? Registrars are required to show the expiration date, therefore all the registrar’s whois output will now be utilized to get the expiration date. The queries that were happening via EPP may now happen to each registrar so I’d like to restrict eNom’s as much as the registry. Aren’t the whois task forces tasked with figuring this all out? Paul _____ From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of Tim Ruiz Sent: Thursday, August 05, 2004 7:39 PM To: Bruce Tonkin Cc: halloran@icann.org; registrars@dnso.org; Jay Westerdal; bbeckwith@pir.org; twomey@icann.org Subject: RE: [registrars] RE: [registrars] PIR’s EPP DOMAIN INFO command change announcement Bruce, There are probably any number of legitimate reasons why a third-party registrar uses some of the dates or the status information currently returned without providing the auth-info code. For example, we check the status of requested transfers prior to ever asking for an auth-info code. If the status does not allow transfer we can then save the customer a lot of unnecessary time and reduce the aggrevation. I am certain there other registrars with equally legitimate processes using this information. True, we can work around with Whois, unless of course that changes too. But the other problem is what Jay points out, PIR restricts its whois severly. We understand their concerns regarding Whois since it is a public utility and potentially subject to mining. However, only accredited registrars have access to the INFO command and the results. It seems extreme to punish everyone for what PIR may view as abuse by a few, and that abuse may actually be legitimate use that just isn't fully understood by PIR. It would seem to me to make more sense to attach some micro-fee to the command then to just basically ban it altogether. The other problem we have with this is the timing. Sometimes it seems that the registries think that they are the only supplier we deal with and can make changes to our systems at the drop of a hat. This change in the INFO command comes on the heels of changes that need to be made to be compliant with the new Transfer policy and for us, at least two other modifications that we are working on with other registries. These days, a three month notice ain't much. Tim -------- Original Message -------- Subject: [registrars] =?utf-8?B?UkU6IFtyZWdpc3RyYXJzXSBQSVLigJlzIEVQUCBET01BSQ==?= =?utf-8?B?TiBJTkZPIGNvbW1hbmQgY2hhbmdlIGFubm91bmNlbWU=?= =?utf-8?B?bnQ=?= From: "Bruce Tonkin" <Bruce.Tonkin@melbourneit.com.au> Date: Thu, August 05, 2004 7:08 pm To: "Jay Westerdal" <jwesterdal@nameintel.com>, bbeckwith@pir.org, twomey@icann.org Cc: halloran@icann.org, registrars@dnso.org Hello Jay, Actually I support the general changes being considered by PIR. What is done with the Australian .com.au registry (which uses EPP), is that the <info> command returns full details if: (a) the request is from the registrar of record for that particular domain name record Or (b) the auth-info password is provided Thus for a transfer-in, a gaining registrar can request the full record provided the registrant has provided the correct auth-info. I see no reason why the general public needs to know the expiry date of a registrant's domain name licence, any more than you need to know the expiry date of my drivers licence or passport. With respect to the EPP protocol, a field may be returned empty and still be compliant with the protocol. It is a policy decision for what content needs to be provided in which field for certain queries. I don't believe that the proposed change would be non-compliant with EPP, any more than a thin registry model would be non-compliant with EPP. Right now from a contractual point of view, the information must be supplied in the WHOIS (not necessarily via EPP). Personally I hope this decision can be reviewed as part of the WHOIS policy development. Regards, Bruce

-----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner-registrars@gnso.icann.org] On Behalf Of Jay Westerdal Sent: Friday, 6 August 2004 11:44 AM To: bbeckwith@pir.org; twomey@icann.org Cc: halloran@icann.org; registrars@dnso.org Subject: [registrars] PIR’s EPP DOMAIN INFO command change announcement

Name Intelligence, Inc. 12806 SE 22nd PL · Bellevue, WA 98005

August 5, 2004

VIA EMAIL

Attention: Paul Twomey and Bruce Beckwith Public Interest Registry 1775 Wiehle Ave, Suite 102A Reston, Virginia 20190 Phone: +1-703-464-7005 Facsimile: +1-703-464-7006

RE: PIR’s EPP DOMAIN INFO command change announcement

Dear Paul Twomey and Bruce Beckwith,

Name Intelligence, Inc. has just been made aware that PIR will be modifying its Dot ORG Registry Software to be non-compliant with EPP1.0. They are moving away from full complacence with EPP 1.0’s DOMAIN INFO command. Their announcement is that they will stop providing complete information according to RFC 3732. Their intention is stop showing all information except for Registrar of record. The reason is to make the command thinner and prevent data mining. However NO registrant information is even being returned with this command right now. The “INFO” command is already a thin command that shows very little information. The information that it does show is fields like: Domain Name, Registrar of Record, Domain Status (On-hold, Transfer-prohibited, Registrar-lock), Domain Creation Date, Modification Date, Expiration Date. We need these fields for our domain suggestion software that appears on NetworkSolutions.com, GoDaddy.com, Enom.com, Yahoo, and lots of other registration company’s websites. This software helps millions of people a year to register domain names. PIR’s impact on our business and that of our customers would be overwhelming if their stated changes takes place.

Even VeriSign which operates a thin Registry would be showing more information then PIR after PIR’s EPP change. PIR limits their whois access more severally then VeriSign does. Therefore gathering Domain Status and expiration date is very complex with PIR. With VeriSign we just query for this using their whois and we get the answer back. We tried this approach with PIR but they banned our IP addresses because they said we requested too many records. I am not sure if that was fair and equal for them to do since we sevice millions of customers a day, but that is the primary reason our company sought accreditation as an ICANN Registrar. Querying via the EPP command instead of whois allows us access to the same information which is critical to the operations of our company. Actually, the info command returns less information then whois. But having got accredited just for EPP domain info command and now using EPP to gather this information we later hear that PIR is going to begin hiding domain’s status and expiration date from the DOMAIN INFO command. Our business relies on this EPP command to determine the domain’s status and expiration date and we use these values in our suggestion software.

We formally request that PIR repeal their decision on hiding expiration date and status from the DOMAIN INFO command. And we also formally request that ICANN enforce their contract with PIR and make them stay complaint with EPP 1.0 (RFC3732) for the DOMAIN INFO command.

PIR has stated several times that they wish to be the model registry, yet this move by them would make them even worse then VeriSign as far as usability. It would degrade the registration process of millions of users annually. Suggestions for available domain names is a service that users rely on and expect in a good registrar. PIR would force our software to be less accurate and possible suggest a .ORG domain that is already registered. And in my option that is a move in the wrong direction for this registry. Helping us help the registrars with registration is where I want to see PIR headed.

http://www.icann.org/tlds/agreements/org/ http://www.faqs.org/rfcs/rfc3732.html

Sincerely,

Jay Westerdal President and CEO Name Intelligence, Inc. CC: Dan Holloran, Registrars