Questions on Recommendation 17
Hi Lutz and All, At long last, I want to circle back to the Data Access Recommendation and ask questions that have been banging around in my head for awhile. I wanted to wait awhile until after our marathon editing sessions and the holidays. But first, a huge congratulations to Susan for the Facebook initial public offering. I am so hoping you are one of the hundreds of new millionaires I am hearing about on the news! (No need to tell us... that's private data :-) ) Here are my questions to Lutz and all advocating the Data Access recommendation (in its two versions) now in our report and listed below. As I understand it, we are recommending a "dedicated, multilingual website" to provide thick Whois data (for thin gTLD registries, in one variation, and all gTLD registries in the other): 1. What is the underlying data structure of this website? Is all the information going to be gathered into and run out of a California database run and owned by ICANN? 2. Alternatively, might it be a website run by ICANN offering links to the registries and registrars who hold the full Whois data? 3. Do you think this would become the place in which all people search for all gTLD whois data? If so, could there be a scalability problem if all people (law enforcement, domain name purchasers, etc) go to one website for all Whois searches? Is there some liability to ICANN should such a site go down? 4. Are we advocating a particular policy/technical solution or is the implementation open to discussion in the GNSO and other policy groups within ICANN? Report section below. Thanks so much for any and everyone's answers to the questions above -- addressed to Lutz as the founder of this recommendation. All the best, Kathy p.s. Data Access recommendation: "Data Access – Common Interface 17. To improve access to the Whois data of .COM and .NET gTLDs, the only remaining Thin Registries, ICANN should set up a dedicated, multilingual interface website to provide thick WHOIS data for them. ALTERNATIVE for public comment: To make WHOIS data more accessible for consumers, ICANN should set up a dedicated, multilingual interface website to allow "unrestricted and public access to accurate and complete WHOIS information". Such interface should provide thick WHOIS data for all gTLD domain names." --
On Fri, Feb 03, 2012 at 01:59:05PM -0500, Kathy Kleiman wrote:
I understand it, we are recommending a "dedicated, multilingual website" to provide thick Whois data (for thin gTLD registries, in one variation, and all gTLD registries in the other):
No, we are recommending a "dedicated, multilingual website" to provide a "centralized access to all whois data regardless of the underlying data structure".
1. What is the underlying data structure of this website? Is all the information going to be gathered into and run out of a California database run and owned by ICANN?
No. The website traveresed the data structure down the chain of whois servers (starting at whois.iana.org). It does not store nor copy the whois data, besides some short time caching. It's similar to DNS: A recursive resolver does not copy and stores all the DNS records worldwide, but is able to obtain the necessary data on the fly.
2. Alternatively, might it be a website run by ICANN offering links to the registries and registrars who hold the full Whois data?
No. The results should be present directly on this particular website in order to fulfill the requirements of the AoC literaly: maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information. In order to overcome the problems, shown by user experiance report, the website needs to be multilingual not only in terms of the user interface but also in the presentation of the gathered data. Of course, the website needs to show the sources and the way how the information was obtained, where it is really stored and why. That's the minimal requirement from (my) understanding of (European) data protection laws.
3. Do you think this would become the place in which all people search for all gTLD whois data?
Yes, that's the intention of the proposal.
If so, could there be a scalability problem if all people (law enforcement, domain name purchasers, etc) go to one website for all Whois searches? Is there some liability to ICANN should such a site go down?
Yes, that's the reasoning behind the proposal: The AoC urges ICANN to provide such an unrestricted access. Unfortunly many registries does rate limit the access or does not provide all the required data. ICANN - as the operator of the proposed website - has the power to enforce it's own policies by using it's own contracts with the parties in question. This way the proposal collapses the differences between real world and AoC at a single point within the organisation which is able to solve the problem.
4. Are we advocating a particular policy/technical solution or is the implementation open to discussion in the GNSO and other policy groups within ICANN?
We - as a group - are limited to the such a proposal and might add some personal reasoning (like this). Personally I do run such an "all-whois" website since 1996 and do have some ideas how it should be implemented and which operational policy should be enforced. But that's outside of our scope.
Hi Lutz, Thank you for the detailed answers below. I am still working through them and urge others to review them closely as well. I would very much like to see the "all-whois" website you have been running since 1996 -- would you be willing to share the link? There does seem to be a difference in how we view the AoC. I never saw as **requiring ** ICANN to have an operational role in running websites, and I don't remember such discussions in our meetings (did I sleep through something?) I do remember discussing that ICANN -- with Whois data as with so many other areas -- is responsible fo creating and overseeing policies that implement the wording and goals of the AoC. I tend to have a sense that policy-making bodies are not great operational bodies, and know there has been great push-back against ICANN in other areas (e.g. the DNS-Cert discussion of 2010). I will send back more detailed comments shortly. Thank you for this discussion online and, hopefully, in CR as well. And thanks for the link to your website! Best, Kathy :
On Fri, Feb 03, 2012 at 01:59:05PM -0500, Kathy Kleiman wrote:
I understand it, we are recommending a "dedicated, multilingual website" to provide thick Whois data (for thin gTLD registries, in one variation, and all gTLD registries in the other):
No, we are recommending a "dedicated, multilingual website" to provide a "centralized access to all whois data regardless of the underlying data structure".
1. What is the underlying data structure of this website? Is all the information going to be gathered into and run out of a California database run and owned by ICANN? No. The website traveresed the data structure down the chain of whois servers (starting at whois.iana.org). It does not store nor copy the whois data, besides some short time caching.
It's similar to DNS: A recursive resolver does not copy and stores all the DNS records worldwide, but is able to obtain the necessary data on the fly.
2. Alternatively, might it be a website run by ICANN offering links to the registries and registrars who hold the full Whois data? No. The results should be present directly on this particular website in order to fulfill the requirements of the AoC literaly:
maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.
In order to overcome the problems, shown by user experiance report, the website needs to be multilingual not only in terms of the user interface but also in the presentation of the gathered data.
Of course, the website needs to show the sources and the way how the information was obtained, where it is really stored and why. That's the minimal requirement from (my) understanding of (European) data protection laws.
3. Do you think this would become the place in which all people search for all gTLD whois data? Yes, that's the intention of the proposal.
If so, could there be a scalability problem if all people (law enforcement, domain name purchasers, etc) go to one website for all Whois searches? Is there some liability to ICANN should such a site go down? Yes, that's the reasoning behind the proposal: The AoC urges ICANN to provide such an unrestricted access. Unfortunly many registries does rate limit the access or does not provide all the required data.
ICANN - as the operator of the proposed website - has the power to enforce it's own policies by using it's own contracts with the parties in question.
This way the proposal collapses the differences between real world and AoC at a single point within the organisation which is able to solve the problem.
4. Are we advocating a particular policy/technical solution or is the implementation open to discussion in the GNSO and other policy groups within ICANN? We - as a group - are limited to the such a proposal and might add some personal reasoning (like this).
Personally I do run such an "all-whois" website since 1996 and do have some ideas how it should be implemented and which operational policy should be enforced. But that's outside of our scope.
--
On Mon, Feb 06, 2012 at 10:19:33AM -0500, Kathy Kleiman wrote:
Thank you for the detailed answers below. I am still working through them and urge others to review them closely as well. I would very much like to see the "all-whois" website you have been running since 1996 -- would you be willing to share the link?
The current state (focused on the German speaking community) is http://www.iks-jena.de/eng/Tools/Whois It's mostly useful for looking up IP addresses, especially IPv6 transition addresses like 2001:0:d911:c0d9:0:fbde:3d50:212c or 2002:d911:c0d9::1 The majority of users come from the German Law Enforcement (low level crime), simply because they are happy to call German speaking people in the case of trouble.
There does seem to be a difference in how we view the AoC. I never saw as **requiring ** ICANN to have an operational role in running websites
You are absolutly right. The AoC does not urge ICANN to operate a service at it's own. But - in order to fulfill the requirements from the AoC - the only party, which can run such a service, is ICANN itself. Therefore the proposal.
I will send back more detailed comments shortly. Thank you for this discussion online and, hopefully, in CR as well. And thanks for the link to
No, I'll not make it to CR. I was ill (recurrent corneal erosion) between the years and be urged to do not travel that far in the next few months.
Lutz, thank you for the link, and the discussion. I personally don't see a clear requirement, under the AOC, for ICANN to run a service itself (or contract for the service). It is about the policies... Historically, I thought your suggestion of the portal arose (or got momentum) in our discussions because of "findability" and some of the recent work (work towards the end of our year) that showed the survey participants having trouble finding Whois data generally and thick Whois data in particular. So I thought and agree that we should address the issue of "findability" which, I believe, has both policy and operational possibilities. Frankly, I think education, pointers, explanations, and clarifications COULD be run by ICANN -- to help clarify the field (e.g., a page with links to every thick and thin gTLD registry/registrar and an overview of thick and thin registries and where to find Whois data). On the flip side, I would like to better understand the implications of ICANN running a search portal -- and what happens when all Whois searches go through one site. As an old CS/IT person, that was always the scenario we wanted to avoid... and today the searches (as we so well know) are decentralized. I hope people will comment. On a related note, please see the comments from ICANN Chair Steve Crocker (who created the RFC/Request for Comment process years ago within the IETF). They are well-reasoned and thorough and we need to think through our answers, responses, and possible clarifications, changes, expansions, additional reasoning, etc. (as with all comments). I am offline today teaching, but back later. Lutz, I am so sorry you can't join us in CR, and truly hope for rapid and full recovery! All the best, Kathy :
On Mon, Feb 06, 2012 at 10:19:33AM -0500, Kathy Kleiman wrote:
Thank you for the detailed answers below. I am still working through them and urge others to review them closely as well. I would very much like to see the "all-whois" website you have been running since 1996 -- would you be willing to share the link? The current state (focused on the German speaking community) is http://www.iks-jena.de/eng/Tools/Whois
It's mostly useful for looking up IP addresses, especially IPv6 transition addresses like 2001:0:d911:c0d9:0:fbde:3d50:212c or 2002:d911:c0d9::1
The majority of users come from the German Law Enforcement (low level crime), simply because they are happy to call German speaking people in the case of trouble.
There does seem to be a difference in how we view the AoC. I never saw as **requiring ** ICANN to have an operational role in running websites You are absolutly right. The AoC does not urge ICANN to operate a service at it's own. But - in order to fulfill the requirements from the AoC - the only party, which can run such a service, is ICANN itself. Therefore the proposal.
I will send back more detailed comments shortly. Thank you for this discussion online and, hopefully, in CR as well. And thanks for the link to No, I'll not make it to CR. I was ill (recurrent corneal erosion) between the years and be urged to do not travel that far in the next few months.
--
On Tue, Feb 07, 2012 at 08:20:57AM -0500, Kathy Kleiman wrote:
On a related note, please see the comments from ICANN Chair Steve Crocker (who created the RFC/Request for Comment process years ago within the IETF). They are well-reasoned and thorough and we need to think through our answers, responses, and possible clarifications, changes, expansions, additional reasoning, etc. (as with all comments).
I had a short discussion with him last week. He seems to like some more technical background in the report as well as a chapter on use cases of whois. I think I should address this topic. Please remind me, if I'm going to become lazy again.
Let's let the AoC speaks for itself. "ICANN additionally commits to enforcing its existing policy relating to WHOIS, subject to applicable laws. Such existing policy requires that ICANN implement measures to maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information." Doesn't say that ICANN should play the operation role and it doesn't say that ICANN should not. ICANN is required to implement measures to effect an adequate result. I do recall discussing a portal, not sure if that was in terms of ICANN operating the portal or ICANN contracting a third party to, or maybe discussing both. Seth -----Original Message----- From: rt4-whois-bounces@icann.org [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Monday, February 06, 2012 5:20 AM To: Lutz Donnerhacke Cc: rt4-whois@icann.org Subject: Re: [Rt4-whois] Questions on Recommendation 17 Hi Lutz, Thank you for the detailed answers below. I am still working through them and urge others to review them closely as well. I would very much like to see the "all-whois" website you have been running since 1996 -- would you be willing to share the link? There does seem to be a difference in how we view the AoC. I never saw as **requiring ** ICANN to have an operational role in running websites, and I don't remember such discussions in our meetings (did I sleep through something?) I do remember discussing that ICANN -- with Whois data as with so many other areas -- is responsible fo creating and overseeing policies that implement the wording and goals of the AoC. I tend to have a sense that policy-making bodies are not great operational bodies, and know there has been great push-back against ICANN in other areas (e.g. the DNS-Cert discussion of 2010). I will send back more detailed comments shortly. Thank you for this discussion online and, hopefully, in CR as well. And thanks for the link to your website! Best, Kathy :
On Fri, Feb 03, 2012 at 01:59:05PM -0500, Kathy Kleiman wrote:
I understand it, we are recommending a "dedicated, multilingual website" to provide thick Whois data (for thin gTLD registries, in one variation, and all gTLD registries in the other):
No, we are recommending a "dedicated, multilingual website" to provide a "centralized access to all whois data regardless of the underlying data structure".
1. What is the underlying data structure of this website? Is all the information going to be gathered into and run out of a California database run and owned by ICANN? No. The website traveresed the data structure down the chain of whois servers (starting at whois.iana.org). It does not store nor copy the whois data, besides some short time caching.
It's similar to DNS: A recursive resolver does not copy and stores all the DNS records worldwide, but is able to obtain the necessary data on the fly.
2. Alternatively, might it be a website run by ICANN offering links to the registries and registrars who hold the full Whois data? No. The results should be present directly on this particular website in order to fulfill the requirements of the AoC literaly:
maintain timely, unrestricted and public access to accurate and complete WHOIS information, including registrant, technical, billing, and administrative contact information.
In order to overcome the problems, shown by user experiance report, the website needs to be multilingual not only in terms of the user interface but also in the presentation of the gathered data.
Of course, the website needs to show the sources and the way how the information was obtained, where it is really stored and why. That's the minimal requirement from (my) understanding of (European) data protection laws.
3. Do you think this would become the place in which all people search for all gTLD whois data? Yes, that's the intention of the proposal.
If so, could there be a scalability problem if all people (law enforcement, domain name purchasers, etc) go to one website for all Whois searches? Is there some liability to ICANN should such a site go down? Yes, that's the reasoning behind the proposal: The AoC urges ICANN to provide such an unrestricted access. Unfortunly many registries does rate limit the access or does not provide all the required data.
ICANN - as the operator of the proposed website - has the power to enforce it's own policies by using it's own contracts with the parties in question.
This way the proposal collapses the differences between real world and AoC at a single point within the organisation which is able to solve the problem.
4. Are we advocating a particular policy/technical solution or is the implementation open to discussion in the GNSO and other policy groups within ICANN? We - as a group - are limited to the such a proposal and might add some personal reasoning (like this).
Personally I do run such an "all-whois" website since 1996 and do have some ideas how it should be implemented and which operational policy should be enforced. But that's outside of our scope.
-- _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org https://mm.icann.org/mailman/listinfo/rt4-whois
Lutz wrote:
Yes, that's the reasoning behind the proposal: The AoC urges ICANN to provide such an unrestricted access. Unfortunly many registries does rate limit the access or does not provide all the required data. Hi Lutz, Yes, the registrars and registries rate limit because they feel required to. It is part of the Whois Marketing Restriction Policy of 2004 -- one of the few bright spots of the type of consensus from the GNSO we have been looking for -- that bars registries and registrars from allowing data mining of the Whois databases for spam, other forms of unwanted advertising, profiling, etc. (Quote from our draft report, chapter 3, is below.) Rate limiting is a tried and true way of preventing data mining, as you know.
/So here's a followup question: Are we saying, somehow, that the language of the AOC trumps and takes precedence over this Consensus Policy? If so, I think we really need to spell it out for the community and the GNSO. /But somehow, I don't think we meant to overturn this marketing restriction policy. As I have mentioned, I think we should be very carefully of recommended specific technical fixes -- but lay out the problem, and the need for a solution, and allow the Community to find it. Chapter 3 Excerpt: "WHOIS Marketing Restriction Policy: This policy, a combination of two distinct GNSO policy recommendations, creates two policy changes to the Registrar Accreditation Agreement: a. Registrars must require third parties "to agree not to use the [Whois] data to allow, enable, or otherwise support any marketing activities." b. Registrars must "agree not to sell or redistribute the [Whois] data" (with some exceptions). http://www.icann.org/en/registrars/wmrp.htm/" Best, Kathy / --
I see nothing in the policy that *requires* rate limiting over port 43. The referenced policy, now part of the RAA, refers to *bulk* access, nothing more, nothing less. If the contracted parties are relying on this language as a means to justify port 43 rate limiting, they are employing *creative* reading of the language. On Feb 8, 2012, at 9:57 AM, Kathy Kleiman wrote: Lutz wrote: Yes, that's the reasoning behind the proposal: The AoC urges ICANN to provide such an unrestricted access. Unfortunly many registries does rate limit the access or does not provide all the required data. Hi Lutz, Yes, the registrars and registries rate limit because they feel required to. It is part of the Whois Marketing Restriction Policy of 2004 -- one of the few bright spots of the type of consensus from the GNSO we have been looking for -- that bars registries and registrars from allowing data mining of the Whois databases for spam, other forms of unwanted advertising, profiling, etc. (Quote from our draft report, chapter 3, is below.) Rate limiting is a tried and true way of preventing data mining, as you know. So here's a followup question: Are we saying, somehow, that the language of the AOC trumps and takes precedence over this Consensus Policy? If so, I think we really need to spell it out for the community and the GNSO. But somehow, I don't think we meant to overturn this marketing restriction policy. As I have mentioned, I think we should be very carefully of recommended specific technical fixes -- but lay out the problem, and the need for a solution, and allow the Community to find it. Chapter 3 Excerpt: "WHOIS Marketing Restriction Policy: This policy, a combination of two distinct GNSO policy recommendations, creates two policy changes to the Registrar Accreditation Agreement: a. Registrars must require third parties “to agree not to use the [Whois] data to allow, enable, or otherwise support any marketing activities.” b. Registrars must “agree not to sell or redistribute the [Whois] data” (with some exceptions). http://www.icann.org/en/registrars/wmrp.htm" Best, Kathy -- _______________________________________________ Rt4-whois mailing list Rt4-whois@icann.org<mailto:Rt4-whois@icann.org> https://mm.icann.org/mailman/listinfo/rt4-whois
I am not sure why the AoC could not trump Consensus Policy if that is what ICANN intended when it signed the AoC. I am not saying this is a desirable result on this issue - that the AoC intended to set aside the Whois Marketing Restricting Policy - I suspect most of us would want that policy retained; but the question of whether the AoC can be construed to require changes to policies, agreements and the like is probably a question implicating the interaction of contract and corporate law in this instance. One cannot simply say that the AoC is subservient to all policy created to date. We do not question that the AoC potentially implicates changes to the RAA, for example. So why could it not also implicate changes to a consensus policy? How we get there without running afoul of the ICANN articles and bylaws is probably a separate question. Seth From: rt4-whois-bounces@icann.org [mailto:rt4-whois-bounces@icann.org] On Behalf Of Kathy Kleiman Sent: Wednesday, February 08, 2012 7:57 AM To: Lutz Donnerhacke Cc: rt4-whois@icann.org Subject: Re: [Rt4-whois] Questions on Recommendation 17 Lutz wrote: Yes, that's the reasoning behind the proposal: The AoC urges ICANN to provide such an unrestricted access. Unfortunly many registries does rate limit the access or does not provide all the required data. Hi Lutz, Yes, the registrars and registries rate limit because they feel required to. It is part of the Whois Marketing Restriction Policy of 2004 -- one of the few bright spots of the type of consensus from the GNSO we have been looking for -- that bars registries and registrars from allowing data mining of the Whois databases for spam, other forms of unwanted advertising, profiling, etc. (Quote from our draft report, chapter 3, is below.) Rate limiting is a tried and true way of preventing data mining, as you know. So here's a followup question: Are we saying, somehow, that the language of the AOC trumps and takes precedence over this Consensus Policy? If so, I think we really need to spell it out for the community and the GNSO. But somehow, I don't think we meant to overturn this marketing restriction policy. As I have mentioned, I think we should be very carefully of recommended specific technical fixes -- but lay out the problem, and the need for a solution, and allow the Community to find it. Chapter 3 Excerpt: "WHOIS Marketing Restriction Policy: This policy, a combination of two distinct GNSO policy recommendations, creates two policy changes to the Registrar Accreditation Agreement: a. Registrars must require third parties "to agree not to use the [Whois] data to allow, enable, or otherwise support any marketing activities." b. Registrars must "agree not to sell or redistribute the [Whois] data" (with some exceptions). http://www.icann.org/en/registrars/wmrp.htm" Best, Kathy --
participants (4)
-
Kathy Kleiman -
Lutz Donnerhacke -
Seth M Reiss -
Smith, Bill