[Ietf-not43] Comments on CRISP Requirements draft-06 and CRIS
P Internet Resour ce Number Requirements draft-00
Ryan Lehning
rlehning at smimetlaw.com
Wed Nov 12 10:48:33 EST 2003
Vittorio,
I really do appreciate the comments. Rick's comments, "please define
accuracy. . .where are methods to be kept," etc. are equally relevant to
3.2.8.1 because that subsection says that the protocol has to be able to
return a result indicating a denial of access based on lack of authorization
or privacy contraints. It doesn't specify what the authorization rules
would be or what the privacy constraints are.
As to the second question, why is any work being done on CRISP now, before
the policy making process is complete? Based on your suggestion, shouldn't
we therefore wait until all of the policy choices are made before specifying
any technical requirements?
As to your last question, I'm not quite sure what you mean. Do you mean
that registrars are submitting false data to registries? (which in turn are
accessed via Whois queries of the registry) They may be if the registrant
is not giving reigstrars correct information. What I think you're asking is
this: Is the registrar data element false when users query the registry for
Whois information? It may be. For example, if a registration is being
transferred, depending on where in the transfer process it is, a Whois query
may return false registrar information. If a user follows your suggestion
and asks a registrar to provide registrant contact information, the
registrar may refuse or the registrar may refer the user to Whois which may
be inaccurate for the reason stated above.
Thanks,
Ryan
-----Original Message-----
From: Vittorio Bertola [mailto:vb at bertola.eu.org]
Sent: Wednesday, November 12, 2003 10:08 AM
To: Ryan Lehning
Cc: 'ietf-not43 at lists.verisignlabs.com'
Subject: Re: [Ietf-not43] Comments on CRISP Requirements draft-06 and
CRIS P Internet Resour ce Number Requirements draft-00
Ryan Lehning ha scritto:
> Rick,
>
> Thanks for the prompt response. It strikes me that your comments are
> equally relevant to the Data Omission Protocol Requirement (3.2.8.1).
Sorry - don't want to flood you with comments - but which of his
comments, and how?
I disagree with your statement. That paragraph does not define any
country-dependant mechanism, does not refer to undefined concepts such
as "accuracy", nor it requires the creation of a new set of reference
values.
Furthermore, that paragraph deals with the situation where the protocol
is not able to return the values it is built to return, because of
policy constraints; the protocol needs to be able to cope with this
situation, or, simply, it won't work. But that paragraph does not
require the protocol to start supporting new data elements or extend it
over its original purpose.
As for ICANN's SECSAC recommendation, as you possibly know, ICANN has
just started a policy making process to deal with that and other
recommendations, and to verify the consensus on whether Whois contact
data elements should be changed and how. So before talking about extra
items to be communicated by the protocol, I think it would be wiser to
wait for that process to finish. It will not take long.
Then (replying to your other message):
> Finally, your solution, "if you need to know more, you might simply obtain
> the registrant and registrar contacts and then ask them directly," will
not
> work if the data is phony.
Do you mean that registries return fake *registrar* information?
Thanks,
--
.oOo.oOo.oOo.oOo vb.
Vittorio Bertola - vb [a] bertola.eu.org
http://bertola.eu.org/ <-- Vecchio sito, nuovo toblog!
More information about the Ietf-not43
mailing list