[Ietf-not43] Comments on CRISP Requirements draft-06 and CRIS
P Internet Resour ce Number Requirements draft-00
Vittorio Bertola
vb at bertola.eu.org
Wed Nov 12 12:33:00 EST 2003
Ryan Lehning ha scritto:
> Vittorio,
>
> I really do appreciate the comments.
So do I. However, I'm quite a newbie on this list, so please anyone tell
me if I'm going off topic. It's easy to move from technical issues to
policy issues in a discussion like this, and only the former are
appropriate on this list.
> Rick's comments, "please define
> accuracy. . .where are methods to be kept," etc. are equally relevant to
> 3.2.8.1 because that subsection says that the protocol has to be able to
> return a result indicating a denial of access based on lack of authorization
> or privacy contraints. It doesn't specify what the authorization rules
> would be or what the privacy constraints are.
Pardon me, I still don't get it. Your proposal says that the protocol
should mark certain data as "verified as accurate", but does not define
what "accurate" means. If the two people on the two ends of the wire
define "accurate" in different ways, you will fail to ensure
interoperability, and you will cause confusion. On the other hand, if
you say "these data are being denied due to privacy constraints", it is
just the server that speaks to the author of the query. There's no
possible misunderstanding, as "privacy constraints do not allow me to
reply" is a judgement to be made on one side of the connection only.
Unless what you mean is that "verified as accurate" in your proposal
means "verified as accurate according to the registrar", which is a
tautology, since the registrar will never purposedly give you data that
are not the most updated ones it has (will it?).
> As to the second question, why is any work being done on CRISP now, before
> the policy making process is complete? Based on your suggestion, shouldn't
> we therefore wait until all of the policy choices are made before specifying
> any technical requirements?
IMHO, that could be a good idea; work on CRISP has already taken a long
time. Before making more modifications, I would wait to be sure that
these would be the last and final ones. At least, this is what I advice
as an engineer, when a customer comes to me to ask for a last minute
feature addition, but I figure out that other people from his company
are still discussing the matter, and more last minute change requests
may come later.
It's better for everyone if the policy people agree on what needs to be
done once for all, and then the specs are changed only once more, rather
than twice or three or four times more.
> this: Is the registrar data element false when users query the registry for
> Whois information?
Right.
> It may be. For example, if a registration is being
> transferred, depending on where in the transfer process it is, a Whois query
> may return false registrar information.
Ok, but I am sure that this regards a very small number of domain names,
and you can get who the correct registrar is from the other registrar.
Or perhaps you should have a "verified as accurate" marker on the
registrar information too? :-)
> If a user follows your suggestion
> and asks a registrar to provide registrant contact information, the
> registrar may refuse or the registrar may refer the user to Whois which may
> be inaccurate for the reason stated above.
Sorry, but if the registrar refuses to tell you privately who the
registrant actually is, then why do you expect it to tell everyone
publicly through its CRISP server?
Thanks,
--
.oOo.oOo.oOo.oOo vb.
Vittorio Bertola - vb [a] bertola.eu.org
http://bertola.eu.org/ <-- Vecchio sito, nuovo toblog!
More information about the Ietf-not43
mailing list