Random Bytes...

Preamble

There have been many discussions¹ regarding the policy implications of Whois within the ICANN community over the past few years. They have been an important part of the process.

In order to fulfill ICANN’s mandate, the community must resolve technical coordination issues by rooting operational policies in the fertile ground created by a widespread understanding of the salient issues and sometimes differing points of view. We must avoid unintended consequences and ensure that our decisions remain relevant – for the entire range of stakeholders – for an appropriate amount of time into the future

We approach this question with some basic principles, preliminary functional requirements and a willingness to understand how this document should evolve for the benefit of the community.

We are in the process of creating a proposed implementation based on the ideas set forth in this document. Once this initial statement has been subject to community review and further refined, this document and the resultant proposal will be formally released as a single document.

Formative Principles

1. Whois is not purely a domain name or IP address contact information retrieval system. It has been deployed for a wide variety of uses, both public and private. The ICANN community must only focus on establishing guidelines and policy for use of Whois in the context of domain name or IP address contact information retrieval, and only when the circumstances indicate that it is appropriate to do so.
2. We must not limit our definition of Whois to solely represent a mechanism for accessing contact information. This definition should at least include a method of arranging general agreements between relevant parties regarding data presentation formats and systems interoperability.
3. The ability to efficiently access domain name holder contact information is an important privilege that users of the DNS must continue to have.
4. Query based access to a coordinated Whois system upon the presentation of valid credentials must continue to be maintained for legitimate users.
5. It is just as important to consider the needs of those that use the data as it is to consider the needs of those from which the data originated with and also those that maintain access to the data.
6. Distributed systems provide greater benefit to the community, the users and industry than do centralized systems.
7. System interoperation is preferable to system integration. Unfettered access to open interoperability guidelines are a pre-requisite for orchestrating the interoperation of distributed systems.
8. Determining whether or not fees should be associated with the system is not as important as agreeing that deploying and maintaining the system will have costs associated with it.
9. Individuals have a right to privacy, corporations have a right to exercise non-disclosure and legitimate interests have a defined need for discovery.
10. In order to ensure the continued operation and tomorrow’s enhanced utility of the existing Whois service, Whois providers, at all levels, must start to coordinate their efforts, actions and technology on a more fundamental level.
11. Access to a Whois system is a privilege and not a right.
12. Legitimate volume access to data is more appropriately supported through technical system interoperability and standardized data formats than it is through bulk retrieval mechanisms.
13. Whois service providers are a diverse group of interests that include generic and country-code registry and registrar operators, internet address registries and value-add providers.
14. Whois service users are an extremely diverse group of interests that include law enforcement, businesses, individuals, trademark, patent and copyright interests, governments and others.

Preliminary Functional Requirements

An important aspect of system design is in the gathering, analysis and restatement of user requirements outlining how the system, once implemented, should work. The following statements attempt to restate some of the more common requirements that have been stated regarding a coordinated query-based Whois system and the policies that govern it.

The goal of this restatement is to solicit further thought from the community regarding what requirements it deems valuable and should be included in the final system design and implementation.

1. Data need be made available in response to an authenticated query based Transaction request in a form and format common to all Whois providers participating in the system.
2. Registrants and other parties with data residing in the system must have the capability to directly access and manage that data.
3. Individual users that have data residing in the system must have the capability to opt-in to uses of the data that would see that data being licensed to a third party for any purpose.
4. Business users that have data residing in the system should have the capability to opt-out to uses of the data that would see that data being licensed to a third party for any purpose.
5. In response to an unauthenticated query, the Whois system will provide a limited subset of the data. The system will respond to an authenticated query with data appropriate for the level of access provided to the credentialed user making the query.
6. Abusive or excessive queries may be limited or ignored by Whois service providers.
7. The Whois service must coordinate with other Whois services, such as those provided by gTLD Registries and the Regional Internet Registries to provide a more accurate view of the data related to the domain name in situations where the individual or corporation has exercised their respective rights to privacy or non-disclosure.
8. Implementation of the Whois system should rely on pre-existing IETF standards-based or IETF standards-track technologies. Implementation of the Whois system should not require the development of new protocols.

¹Please help us continue this discussion and leave your comments using the web form located below this footnote.