Ed Gerck
Wed, 12 Jan 2000 23:16:19 -0800
[This rejoinder is being resent in order to correct the lack of formatting in Chucks' reply, which made his text "invisible" in between my original message -- thanks to Stef for pointing it out.] "Gomes, Chuck" wrote: > Ed Gerck wrote: >> >> Further, most (legitimate) business do not conceal tracing the origin >> of their product to the customer -- and this is what the Registrar does >> under the Shared Registry system, since the customer cannot ever trace >> the origin of the product s/he bought -- the Registry. The Registry will >> always deny selling that product to the customer or having any >> responsibility whatsoever to the product -- even though the customer's >> identification (the domain name) is in its files and points to the customer's >> host addresses. > > The Registry certainly would denying selling a product to a registrar > because it does not do that. This is an analogy -- pls read "service" instead of "product" if you so want. But, why did I use the word "product"? To emphasize the fact that there *are* material traces of that registration in the logs -- it is not just paper or fictional services. >> Further still, this is a business where the reseller (the Registrar) keeps >> the property of what it sells -- as I quoted before, Section II.H "Rights in >> Data" states that a Registrar has "the rights of an owner to the data elements >> listed in Sections II.E.1.d and e and II.F.1.d through i concerning that >> registration". > > Note that the domain name is not included in that list. Rightly so, but that list includes: II.F.g. The name and postal address of the SLD holder; II.F.h. The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the SLD; and II.F.i The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the SLD. to which the Registrar has the rights of an owner and can change at will to point to anyone else, since compliance with the Registry-Registrar agreement is nicely enforced by the potential culprit (the Registrar) for any such SLD transfer (see text already cited) while the Registry says "nothing to declare". That is why I commented that the Registrar "keeps the property of what it sells" -- the Registrar is NOT selling domain names, to be sure. The Registrar is selling the inclusion of that domain name in the Registry and keeping the property of what it sells -- that inclusion. The registrant has no right of owner to *anything* in the Registry, BTW. The only domain name holders in the Shared Registry system are the Registrars because only Registrars' names appear in the Registry. Anyone familiar with preventing fraud schemes will recognize that this is a system begging to be defrauded, even if by mistake ;-) >> In essence, the difference is that the reseller (Registrar) follows a sales >> system (Shared Registry) that denies tracing the producer (Registry), denies >> responsibility to the buyer from the producer, denies access to producer >> logs in order to prove buyer's rights, keeps the property of what is sold with >> the reseller, gives the buyer no authority over what was bought, and denies >> legal recourse as the buyer may see fit. > > I have a hard time seeing the Registry as a producer. The manufacturing > analogy seems to be weak here. As I commented in the first paragraph above, this is an analogy -- pls read "service" instead of "product" if you so want. The reason to use "product" was to call attention to the fact that it involves material proof. > I agree with you that the Registry would be of no help in this situation > unless there is evidence of a violation of the Registry-Registrar agreement. > You are correct that the registrar is not accredited by the Registry but > rather by ICANN. We had originally suggested a model where ICANN would flow > through its requirements through the Registry to the registrar, but not was > rejected. No one wants to hold the bag. But, the moment is not for witch-hunting but for understanding -- there are problems, the problems are unworkable within the present framework. The solution is: o First, notify the world; we are sort of doing that here but much more is needed -- all those involved must actively issue a public notice, o Second, provide temporary fixes; I already explained what temporary measures companies and individual should take in order to reduce risks under the Shared Registry system, o Third, solve it: go back to the drawing board, ask and accept suggestions (not a strong point for those involved, so far) and devise a system which does not exploit the actual domain name holders and which would need to provide accountability proportional to power -- not inversely proportional as today's system. >> Now, what happens if you include ICANN in the picture? Nothing -- all >> these actions do not violate the agreements with ICANN. And, they >> never violated the agreement with the registrant. The Registrar is >> clean. The registrant is out of luck. > > What are we talking about here? probably a few days at most before the > registrant would have some confirmation that the registration was accepted. > Once the registrant has confirmation that the registration has been > accepted, there is now legal recourse. :-) to the extent it has been constrained by the "agreements". Which right is as I said not very useful because the registrant cannot ask the Registry to confirm anything in his/her favor whereas the Registrar can always deny doing it. >> Thus, the Registry has not one but *two* essential roles to play in >> regard to the registrant -- the Registry acts as a trusted introducer to >> the Registrar and as a trusted witness. Of course, the extent of that >> trust can vary from Registry to Registry and from registrar to registrar >> (i.e., it is intersubjective) but there is a log, there is a trace, there is >> evidence that can be used. > > I understand your point even if I don't agree. Can you say why? >> And, in life as well as in chess, it is the threats that are not fulfilled >> which control the game -- if I, as Registrar, know that my customer >> can ask for the logs of the Registry and that there will be evidence >> of all transactions in that log, with possible legal effects, then I >> *will* think twice before even trying to cover up or fouling-up. >> To contrast, if I *know* as I know today that there is no witness >> to my actions then I may as well do and say whatever I please, >> even if what I do is not what I say. > > This is the type of argument that is often used to support government > regulation. No! Please don't throw that soundbite here. This is the type of argument followed by intelligent business that want to avoid government regulation and thus allow their actions to be seen, verified and also accept accountability for them. In the contrary, the current system is the one which invites government regulation in order to even exist -- as we well know, I presume ;-) And, this happens not only because trust is denied at the root (to use an analogy, since the Registry is unaccountable to the registrant) but also because there are very few checks and balances built into the system. Trust must be earned, not simply given away -- there is nothing in this system that allows trust on the Registry to be earned and yet the Registry is the central figure here and the one which provides the desired functionality. Cheers, Ed Gerck