"Gomes, Chuck" wrote:
> Ed,
>
> You appear to be looking at the ICANN Registrar Accreditation Agreement
> instead of the NSI-Registrar License and Agreement that I referenced. Try
> this URL: http://www.icann.org/nsi/nsi-rla-04nov99.htm
Chuck:
:-) I do not "appear to be looking" -- I *cited* the URL for the ICANN rule on
Registrar procedures which supersedes and controls the NSI-Registrar
License Agreement you mention, in relationship to a Registrar. To be sure,
a Registrar that handles domain names for the NSI-Registry MUST sign
*both* agreements but it is the ICANN Agreement which *grants* the
Registrar the *right to own the data* over the rights of the registrants.
That is why I found your earlier citation ineffective, as well as inexact.
But instead of questioning then the exactness of your citation, I went along
with it ("I will take your word for it", I wrote) and showed that not even
the wording that *you* chose was correct when applied *to the Registry*.
Now, I would like to question your citation itself. Going back to the first
point you mentioned, you wrote "I believe you will find the following:"
and cited:
> (1) domain slamming is a violation of the License and Agreement
> that every registrar must sign with the NSI Registry
whereas no one else can find the words "slam" or "slamming" in the document
you cited and, in fact, the document you cited is moot on this subject. It only sets
a policy for "where an SLD holder wants to change its Registrar" -- the rest
is free, the Registrar is free to transfer the data it owns (per ICANN) to any
other Registrar when it wants. But this is not the only negative pregnant you
will read, please note that the document you cite sets up a moot policy because
.... what is a policy without enforcement? The NSI-Registrar Agreement does
not mandate enforcement of rules even for instances where an SLD holder
wants to change its Registrar:
"Enforcement shall be the responsibility of the Registrar sponsoring the
domain name registration."
And, please let not anyone complain, because how could the NSI-Registrar
agreement enforce even this modicum? The NSI-Registry has *no* information
on the registrant -- the "missing dot" here.
> Regarding your comments, it appears to me that our primary disagreement is
> this: you believe that the fact that the registry does not contain domain
> holder information is a problem; I do not.
First, I am glad we agree with the fact: we both agree that the Registry does
not contain domain holder information. So, please pray tell .. who is the domain
holder to the Registry? The unknown registrant or the Registrar? You will
recognize then, I presume, the full validity of my earlier affirmations:
(1) to the Registry, domain name slamming for the registrant does not exist
because the Registry has no data whatsoever on the registrant and only
deals with the Registrar. The NSI Registry cannot thus intend to prohibit
what it purposefully ignores.
(2) to the Registry, domain names are registered to Registrars and the
Registrars have ultimate authority over the names, not the registrant (aka
"domain name name holder" in the previous system). No registrant can ever
come into dispute with the Registry under the Shared Registry Protocol,
because the Registry has NO data whatsoever on the registrant, NO contractual
privity with registrants and NO obligation at large to any registrant.
> That is why I asked for specific examples of where this has been a problem.
There are several examples, beginning with the segmented WHOIS service
which is a direct consequence of the Registry being essentially ignorant
when asked for the domain name registrant -- even though it provides
name to address translation to that registrant. There is no longer a
notion of Registry either, since we only have segmented views from
each Registrar *and* as the Registrar so allows (if the Registrar does not
allow it, the WHOIS query cannot proceed to the Registry).
Another problem is in your reference to "registrants have ultimate authority
of the names, not the registrar." -- which not only contradicts the revocation
clauses of the registrars' domain name agreements and the revocation
requirements inherent in the Registrar Accreditation Agreement, but it also
does not say "not the registrar *or ICANN*." Where the negative pregnant
clause is apparent.
Further, that "ultimate authority" you mention and which does not actually
exist as I show above, is also entirely forsaken in the current domain name
agreement that registrants MUST sign with Registrars, where authority to
define a venue for dispute is just one of the rights being effectively negated
to the registrants in those form contracts.
Further, the RRP creates a problem by itself, since it denies a right -- it denies
domain name data ownership rights to the registrants in regard to the Registry.
Further, the Registry is left legally unaccountable to the registrants -- which are
not in contract privity with the Registry and not warranted at large by the
Registry either.
The last problem overshadows all, because lack of accountability is that
which can deny any examples of problems at any time.
Indeed, there is no problem -- when looking from the other side of the
looking glass. However, as we follow the rabbit hole we see how deep it
goes -- it implies a full denial of responsibility, not only accountability.
There is purposefully nothing that the Registry can do in regard to the
actual domain name holder, even though this is in disagreement with all
RFCs (the reason cited to disallow trailing hyphens, or whenever
convenient as it seems).
Solutions? Yes. There are solutions even under curent policy -- as long as we
do not deny the problem. Under current policy, the best strategy for large
corporations is to become themselves ICANN-accredited Registrars to the
NSI-Registry and handle by themselves all their domain names. This is the
only way that they could be in control of their Internet identity and deal
directly with the Registry (NSI, for example) in order to enforce accountability.
Of course, smaller corporations may not find this approach viable or even
possible but they should be aware of the problem. To decrease their
risks, they should not let anyone else but company contacts be listed in the
contact fields at the domain registration with the Registrar (ie, not include
Registrar's or ISP's contacts) and they should find a WHOIS service that
lists the Registry for their domain names and verify frequently if the Registrar
named is the correct one.
In short, caveat emptor. [1]
Cheers,
Ed Gerck
[1] "Let the buyer beware" -- the notion that the seller is not responsible for what it
sells through a third-party and thus the buyer must bear all precautions, risks and
ensuing costs and damages. This notion was debunked in the US for the auto
industry in the 1900's.
