"Gomes, Chuck" wrote:
> Ed Gerck wrote:
>
> Further, most (legitimate) business do not conceal tracing the origin
> of their product to the customer -- and this is what the Registrar does
> under the Shared Registry system, since the customer cannot ever trace
> the origin of the product s/he bought -- the Registry. The Registry will
> always deny selling that product to the customer or having any
> responsibility whatsoever to the product -- even though the customer's
> identification (the domain name) is in its files and points to the customer's
> host addresses.
>
> The Registry certainly would denying selling a product to a registrar
> because it does not do that.
This is an analogy -- pls read "service" instead of "product" if you so
want. But, why did I use the word "product"? To emphasize the fact
that there *are* material traces of that registration in the logs -- it is
not just paper or fictional services.
> Further still, this is a business where the reseller (the Registrar) keeps
> the property of what it sells -- as I quoted before, Section II.H "Rights in
> Data" states that a Registrar has "the rights of an owner to the data elements
> listed in Sections II.E.1.d and e and II.F.1.d through i concerning that
> registration".
>
> Note that the domain name is not included in that list.
Rightly so, but that list includes:
II.F.g. The name and postal address of the SLD holder;
II.F.h. The name, postal address, e-mail address, voice telephone number,
and (where available) fax number of the technical contact for the SLD; and
II.F.i The name, postal address, e-mail address, voice telephone number,
and (where available) fax number of the administrative contact for the SLD.
to which the Registrar has the rights of an owner and can change at will to
point to anyone else, since compliance with the Registry-Registrar agreement
is nicely enforced by the potential culprit (the Registrar) for any such SLD
transfer (see text already cited) while the Registry says "nothing to declare".
That is why I commented that the Registrar "keeps the property of what it
sells" -- the Registrar is NOT selling domain names, to be sure. The
Registrar is selling the inclusion of that domain name in the Registry and
keeping the property of what it sells -- that inclusion.
The registrant has no right of owner to *anything* in the Registry, BTW.
The only domain name holders in the Shared Registry system are the
Registrars because only Registrars' names appear in the Registry. Anyone
familiar with preventing fraud schemes will recognize that this is a system
begging to be defrauded, even if by mistake ;-)
> In essence, the difference is that the reseller (Registrar) follows a sales
> system (Shared Registry) that denies tracing the producer (Registry), denies
> responsibility to the buyer from the producer, denies access to producer
> logs in order to prove buyer's rights, keeps the property of what is sold with
> the reseller, gives the buyer no authority over what was bought, and denies
> legal recourse as the buyer may see fit.
>
> I have a hard time seeing the Registry as a producer. The manufacturing
> analogy seems to be weak here.
As I commented in the first paragraph above, this is an analogy -- pls read
"service" instead of "product" if you so want. The reason to use "product"
was to call attention to the fact that it involves material proof.
> I agree with you that the Registry would be of no help in this situation
> unless there is evidence of a violation of the Registry-Registrar agreement.
> You are correct that the registrar is not accredited by the Registry but
> rather by ICANN. We had originally suggested a model where ICANN would flow
> through its requirements through the Registry to the registrar, but not was
> rejected.
No one wants to hold the bag. But, the moment is not for witch-hunting but
for understanding -- there are problems, the problems are unworkable within
the present framework. The solution is:
o First, notify the world; we are sort of doing that here but much
more is needed -- all those involved must actively issue a public
notice,
o Second, provide temporary fixes; I already explained what temporary
measures companies and individual should take in order to reduce
risks under the Shared Registry system,
o Third, solve it: go back to the drawing board, ask and accept
suggestions (not a strong point for those involved, so far)
and devise a system which does not exploit the actual domain
name holders and which would need to provide accountability
proportional to power -- not inversely proportional as today's
system.
> Now, what happens if you include ICANN in the picture? Nothing -- all
> these actions do not violate the agreements with ICANN. And, they
> never violated the agreement with the registrant. The Registrar is
> clean. The registrant is out of luck.
>
> What are we talking about here? probably a few days at most before the
> registrant would have some confirmation that the registration was accepted.
> Once the registrant has confirmation that the registration has been
> accepted, there is now legal recourse.
:-) to the extent it has been constrained by the "agreements". Which
right is as I said not very useful because the registrant cannot ask
the Registry to confirm anything in his/her favor whereas the Registrar
can always deny doing it.
> Thus, the Registry has not one but *two* essential roles to play in
> regard to the registrant -- the Registry acts as a trusted introducer to
> the Registrar and as a trusted witness. Of course, the extent of that
> trust can vary from Registry to Registry and from registrar to registrar
> (i.e., it is intersubjective) but there is a log, there is a trace, there is
> evidence that can be used.
>
> I understand your point even if I don't agree.
Can you say why?
> And, in life as well as in chess, it is the threats that are not fulfilled
> which control the game -- if I, as Registrar, know that my customer
> can ask for the logs of the Registry and that there will be evidence
> of all transactions in that log, with possible legal effects, then I
> *will* think twice before even trying to cover up or fouling-up.
> To contrast, if I *know* as I know today that there is no witness
> to my actions then I may as well do and say whatever I please,
> even if what I do is not what I say.
>
> This is the type of argument that is often used to support government
> regulation.
No! Please don't throw that soundbite here. This is the type of argument
followed by intelligent business that want to avoid government
regulation and thus allow their actions to be seen, verified and also accept
accountability for them. In the contrary, the current system is the one
which invites government regulation in order to even exist -- as we well
know, I presume ;-)
And, this happens not only because trust is denied at the root (to use
an analogy, since the Registry is unaccountable to the registrant) but also
because there are very few checks and balances built into the system.
Trust must be earned, not simply given away -- there is nothing in this
system that allows trust on the Registry to be earned and yet the Registry
is the central figure here and the one which provides the desired
functionality.
Cheers,
Ed Gerck
