US/EU – Steps for Whois

My starting points

  1. Whois lookup is not just for technical employees;
  2. The name of a holder and contact persons are not sufficiently audited in routine checks;
  3. Web domain regulation is possible after designing physical scenarios first;
  4. Phasing towards a better Whois by a sovereign country is not easily possible with a central gateway, accreditation authority and identity providers;
  5. Legal regulation, standardization of cost handling and technical specification really can provide high availability and reliability;
  6. A functioning Whois tool requires to-do lists for all expertise.

How to correct web domain information with a registrar
https://whois.icann.org/en/how-do-i-correct-my-whois-information

List of ICANN-accredited registrars
https://www.icann.org/en/accredited-registrars

Whois Data Reminder Policy (WDRP) for compliance
https://www.icann.org/resources/pages/registrars/consensus-policies/wdrp-en

Querying databases that store the registered users or assignees of an Internet resource
https://en.wikipedia.org/wiki/WHOIS

Current iteration of the WHOIS protocol drafted by the Internet Society
https://datatracker.ietf.org/doc/html/rfc3912

Compare the uniform Database Language SQL – Structured Query Language
https://en.wikipedia.org/wiki/SQL

Politically

  1. issue: Registrars are pressed for tracing further data in legal matters.
    proposal: Opt, through a web ID that validates, for reference to country-level data;
  2. issue: Registries make verification work. A registry can decide on a domain holder name.
    Periodic verification is possible after entering a web ID.
    Strict verification, without any interpretation, is case sensitive and includes dots.
    Holder, holder name, registrar, registrar name, reseller and reseller name are relevant.
    Note: Eg Google Search provides a ‘google-site-verification’ value to put in the DNS.
    proposal: Opt for technical specification so that countries can realize data retrieval;
  3. issue: There are so-called ‘thick’ and ‘thin’ Whois servers, with one or two queries.
    proposal: If performance demands, choose one type of Whois server;
  4. issue: A field name such as StreetAddress instead of PostAddress can lead to discussion.
    issue: The DNSSEC field (suite of security extensions to the DNS) needs proper explanation.
    proposal: A definition plus explanation of fields that meet all needs is to-do and to address.

Legally

  1. issue: The use of the web ID to be introduced should be restricted.
    proposal: US/EU lawyers agree how to define using a fake web ID as forgery;
  2. issue: Search engines (like Google) publish search results from private web domains.
    issue: For a domain that no longer exists, search results remain published.
    proposal: US/EU lawyers think about publishing search results only if ‘Publish y’;
  3. issue: A registry now decides unilaterally in a dispute with a registrar.
    proposal: US/EU lawyers may be able to figure out a way to legally embed;
  4. issue: Checking Whois for financial statements has not yet been analyzed as legal.
    issue: Segregation of duties of the contacts and answer time require attention too.
    proposal: US/EU lawyers update the analyzed six legal gTLD Whois purposes;
  5. issue: Support may need a way to link a report by a third party to a customer account.
    issue: A technical contact person is still free to properly address a problem.
    issue: Direct responsibility and/or physical capability need a clear segregation of duties.
    proposal: US/EU lawyers work towards basic explanations in short sentences;
  6. issue: Privacy for admin-c is not a problem by using a specific functional email address.
    proposal: US/EU lawyers agree on contact for legal matters, change of holder, etc.;
  7. issue: A reseller may have agreements such as to protect customer data.
    proposal: US/EU lawyers write generic reseller conditions (see .nl zone);
  8. issue: Court decisions struggle with property law aspects.
    issue: Web domains are not clearly included in transfer of ownership of a company.
    proposal: US/EU lawyers formulate proprietary aspects to introduce;
  9. issue: A web domain may contain confidential information from the previous holder.
    proposal: US/EU lawyers define moved data, similar to letter secrecy;
  10. issue: A country-level register can provide a Whois overview after a company has logged in.
    proposal: US/EU lawyers comment on a country’s legal basis for a web domain overview;
  11. issue: As for .eu, the countries in the European Union are not all countries in Europe.
    proposal: EU lawyers propose something like ‘EU Registry vzw’ instead of ‘EURid vzw’.

Fields and values

  1. issue: A hidden field name interferes with subsequent field checks.
    issue: An apparently hidden field value may in fact be registered.
    issue: Visibility becomes negotiable if physically limited to relevant scenarios.
    proposal: US/EU lawyers agree on a ‘Public Visibility’ field and its values.
    10, StreetAddress n, COMMCode n, BusinessUse n, Publish n, HolderName n, AdminContact n
    20, StreetAddress n, COMMCode n, BusinessUse n, Publish n, HolderName n, AdminContact y
    30, StreetAddress n, COMMCode n, BusinessUse n, Publish n, HolderName y, AdminContact y
    40, StreetAddress n, COMMCode n, BusinessUse n, Publish y, HolderName y, AdminContact y
    50, StreetAddress n, COMMCode n, BusinessUse y, Publish y, HolderName y, AdminContact y
    60, StreetAddress n, COMMCode y, BusinessUse y, Publish y, HolderName y, AdminContact y
    70, StreetAddress y, COMMCode y, BusinessUse y, Publish y, HolderName y, AdminContact y
  2. issue: Whois maintenance requires a data structure that fits the needs of IT processes.
    issue: After a change, clear logging of direct responsibility and/or physical access is required.
    proposal: US/EU lawyers agree on a ‘Last name change by’ field and its values.
    Types of responsibility: ‘Registry’, ‘Registrar’, ‘Reseller’, ‘Registrant’
    Last value in Whois: ChangeByType, [name], [registry timestamp]
  3. issue: A web ID works effectively to verify a holder and one of the holder’s names.
    E.g. ‘icann.org’ of ICANN (incorporated, mutual-benefit nonprofit corporation ‘iCANN’).
    E.g. ‘ca.gov’ in Whois for ‘.gov’ of organization ‘State of California’.
    With the many spelling mistakes, acceptance of auditing is still a long way off.
    Periodic verification of the actual holder name improves maintenance at a registry.
    proposal: Specify a web ID format, such as the IBAN bank account code.
    Registrars and domains (registrant and reseller) fields with a 34 character code, may have a two letter (ISO) country code, two digits for internal validation, ‘COMM’ and up to 26 characters within a country, such as ‘NL13COMM01234567890123456789012345’, in uppercase;
  4. issue: Verification needs statusses in Whois, including timestamp, retrieved from a history table at the registry.
    proposal: US/EU lawyers agree on Whois status fields and their values;
    COMM Code status: no code, not consistent, not verified, does not exist, was valid, is valid
    Holder Name status: no code, does not match, does almost match, does exactly match
  5. issue: Reseller registration differs per TLD without standardization.
    proposal: US/EU lawyers may want to specify a reseller data structure.

Country-level

  1. issue: Country-level web IDs are required to retrieve the holder.
    Country business registers can meet an important need.
    In The Netherlands, such registrations are moved to the Land Registry.
    Whether or not data is displayed is country specific.
    Lawyers can negotiate carefully at country level (not the EU).
    Shared sovereignty, as in the EU, would slow down negotiation.
    proposal: Country-level politicians agree on implementation of web IDs;
  2. issue: Country-level registers need to guarantee web IDs.
    Note: The Sarbanes-Oxley Act also took time for countries to adopt.
    proposal: Country-level registers will adopt a generic data structure;
  3. issue: A country-level register, such as KVK in NL, charges for solid lookups.
    proposal: Verification in a country-level register should become free of charge;
  4. issue: Country-level registers may charge for enabling web IDs.
    proposal: Verification costs for a country-level register must be indirect.

Application

  1. issue: A regional server / application for Whois must function without centralization.
    A registry may need a layer around a legacy database structure.
    Search based on the web ID must be able to retrieve from each country-level register.
    Unicode works to handle all kinds of character sets worldwide.
    proposal: A roll-out application with Docker (is under construction by me);
  2. issue: The UK is not a valid domicile anymore to hold a .eu domain as former EU country.
    proposal: Such a change requires simple validation to check and maintain;
  3. issue: Registries may charge for a web ID enabled Whois application.
    proposal: Costs of a regional server / application must be indirect.

Cost handling

  1. issue: Economies of Scale cost advantages are achieved in both period and variable costs.
    proposal: An Economies of Scale cost advantage is only achieved in registrar period costs;
  2. issue: Legal updating at a registry can be a variable cost component equal to zero.
    proposal: Include updating details in annual costs and no longer pass on variable costs;
  3. issue: A registry looks over and manages its registrar’s information. Charging looks illegal.
    proposal: Include updating registrar details in period costs for a registrar;
  4. issue: Volume discount and direct debit discount for ‘.nl’ are called ‘expenses’ by SIDN.
    issue: Incentive programs for ‘.nl’ at SIDN up to 0.40 euro off the domain fee are significant.
    E.g. 8% volume discount from 100,000x and 2.5% direct debit discount at SIDN.
    proposal: Registries charge registrars with no discount;
  5. issue: Billing for a new or relocated domain is not cost-driven for the (registry’s) fiscal year.
    E.g. 0.60 euro for the first year at a domain provider for ‘.nl’.
    proposal: The fee for the first year of a domain is 6/12 of the renewal fee per year;
  6. issue: Customers unnecessarily commit for two or three years.
    proposal: Customers simply register and automatically renew for one year.