Home / Blogs

.COM and .NET: Thick Or Thin?

Gavin Brown

The fallout from the failure of RegisterFly has been largely addressed as an issue of regulation and enforcement. ICANN needs to enable registrants to transfer their domain names away from RegisterFly, or to "bulk transfer" all of RegisterFly's sponsored domain names to another registrar. However, RegisterFly has control of all the customer data so it's impossible to match registrant to domain name, in order to release the all-important AuthInfo code.

The Registrar Accreditation Agreement (RAA) requires that registrars place this customer data into an escrow system with ICANN, so that in the event of a business failure at a registrar, ICANN can distribute AuthInfo codes to registrants as required. Therein lies the problem: ICANN has not historically enforced the escrow obligation, and in any case, if a company has failed, who exactly is going to take responsibility for updating the escrowed data? It seems to me that the problems that have arisen as a result of RegisterFly's collapse have more to do with the design of the "shared registry system" for the .COM and .NET TLDs than they do with ICANN's failure to enforce the RAA.

I realised that many of RegisterFly's customers have had no trouble getting their domain names transferred out. Those customers who have registered domains under .ORG, .INFO or any of the other gTLDs, or under most ccTLDs, are able to transfer their domains out of RegisterFly's control with no problems. Why? Because most of those TLDs are run as thick registries, whereas .COM and .NET are thin.

What's the difference? Simply put, in a thin registry, the contact details for a domain registration (namely the registrant, admin, technical and billing contacts) are stored at the registrar, and the registry's whois server only shows basic domain information, and provides a referral to the "registrar whois" which then shows the relevant contact data. Conversely, in a thick registry system, the contact details are stored at the registry level, and are shown in the "registry whois". There is no "registrar whois".

The use of the thin model for .COM and .NET places an additional (and in my opinion) unnecessary layer of complexity to the system - not only does it impose upon registrars the requirement to operate and manage a whois system, but it also increases the effects of a registrar failure on registrants.

As we have seen with RegisterFly, when a registrar fails, the only protection that registrants have is a legal contract between ICANN and the registrar that the registrar will place customer data in escrow. This is essentially a legal solution to a database design flaw. As we have seen, it isn't even that good a solution since a legally binding contract with a failed business is no more valuable than the paper it's written on.

However, with a thick registry, if a registrar business fails, all the data required to facilitate the transfer of domain names is already available to the registry operator, and so the failing registrar's compliance is not required.

We have seen that thick registries can scale perfectly well: .ORG and .INFO, both operated by Afilias, are run on the same thick registry platform which holds over 9 million registrations. Registrars retain the same degree of control over the customer data they collect: the registry acts as a repository for data managed by the registrars. Moving .COM and .NET to the thick registry model would eliminate the need for registrar data escrow and provide greater security for registrants when registrars fail. It would also simplify the shared registry system by employing the same model across all gTLDs, reducing the potential for confusion on the part of Internet users.

By Gavin Brown, Chief Technology Officer for CentralNic

Related topics: DNS, Domain Names, ICANN, Policy & Regulation, Security, Top-Level Domains, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Re: .COM and .NET: Thick Or Thin? Ricardo Vaz Monteiro  –  Apr 02, 2007 10:53 AM PST

Dear Gavin:

I agree 100% with you ! a Thin Registry might be a drawback… in terms of registrant security.

Note: If you think that a thin registry is less safer than a thick registry… so, imagine if you buy a subdomain from centralnic ! Which is basicaly a registrant ! Dont you agree that is much less safer ?

Best,

Ricardo Vaz Monteiro
Nomer.com

Re: .COM and .NET: Thick Or Thin? Michele Neylon  –  Apr 02, 2007 2:10 PM PST

Gavin

Sorry if this is a really dumb question, but what about domains with "whois privacy"? In a thick registry is the "real" data held by the registry or the registrar? I was under the impression that it was held by the registrar that provides the privacy service.

Michele

Re: .COM and .NET: Thick Or Thin? Gavin Brown  –  Apr 02, 2007 2:46 PM PST

Hi Michele,

You're right that a thick registry approach wouldn't solve the issue of proxy registrations, which is certainly problem for many Registerfly customers. Here are a couple of suggestions.

First, proxy registration services should start to escrow their own data. If I were a reputable proxy registration company, I'd set this up right now and start advertising it as a selling point - it would definitely place them at a competitive advantage given the negative publicity around RegisterFly. This would encourage other proxies to do likewise, and pretty soon it would either be ubiquitous, or only the "bad guys" wouldn't advertise that they escrow, in which case it's an obvious clue to the consumer. The market can be used to regulate out bad behaviour.

My second suggestion is to implement something at the registry level to ensure privacy of contact data. This is clearly a much more difficult thing to achieve: we've seen how little progress the community has made regarding WHOIS reform. But I imagine something like the system we use at CentralNic: a contact object can be marked as "invisible" in our system so that it isn't directly visible in the whois, but is available to registrars via EPP and other mechanisms (and subject to data disclosure and information privacy rules), and can still be released by the registry to parties with a legitimate interest. This also has the benefit of simplifying matters for law enforcement, IP lawyers and volunteer spam and botnet fighters - they have a single point of contact for IP infringement queries, rather than having to contact individual registrars who may or may not co-operate.

I don't advocate the thick model as a 100% solution but I think it will help us get closer to 100%, and I am sure that other people smarter than I will have their own suggestions.

Re: .COM and .NET: Thick Or Thin? Michele Neylon  –  Apr 02, 2007 3:30 PM PST

Gavin

At least I'm not losing my mind (though after last week I'm sure I lost a few brain cells).

From what I can gather the registrants that opted for Registerfly's privacy service are going to have to prove that they are the rightful owners of their domains, which is going to be awkward at best.

Hopefully companies offering whois privacy services will pick up on your suggestion and that the entire community can benefit from RegisterFly's mistakes

Michele

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Public Interest Registry Introduces 'OnGood' - New Brand Identity for .ngo & .ong

Victorian Government and City of Melbourne Launch .melbourne Web Addresses

Update on Minds + Machines' Top-Level Domain Launches

ICANN Los Angeles Recap Webinar

TLD Registry Appoints First China General Manager, Mr Jin Wang

TLD Registry Opens China Headquarters in "China's Silicon Valley"

.nyc Goes Public to Brand the Big Apple

pink.host: Breast Cancer Awareness by Bluehost

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Director Wins ICANN's 2014 Leadership Award

Radix Announces the Addition of .tech to Its Portfolio

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Sponsored Topics

dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNSSEC

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign