CircleID

The domain registrars discussion — despite the occasional bizarrity — mostly demonstrates that there is no unanimity among registrars on this issue. So, what arguments can be made in favor of either model, from a registrant's point of view?

The thick domain registry model — under the assumption that registries are more diligent with registrant data than some registrars may be — helps take care of escrow concerns: When a registrar goes out of business or experiences some other kind of desaster that removes its data store, the data kept at the registry can help transfer registrations to a different registrar, and help registrants keep their domain names. Besides that, keeping registrant information at the registry helps registry operators enforce the new transfers policy, and may generally contribute to making the transfers process run more smoothly.

On the other hand, the thick model often involves transfer of registrant data (both the identifying information, and the sensitive information that is constituted by the link between a domain name and the registrant's identifying information) across jurisdictional boundaries that may separate very different privacy regimes. This concern should weigh even heavier when the registry is not just keeping the thick data set, but actually uses these data for making its own WHOIS service available to the public at large. As Jens Wagner's comment shows, thick registries can be used to design systems which make it hard for registrars to comply with applicable privacy legislation.

The thin model, on the other hand, keeps ultimate control over the publication, transfer and use of data with registrars, and with law enforcement authorities and courts that have jurisdiction over them. Registrants in many jurisdictions get the chance to chose a registrar in the same jurisdiction, and have assurance that their data don't leave that jurisdiction as part of the registration process. The thin model also makes it easier to implement alternative WHOIS models like ALAC's proposal, in which registrants are notified when their data are accessed.

Maybe it's best to start thinking about thick registry designs that quack like thin WHOIS systems. Either by keeping the thin WHOIS paradigm despite thick registry design, or by actually giving the registrar fine-grained control over what data elements are actually displayed in thick registries' WHOIS services. EPP [Extensible Provisioning Protocol] certainly looks like it is prepared for this approach.

By Thomas Roessler, Mathematician. Visit the blog maintained by Thomas Roessler here.

Related topics: DNS, Domain Names, Registry Services, ICANN, Privacy, Whois