Re: [regext] WGLC: draft-ietf-regext-org-02

[Patrick Mevzek <pm@dotandco.com>]

On Fri, May 25, 2018, at 15:45, Antoin Verschuren wrote:
> 1. I saw the need for some registries to give organizations other than 
> the traditional Registrars and Registrants a role in the registration 
> process, but this was not limited to resellers.

But yet I am not sure to have seen a lot of registries here saying that they need this extension, or that they plan to use it...

> The discussion started because resellers were complaining that their 
> name didn’t show up in the whois for specific registrations, and 
> Registrars were complaining that Registrants of those registrations 
> would call them in stead of their reseller. Registrants simply forgot 
> who they had signed a contract with, so they looked it up in whois. 
> Registrars wanted to list their reseller in whois.

Registrars can today publish reseller data in whois. This does not need to be sent to the registry, nor to have a specific EPP extension.

This is covered I think in ICANN world by section 1.4.2 of the whois specification:

"Additional data elements can be added at the end of the text format outlined below."
So registries/registrars could be free to add reseller data today, even without any change to EPP.

And in other worlds, where there is not necessarily a registrar whois, it all depends on the registry policy to see what will in whois, and no technical change could change this policy, so again I do not see how the EPP extension helps here.

> Appart from resellers, I could see other roles in the future. Working on 
> Keyrelay, and the emerging dnsoperator-to-rrr draft, dns-operators would 
> be another organization registries might want to give special rights to, 
> for example to change NS records or roll DNSKEY material for domains 
> they were responsible for.

This is all true, probably, but how does it goes from there to "these operators need to exist as object in the registry database and be made under control of the registrars"? This sidestep many other points, like, one dns-operator for example, could be operator for domain names sponsored by registrar A and registrar B. Will both registrar A and B need to create an organization object for this same and only dns-operator organization? What exactly does this benefit to?

In a GDPR world you need more and more to be very specific about the data you collect, its use, and how you keep it. While it does not apply exactly as is here, I still fail to see why the registry database need to be populated with all this data.

And while I can understand James argument and design I think we are making things over complex without direct benefit, for what I understood the only use case applicable on the table is "storing reseller data in registry database (and maybe showing it in whois)".
For such a simple need, I think we are over-designing stuff.

Of course things would change a lot if many registries would come showing their support for this extension as it would help them for their various business needs.

-- 
  Patrick Mevzek