This policy outlines the acceptable use of CIRA’s Application Services by Registrars.
Accessible version follows:
.CA Application Services Acceptable Use Policy
Version 1.2 (February 5, 2019)
CIRA's application services (“Application Services”) are web-based components and resources of CIRA systems that provide Registrars with the ability to manage Registry objects.
This Policy outlines the acceptable use of CIRA’s Application Services by Registrars. Capitalized terms used herein but not defined, shall have the meaning as set out in CIRA’s Registrant Agreement or Registrar Agreement. If there is a conflict or inconsistency between this Policy and other Registry PRP, this Policy shall prevail.
Guiding Principle & Requirement
CIRA’s Application Services are designed to, and are permitted to be used, only to allow Registrars to manage Registry objects, for the purpose of providing customer service to their Registrants as well as to potential Registrants, with respect to Domain Name Registrations.
Specific Service Restrictions
In addition to the above general requirement applicable to all Application Services, the following services or functions have additional restrictions which Registrars must comply with.
- This service is the core interface between CIRA and its Registrars. It is intended to provide, and may only be used by Registrars, for read and write access to Registry objects for which the Registrar is the Registrar of Record.
- A Registrar can create multiple user accounts but is limited to 15 concurrent connections per Registrar account regardless of the command. If a Registrar wishes to have more connections for a limited period of time for a promotional campaign, it can make a request to CIRA, which CIRA will consider at its sole discretion.
- The EPP server shall not be used to harvest data for which the Registrar is not the Registrar of Record.
- Sending high volume load for any purpose other than as set out in paragraph 1 above is not permitted, including but not limited to the testing of client software.
- Sending any volume load for the purpose of disrupting service to other users is expressly not permitted.
- Attempts to alter commands in order to seek out vulnerabilities in CIRA’s software are not permitted. Repeated behaviour of invalid or suspicious command syntax will be thoroughly scrutinized and responded to.
- Sending malformed packet data of any kind is not permitted.
CHECK and INFO
- Using CHECK to monitor CIRA’s systems is discouraged, and Registrars should use EPP hello commands where possible. Be advised that any socket channel that a Registrar commits to monitoring CIRA’s service is used as part of the Registrar’s total number of concurrent connections.
- INFO commands for objects that the Registrar is not the Registrar of Record are not permitted, with the sole exception of the use of the Domain Info command during Registrar transfers when a Registrant has provided the “authInfo” which is required when transferring a Domain Name Registration to another Registrar.
- The .CA Portal is a web-based tool that may only be used by Registrars to allow them to manage registry objects for the sole purpose of providing customer service to their Registrants as well as to potential customers.
- The .CA Portal is a low volume application and no instantiation limits are imposed at the Registrar level. Instead, a global pool of connections is reserved for the .CA Portal that is to be shared by all Registrars. Should these connection limits be reached, no new instantiation will be permitted until connections are released.
- The .CA Portal is a human interface; scripting or programmatic access to the .CA Portal of any kind is prohibited, will be monitored for and responded to.
- WHOIS is intended for general use by the public. It is provided by CIRA for informational purposes only and CIRA does not guarantee the accuracy or currency of any WHOIS data. Although Registrars are permitted to use CIRA’s WHOIS services, they do so as members of the public and no warranties are offered by this service.
- Registrars shall not rely on the WHOIS to provide information about CIRA’s Registrants or domain names. Registrars shall not incorporate the WHOIS with Registry object management applications.