<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body dir="auto">
<div>Sorry Steve. I did not mean to take this offline.</div>
<div><br>
On Mar 3, 2014, at 3:00 PM, "Metalitz, Steven" <<a href="mailto:met@msk.com">met@msk.com</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Comic Sans MS";
panose-1:3 15 7 2 3 3 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1184978439;
mso-list-template-ids:768367960;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1738169421;
mso-list-template-ids:-2142086206;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">No Tim, I am not making any such assumption. I fully agree with you that “the conditions under which you have that right is a question this group is to deal
with.” My point is that satisfying the conditions for a “reveal” and whatever process is required is going to take some time. I hope it won’t be a lot of time, but it inevitably adds up to delay when compared to the non p/p situation.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Your response rests on the premise that once the underlying contact data is obtained, the problem will be more quickly resolved than if the complainant could
have used public Whois data to contact the registrant. No doubt sometimes that would be the case, but I am not prepared to indulge the assumption that it would always or even often be the case. The more realistic premise is that the information obtained through
the “reveal” puts the complainant in about the same position that s/he would have been in at the outset had the contact data been publicly accessible through Whois. Accordingly, whatever reasonable steps can be taken to increase the likelihood that the
information obtained will be accurate enough to facilitate contact and a solution are worth considering, in order to partially offset the delay that has inevitably occurred in accessing the data.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">BTW I am not sure if you intended to take this conversation offline but I am happy to have this exchange shared with the full list if you wish.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Steve<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Tim Ruiz [<a href="mailto:tim@godaddy.com">mailto:tim@godaddy.com</a>]
<br>
<b>Sent:</b> Monday, March 03, 2014 2:21 PM<br>
<b>To:</b> Metalitz, Steven<br>
<b>Cc:</b> Tim Ruiz<br>
<b>Subject:</b> Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Yes, that's exactly what I am arguing. Regarding p/p registrations, you have instant access to the registrant and contact details. I just tried a few and it worked fine for me. What you are assuming is that you should have the right to
instantly access, without due process, the details of someone the registrant has licensed use of the domain to. The conditions under which you have that right is a question this group is to deal with.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">That said, I am assuming there is ultimately a problem to solve, and that's why the contact info of the underlying user is sought. If so, then any delay in getting that data is offset by a more quickly solved problem (versus non-p/p) once
you get it. If it is just getting contact info for the sake of having it, then that's a different issue and I would question anyone's right to that.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Tim<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Mar 3, 2014, at 2:08 PM, "Metalitz, Steven" <<a href="mailto:met@msk.com">met@msk.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Tim, are you really debating whether the use of a privacy/proxy service introduces any delay in gaining access to the contact details of the p/p service customer,
as compared to the time it takes to obtain access to the contact details of a non-=proxy registrant? Since the latter is almost instantaneous, it seems hard to argue that use of a service does not introduce any delay. Surely it does, and Todd’s point is that
this inherent delay ought to be balanced with greater reliability of the data once it is accessed.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I appreciate your perspective on whether through DBP there are “more successful and consistent results” than through publicly accessible Whois. I can tell you
that this is not always the experience of those who request a “reveal” under the current system from proxy service providers in general.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">An accreditation system ought to be aimed at ensuring “more successful and consistent results” from p/p providers across the board. One way to do that is to
require providers, in order to obtain and maintain accreditation, to do more than the minimum validation that registrars are now required to do with respect to data in the publicly accessible Whois.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Steve Metalitz</span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">
<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a> [<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">mailto:gnso-ppsai-pdp-wg-bounces@icann.org</a>]
<b>On Behalf Of </b>Tim Ruiz<br>
<b>Sent:</b> Monday, March 03, 2014 10:35 AM<br>
<b>To:</b> Williams, Todd<br>
<b>Cc:</b> PPSAI<br>
<b>Subject:</b> Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">Regarding you last assumption, actually I believe that there is a delay is debatable. It is just that the process is different. But even if we give you that argument (and I'm not), the fact that there are more successful and consistent
results when a problem involves a p/p service cancels out the perceived delay. This is based on my experience with DBP.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Tim<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Mar 3, 2014, at 10:21 AM, "Williams, Todd" <<a href="mailto:Todd.Williams@turner.com">Todd.Williams@turner.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks Stephanie. To first respond to Michele’s point in the attached: as I mentioned below, I don’t think the argument depends on there being anything “inherently
suspicious” or “nefarious” about P/P services or their users (any more so than tractor-trailers or their drivers are “inherently suspicious”), simply a recognition of the risks posed.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Which then gets to your bigger point Stephanie that the “fundamental disagreement” between the “2013 RAA” camp and the “more” camp (as referenced below) is
as to this question: whether there is in fact more “risk posed” by P/P services. But there are different ways to assess the “risk posed”, right? One is to ask: “Is the risk higher that users of P/P services will engage in abusive behavior?” I think that
is what you are referring to when you say that we have a fundamental disagreement with rival studies. But I also think that we can put that disagreement to the side for now, because I don’t think we need to get that far when assessing the “risk posed.”
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Rather, I think there is a second question that we should also ask when assessing the “risk posed” by P/P services, which is this: “Once a user of a P/P service
does engage in abusive behavior (however frequently or infrequently that happens), will the fact that they are using a P/P service increase the risk that such abuse will not be successfully addressed/corrected/stopped, etc.?” The answer to this second question
has to be yes, for the reason that Steve mentioned in our last call: the P/P service introduces at least some element of delay to the enforcement process. I suppose that we can debate the magnitude of the risk posed by that delay, and I suppose that it will
also be related to the parameters that we put in place for relay/reveal etc. procedures down the road. But the magnitude is not zero. </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Stephanie Perrin [<a href="mailto:stephanie.perrin@mail.utoronto.ca">mailto:stephanie.perrin@mail.utoronto.ca</a>]
<br>
<b>Sent:</b> Saturday, March 01, 2014 4:29 PM<br>
<b>To:</b> Williams, Todd<br>
<b>Cc:</b> James M. Bladel; Tim Ruiz; PPSAI<br>
<b>Subject:</b> Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I don’t think we agree that there is more risk with P/P services, which is kind of a fundamental disagreement. We even have rival studies backing us up. <o:p></o:p></p>
<div>
<p class="MsoNormal">As to the analogies, they are useful but limited, as they can capture our imaginations in ways which are not in accord with the facts. My analogy for a p/p registration would not be a tractor trailer licence, it would be a small car with
tinted windows. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Stephanie<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">On Mar 1, 2014, at 3:52 PM, Williams, Todd <<a href="mailto:Todd.Williams@turner.com">Todd.Williams@turner.com</a>> wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I agree with James that using analogies/illustrations can be helpful to frame issues in these discussions, and I think his airport illustration does a nice
job of that. But I would offer a different one:<br>
<br>
Couldn't we say that registering a "standard" domain (without a P/P service) is to using a P/P service as driving a car is to driving a tractor-trailer? Everybody recognizes that there is a baseline floor of verification that should be required before you can
get a driver's license. But everybody also recognizes that because the potential risk from "bad" tractor-trailer drivers is greater than that of "bad" car drivers (I'm leaving "bad" undefined here intentionally, because it doesn't matter whether it's abusive/malicious/incompetent,
etc.), some EXTRA level of verification is needed before you can get a license to drive a tractor-trailer. In other words, nobody would argue that the same test should be used to get a standard driver's license as to get a license to drive tractor-trailers,
because the latter by definition carries more risk. So too with "standard" domain registrations vs. P/P registrations.
<br>
<br>
To James's last point: note that the analogy doesn't depend on there being anything "inherently suspicious" about tractor-trailer drivers (in the normative sense); simply a recognition that what they are doing poses higher risks for the roadways. Note too that
it wouldn't be much of an argument to say that because the extra verification required of tractor-trailer drivers wouldn't always catch "bad" drivers ahead-of-time, we should instead simply rely on the standard driver's license test.
<br>
<br>
Of course, this doesn't address just how far beyond the 2013 RAA floor our verification/re-verification requirements should go, or what additional measures would or wouldn't be effective. This is just to say that if the choice we're wrestling with now is between
the 2013 RAA vs. "more" (however "more" is defined), I don't understand the argument on the 2013 RAA side.
<br>
<br>
Todd</span> <o:p></o:p></p>
<div class="MsoNormal" align="center" style="text-align:center">
<hr size="2" width="98%" align="center">
</div>
<div id="divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">
<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a> <<a href="mailto:gnso-ppsai-pdp-wg-bounces@icann.org">gnso-ppsai-pdp-wg-bounces@icann.org</a>> on behalf of James M. Bladel <<a href="mailto:jbladel@godaddy.com">jbladel@godaddy.com</a>><br>
<b>Sent:</b> Saturday, March 1, 2014 6:30:35 AM<br>
<b>To:</b> Tim Ruiz<br>
<b>Cc:</b> PPSAI<br>
<b>Subject:</b> Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2</span>
<o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal">So my last sentence doesn't make much sense, unless I substitute "it" with the idea of having differing verification/validation standards for Registrars and PP services. <br>
<br>
Thanks-- <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">J.<o:p></o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Sent from my iPad<o:p></o:p></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Mar 1, 2014, at 9:35, "James M. Bladel" <<a href="mailto:jbladel@godaddy.com">jbladel@godaddy.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">In just one sentence, Tim has captured the essence of the problem. Which isn’t about determining the “right” answer, but attempting to strike a balance between security vs. ease of use and barriers to legitimate access.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Here’s something we can all relate to: Back in 2001, some jerk tried to blow up a plane with his shoe. As a result, now 650 million passengers have to remove their shoes before boarding an airplane in the US. Is this reasonable? As
a society, we have determined that it is, but would we feel the same if it was something more, like a full body search? Probably not. Our privacy service routinely investigates and suspends perhaps a thousand domain names in a year. Sounds like a lot, and
it certainly keeps the Abuse team busy, but ultimately represents a tiny fraction of the tens of millions of domain names under management. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">In any event, I see no compelling reason why the verification requirements for a PP service should be any different than those of a registrar. First, as I believe some in this thread have pointed out, it would allow the service to leverage
code, personnel, & processes developed by the affiliated registrar. And it creates a perception that there is something inherently suspicious about subscribing to a PP service, or wanting the equivalent of an unlisted phone number, which simply isn’t the case.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks—<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">J.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:
</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Tim Ruiz <<a href="mailto:tim@godaddy.com">tim@godaddy.com</a>><br>
<b>Date: </b>Friday, February 28, 2014 at 21:39 <br>
<b>To: </b>John Horton <<a href="mailto:john.horton@legitscript.com">john.horton@legitscript.com</a>><br>
<b>Cc: </b>PPSAI <<a href="mailto:gnso-ppsai-pdp-wg@icann.org">gnso-ppsai-pdp-wg@icann.org</a>><br>
<b>Subject: </b>Re: [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal">So to make your invsetigation of 150 cases easier (which I question in any event) millions of users are needlessly hassled. Makes perfect sense in today's world I guess.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Tim<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">On Feb 28, 2014, at 5:32 PM, "John Horton" <<a href="mailto:john.horton@legitscript.com">john.horton@legitscript.com</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Hi all,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Verification and re-verification of registration data would be enormously useful and important in identifying, mapping and deterring malfeasance. Just to share our background
to put our comments in context, we've assisted in over 150 drug or supplement investigations by conducting cybercrime research, and each project typically involved research into dozens, hundreds or even thousands of Whois records plus corresponding IP/NS/MX
etc. information. There are numerous instances in which either 1) the accurate Whois data (including, accurate data behind a Whois privacy/proxy service) "broke open" the case, or 2) submitting a WDRPS complaint in instances where we could show that the Whois
data was inaccurate resulted in modified Whois information that then "broke open" the case, either by virtue of the modified Whois information itself, or from derivative information (e.g., additional reverse queries on Whois, name server, IP address or other
records). Keep in mind too that sometimes showing that the Whois record is falsified results in the suspension of the domain name, which also has the effect of stopping the harmful use of that particular domain name. Verification would result in some instances
of inaccurate registration data becoming accurate, or alternatively, of discontinuing registration services.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">In the interests of brevity, I hope that summary is enough explanation, but if anyone still doesn't understand how (or agree that) verified registration data -- or by extension,
verification and some sort of periodic re-verification -- is useful, I'm happy to provide a couple of real life examples of investigations we've worked on where either the a) accuracy of the Whois record or b) response to the inaccuracy finding was extremely
useful, although I'll modify the domain names. Again, I'm happy to provide real-life examples, with redacted information. It's not just occasionally or mildly useful. It's enormously important. </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">One additional point: keep in mind that when researching criminal networks, there are typically multiple (hundreds or even thousands) of domain names at play, and even if -- as
Tim pointed out -- the verified email and phone number have nothing to do with the person's real identity, good cybercrime research across the thousands of Whois records can often result in derivative information pointing to the real identity of the criminal
entities. </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">As to the point that the domain name isn't harmful but the content may be, I suspect that there are minds that won't be changed in this group on both sides of that argument. :)
But, I'd point out that that train has left the station, so to speak: Section 3.18 of the 2013 RAA clearly contemplates harmful use of a domain name. </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Thanks, </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">John Horton<br>
President, LegitScript</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <span style="border:solid windowtext 1.0pt;padding:0in"><image001.jpg></span><o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#444444">Follow</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#0B5394">
</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">Legit<span style="color:#0B5394">Script</span></span></b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">:
<a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span style="color:#CC0000">LinkedIn</span></a> | <a href="https://www.facebook.com/LegitScript" target="_blank"><span style="color:#6AA84F">Facebook</span></a> | <a href="https://twitter.com/legitscript" target="_blank"><span style="color:#674EA7">Twitter</span></a>
| <a href="https://www.youtube.com/user/LegitScript" target="_blank"><span style="color:#BF9000">YouTube</span></a> | <u><span style="color:#FF9900"><a href="http://blog.legitscript.com/" target="_blank">Blog</a></span></u> |<span style="color:#FF9900">
<a href="https://plus.google.com/112436813474708014933/posts" target="_blank">Google+</a></span></span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Fri, Feb 28, 2014 at 12:36 PM, Tim Ruiz <<a href="mailto:tim@godaddy.com" target="_blank">tim@godaddy.com</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">It doesn't. I can use perfectly good information, including a verifiable phone number and email address, that has nothing to do with who I really am. As we have tried to argue before, unsuccessfully, is that all verification does is push
the "miscreants" to be better at obfiscating who they are (and it just isn't that hard). As you said, it only results in making it difficult for everyone for the acts of a few.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="color:#888888">Tim</span><o:p></o:p></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><br>
On Feb 28, 2014, at 2:07 PM, "Stephanie Perrin" <<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">My apologies I totally mis-read that. So how does verification catch that then?<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">On 2014-02-28, at 1:52 PM, John Horton wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Well, because absent an accurate Whois record, it can be difficult to know who to hold accountable.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Stephanie, to clarify: I was saying that 95% of Whois data in a certain sub-category of criminal or miscreant behavior (spam, malware, phishing) is
<u>inaccurate</u> (not "accurate"). </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">John Horton<br>
President, LegitScript</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <span style="border:solid windowtext 1.0pt;padding:0in"><image001.jpg></span><o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#444444">Follow</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#0B5394">
</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">Legit<span style="color:#0B5394">Script</span></span></b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">:
<a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span style="color:#CC0000">LinkedIn</span></a> | <a href="https://www.facebook.com/LegitScript" target="_blank"><span style="color:#6AA84F">Facebook</span></a> | <a href="https://twitter.com/legitscript" target="_blank"><span style="color:#674EA7">Twitter</span></a>
| <a href="https://www.youtube.com/user/LegitScript" target="_blank"><span style="color:#BF9000">YouTube</span></a> | <u><span style="color:#FF9900"><a href="http://blog.legitscript.com/" target="_blank">Blog</a></span></u> |<span style="color:#FF9900">
<a href="https://plus.google.com/112436813474708014933/posts" target="_blank">Google+</a></span></span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Fri, Feb 28, 2014 at 9:44 AM, Stephanie Perrin <<a href="mailto:stephanie.perrin@mail.utoronto.ca" target="_blank">stephanie.perrin@mail.utoronto.ca</a>> wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal">I agree, it is all about risk...but what risk are we really talking about? I dont understand why a P/P provider should be forced to take on more risk than other registrars. Further,why should the registrar be accountable for verified
data, once the original data verification is done. If John is correct and in 95% of cases the data from the P/P service provider was proven accurate, then how does any amount of data verification solve the problem? The accountability for miscreant behaviour
of all kinds rests with the domain name user. IF the data is inaccurate, ramp up the penalties if it can be shown that the data was rendered inaccurate for the purposes of fraudulent activity.
<o:p></o:p></p>
<div>
<p class="MsoNormal">At the risk of sounding overly philosophical, It seems to me that the Internet ecosystem is somehow being held to account for the actions of individuals. It is the individuals that should be held to account. Not the domain name, or the
company that issued it. Particularly, I think that if products sold are tainted, then there is plenty of other consumer protection law that applies...why are we trying to solve that problem? <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Cheers Stephanie perrin <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<div>
<p class="MsoNormal">On 2014-02-28, at 12:29 PM, Carlton Samuels wrote:<o:p></o:p></p>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Comic Sans MS","serif"">..which seems to me all about risk management on part of the provider. Its the results that matter.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Comic Sans MS","serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Comic Sans MS","serif"">So, for all the possible permutations, in line with those enumerated by Volker, might it not be more useful to refer 'verified credentials' as a requirement on the provider,
allow them to accept the business risk and leave it to them to decide how to do it.......and, inherently, the risks acceptable to them for provisioning the service?</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Comic Sans MS","serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:18.0pt;font-family:"Comic Sans MS","serif"">-Carlton </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
==============================<br>
Carlton A Samuels<br>
Mobile: <a href="tel:876-818-1799" target="_blank">876-818-1799</a><br>
<i><span style="color:#33CC00">Strategy, Planning, Governance, Assessment & Turnaround</span></i><br>
=============================<o:p></o:p></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Fri, Feb 28, 2014 at 6:29 AM, Volker Greimann <<a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a>> wrote:<o:p></o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt">Hi John, <br>
<br>
I am having a bit of a hard time understanding your point here.<br>
<br>
You are describing three different cases here, two of which will not benefit from verification in the least bit and one might, but only in some cases:<br>
<br>
a) The data is accurate, but stolen: Here verification would not uncover any issues with the data as it is essentially correct and will most likely be identified as accurate.<br>
b) The data is false: Here, depending on the methods used, the inaccuracy may be uncovered and would lead to an automated request to provide updated data or deactivation after a set time. Remember, in order to keep providing services in a sensible manner, this
needs to be automated in some form, i.e. no individual record would likely see any manual review.<br>
c) The data is already accurate: If the data is already correct, what purpose does verification fulfill? The data cannot become more accurate. Verification in this case seems like an exercise in self-gratification.<br>
<br>
That said, even if there is a benefit to be derived from verification, such benefits are achieved once verification concludes. Re-verification of already verified data fulfills no purpose whatsoever. So if a set of data has already been verified by the registrar,
there is no need for the p/p provider to again verify the same data. Only if no verification is or can be performed on the registrar level does verification by providers come into play.<br>
<br>
Volker<o:p></o:p></p>
<div>
<p class="MsoNormal">Am 28.02.2014 00:32, schrieb John Horton:<o:p></o:p></p>
</div>
<div>
<div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Thanks, Marika. I also wanted to provide a comment pertaining to Question 2 in the attachments (relating to periodic checks).</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#222222"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">In a few of the recent discussions, there's been some reference to criminals always or nearly always being untruthful in their Whois records (even if privacy-protected), leading
to the conclusion that there is little purpose in having a registrar or any third party have to verify or re-verify the information (especially if it is difficult to prove that the data is falsified). I wanted to share our experience and observations on that
point, in the hope that it's relevant to future discussion regarding Question 2.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#222222"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Our consistent observation has been that when it comes to a particular sub-category of criminal activity, spam, phishing, malware, and so forth, it's probably safe to say that
that statement is true -- the registrant's Whois information is nearly always inaccurate. Even in cases, such as some where we've worked with law enforcement, when the Whois record for a domain name involved in spam, phishing or malware is privacy-protected
and is subsequently unmasked, the Whois record is still not accurate behind the privacy curtain. There are probably exceptions, but that's what we've seen well over 95% of the time. On occasion, it's a real address and phone number, just not one genuinely
connected to the registrant. </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#222222"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">But there are other types of criminal activity where the Whois record is not so regularly obfuscated. For example, we investigate a lot of websites selling tainted dietary supplements
that end up containing some toxin or adulterant that harms people. In those cases, we've overwhelmingly seen that even if the Whois record is privacy-protected, the trend is that the underlying Whois record is accurate. The same has been true for illegal or
counterfeit medical device websites that we've researched. On illegal Internet pharmacies not engaged in spam, it's probably 50-50. (It might be a shell corporation, but that's still valuable information.)</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#222222"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">One important point to consider is that the Whois registration can be relevant information from a banking perspective for commercial entities. That is, some banks are going to
look at an online merchant's domain name registration record and if it's either inaccurate or protected, they may require disclosure, or ask about any discrepancy, which can be an incentive for criminals selling products online who nevertheless want to get
paid via credit card to have an accurate Whois. Hackers, malware providers and spammers will find a way around that, but they don't necessarily constitute "most" criminal activity.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#222222"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">The point here is, I think verification can still be a useful and necessary tool in either scenario, even if it doesn't uncover useful information a portion of the time. I realize
that only pertains to a portion of the issues related to Question 2, but I hope that our observations on that are relevant. </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#222222"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">Thanks, </span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><br clear="all">
<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Arial","sans-serif";color:#073763">John Horton<br>
President, LegitScript</span> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <span style="border:solid windowtext 1.0pt;padding:0in"><image001.jpg></span><o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#444444">Follow</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:#0B5394">
</span></b><b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">Legit<span style="color:#0B5394">Script</span></span></b><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif"">:
<a href="http://www.linkedin.com/company/legitscript-com" target="_blank"><span style="color:#CC0000">LinkedIn</span></a> | <a href="https://www.facebook.com/LegitScript" target="_blank"><span style="color:#6AA84F">Facebook</span></a> | <a href="https://twitter.com/legitscript" target="_blank"><span style="color:#674EA7">Twitter</span></a>
| <a href="https://www.youtube.com/user/LegitScript" target="_blank"><span style="color:#BF9000">YouTube</span></a> | <u><span style="color:#FF9900"><a href="http://blog.legitscript.com/" target="_blank">Blog</a></span></u> |<span style="color:#FF9900">
<a href="https://plus.google.com/112436813474708014933/posts" target="_blank">Google+</a></span></span><o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On Wed, Feb 26, 2014 at 2:39 AM, Marika Konings <<a href="mailto:marika.konings@icann.org" target="_blank">marika.konings@icann.org</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Dear All,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Following our call yesterday, please find attached the updated templates for Category B – questions 1 & 2. Please review these templates to make sure the WG discussions have
been accurately reflected and feel free to share any comments / edits you may have with the mailing list. We've created a page on the wiki where we'll post the templates that have been finalised for now (noting that for some of these the WG will need to come
back to the template at a later date), see <a href="https://community.icann.org/x/ihLRAg" target="_blank">https://community.icann.org/x/ihLRAg</a>. </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">The WG will continue its deliberations on Category B – Question 2 next week. Some of the questions that came up during the conversation yesterday and which you are encouraged
to share your views on (and/or add additional questions that need to be considered in this context) are:</span><o:p></o:p></p>
</div>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">What would be the arguments for not using the same standards / requirements for validation and verification as per the 2013 RAA?
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Should there be a requirement for re-verification, and if so, what instances would trigger such re-verification?
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">In case of affliction between the P/P service and the registrar, if the registration information has already been verified by the registrar, should this exempt the P/P provider from doing so?
</span><o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Should the same requirements apply to privacy and proxy services or is there a reason to distinguish between the two?
</span><o:p></o:p></li></ul>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Best regards,</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif""> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri","sans-serif"">Marika</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org" target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>Gnso-ppsai-pdp-wg mailing list<o:p></o:p></pre>
<pre><a href="mailto:Gnso-ppsai-pdp-wg@icann.org" target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
<pre>-- <o:p></o:p></pre>
<pre>Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Mit freundlichen Grüßen,<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Volker A. Greimann<o:p></o:p></pre>
<pre>- Rechtsabteilung -<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Key-Systems GmbH<o:p></o:p></pre>
<pre>Im Oberen Werk 1<o:p></o:p></pre>
<pre>66386 St. Ingbert<o:p></o:p></pre>
<pre>Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" target="_blank">+49 (0) 6894 - 9396 901</a><o:p></o:p></pre>
<pre>Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" target="_blank">+49 (0) 6894 - 9396 851</a><o:p></o:p></pre>
<pre>Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Web: <a href="http://www.key-systems.net/" target="_blank">www.key-systems.net</a> / <a href="http://www.rrpproxy.net/" target="_blank">www.RRPproxy.net</a><a href="http://www.domaindiscount24.com/" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.brandshelter.com/" target="_blank">www.BrandShelter.com</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook:<o:p></o:p></pre>
<pre><a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Geschäftsführer: Alexander Siffrin<o:p></o:p></pre>
<pre>Handelsregister Nr.: HR B 18835 - Saarbruecken <o:p></o:p></pre>
<pre>Umsatzsteuer ID.: DE211006534<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Member of the KEYDRIVE GROUP<o:p></o:p></pre>
<pre><a href="http://www.keydrive.lu/" target="_blank">www.keydrive.lu</a> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>--------------------------------------------<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Should you have any further questions, please do not hesitate to contact us.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Best regards,<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Volker A. Greimann<o:p></o:p></pre>
<pre>- legal department -<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Key-Systems GmbH<o:p></o:p></pre>
<pre>Im Oberen Werk 1<o:p></o:p></pre>
<pre>66386 St. Ingbert<o:p></o:p></pre>
<pre>Tel.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20901" target="_blank">+49 (0) 6894 - 9396 901</a><o:p></o:p></pre>
<pre>Fax.: <a href="tel:%2B49%20%280%29%206894%20-%209396%20851" target="_blank">+49 (0) 6894 - 9396 851</a><o:p></o:p></pre>
<pre>Email: <a href="mailto:vgreimann@key-systems.net" target="_blank">vgreimann@key-systems.net</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Web: <a href="http://www.key-systems.net/" target="_blank">www.key-systems.net</a> / <a href="http://www.rrpproxy.net/" target="_blank">www.RRPproxy.net</a><a href="http://www.domaindiscount24.com/" target="_blank">www.domaindiscount24.com</a> / <a href="http://www.brandshelter.com/" target="_blank">www.BrandShelter.com</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Follow us on Twitter or join our fan community on Facebook and stay updated:<o:p></o:p></pre>
<pre><a href="http://www.facebook.com/KeySystems" target="_blank">www.facebook.com/KeySystems</a><a href="http://www.twitter.com/key_systems" target="_blank">www.twitter.com/key_systems</a><o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>CEO: Alexander Siffrin<o:p></o:p></pre>
<pre>Registration No.: HR B 18835 - Saarbruecken <o:p></o:p></pre>
<pre>V.A.T. ID.: DE211006534<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Member of the KEYDRIVE GROUP<o:p></o:p></pre>
<pre><a href="http://www.keydrive.lu/" target="_blank">www.keydrive.lu</a> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre> <o:p></o:p></pre>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org" target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<p class="MsoNormal">_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org" target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org" target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org" target="_blank">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg" target="_blank">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal">_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
</blockquote>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
Gnso-ppsai-pdp-wg mailing list<br>
<a href="mailto:Gnso-ppsai-pdp-wg@icann.org">Gnso-ppsai-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-ppsai-pdp-wg</a><o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</blockquote>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<p class="MsoNormal"><RE [Gnso-ppsai-pdp-wg] For review - updated templates Cat B, questions 1 and 2><o:p></o:p></p>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</blockquote>
</body>
</html>