[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical
Rob Golding
rob.golding at astutium.com
Fri Aug 5 17:25:57 UTC 2016
Hi Richard
> retired last year
Congrats :)
> to explain the
> difference between the Intelligence services and LEA.
Because many in the WG have not yet met each-other face-to-face, I do of
course accept that there will be instances where we are all unable to
determine the attitude / involvement / education / skill-level /
whatever of other participants.
For the avoidance of doubt, and because several on and off-list replies
have brought this up, I am well aware of the differences between those
'roles'.
Whilst never considered as "smartest person in the room" (and wouldn't
want to be, how else will I learn anything) I would place myself
slightly to the right of "crazy" but squarely in the middle of "not
actually stupid".
That I also find myself in the position of reminding to a learned group
of individuals on an Internet Policy mailing list how to interpret tone
and intent from a text-based medium (which is primarily done through the
use of the use of a "smiley") shouldn't, but somehow does, astound me -
so for those that missed it, the comment was clearly marked by the
:wink: at the end of the line.
> Also as am now be working for RIPE NCC (a RIR) as a Consultant am also
> happy at the same time, explain to you about the RIPE Database.
Having been a RIPE LIR for more than 10 years before you started being
an LEA Rep for them, feel I have a reasonably good understanding of the
DB, but thank you for the offer.
When opportunity arises, and I sincerely hope it does (assuming Brits
are still allowed to travel to Belgium after Brexit) I'd love to sit
down with you for beers and a chat about RIPE and, far more interesting
to me, your other roles/experience.
But, the fact remains, however well maintained and managed the RIPE-DB
is, "hole-punching" has been a common practice for 20 years (and not all
RIRs follow the same practices in the same way as the RIPE NCC) and it
is extremely prevalent now, and sub-allocation/assignment are industry
norms.
So we need to dispell any attempt at creating/perpetuating a myth that
any RIR DB could be a 1-stop-shop for finding out who is "behind" an IP
address and it's obvious parallel that any RDAP-DB will be a 1-stop-shop
for finding out who is "behind" a domain name
As to the possible criminality of a domain name - as opposed to the
possible criminality of something accessed over the public internet
which may or may not involve a domain name at somepoint during an access
method - whole different discussion.
? Can the current WHOIS data provide insight/help/whatever to
(insert-group-with-agenda-here) ?
Probably, correctly interpreted _data_ can be used for a purpose.
? Should (insert-group-with-agenda-here) have free, unrestricted access
to the data ?
Debatable, depends on the 'group' and the viewpoint of the data subject.
? Are there parallels of other 'ownership' databases being public ?
Not sure, I'm not aware of any supplier who makes a complete list of all
their customers private/location/purchase details public.
Consider :
? Why doesn't every Gov't make a complete list of all its' citizens and
their private/location details public ?
Because ...
a. they don't know
b. what they do know would only be accurate as at compilation time
c. someone knows keeping such data private inherrently makes the people
more secure
etc
That's before adding that through interpretation/extrapolation it would
ultimately allow the use of that list by anyone to ensure it becomes
ultimately trivial to find out any other piece of information about that
citizen.
Rob
--
Rob Golding rob.golding at astutium.com
Astutium Ltd, Number One Poultry, London. EC2R 8JR
* domains * hosting * vps * servers * cloud * backups *
More information about the gnso-rds-pdp-wg
mailing list