[gnso-rds-pdp-wg] @EXT: RE: Use cases: Fundamental, Incidental, and Theoretical

[Rob Golding]

Hi Richard

> retired last year

Congrats :)

> to explain the
> difference between the Intelligence services and LEA.

Because many in the WG have not yet met each-other face-to-face, I do of 
course accept that there will be instances where we are all unable to 
determine the attitude / involvement / education / skill-level / 
whatever of other participants.

For the avoidance of doubt, and because several on and off-list replies 
have brought this up, I am well aware of the differences between those 
'roles'.

Whilst never considered as "smartest person in the room" (and wouldn't 
want to be, how else will I learn anything) I would place myself 
slightly to the right of "crazy" but squarely in the middle of "not 
actually stupid".

That I also find myself in the position of reminding to a learned group 
of individuals on an Internet Policy mailing list how to interpret tone 
and intent from a text-based medium (which is primarily done through the 
use of the use of a "smiley") shouldn't, but somehow does, astound me - 
so for those that missed it, the comment was clearly marked by the 
:wink: at the end of the line.

> Also as am now be working for RIPE NCC (a RIR) as a Consultant am also
> happy at the same time, explain to you about the RIPE Database.

Having been a RIPE LIR for more than 10 years before you started being 
an LEA Rep for them, feel I have a reasonably good understanding of the 
DB, but thank you for the offer.

When opportunity arises, and I sincerely hope it does (assuming Brits 
are still allowed to travel to Belgium after Brexit) I'd love to sit 
down with you for beers and a chat about RIPE and, far more interesting 
to me, your other roles/experience.

But, the fact remains, however well maintained and managed the RIPE-DB 
is, "hole-punching" has been a common practice for 20 years (and not all 
RIRs follow the same practices in the same way as the RIPE NCC) and it 
is extremely prevalent now, and sub-allocation/assignment are industry 
norms.

So we need to dispell any attempt at creating/perpetuating a myth that 
any RIR DB could be a 1-stop-shop for finding out who is "behind" an IP 
address and it's obvious parallel that any RDAP-DB will be a 1-stop-shop 
for finding out who is "behind" a domain name

As to the possible criminality of a domain name - as opposed to the 
possible criminality of something accessed over the public internet 
which may or may not involve a domain name at somepoint during an access 
method - whole different discussion.


? Can the current WHOIS data provide insight/help/whatever to 
(insert-group-with-agenda-here) ?
Probably, correctly interpreted _data_ can be used for a purpose.

? Should (insert-group-with-agenda-here) have free, unrestricted access 
to the data ?
Debatable, depends on the 'group' and the viewpoint of the data subject.

? Are there parallels of other 'ownership' databases being public ?
Not sure, I'm not aware of any supplier who makes a complete list of all 
their customers private/location/purchase details public.

Consider :

? Why doesn't every Gov't make a complete list of all its' citizens and 
their private/location details public ?
Because ...
a. they don't know
b. what they do know would only be accurate as at compilation time
c. someone knows keeping such data private inherrently makes the people 
more secure
etc

That's before adding that through interpretation/extrapolation it would 
ultimately allow the use of that list by anyone to ensure it becomes 
ultimately trivial to find out any other piece of information about that 
citizen.

Rob
--
Rob Golding   rob.golding at astutium.com
Astutium Ltd, Number One Poultry, London. EC2R 8JR
* domains * hosting * vps * servers * cloud * backups *