[gnso-rds-pdp-wg] key concepts: say "contact data" when that is what we mean
Rob Golding
rob.golding at astutium.com
Thu Dec 8 00:58:10 UTC 2016
> "Should gTLD registration data be accessible for any purpose or only
> for specific purposes?" The question assumes we're talking about
> contact data.
I don't think it does presuppose we're talking about _Registrant
Information_
There are other data items _currently_ shown which may not be
legal/permissable/acceptable/whatever, which have been "lumped" into
"thin data" in this model
> With thin data, I suggest that the question doesn't
> matter much -- none of that data's sensitive.
Lots of it is "sensitive" to varying degrees
For example Reseller is very sensitive
That data element ...
* gives you an attack vector on my customer
* it facilitates criminal activity and social engineering
* it masssively increases the cold-calls, spam and junk they get
* it makes them a potential target for who-Knows-what
* it gives you a list of my customers (something almost no business
would ever consider giving away,and may not legally be allowed to even
talk about)
and so on.
> The question only
> really matters when we're talking about contact data (PII).
No the question matters about every single item which is suggested will
be in "RDS"
> I'm simply wondering if everyone can agree that having an RDS is
> essential
We don't have one currently, so it's hardly *essential*
Maybe Useful ? Convenient ? Likely to do more good than harm overall ?
The best description I can think of is that "RDS is likely to break
anything that relies on WHOIS" ;)
> and that publishing at least the thin data via it is
> essential for many valid and public purposes.
The making available of specified data elements to users of defined
access/authorisation levels supports many purposes, the valid purposes
being (TBD)
Rob
More information about the gnso-rds-pdp-wg
mailing list