[gnso-rds-pdp-wg] @EXT WHOIS info and investigation

Tue Jul 19 22:03:34 UTC 2016

Dear all,

Here is a nice example of how WHOIS information is used to investigate unlawful activities:

http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/

Greg

________________________________
From: gnso-rds-pdp-wg-bounces at icann.org on behalf of Gomes, Chuck
Sent: 18 July 2016 20:26:34
To: 'Mark Svancarek'; 'Andrew Sullivan'; gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )

Thanks Mark.

Chuck

-----Original Message-----
From: Mark Svancarek [mailto:marksv at microsoft.com]
Sent: Monday, July 18, 2016 1:40 PM
To: Gomes, Chuck; 'Andrew Sullivan'; gnso-rds-pdp-wg at icann.org
Subject: RE: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )

I'll take a stab at it.
I've also asked our IP/Brand people and digital crimes people to help me document how Microsoft uses WhoIs data today, but not ETA when that will be ready.

-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Gomes, Chuck
Sent: Saturday, July 16, 2016 6:29 AM
To: 'Andrew Sullivan' <ajs at anvilwalrusden.com>; gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )

Any volunteers to develop Andrew's suggestions into use cases?

Chuck

-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Andrew Sullivan
Sent: Saturday, July 16, 2016 1:00 AM
To: gnso-rds-pdp-wg at icann.org
Subject: [gnso-rds-pdp-wg] An important technical consideration about nature of the service (was Re: The overflowing list )

Thanks, Stephanie, for the quick issue list.  There's one thing that I want to draw out here so that we can keep it foremost when thinking of
issues:

On Sat, Jul 16, 2016 at 12:05:10AM -0400, Stephanie Perrin wrote:

>  * Where the RDS (whether a central database or federated or completely
>    disaggregated) resides becomes important for law enforcement access.

This "where data resides" issue is bound to vex us, no matter what kind of policy we come up with.  But it's really important to keep in mind that the different styles of system design will yield very different properties.

In the taxonomy I offered before
(https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmm.icann.org%2fpipermail%2fgnso-rds-pdp-wg%2f2016-June%2f000951.html&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=d3d1ttF1Z5Kn9M1VZ1RKPFSppMzJHpCaIKM1LHynBBQ%3d),
models I and V have a clear since answer to, "Where does the data reside?" because they have a single database backing them up.  In models II-IV, however, the answer to, "Where does the data reside?" is actually not entirely meaningful.  There are multiple places where the data are, and for data with respect to any given domain name each datum might be in a different place.  (Indeed, part of the design of RDAP is precisely to make such arrangements easier to deal with.)

It is therefore better to try to find a way, consistent with all of the various requirements documents, to answer some other questions.
I think these might be helpful in building use cases:

    1.  For any given datum, who has control of and access to the datum?

    2.  For any given datum, what are the conditions under which the
    datum ought to be accessible?

    3.  For any given set of related data, how can it be accessed?

Notice that answering (3) will provides use cases for data access, whereas (1) and (2) provide for limit conditions on how and when use cases might be apply.

I hope these framing questions are helpful in figuring out which use cases we can bring to bear on requirements.

Best regards,

A

--
Andrew Sullivan
ajs at anvilwalrusden.com
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c1ec700f7dd804a931a7008d3ad7d39a5%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=3UHPWnRvJ10WShDEPFQ8Ymkb8KFChrH%2f7ODoElAYbfQ%3d
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
*******************

DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it.
Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated.

*******************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160719/23183e2e/attachment.html>