[gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical

Gomes, Chuck cgomes at verisign.com
Wed Jul 27 13:42:36 UTC 2016 

Shane,

Thanks for your thoughts and in particular your categorization of use cases.

I want to point out that use cases are not an end in themselves but rather a means to help us understand the issues related to various possible RDS requirements that we will be considering.  So I do not think that we need to accept or reject use cases.  We will though have to accept or reject or modify possible RDS requirements in our deliberation phase and that is where some of your arguments will come into play.

The WG could decide to only approve requirements that are actually needed for DNS or it could decide to not be so restrictive but decisions in that regard will be made in our deliberation step (Work Plan task 12).

In our discussion of use cases it is of course appropriate to accept or reject elements of them but not for the goal of making any final decisions.

Chuck

-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Shane Kerr
Sent: Wednesday, July 27, 2016 9:24 AM
To: gnso-rds-pdp-wg at icann.org
Subject: [gnso-rds-pdp-wg] Use cases: Fundamental, Incidental, and Theoretical

All,

[ Apologies for the length. I need get back to my actual job, so don't
  have time to make this shorter. ]

I propose that:

* We should have a way to reject some use cases
* Part of that motivation should be whether it is actually needed for
  DNS

This is not important now, but it will be at some point. It might be helpful to keep this in mind as we work on use cases.

---------------------------------------------------------------------

My thinking is that we have three basic types of use cases:

Primary
=======
These use cases are necessary to actually be able to use the DNS itself. There are very few of these - almost all around configuring data that is needed for the DNS protocol to work.

For example, you can get a domain in NL.EU.ORG with only an e-mail address, and this is not published anywhere. (Even the e-mail address is not strictly necessary. One could set up a system based strictly on login to a web page.)

The recent thought-experiment (aborted because it is not in our work plan) about finding the minimum set of data needed to run the DNS would have been a good start for defining these use cases.

Incidental
==========
The vast majority of use cases that we see today exist only as an artifact of the way that WHOIS works.

A long time ago a system was established that publishes certain information; without much thought about the long-term impact of the setup. Over the years people have found all kinds of creative, useful, and nefarious things to do with this information. However, storing or accessing this information has very little or nothing to do with actually making DNS work.

For example, the DNS protocol certainly does not care what my fax number is, but anyone who looks up my domain name will see it. (Don't worry, I won't be doxed! I don't have a fax because this isn't 1986.) Likewise DNS software doesn't care when a domain was created. And so on.

The use cases here include using RDS to track down criminals, research trademark disputes, create mass-mailing portfolios, looking for domain drop dates, and most of what people actually use WHOIS for today.

Note that I definitely include technical uses that are outside of the needs of the DNS protocol itself. So, for example, having a way to contact a DNS operator when something is wrong falls into this category.

Theoretical
===========
We have seen a couple of proposed use cases that seem to be ideas that people have for useful or harmful ways that RDS can be used, but that do not exist today (at least not that anyone can fully document).

For example, there seems to be a desire to use the RDS as a way to issue warrants for information about registrants. While this may be useful, this is not possible today (even with RDAP, I note). Likewise concerns about using RDS to generate to generate lists of political enemies probably fits into this category.

---------------------------------------------------------------------

Discussion
==========

I bring this up because eventually we should be able reject certain use cases. (As an NCUC member, I expect to push back hard against a lot of use cases defined for business or law-enforcement purposes.)

I think that what I called "primary" use cases have to be accommodated.
I think there may be some disagreement about the details, but these should be relatively easy to come to consensus on.

On the other hand, I think that both what I called "incidental" and "theoretical" use cases need to be motivated more strongly.

There will probably be a natural tendency to prioritize existing uses of WHOIS - what I call "incidental" - because someone has some existing processes that depend on these. I think that this is wrong, and that any use of WHOIS outside of what is needed by DNS needs to be equally-well motivated.

That's about it.

Cheers,

--
Shane

More information about the gnso-rds-pdp-wg mailing list