[gnso-rds-pdp-wg] Apologies, and some reflections on requirements

Mark Svancarek marksv at microsoft.com
Thu Jun 30 19:51:58 UTC 2016


One more comment regarding who collects the data and who they share it with: privacy proxy services can sit between the registrant and registrar - Andrew's models didn't explicitly  mention that.   Keep that in mind when we discuss what is collected, who its shared with, and where its stored.

-----Original Message-----
From: gnso-rds-pdp-wg-bounces at icann.org [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of Andrew Sullivan
Sent: Thursday, June 30, 2016 8:57 PM
To: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Apologies, and some reflections on requirements

On Thu, Jun 30, 2016 at 08:20:50AM +0000, Gomes, Chuck wrote:
> I would be happy to be wrong about the need for a charter change so we will explore that further. If the main thing we are talking about is Federated v. Distributed, then I don't think a charter change would be needed.     Am I correct that is the main issue or is there more to what Andrew is suggesting?
> 

Well, there may be more or less.

If you look at the model diagrams I sent, you'll notice that they all include the registration side of this as well.  Some of our conversations have been framed as though there is some _other_ place where the registration data gets collected, but there isn't.  It's all collected through registrars and registries.

This is part of why I was trying to suggest that, "What data is collected?" is not one question, but many.  Only in Model I -- which hasn't existed for years -- do we have a system in which you can meaningfully ask, "What is collected?" without also asking, "Who collects it?"

In Model II, registrars (and only registrars) collect all the data that comes from a registrant.  They pass _some_ data along to the registries.  In Model IV, the same approach can be used.

In Model III, registrars collect all the data, but they also pass almost all of it along to registries.  So, three parties (including the registrant) have the data, and one of those parties (the registry) has no direct agreement with the originator of the data.  Model IV can also use this approach.

Model IV has the additional property that, depending on the authentication of who asks the question, the protocol can provide more or less data in the response.  It can do this regardless of who collected the data.

Therefore, the issue here is really two dimensional: which parties have any given set of data at any time, and how much of that data will it disclose.  As Jay Daley said in the meeting the other day, the second of those dimensions can be answered in steps: "assume completely unauthenticated access; how much is revealed?", and so on.
The answer to those issues is _unrelated_ to the first dimension if you pick the right protocol to start with, because you can specify from the beginning that any protocol that could possibly meet our needs must work in a distributed fashion.  In that case, you're sort of stuck with RDAP, or with inventing one yourself, because our experience with whois (the protocol, port 43 and webby things built atop it) is that it doesn't work that reliably.

Does this answer your question?

A

--
Andrew Sullivan
ajs at anvilwalrusden.com
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fmm.icann.org%2fmailman%2flistinfo%2fgnso-rds-pdp-wg&data=01%7c01%7cmarksv%40microsoft.com%7c4f2841d3f54e451448bc08d3a1100a1e%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=Vjw%2bnAjNAoIWndzH4xeP%2bsHzzOqVPdzf0p3zahxxeHU%3d



More information about the gnso-rds-pdp-wg mailing list