[gnso-rds-pdp-wg] [renamed] Key early questions
Stephanie Perrin
stephanie.perrin at mail.utoronto.ca
Wed May 11 19:04:59 UTC 2016
+1. Accepting the fact that figuring out the logical order of doing
this is a hard problem, I think it is important that Andrew keep
reminding us that our conceptualization of what we need is biasing our
thought processes (ie "this thing ought to look like WHOIS did", which
it absolutely does not).
On the separate issue of the utility of the "wealth of data": Sure there
are lots of useful things you can do with other people's personal
information, but that does not make it right. and determining what is
in the public interest, and who is entitled or who we trust to make that
determination as they access other people's information, is a matter
that we will doubtless spend quite a lot of time on in the next phase of
this exercise.
Stephanie Perirn
On 2016-05-11 14:42, Andrew Sullivan wrote:
> On Wed, May 11, 2016 at 01:28:33PM -0500, Denny Watson wrote:
>> Let me simply this; There is a wealth of data that needs to be provided
>> in the public interest.
> Even granting that, it doesn't mean that (1) the data has to be
> collected in one place or (2) that all the data has to be available
> always to everyone under the same terms. As I've now said it seems
> several times, an awful lot of the discussion appears to assume the
> basic data-gathering and data-publication model of the RDS we have
> (whois). But that system, in its basic technology, has been unfit for
> purpose since at least the late 1990s.
>
> Just to pick on ways the world could be different using RDAP, to
> address (1) registries need not collect (for instance) billing contact
> data from registrars. That data can continue to live inside the
> registrar systems, because RDAP provides a mechanism in which a
> request to the registry database will provide a correct referral to
> the appropriate registrar system, too; the client can assemble this
> data into a single displayed answer, but only the registrar (and the
> presumably-authorized client) get the data.
>
> To address (2), some kinds of data could be provided only in case of
> certain authorizations. For instance, it seems like we could create a
> mechanism for a registrant to establish a token known to the relevant
> RDDS operator(s) so that a CA could do its fancy, data-rich lookups
> correctly authorized by that token, while not exposing that data to
> everyone on the Internet.
>
> I know that we were going to collect the requirements and then look at
> possible solutions, but our knowledge of possible solutions may be
> affecting what we think of as "requirements".
>
> Best regards,
>
> A
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20160511/9a21d9a9/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list