[gnso-rds-pdp-wg] [EXT] Re: international law enforcement association resolution regarding domain registration data

Hollenbeck, Scott shollenbeck at verisign.com
Mon Apr 24 14:54:20 UTC 2017 

Chris, in the note below I shared an actual example of an existing contact identifier/handle, "C270-LRMS". It's an identifier that's assigned by the registry when the contact is created, and it's guaranteed to be unique within the registry namespace. It can be generated in many different ways (hash values are certainly one possible way) as long as the final value conforms to the syntax described in the EPP specifications.



One thing that makes these identifiers interesting is that they, too, can be searched for in an RDDS. In theory, we could have a system that returned nothing but these abstract identifiers in responses to domain name queries. One would then have to issue additional queries to see the details behind the handle, and if the system were designed in such a way it would be possible to restrict access to this information based on whatever policies exist for access to personally identifiable information.



Scott



From: Chris Doman [mailto:cdoman at alienvault.com]
Sent: Monday, April 24, 2017 9:38 AM
To: Paul Keating <Paul at law.es>; Hollenbeck, Scott <shollenbeck at verisign.com>; 'gnso-rds-pdp-wg at icann.org' <gnso-rds-pdp-wg at icann.org>
Subject: [EXTERNAL] Re: [EXT] Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data



Can you provide an example of a handle please for my understanding?



Do you mean for example a hashed user id from a registrar, or an email address?

  _____

From: gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org> <gnso-rds-pdp-wg-bounces at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Paul Keating <Paul at law.es<mailto:Paul at law.es>>
Sent: 24 April 2017 14:31:21
To: Hollenbeck, Scott; 'gnso-rds-pdp-wg at icann.org'
Subject: [EXT] Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data



I would like to understand this further and forgive my ignorance.  Could
you please explain what you mean by the following:

We already have "anonymized unique identifiers" in the form of contact
identifiers, sometimes also known as "handles" (but not to be confused
with handle system (RFC 3650) identifiers). For example, a WHOIS query for
a particular domain to one particular thick RDDS registry service will
return a registrant identifier of "C270-LRMS" in addition to the more
identifiable information that we're all familiar with. RDAP also supports
these identifiers, so they are available for purposes as we see fit to
recommend.



Also, although WHOIS information itself is not always helpful, WHOIS
combined with other data (including DNS and historical data) can be
extremely helpful.  So, I am not at all certain as to what is intended by
the message or what the solution proposed is or how it works.

Thank you,

Paul Keating

On 4/24/17, 2:47 PM, "Hollenbeck, Scott via gnso-rds-pdp-wg"
<gnso-rds-pdp-wg-bounces at icann.org on behalf of gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg-bounces at icann.org%20on%20behalf%20of%20gnso-rds-pdp-wg at icann.org>>
wrote:

>I must have missed this note when it was original sent back in March.
>Chuck asked me to address one of the questions posed below.
>
>Scott
>
>> -----Original Message-----
>> From: Gomes, Chuck
>> Sent: Monday, April 24, 2017 7:48 AM
>> To: Hollenbeck, Scott <shollenbeck at verisign.com<mailto:shollenbeck at verisign.com>>
>> Subject: FW: [EXTERNAL] Re: [gnso-rds-pdp-wg] international law
>> enforcement association resolution regarding domain registration data
>>
>> FYI Scott.
>>
>> Chuck
>>
>> -----Original Message-----
>> From: theo geurts [mailto:gtheo at xs4all.nl]
>> Sent: Thursday, March 02, 2017 4:21 PM
>> To: Gomes, Chuck <cgomes at verisign.com<mailto:cgomes at verisign.com>>; Greg Aaron <gca at icginc.com<mailto:gca at icginc.com>>
>> Cc: gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
>> Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] international law enforcement
>> association resolution regarding domain registration data
>>
>>
>> Thanks, Chuck.
>>
>> I think it is important that we as a WG understand that gated access
>>could
>> be a recommendation. But it does not single out any other
>> solutions/recommendations,  but to get to that point, we should keep
>> exploring.
>>
>> To give this some more color. In 2016 we assisted paloaltonetworks.com
>>and
>> shadow server taking down the Prince of Persia malware that went
>> undetected and roamed the internet for ten years (that's a long time
>> folks) http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-
>> of-persia-game-over/
>>
>> So the actual WHOIS data was useless in a sense we were dealing with
>> stolen identities.
>> But we were able to map out the botnet controller network through the
>> WHOIS and coordinated with more Registrars to sinkhole the entire lot.
>>
>> Again the WHOIS data was useless in this case as it was fake, could have
>> passed every syntax or WHOIS cross-validation check.
>>
>> So instead of gated access, why not aim for an RDS that used anonymized
>> unique identifiers that are available for everyone?
>
>We already have "anonymized unique identifiers" in the form of contact
>identifiers, sometimes also known as "handles" (but not to be confused
>with handle system (RFC 3650) identifiers). For example, a WHOIS query
>for a particular domain to one particular thick RDDS registry service
>will return a registrant identifier of "C270-LRMS" in addition to the
>more identifiable information that we're all familiar with. RDAP also
>supports these identifiers, so they are available for purposes as we see
>fit to recommend.
>
>Scott
>_______________________________________________
>gnso-rds-pdp-wg mailing list
>gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg


_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org<mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170424/d3c2b701/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list