[gnso-rds-pdp-wg] IMPORTANT: Notes from RDS PDP WG Meeting - 20 December
Lisa Phifer
lisa at corecom.com
Wed Dec 20 20:31:18 UTC 2017
Dear all,
Below please find notes from today's RDS PDP WG meeting.
To recap Action Items from today's call: https://community.icann.org/x/NQByB
Possible WG Agreement (to be re-confirmed by poll): The following
registration data is needed for the purpose of Domain Name Management:
Domain Name, Registrant Name, Registrant Organization, Registrant Email,
Registrar Name, Creation Date, Updated Date, Expiration Date, Nameservers,
Domain Status, Administrative Contact
Possible WG Agreement (to be confirmed by poll): Domain Name Certification
is NOT a legitimate purpose for requiring collection of some registration
data, but may be a legitimate purpose for using some data collected for
other purposes. (Access requirements to be deliberated at a later stage.)
Action item: Leadership team to launch poll to confirm two Possible WG
Agreements identified during this call. WG members are encouraged to
participate in this poll no later than 30 December (poll close date).
Best regards,
Lisa
Action Items and Notes from RDS PDP WG Call - 20 December 2017
These high-level notes are designed to help PDP WG members navigate through
the content of the call and are not meant as a substitute for the transcript
and/or recording. The MP3, transcript, and chat are provided separately and
are posted on the wiki.
1. Roll Call/SOI Updates
. Meeting Materials: <https://community.icann.org/x/NQByB>
https://community.icann.org/x/NQByB
. Call Handout:
<https://community.icann.org/download/attachments/74580021/Handout-20Dec-RDS
WGCall.pdf>
https://community.icann.org/download/attachments/74580021/Handout-20Dec-RDSW
GCall.pdf
. SOI Updates: none
2. Complete deliberation on Domain Name Management as a legitimate purpose
a. Review poll results for data needed for Domain Name Management
. Poll Results (22 participants):
<https://community.icann.org/download/attachments/74580021/AnnotatedResults-
Poll-from-12December.pdf>
https://community.icann.org/download/attachments/74580021/AnnotatedResults-P
oll-from-12December.pdf
o 100-90%: Domain Name, Registrant Name, Registrant Organization,
Registrant Email, Registrar Name, Creation Date
o 89-80%: Updated Date, Expiration Date, Nameservers, Domain Status
o 79-70%: Registrant Postal Address, Registrant Phone, Administrative
Contact
o Less than 60%: Registrar Abuse Contact, Original Registration Date,
Technical Contact
. Propose that data with 80-100% support be accepted as rough
consensus; data with less than 60% support be dropped for this purpose
. Question: Would it be useful to flag data that is derived vs. data
that is collected from the registrant? It will be necessary to differentiate
when we develop policies - at this stage, we are looking at data required
for this purpose within the RDS
. Comment: Original Registration Date has been helpful to some
organizations - including helpful to the registrant themselves. Not in WHOIS
today. Note WG Agreement 44. There is no requirement for the Original
Registration Date as proposed by the EWG Final Report.
. Administrative Contact (77%) was the subject of several poll
response comments (Rod, Tomslin, Maxim, David). Historically, Admin Contact
is often the contact that controls the DN registration. If a registrant
chooses to designate an Admin Contact, it would be needed for this purpose.
b. Finalize Data Elements needed for Domain Name Management
. Possible WG Agreement: The following registration data is needed
for the purpose of Domain Name Management: Domain Name, Registrant Name,
Registrant Organization, Registrant Email, Registrar Name, Creation Date,
Updated Date, Expiration Date, Nameservers, Domain Status, Administrative
Contact
. These are data with 100-82% support, plus Admin Contact (77%
support), but not data with less than that level of support
. Notably, Registrant Postal Address (77%) and Phone (73%) are not
included in above-proposed agreement, based on lack of support in poll - no
rationale given for inclusion or exclusion in the poll
. Comment: Other methods of contact may be helpful in occasions where
other contacts have failed/were dead - giving an opportunity to get a real
live person.
. Registrant postal address may be convenient but not required? No
tasks for Domain Name Management that require sending info to registrant by
ground mail - except perhaps DN Transfer requires postal address?
. in Transfer Policy "The registrar may use additional contact
information on file when obtaining confirmation from the Prior Registrant
and is not limited to the publicly accessible Whois." --
<https://www.icann.org/resources/pages/transfer-policy-2016-06-01-en>
https://www.icann.org/resources/pages/transfer-policy-2016-06-01-en
. Noted that postal address and phone are often required for credit
card payment - this may not be registration data collected by the RDS, but
data collected by the registrar for payment processing
. This week's poll will recap discussion about possible addition of
Registrant Postal Address and Phone, but confirm the following...
Possible WG Agreement (to be re-confirmed by poll): The following
registration data is needed for the purpose of Domain Name Management:
Domain Name, Registrant Name, Registrant Organization, Registrant Email,
Registrar Name, Creation Date, Updated Date, Expiration Date, Nameservers,
Domain Status, and Administrative Contact.
3. Start deliberation on Domain Name Certification as a legitimate purpose
(slide 7+)
. Refer to slides 7-11 for DT3 definition of DN Certification:
o "Information collected by a certificate authority to enable contact
between the registrant, or a technical or administrative representative of
the registrant, to assist in verifying that the identity of the certificate
applicant is the same as the entity that controls the domain name."
. Three levels of certificate validation: DN validated, Organization
validated (OV), and Extended validation (EV).
. DN validated is not covered by this purpose - no data required of
RDS for this level, can be accomplished with just DNS data.
. For OV and EV certificate validation, data in RDS is relevant but
not required - CABForum requires info to be verified by other channels.
. There are 10 equivalent methods of proving control - of those, 4
use RDS data if available. Not strictly required since there are 6
alternative methods.
. Data that may be relevant includes DN and Registrant, Tech, and
Admin contact data: email, phone, name, postal address (slide 11)
. DN certification proves CONTROL of DN, not ownership - not proving
the person seeking cert owns the DN, just proving they control it
. EV does examine relationship between entity seeking cert and
registrant of DN
. Is possible WG agreement on slide 12 phrased incorrectly? it seems
this isn't a legit use to _require_ collection but is a legit use to
collect, if the registrant wants to use that biz model @ CA
. Possible WG Agreement suggested on slide 12 modified as shown above
to reflect this:
. Revised Possible WG Agreement: Domain Name Certification is NOT a
legitimate purpose for requiring collection of some registration data, but
may be a legitimate purpose for using some data collected for other
purposes. (Access requirements to be deliberated at a later stage.)
. EWG recommended purpose-based contacts - for example, a Registrant
might optionally designate a contact specifically for DN Certification, to
interact with CA - or the Registrant or Admin Contact could be used for this
purpose
. Do our agreements need to differentiate between required and
optional? In this pass we are focusing agreements on required data for each
purpose.
Possible WG Agreement (to be confirmed by poll): Domain Name Certification
is NOT a legitimate purpose for requiring collection of some registration
data, but may be a legitimate purpose for using some data collected for
other purposes. (Access requirements to be deliberated at a later stage.)
Action item: Leadership team to launch poll to confirm two Possible WG
Agreements identified during this call. WG members are encouraged to
participate in this poll no later than 30 December (poll close date).
4. Confirm action items and proposed decision points
Possible WG Agreement (to be re-confirmed by poll): The following
registration data is needed for the purpose of Domain Name Management:
Domain Name, Registrant Name, Registrant Organization, Registrant Email,
Registrar Name, Creation Date, Updated Date, Expiration Date, Nameservers,
Domain Status, Administrative Contact
Possible WG Agreement (to be confirmed by poll): Domain Name Certification
is NOT a legitimate purpose for requiring collection of some registration
data, but may be a legitimate purpose for using some data collected for
other purposes. (Access requirements to be deliberated at a later stage.)
Action item: Leadership team to launch poll to confirm two Possible WG
Agreements identified during this call. WG members are encouraged to
participate in this poll no later than 30 December (poll close date).
5. Confirm next WG meeting: Tuesday, 9 January at 17:00 UTC
. Note: NO meetings for next two weeks - Happy Holidays to all
. During 9 January call, we plan to start deliberation on this
purpose:
Criminal Activity/ DNS Abuse - Investigation
Meeting Materials: https://community.icann.org/x/NQByB
Including call handout with poll results and the definitions produced by DT2
and DT3
.
.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171220/e0371c4b/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list