[gnso-rds-pdp-wg] Attendance, Recordings & AC Chat from Next-Gen RDS PDP WG call on Tuesday, 18 June 2017 at 16:00 UTC
Julie Bisland
julie.bisland at icann.org
Tue Jul 18 20:28:54 UTC 2017
Dear All,
Please find the attendance of the call attached to this email, and the Adobe Connect chat, MP3 & Adobe Connect recordings below for the Next-Gen RDS PDP Working group call held on Tuesday, 18 June 2017 at 16:00 UTC.
MP3: http://audio.icann.org/gnso/gnso-nextgen-rds-pdp-18jul17-en.mp3
AC recording: https://participate.icann.org/p1sii1hykih/<https://participate.icann.org/p1sii1hykih/?OWASP_CSRFTOKEN=b560bc8bdbc53ab354fcb9a3e62cf7c94ff489404776d85c72fdf4fc779b54a0>
The recordings and transcriptions of the calls are posted on the GNSO Master Calendar page: http://gnso.icann.org/en/group-activities/calendar<https://urldefense.proofpoint.com/v2/url?u=http-3A__gnso.icann.org_en_group-2Dactivities_calendar-23nov&d=DwMF-g&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=PDd_FX3f4MVgkEIi9GHvVoUhbecsvLhgsyXrxgtbL10DTBs0i1jYiBM_uTSDzgqG&m=GJMkY4Fbi9sry9Z53DaSWJm-mHxMfFxg7MEVDf2JU90&s=FI3QJYH6DWWCDQir6NDMSjPkzdqfTTUmf9Ua-AYpc14&e=>
** Please let me know if your name has been left off the list **
Mailing list archives:http://mm.icann.org/pipermail/gnso-rds-pdp-wg/
Wiki agenda page: https://community.icann.org/x/SWfwAw
Thank you.
Kind regards,
Julie
---------------
AC Chat Next-Gen RDS PDP WG Tuesday, 18 June 2017
Julie Bisland:Welcome to the GNSO Next-Gen RDS PDP Working Group call on Tuesday, 18 July 2017 at 16:00 UTC
Julie Bisland:Agenda wiki page: https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_SWfwAw&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=VcnCL_DNxQy5Df6iup-9SfD7FFEAtOz0qs86wE-h2_Y&s=whcaoFMCcMwX5xKOVzpokTDfY13gEgAgkez0ywclk_M&e=
Chuck Gomes:Thanks to all of you who joined early.
Michele Neylon:all hail
Nathalie Coupet:Congratulations, Chuck
Maxim Alzoba (FAITID):Hello All
Herb Waye Ombuds:Sorry for being late... that Internet thing was giving me grief...
Rod Rasmussen:Great work Lisa - makes it very easy to walk through.
Lisa Phifer:Document displayed now is Analysis of Poll Results: https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_66086729_AnalysisResults-2DPoll-2Dfrom-2D28JuneCall.pdf&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=VcnCL_DNxQy5Df6iup-9SfD7FFEAtOz0qs86wE-h2_Y&s=WivSzL-US7gl7vs9jNi8tCgrmXN3c82PXsLdXWfeKWM&e=
Sara Bockey:YI - I will need to drop at 16:30 UTC but will rejoin the call as soon as I can.
Elaine Pruis:the first time it was ever registered... meaningful to buyers on the secondary market
Lisa Phifer:Refer to handout: The date on which this domain name was first registered...the first date that the domain name was ever registered.
Maxim Alzoba (FAITID):how to check if the field 39 is correct or not?
Stephanie Perrin:A relevant question is what is the purpose of collecting it in terms of the overall purpose of gathering registration data.
Stephanie Perrin:barely
Stephanie Perrin:hear
steve metalitz:sam is very faint
David Cake:very quiet
Julie Bisland:Sam, we might need to dial out to you, please let me know.
Maxim Alzoba (FAITID):usually Tech contact = Admin = billing
Michael Hammer:Quite often it is not the same.
Michele Neylon:more often than not it's the same as the admin
Michele Neylon:The "reseller" field is probably more useful
sam lanfranco:the ngo sector uses original date to uncover scams targeting ngos. We get impressive webpages on "donors" where the page has been customed to scam us.
Maxim Alzoba (FAITID):+1 @Michele about reseller
Stephanie Perrin:It was one of these contacts that prompted me to start asking whatever happened to the OPOC.....why not an OPOC instead of umpteen different contacts
Lisa Phifer:We sampled the domain names collected by NORC for their Registrant ID study, and Admin and Tech contact differed in something like one third of registrations
Benny Samuelsen / Nordreg AB:sound are dropping on and off
Marika Konings:@Benny - sounds via the phone bridge is stable on this end. You may need to reconnect your phone line or reconnect to Adobe Connect.
steve metalitz:agree with that action item -- defining data elements
Maxim Alzoba (FAITID):the more unrelevnt fields we have the moew unrelevant info is in DNS
Lisa Phifer:From EWG Report (pg 57): Original Registration Date: The date on which this domain name was first registered. Footnote: This is different than the creation date since the creation date picks up the latest time that the domain name was registered; it is possible that the domain name was previously registered and subsequently deleted multiple times. The Original Registration Date denotes the first date that the domain name was ever registered.
Michele Neylon:Lisa - can you remember why we added that? I honestlhy can't
Stephanie Perrin:uesful in copyright fights, surely?
Lisa Phifer:@Michele, agree w Stephanie's recollection
Rod Rasmussen:Some of the comments on the list captured the rationale we used at the time. This was particularly important for IP issues on first-use of a name.
Michele Neylon:Rod - ok - I just couldn't remember where on earth it came from
Lisa Phifer:@Michele, purposes for that data element were DN control, Biz DN Purchase/Sale, DNS Research, Reg/Contract Enforcement, Criminal Investigation/DNS Abuse Mitigation
Maxim Alzoba (FAITID): I am not sure Registrars upload such data into escrow
steve metalitz:@Stephanie, yes but does that make ICANN the controller for EU data protection purposes -- or not?
Stephanie Perrin:I bet they don't.
Stephanie Perrin:Yes, I would suggest that it does Steve.
Stephanie Perrin:old hand sorry
Michele Neylon:Maxim - which data??
Maxim Alzoba (FAITID):those fin /ID elements are subject to Registrar - registranr relations and are not to be inherited
Maxim Alzoba (FAITID):@Michele, I think I misunderstood last bit of the speech with escrow
Maxim Alzoba (FAITID):of Stephanie
Michele Neylon:so what happens if the registrar goes belly up? without the registrant name in the escrowed data there's no way to know who the domain is registered to
Michele Neylon:Or in the data set in the RDS
Maxim Alzoba (FAITID):@Michele, I meant that financial details are not to be there
Michele Neylon:Maxim - that makes sense
Michele Neylon:As a registrar I need to know who the hell my client is
Michele Neylon:I'm not going to tell anyone
Michele Neylon:but I need to know
Michele Neylon:it has to be collected
Michele Neylon:domains aren't websites
Michele Neylon:*sigh*
Maxim Alzoba (FAITID):from the perspective of GDPR THIN data looks bit safer (then THICK) for all of us ...
steve metalitz:@Stephanie, ICANN may "control" whether the registrar needs to collect it, but not necessarily the terms of disclosure. For example, where there is a subpoena or court order. So in that sense I would question whether ICANN is the "controller."
neil schwartzman:agree with Rod
Stephanie Perrin:I think Rod's intervention is very helpful to our understanding of exactly what we are doing at this phase of the discussion.
Stephanie Perrin:So hard to keep analytical clarity as we go through these data elements
Nathalie Coupet:I registered a website earlier and was sent en email address verification. So, my e-mail address was collected. Privacy protection should be enough to protect vulnerable populations (political opponents) while allowing people to know who they are dealing with (the registrar/proxy/the public in general), in order to keep the Internet safe. The issue of 'fake news' is creaping up also, and could become an epidemic. By pubishing the identity of the website owner (or legally responsible party), who preserve one control mechanism over the unruly Internet.
Michael Hammer:+1 to what Rod said.
Nathalie Coupet:Correction: we preserve
Benny Samuelsen / Nordreg AB:@nathalie you registered a website?
Nathalie Coupet:yes
Nathalie Coupet:I am anopera singer
Benjamin Akinmoyeje (Nigeria):I appreciate the clarification
Lisa Phifer:In the EWG Report, Registrant Name is mandatory to collect but gated to display
Benny Samuelsen / Nordreg AB:@Natalie the website have nothing direct to do with the domain
Stephanie Perrin:I think the GDPR (and all/most other data protection laws) allow for release for legal purposes, and recognition of the different legal regimes permits would preclude ICANN from intervening in such matters and telling registrar and registries how they respond to law enforcement. So ICANN and the contracted parties are joint controllers, if you prefer to refer to ithe issue that way.....nevertheless I would argue that with respect to the current RAA, anything in there as data element requirements is under ICANN controllership.\
Lisa Phifer:For a proxy-registered domain name, the REgistrant is the Proxy Provider, thus Registrant Name = Proxy Provider
Benny Samuelsen / Nordreg AB:you can point at domain to a website but that are not the same as registering a domain
Maxim Alzoba (FAITID):these days people change names to all kinds of things ... I wonder what happends to the person called Privacy Proxy :)
Lisa Phifer:@Marc, for a privacy-registered domain name, the registrant is the beneficial user, but PP Contact is the Privacy Provider
Kris Seeburn:I would assume that ICANN would have to adhere to EU GDPR as a data controller.....
Lisa Phifer:@Marc, having a PP Contact ID is a definitive way to determine the domain is proxy/privacy registered - otherwise you may not be able to tell from the Registrant Name that it's a PP provider
Lisa Phifer:Note there is also a Registrant Contact ID - it didn't have as strong support and so isn't displayed on this page
Michael Hammer:We need a regulation prohibiting people from putting nonsense in fields. </humor>
Stephanie Perrin:Issues of data quality are important and I would argue that the more data you go for, the more jumk you get. But we are not there at the moment, we are in design mode....\
Michael Hammer:Interesting thought... block chain for "name".
Tapani Tarvainen:+1 Chuck. "Label" works for me.
Stephanie Perrin:It is logical to think in terms of true name, so yes that might be helpful
Michael Hammer:or just call it Registrant
Lisa Phifer:Per 2013 RAA: For the Registrant, Admin and Tech contact fields requiring a "Name" or "Organization", the output must include either the name or organization (or both, if available)
steve metalitz:++1 to Michael
Benjamin Akinmoyeje (Nigeria):I agree with that
Fabricio Vayra:+1 Michael
Alex Deacon:Agree "Registrant" is good.
Kris Seeburn:Just call it Registrant
neil schwartzman:i am opposed.. anyone who doesn't understand what a name is probably should be trusted with an asset on the internet
neil schwartzman:shouldn't ^^
Lisa Phifer:Per 2013 RAA: Registrant is the entity that has acquired the right to use the Internet resouce (here, Domain Name)
Lisa Phifer:@Rod, roles currently displayed are then "Registrant" "Admin Contact" and "Tech Contact"
Rod Rasmussen:@Lisa - correct - under current registration policies. EWG proposed other new, more well-defined roles, and that a contact could have multiple roles.
Lisa Phifer:@Chuck, Registrant is defined, we can start with that definition.
Lisa Phifer:@Marc, data elements may or may not be mandatory to collect
Lisa Phifer:In the EWG report, you can see the status given to each element, but that's for discussion here
Lisa Phifer:For example, see page 50 of EWG Report, Collect M or O column
Michael Hammer:I'm curious, what if someone puts something like "~!@#$%" as registrant?
Michael Hammer:Does anyone have an issue with that?
Lisa Phifer:@Michael, the EWG also recommended pre-validation of contacts to avoid that scenario, but we're not deliberating that yet
Benny Samuelsen / Nordreg AB:Well you would probably get a problem sending id for verification in a dispute
steve metalitz:@Lisa, I thought the current exercise was to list the the data elements that would have to be collected (but not necessariy disclosed).
Michael Hammer:What if ~!@#$% responds to ~!@#$%@<domain>?
Lisa Phifer:@Steve, data elements that are possible to collect - may be mandatory or optional
Lisa Phifer:@Steve, as in ishould it be a registration data element in the RDS
steve metalitz:@Lisa if it is not collected in what sense is it an element n RDS?
Lisa Phifer:What I mean Steve is that an optional data element might or might not be collected for a particular Domain Name, but it's in the universe of data that can be collected
tim obren:hello all, appologies for the absence & being tardy - $dayjob :(
Michael Hammer:Clearly there should be an option to not collect - What if there is no organization involved?
Stephanie Perrin:sorry
Maxim Alzoba (FAITID):what to do if the person has few organisations related to him/her?
Nathalie Coupet:I feel we are trying to find braod general rules based on very special and isolated cases. We have to create a regimen to allow for exceptions, not craft geenral rules based on special cases.
Maxim Alzoba (FAITID):Countries ... what to do when the person chnges loctions each few months?
Michele Neylon:Maxim - that's an edge case
Michele Neylon:I used to change address a lot, but my official home address was stable
Michael Hammer:What to do if the person isn't located on the planet earth?
Tapani Tarvainen:.skynet?
Maxim Alzoba (FAITID):also Country does not mean citizenship
Maxim Alzoba (FAITID):for those who are not on Earth , psaceport and PObox
Nathalie Coupet:Allison Nixon isn't on teh call today, but I'm sure she would oppose any attempt not to collect data she considers crucial for her work.
Michele Neylon:Maxim - nobody said it did?
steve metalitz:@Michael, re ~!@#$%, are you being euphemistic? If so see https://urldefense.proofpoint.com/v2/url?u=https-3A__www.cnet.com_news_domain-2Dnames-2Dget-2Ddirty_&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=QiF-05YzARosRvTYd84AB_UYInlydmFcjNmBM5XgySw&m=VcnCL_DNxQy5Df6iup-9SfD7FFEAtOz0qs86wE-h2_Y&s=UZeyNrXXu8iKpu_IkfaeWKzmXAR4jMOHpjOnmuP7TbA&e=
Michael Hammer:@steve, I was just pondering if it needs to be alpha or alphanumeric. No intent to represent swear words.
Lisa Phifer:@Marc, that is why the EWG included other kinds of contact information, all of which were optional, so each contact could populate their preferred methods, but email would always be avaialble at minimum
Michael Hammer:It's jsut a label. I know of a situation where someone legally changed their name to "Q". They then sued an insurance company because the insurance company only offered first name and last name fields and the person argued that their name was neither and they shouldn't be forced to enter it in one or the otehr.
Lisa Phifer:Email address is often required by the registration process
Stephanie Perrin:Marc made my point, need a pull down list for refferred method of contact
Stephanie Perrin:preferred
Michele Neylon:I've had to create a temp email for a client in the past
Michele Neylon:they had phone + fax - they didn't have an email address
Benny Samuelsen / Nordreg AB:+1 Rod
Michele Neylon:Very valid point Rod
Michael Hammer:Rod, can you contact me offline via smoke signal?
Benny Samuelsen / Nordreg AB:collected but not displayed
neil schwartzman:i'd like the name of my carrier pigeon in my whois record
steve metalitz:Multiple contact points facilitate contactability. Why eliminate?
Michele Neylon:Steve - exactly
Michele Neylon:as long as they're optional
Maxim Alzoba (FAITID):multiple copies of the same data - useless
Michele Neylon:I think we're still obliged to include fax even though nobody uses it
neil schwartzman:yep yep steve. redundancy. i've a sotre i'm dealing with that has some issues with their phones atm.
Rod Rasmussen:@Maxim - completely agree that putting stuff in multiple times is not useful - that's why you create contact objects with roles attached to it. Enter data once, list it where needed.
Rod Rasmussen:@Steve - not limiiting to one method - making sure at least one works!
Michele Neylon:Rod - I wish somebody would tell a couple of the registries that ..
Michael Hammer:Interesting question... How do we accommodate/account for new technology/communications method?
Michael Hammer:other method field?
Michele Neylon:see you all soon
Fabricio Vayra:Thanks, all
Kris Seeburn:actually if one looks at the approach a lot of the fields could become sub elements such as contact address,, email, etc.,
Tim OBrien:I will most likely miss next week - in Vegas for Black Hat & DEFCON
Michael Hammer:Me too
Herb Waye Ombuds:Very interesting discussions, have a great day everyone
Michael Hammer:Well, defcon.
Rod Rasmussen:Enjoy Vegas folks!
Kris Seeburn:bye...tc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170718/26a91337/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Attendance RDS PDP 18 July.pdf
Type: application/pdf
Size: 336240 bytes
Desc: Attendance RDS PDP 18 July.pdf
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170718/26a91337/AttendanceRDSPDP18July-0001.pdf>
More information about the gnso-rds-pdp-wg
mailing list