[gnso-rds-pdp-wg] Review Tool for Responses from ccTLD Registry Operators' to Questions on Privacy, Data Protection and the GDPR
Kris Seeburn
seeburn.k at gmail.com
Sun Jul 30 06:55:19 UTC 2017
Greg,
You’ve actually pinned my issue down.
As much details or non details we do on the Naming side the same applies to RIRs. I will take an example. As much as we may want to ensure some level of privacy when we get to the bridge. The issue is that it is also as easier to go find the nested information with IP etc., in more details in an RIR whois. The details you can find is more than you can only see in the ICANN registry. So however much we decide to take into consideration the fields and objects we need for validity and the privacy. With a bit of intelligence one would situate all other details more than easily out of a DNS routing and IP address to get the details that can be taken and abused not only from the naming but easily pitched out from any RIR.
What i am trying to say is that accuracy which is protected is better than a fully open database to tie the details together. I usually check on both ends to see accuracy of details at times. Whilst i might be doing in good intentions. The reality is that you can pull even more details from the RIR once you identified what you need from the ICANN registry.
I am looking at it when i train cybersecurity i do show people how to identify and assure yourself that the information is close to correct. Whilst one may say RIR Whois may not reveal information but the reality it is very open as well as the ICANN one and even more.
So GDPR/Privacy is still the issue as the Whois in an RIR can easily pin down what we want to protect here. Works both ways. Am looking at an alignment that protects the privacy end to end and you do naming and the DNS throws you to RIR and you still can get everything you want from the RIR whois. Then what we are doing gets loose ended on the other side.
You may not do it, but anyone with idea of abuse or even other will get it easily and openly even more on the RIR whois. I have suggested RIR as well because the database is open and privacy issues from that perspective has not been looked at by all RIRs.
Land Registy is fine but even that is being moved to blockchain in certain countries. I just wanted a pragmatic way of protecting the data and information that ties the details that may be represented once the rds is up and if the other end is not tied as well then the work becomes useless from my perspective. I would want RIRs to go anf work towards same privacy rules we are doing.
I saw RIPE working in that direction because of GDPR but we need to tie the whole lose ends. Thats my take. People may agree or not but i wanted to make my point. Naming is just one slight art of the whole picture. Two bits work together naming ties to the DNS and the IPs but if all information is readily revealed on the other end. Then what we end up with naming and all privacy is very opened on the other end.
When i look at the ewg work i see some logic. There is a need for accuracy to catch abusers as well as ensuring the privacy which some member of the wg want. WHich is more than fair and good. Me i would want mechanism for public info protection and law.
I am not forcing anyone to go my way but having been and i teach warfare and these are information we certainly use to to do DDOS etc., and getting addresses etc.,
The rest is the group’s decision. I will just not retake it. I will go with the majority thinking. But if later then this become an issue we overlooked then i would have raised it.
Kris
> On Jul 29, 2017, at 11:59 PM, Greg Shatan <gregshatanipc at gmail.com> wrote:
>
> Maybe it means they have a GDPR/privacy law issue as well.... However, that doesn't really help us directly.
>
> It would be interesting to know if they have contemplated it yet.
>
> On Sat, Jul 29, 2017 at 3:37 PM Andrew Sullivan <ajs at anvilwalrusden.com <mailto:ajs at anvilwalrusden.com>> wrote:
> Sure. And if I search in the land registry I get my own name and address. What does that have to do with this WG?
>
> A
>
> --
> Andrew Sullivan
> Please excuse my clumbsy thums.
>
> On Jul 29, 2017, at 15:21, Kris Seeburn <seeburn.k at gmail.com <mailto:seeburn.k at gmail.com>> wrote:
>
>> Have a look at this little search by name and that is not an advanced search. If i do all you would find more than that.
>>
>> organisation: ORG-ME2-AFRINIC
>> org-name: Mark Elkins
>> org-type: ASSOCIATE-MEMBER
>> country: ZA
>> address: P O Box 73892
>> address: Lynnwood Ridge 0040
>> phone: +27128070590
>> fax-no: +27128075324
>> admin-c: mje-afrinic <https://my.afrinic.net/whois/search?searchtext=mje-afrinic>
>> tech-c: mje-afrinic <https://my.afrinic.net/whois/search?searchtext=%20mje-afrinic>
>> mnt-ref: AFRINIC-HM-MNT
>> mnt-by: AFRINIC-HM-MNT
>> source: AFRINIC # Filtered
>> person: ELKINS Mark James
>> nic-hdl: EMJ1-AFRINIC
>> address: SOUTH AFRICA
>> address: N/A
>> address: South Africa
>> phone: +27128070590
>> source: AFRINIC # Filtered
>> person: Mark Elkins
>> nic-hdl: MJE-AFRINIC
>> address: Posix Systems (Pty) Ltd
>> address: P O Box 73892
>> address: Gauteng
>> address: Lynnwood Ridge 0040
>> address: South Africa
>> phone: +27 12 807 0590
>> phone: +27 82 601 0496
>> fax-no: +27 12 807 5324
>> org: org-ps1-afrinic
>> mnt-by: POSIX-MNT <https://my.afrinic.net/whois/search?searchtext=%20POSIX-MNT>
>> source: AFRINIC # Filtered
>> organisation: ORG-PS1-AFRINIC
>> org-name: Posix Systems (Pty) Ltd
>> org-type: EU-PI
>> country: ZA
>> address: P.O. Box 73892
>> address: Lynnwood Ridge 0040
>> phone: +27.826010496
>> phone: +27.128070590
>> admin-c: MJE-AFRINIC <https://my.afrinic.net/whois/search?searchtext=MJE-AFRINIC>
>> admin-c: AEP-AFRINIC <https://my.afrinic.net/whois/search?searchtext=AEP-AFRINIC>
>> tech-c: MJE-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20MJE-AFRINIC>
>> tech-c: AEP-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20AEP-AFRINIC>
>> mnt-ref: AFRINIC-HM-MNT
>> mnt-ref: POSIX-MNT
>> mnt-by: AFRINIC-HM-MNT
>> source: AFRINIC # Filtered
>> person: Mark Elkins
>> nic-hdl: MJE-AFRINIC
>> address: Posix Systems (Pty) Ltd
>> address: P O Box 73892
>> address: Gauteng
>> address: Lynnwood Ridge 0040
>> address: South Africa
>> phone: +27 12 807 0590
>> phone: +27 82 601 0496
>> fax-no: +27 12 807 5324
>> org: org-ps1-afrinic
>> mnt-by: POSIX-MNT <https://my.afrinic.net/whois/search?searchtext=%20POSIX-MNT>
>> source: AFRINIC # Filtered
>>
>>
>>
>> person: Mark Elkins
>> nic-hdl: MJE-AFRINIC
>> address: Posix Systems (Pty) Ltd
>> address: P O Box 73892
>> address: Gauteng
>> address: Lynnwood Ridge 0040
>> address: South Africa
>> phone: +27 12 807 0590
>> phone: +27 82 601 0496
>> fax-no: +27 12 807 5324
>> org: org-ps1-afrinic
>> mnt-by: POSIX-MNT <https://my.afrinic.net/whois/search?searchtext=%20POSIX-MNT>
>> source: AFRINIC # Filtered
>> organisation: ORG-PS1-AFRINIC
>> org-name: Posix Systems (Pty) Ltd
>> org-type: EU-PI
>> country: ZA
>> address: P.O. Box 73892
>> address: Lynnwood Ridge 0040
>> phone: +27.826010496
>> phone: +27.128070590
>> admin-c: MJE-AFRINIC <https://my.afrinic.net/whois/search?searchtext=MJE-AFRINIC>
>> admin-c: AEP-AFRINIC <https://my.afrinic.net/whois/search?searchtext=AEP-AFRINIC>
>> tech-c: MJE-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20MJE-AFRINIC>
>> tech-c: AEP-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20AEP-AFRINIC>
>> mnt-ref: AFRINIC-HM-MNT
>> mnt-ref: POSIX-MNT
>> mnt-by: AFRINIC-HM-MNT
>> source: AFRINIC # Filtered
>>
>>
>> mntner: POSIX-MNT
>> descr: Posix Mantainer
>> admin-c: MJE-AFRINIC <https://my.afrinic.net/whois/search?searchtext=MJE-AFRINIC>
>> admin-c: AEP-AFRINIC <https://my.afrinic.net/whois/search?searchtext=AEP-AFRINIC>
>> tech-c: MJE-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20MJE-AFRINIC>
>> tech-c: AEP-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20AEP-AFRINIC>
>> auth: MD5-PW $1$aXAEScl7$YRQFpDH6e77GRoi3Idtm50
>> mnt-by: POSIX-MNT <https://my.afrinic.net/whois/search?searchtext=%20POSIX-MNT>
>> source: AFRINIC # Filtered
>> person: Alistair Pritchard
>> address: P O Box 73892
>> address: Lynnwood Ridge
>> address: Gauteng
>> address: 0040
>> address: ZA
>> phone: +27 72 262 6233
>> phone: +27 12 807 0590
>> fax-no: +27 12 807 5324
>> nic-hdl: AEP-AFRINIC
>> mnt-by: POSIX-MNT <https://my.afrinic.net/whois/search?searchtext=%20POSIX-MNT>
>> source: AFRINIC # Filtered
>> person: Mark Elkins
>> nic-hdl: MJE-AFRINIC
>> address: Posix Systems (Pty) Ltd
>> address: P O Box 73892
>> address: Gauteng
>> address: Lynnwood Ridge 0040
>> address: South Africa
>> phone: +27 12 807 0590
>> phone: +27 82 601 0496
>> fax-no: +27 12 807 5324
>> org: org-ps1-afrinic
>> mnt-by: POSIX-MNT <https://my.afrinic.net/whois/search?searchtext=%20POSIX-MNT>
>> source: AFRINIC # Filtered
>>
>>
>> organisation: ORG-GKL1-AFRINIC
>> org-name: Google Kenya Limited
>> org-type: EU-PI
>> country: KE
>> address: ICEA Building, Kenyatta Avenue
>> address: Nairobi
>> phone: +1 650 253 4100
>> phone: +1 650 253 4000
>> admin-c: MA19-AFRINIC <https://my.afrinic.net/whois/search?searchtext=MA19-AFRINIC>
>> tech-c: MA19-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20MA19-AFRINIC>
>> mnt-ref: AFRINIC-HM-MNT
>> mnt-ref: google_kenya
>> mnt-by: AFRINIC-HM-MNT
>> source: AFRINIC # Filtered
>> person: Michael Axelrod
>> nic-hdl: MA19-AFRINIC
>> address: ICEA Building, Kenyatta Avenue
>> address: Nairobi
>> address: Kenya
>> phone: +1 650 253 4100
>> source: AFRINIC # Filtered
>>
>>
>> inetnum: 196.1.4.0 - 196.1.4.255
>> netname: KENIC
>> descr: .KE ccTLD Registry
>> descr: Kenya Network Information Centre (KeNIC)
>> country: KE
>> org: ORG-KNIC1-AFRINIC
>> admin-c: KNIC1-AfriNIC <https://my.afrinic.net/whois/search?searchtext=KNIC1-AfriNIC>
>> admin-c: PMJ1-AFRINIC <https://my.afrinic.net/whois/search?searchtext=PMJ1-AFRINIC>
>> tech-c: KNIC1-AfriNIC <https://my.afrinic.net/whois/search?searchtext=%20KNIC1-AfriNIC>
>> tech-c: PMJ1-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20PMJ1-AFRINIC>
>> status: ASSIGNED PI
>> mnt-by: AFRINIC-HM-MNT <https://my.afrinic.net/whois/search?searchtext=%20AFRINIC-HM-MNT>
>> mnt-lower: KE-NIC <https://my.afrinic.net/whois/search?searchtext=KE-NIC>
>> source: AFRINIC # Filtered
>> parent: 196.0.0.0 - 196.255.255.255
>> inet6num: 2001:43f8:0010::/48
>> netname: KENIC
>> descr: KENIC
>> country: KE
>> org: ORG-KNIC1-AFRINIC
>> admin-c: AM17-AFRINIC <https://my.afrinic.net/whois/search?searchtext=AM17-AFRINIC>
>> tech-c: SE1-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20SE1-AFRINIC>
>> status: ASSIGNED PI
>> mnt-by: AFRINIC-HM-MNT <https://my.afrinic.net/whois/search?searchtext=%20AFRINIC-HM-MNT>
>> mnt-lower: KE-NIC <https://my.afrinic.net/whois/search?searchtext=KE-NIC>
>> source: AFRINIC # Filtered
>> parent: 2001:4200::/23
>> person: Kenya Network Information Centre - KENIC
>> nic-hdl: KNIC1-AFRINIC
>> address: CA Complex Waiyaki Way, Opp Kianda School
>> address: P O Box 1461 - 00606, Nairobi - KE
>> address: Nairobi - KE
>> address: Kenya
>> phone: +254204450058
>> phone: +254733790073
>> mnt-by: AFRINIC-HM-MNT <https://my.afrinic.net/whois/search?searchtext=%20AFRINIC-HM-MNT>
>> source: AFRINIC # Filtered
>> organisation: ORG-KNIC1-AFRINIC
>> org-name: Kenya Network Information Centre (KENIC)
>> org-type: EU-PI
>> country: KE
>> address: Kenya Network Information Centre (KENIC)
>> address: CCK Complex, Waiyaki Way, Opp. Kianda Sch.
>> address: P. O. Box 1461
>> address: Nairobi - Kenya 00606
>> phone: +254204450057
>> phone: +254204450058
>> fax-no: +254204450087
>> admin-c: KNIC1-AFRINIC <https://my.afrinic.net/whois/search?searchtext=KNIC1-AFRINIC>
>> tech-c: KNIC1-AFRINIC <https://my.afrinic.net/whois/search?searchtext=%20KNIC1-AFRINIC>
>> mnt-ref: AFRINIC-HM-MNT
>> mnt-ref: KE-NIC
>> mnt-by: AFRINIC-HM-MNT
>> source: AFRINIC # Filtered
>> person: Administrative Manager
>> address: Waiyaki Way, Opposite Kianda School
>> address: 1461 - 00606
>> address: Nairobi
>> phone: +254 20 4450057
>> nic-hdl: AM17-AFRINIC
>> source: AFRINIC # Filtered
>> person: Kenya Network Information Centre - KENIC
>> nic-hdl: KNIC1-AFRINIC
>> address: CA Complex Waiyaki Way, Opp Kianda School
>> address: P O Box 1461 - 00606, Nairobi - KE
>> address: Nairobi - KE
>> address: Kenya
>> phone: +254204450058
>> phone: +254733790073
>> mnt-by: AFRINIC-HM-MNT <https://my.afrinic.net/whois/search?searchtext=%20AFRINIC-HM-MNT>
>> source: AFRINIC # Filtered
>> person: Paul Museeh John
>> nic-hdl: PMJ1-AFRINIC
>> address: Technical Manager
>> address: KENIC
>> address: Nairobi
>> address: Kenya
>> phone: +254725035201
>> phone: +254 20 4450058
>> source: AFRINIC # Filtered
>> person: Systems Engineer
>> address: Waiyaki Way, Opposite Kianda School
>> address: 1461 - 00606
>> address: Nairobi
>> phone: +254 204450057
>> nic-hdl: SE1-AFRINIC
>> source: AFRINIC # Filtered
>>
>>
>>
>>
>>> On Jul 27, 2017, at 4:14 PM, Michele Neylon - Blacknight <michele at blacknight.com <mailto:michele at blacknight.com>> wrote:
>>>
>>> Kris
>>>
>>> I’m sorry, but I still don’t see what you are driving at.
>>>
>>> RIRs collect information from LIRs. (My company is an LIR)
>>>
>>> LIRs in turn add some information to some records under certain circumstances.
>>>
>>> IP addresses and domains are not the same.
>>> The data that’s collected and how it is collected, managed and published is completely different.
>>>
>>> As I previously said, if you can provide concrete examples of why this is germane it would be helpful but so far you haven’t.
>>>
>>> Regards
>>>
>>> Michele
>>>
>>> --
>>> Mr Michele Neylon
>>> Blacknight Solutions
>>> Hosting, Colocation & Domains
>>> https://www.blacknight.com/ <https://www.blacknight.com/>
>>> http://blacknight.blog/ <http://blacknight.blog/>
>>> Intl. +353 (0) 59 9183072
>>> Direct Dial: +353 (0)59 9183090
>>> Personal blog: https://michele.blog/ <https://michele.blog/>
>>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
>>> -------------------------------
>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>>
>>> From: Kris Seeburn <seeburn.k at gmail.com <mailto:seeburn.k at gmail.com>>
>>> Date: Wednesday 26 July 2017 at 21:02
>>> To: Michele Neylon <michele at blacknight.com <mailto:michele at blacknight.com>>
>>> Cc: Richard Leaning <rleaning at ripe.net <mailto:rleaning at ripe.net>>, "gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>> Subject: Re: [gnso-rds-pdp-wg] Review Tool for Responses from ccTLD Registry Operators' to Questions on Privacy, Data Protection and the GDPR
>>>
>>> Actually if you look at the policy documents it does not say that you need to provide such and such. But all rir have actually come down to showing the objects and name address contacts just like the Whois. In fact in RIRs you type name of person or company you can have all the details and allocations etc.,
>>>
>>> That has been internal I would say just try a Whois in any rir and type in and selects most fields and see what you get. These can also be abused as well as The Whois as a domain name.
>>>
>>> Kris
>>>
>>>
>>> On 26 Jul 2017, at 18:41, Michele Neylon - Blacknight <michele at blacknight.com <mailto:michele at blacknight.com>> wrote:
>>>
>>>> Kris
>>>>
>>>> I don’t understand your rationale here at all.
>>>>
>>>> The data, who it is collected from, how it is managed etc., by RIPE is completely different to how data is handled for domain name registrations.
>>>>
>>>> Can you please explain, with specific examples, why you feel this is germane?
>>>>
>>>> Regards
>>>>
>>>> Michele
>>>>
>>>> --
>>>> Mr Michele Neylon
>>>> Blacknight Solutions
>>>> Hosting, Colocation & Domains
>>>> https://www.blacknight.com/ <https://www.blacknight.com/>
>>>> http://blacknight.blog/ <http://blacknight.blog/>
>>>> Intl. +353 (0) 59 9183072
>>>> Direct Dial: +353 (0)59 9183090
>>>> Personal blog: https://michele.blog/ <https://michele.blog/>
>>>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
>>>> -------------------------------
>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
>>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>>>
>>>> From: <gnso-rds-pdp-wg-bounces at icann.org <mailto:gnso-rds-pdp-wg-bounces at icann.org>> on behalf of Kris Seeburn <seeburn.k at gmail.com <mailto:seeburn.k at gmail.com>>
>>>> Date: Wednesday 26 July 2017 at 15:31
>>>> To: Richard Leaning <rleaning at ripe.net <mailto:rleaning at ripe.net>>
>>>> Cc: "gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>" <gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>>
>>>> Subject: Re: [gnso-rds-pdp-wg] Review Tool for Responses from ccTLD Registry Operators' to Questions on Privacy, Data Protection and the GDPR
>>>>
>>>> Hi dick
>>>>
>>>> I personally feel we need to get some feedback from nro/aso because whilst we are visiting the fields some of the same are used on the iana with the rir. Since you are from ripe you would know how much info is collected and discussed displayed and how much of the are inaccurate and how much of these are also affecting the work we are doing on the group. I think we need to investigate this line as well to avoid duplication process.
>>>>
>>>> It's food for thought but I think it's worth looking at. Perhaps between those who are part of rir we could look at what we do and bring our bits here as a review. Else I would push it to nro/aso.
>>>>
>>>> I personally feel when w
Kris Seeburn
seeburn.k at gmail.com
www.linkedin.com/in/kseeburn/ <http://www.linkedin.com/in/kseeburn/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170730/ee362cc9/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list