[gnso-rds-pdp-wg] a suggestion for "purpose in detail"
John Bambenek
jcb at bambenekconsulting.com
Wed Mar 22 03:42:55 UTC 2017
Inline
Sent from my iPhone
> On Mar 21, 2017, at 22:31, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
>
>> On Tue, Mar 21, 2017 at 09:16:45PM -0500, John Bambenek wrote:
>>
>> I guess I am speaking of masking in a broad sense. What do we allow the consumer to mask and on what terms.
>
> Right. I thought that answering that question was part of our job.
I agree. I postulated one possible answer.
>
>> I would disagree on they being separate issues. No matter what
>> technology is created, some things will have to be fully public and
>> some things are subject to debate here.
>
> What to collect and what can be disclosed are obviously _related_
> issues, but they are separable and I think usefully separated here.
> We'll never get anywhere unless we break these things into manageable
> chunks.
>
If we are driving this by regulatory burden of DP authorities the fact that they will be dramatically less concerned if the consumer has a true choice is highly relevant up front.
>> For instance, if we don't make authoritative nameservers fully public without gates, we break the internet. I don't mean that as hyperbole, I mean no internet except for the savants who can us IP addresses for everything.
>>
>
> I don't think anyone has been arguing that nameservers ought to be
> private data, and they clearly need to be collected in order to feed
> the DNS in order to make it work. But that particular example isn't
> really an interesting one, is it? Indeed, as I think my lengthy email
> demonstrated, I find it pretty hard to suggest that any "thin" data is
> private; it all certainly needs to be collected to make the system
> work at all. The same arguments are obviously harder to make for
> people's names and addresses, so there's more to do in that case.
It was an example to prove the point.
>
>>>> To enable third-parties to communicate directly to resolve and troubleshoot problems.
>>>
>>> I suggest that's already there.
>>
>> Not in what I saw in the poll.
>
> We discussed this bit at some length last week, and my sense of the
> room was that everyone agreed that is a purpose.
Not every stakeholder has an unlimited travel budget to hop on a plane for these events. I had a baby last week. We are doing this by email because global consensus cant be solely a function of who is in a room at one specific event.
>
>> But I am not a fair target. I work in investigations and intelligence. So you can send me an email from say citibankcreditcards.com and I'll check the address in whois to compare to a corp registry, or known good domains. I imagine the brand protection investigators could chime in here on their thoughts too.
>>
>
> I think what you're saying is that you use the whois data as one
> piece of input to heuristics that allow you to develop a view about
> the legitimacy of the domain name. I thought your original wording
> was a little too positivist about the value of the data, but if it's
> instead input to some heuristic mechanism I withdraw that objection.
>
>> X.509 certs are more maliciously pointless.
>
> I'm certainly not going to attempt to argue that the PKI has worked as
> intended. But in terms of an ordinary user's ability to do anything
> with information, they're what people really use. (Yes, to their
> peril.)
Fair point. Probably it was an aside to my contempt of the ssl mafia anyway. Let's encrypt is the only honest broker there.
>
>> I'd be interested in why you say that? How isn't the domain registration regime a commons? Does ICANN not contractually require certain behaviors of various parties?
>>
>
> I think that's rather off topic here, but if you want I'll follow up
> off-list.
Please do.
>
> A
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
More information about the gnso-rds-pdp-wg
mailing list