[gnso-rds-pdp-wg] Recordings, Attendance & AC Chat from Next-Gen RDS PDP Working Group call on Tuesday, 02 May 2017
Michelle DeSmyter
michelle.desmyter at icann.org
Tue May 2 20:22:39 UTC 2017
Dear All,
Please find the attendance of the call attached to this email and the MP3 recording below for the Next-Gen RDS PDP Working group call held on Tuesday, 02 May 2017 at 16:00 UTC.
Adobe Connect Recording: https://participate.icann.org/p3xsdrhcxnt/
MP3: https://audio.icann.org/gnso/gnso-nextgen-rds-pdp-02may17-en.mp3
<http://audio.icann.org/gnso/gnso-nextgen-rds-pdp-06dec16-en.mp3>
The recordings and transcriptions of the calls are posted on the GNSO Master Calendar page:
http://gnso.icann.org/en/group-activities/calendar<http://gnso.icann.org/en/group-activities/calendar#nov>
** Please let me know if your name has been left off the list **
Mailing list archives:http://mm.icann.org/pipermail/gnso-rds-pdp-wg/
Wiki page: https://community.icann.org/x/EMPRAw
Thank you.
Kind regards,
Michelle DeSmyter
———————————————
AC Chat Next-Gen RDS PDP WG Tuesday, 02 May 2017
Michelle DeSmyter:Dear all, welcome to the GNSO Next-Gen RDS PDP Working Group call on Tuesday 02 May 2017 at 16:00 UTC.
Michelle DeSmyter:Meeting agenda page: https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_x_EMPRAw&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=EyGW2KvEXvf4m4TPbcNuqBHZdTkKnIhAwBg42IXE_JQ&e=
Chris Pelling:Afternoon all
Chuck Gomes:Hello
Alex Deacon:Hello...
Nathalie Coupet:Hello
Jeremy Kennelly:Audio online yet, or an issue I need to tinker with on my side? First time using Adobe Connect so not sure if its prone to issues.
Scott Hollenbeck (Verisign):AC audio is online
Michelle DeSmyter:I will send you a private chat Jeremy
Jeremy Kennelly:I got it going
Jeremy Kennelly:My ignorance of the interface
Jim Galvin (Afilias):Apologies but I must leave the meeting just before the top of the next hour.
Maxim Alzoba (FAITID):Hello All
Vicky Sheckler:thx for the rules - I believe this will help us stay engaged, better contribute, and for the WG to make progress. thx again.
Andrew Sullivan:The "repeition" problem is hard to solve when respondents don't actually address the point of the previous argument, I will note.
Michael Hammer:Trimming quoted messages to only what is necessary would help as well.
Andrew Sullivan:yes
Andrew Sullivan:The gradual elimination of formerly-useful functionality from mail clients (I'm looking at you, Apple) is also a problem :)
Lisa Phifer:Note: GNSO WG Guidelines: https://urldefense.proofpoint.com/v2/url?u=https-3A__gnso.icann.org_en_council_annex-2D1-2Dgnso-2Dwg-2Dguidelines-2D08apr11-2Den.pdf&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=GRBPDILaYbpIjtwfMwu9OAvjW_iHWK-qhLYxH1HVSSM&e=
Lisa Phifer:Expected Standards of Behavior: https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_pages_expected-2Dstandards-2D2016-2D06-2D28-2Den&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=gTK4O6j-M9-Y37i3G974rc-eAr0DrjKbv8nXl9CLnb0&e=
Amr Elsadr:This list of rules is meant to complement the GNSO WG Guidelines and ICANN Expected Standards of Behaviour.
Lisa Phifer:Handout slides displayed now can be found at: https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_download_attachments_64078608_Charter-2520Question-25205-2520-2D-2520Handout-2520-2D-2520For2MayCall.pdf&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=dSjB870jOmikUgwFFprZr5Zl2abdZ795vqbvK8KeFrU&e=
Daniel K. Nanghaka:Personnally I would love to have a webinar
Lisa Phifer:In addition to a new call or webinar, there's an RDS beginner's webinar from 2016 here: https://urldefense.proofpoint.com/v2/url?u=https-3A__icann.adobeconnect.com_p10x6r7jvg6_&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=05qLOQxESwOO3BuTlvwa7YfG8iS9O9NAv0jYjUOuQgY&e=
Lisa Phifer:It was one of this WG's first calls.
Maxim Alzoba (FAITID):do we belive that THIN data survives the results of this PDP? (which one is faster?)
Andrew Sullivan:Thin data is just a group name for a set of data fields
Andrew Sullivan:so it seems unlikely it will disappear
Lisa Phifer:Slightly zoom out and you'll see page numbers
Chuck Gomes:See slide 3
Lisa Phifer:page 3 illustrates access to the minimum public data set
Kal Feher:I think Maxim was wondering if the fields would still be relevant after this PDP. I suspect most of the fields will. but some will disappear as part of newer delivery mechanisms (whois server for example). noting that the delivery mechanism is not under discussion right now of course.
Lisa Phifer:page 4 illustrates access to gated data, which depends on several kinds of access controls
Lisa Phifer:Data elements to be accessible depend on authentication, purpose, and policy that defines what data is authorized for each purpose
Michael Hammer:Are the Terms of Service set by ICANN or by the Registry or Registrar?
Lisa Phifer:ToS is set by RDS consensus policy and implementation of that policy
Andrew Sullivan:I will note that RDAP does not currently have a mechanism for the client to specify the purpose for a given data element. But you could do this with access control lists to the login of the client.
Scott Hollenbeck (Verisign):@Andrew: there's an RDAp extension in the works that includes the ability to specify a query purpose.
Alex Deacon:@andrew but RDAP can (maybe does) leverage an authentication and authorization protocol that could convey that info...
Stephanie Perrin:We do need purpose specification so that is a great feature to add.
Andrew Sullivan:@Scott: Cool. Is there an I-D I've missed? @Alex: yes, exactly.
Lisa Phifer:When we get to slide 5, we will explain the levels of access controls that the EWG Report covered
Scott Hollenbeck (Verisign):@Andrew: draft-hollenbeck-regext-rdap-openid
Scott Hollenbeck (Verisign):Builds on openID COnnect and OAuth
Andrew Sullivan:So I see. Yeah, basically this is what I meant as well; I'd recalled this approach. I thought the diagram was suggesting basically that the client make promises about purpose, but this is really tied to the auth&auth. Anyway, functionally the same
Andrew Sullivan:I'm just getting sensitive to the WG specifying technical details, given the conversation we just had about the data source vs. the data itself.
Sam Lanfranco:Sorry I am late. Bit of rain and field flooding from Lake Ontario
Paul Keating:Sorry byut what is "Applicable LAW"?
Stephanie Perrin:Data protection law, or other relevant sectoral law, that protects confidential data
Paul Keating:can yoiu please provide an explanation of "HHIGH RISK DATA"?
Chuck Gomes:Applicable law would vary by jurisdiction that applies for any given transaction.
Paul Keating:based on what? Where the registrant is located, the registrar, the data provider, the user?
Michael Hammer:Who would set the standards for rate limiting? ICANN?
Chuck Gomes:There is not one simple rule because laws are written differently.
Chris Pelling:Michael - its down to the registrar
Paul Keating:thanks Chuck
Andrew Sullivan:The rate limits to date have been set by the whois operator
Michael Hammer:So if a registrar set rate limiting at one query per hour, folks in this group believe this is acceptable?
Stephanie Perrin:Data protection rights usually go with the individual concerned and where they reside. Ditto with Consumer protection law, although some consumer protection laws apply to all businesses doing business in a juridiction,. Telecom law and communications law more generally may also have provisions related to customer data and in particular directories
Maxim Alzoba (FAITID):the worst part about applicable law - is that it might depend on parties (whose data stored, who stores it, where it is stored, who wants access e.t.c. , who registry is , who registrar is e.t.c.)
Chris Pelling:nothing to do with this group Michael, its the working process of the registrar
Andrew Sullivan:IMO it would be valuable to the Internet if we required certain anonymous fields have very high rate limits (i.e. mostly not) in an effort to help automatic anti-abuse efforts
Chris Pelling:* or registry
Andrew Sullivan:that's part of the benefit of taking all the PII out of every whois response
Stephanie Perrin:@ Maxim Which is why a high level of protection guaranteed by binding corporate rules is in my view the most sensible approach.
Stephanie Perrin:and I agree with Andrew
Maxim Alzoba (FAITID):@Stephanie local was has more power than internal regulation (which required only when the local law demands something to be regulated by legal bodies/not against such regulation)
Chris Pelling:Shame Neil nor Alliison is on this call - would have been useful for them
Maxim Alzoba (FAITID):do we understand who grants LEAs rights for access ?
Lisa Phifer:First video FAQ on public access is https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DDKSR1kJtO0U-26feature-3Dyoutu.be&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=pr3HuLkNZM-QF_Dx9XK7SSoGlCCbLKT70424MIC-Bzc&e=
Lisa Phifer:Second video FAQ on gated access by Rod is https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3Dc0JVTBBz3HE-26feature-3Dyoutu.be&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=OY5ZT10_8dOy6MYgEbDbqs_MYqaOS1EhLmrkuiNpmtY&e=
Lisa Phifer:All video FAQs are posted here: https://urldefense.proofpoint.com/v2/url?u=https-3A__community.icann.org_display_EWG_EWG-2BMultimedia-2BFAQs&d=DwICaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=8_WhWIPqsLT6TmF1Zmyci866vcPSFO4VShFqESGe_5iHWGlBLwwwehFBfjrsjWv9&m=fYZwpjqmby8W2BJzrUDSm_DSZ7r05TheTxvT0ZM6jSk&s=wQiTpoI59o1Hykhvwp9JKZ7PVP2x1ENYpsyLz6CGr54&e=
Michael Hammer:A comment, not a criticism - 32 views since October 29, 2014 for "What would I need to do to access gated RDS data?"
Lisa Phifer:@MH, agreed, that is why we're trying to make WG members more aware of them
Stephanie Perrin:While I did not agree with lots of things, it was very solid work taken as a whole, and I endorse it, You may depend on me to raise objections and point out things that were (IMHO) not satisfactory as they arise......(in case you were in any doubt about that.....:-))
Maxim Alzoba (FAITID):also LEAs have tendency not to like to be monitored ... even with gated access
Rod Rasmussen:@Michael - Apparently I'm don't have quite the "star power" I was hoping I did!
Michael Hammer:Rod, you will always be a star in my book.
Lisa Phifer:entirely public = anyone, for any reason, without requiring authentication, authorization of any type
Paul Keating:pls restate the question with the correction
Stephanie Perrin:It is worthwhile reviewing the EWG public data set in light of recent detailed advice received from the DPAs.
Stephanie Perrin:The GDPR was not agreed at the time the EWG did its work
Stephanie Perrin:Furthermore, additional important cases have been decided since then
Stephanie Perrin:(Court cases, I meant)
Paul Keating:@chcuck, is there a need for a permissible purpose"?
Lisa Phifer:If this WG decides authenitication is required even for public data, that's some kind of access control, which takes us to quesiton 5.2 to debate the levels of access control
Jim Galvin (Afilias):my apologies but I must leave this call early at this time. thanks to chuck and all.
Andrew Sullivan:formally, of course, current whois access isn't strictly anonymous in that you could find out the source IP address
Chris Pelling:+1 Andrew
Chris Pelling:and you can rate limit based on source address too
Andrew Sullivan:one could do it via Tor, however, and thereby effectively anonymize
Andrew Sullivan:but I think we are making this harder than we need to
Stephanie Perrin:At the risk of breaking the no repeitition rule, there is a difference between personal information and personally identifiable information
Kal Feher:there are implications for rate limiting if we allow anonymous access. you can obviously use blunt controls for rate limiting. if you only use rate limiting as a way of protecting resources, then that is fine. if we decide that it is important to restrict mass consumption of data, then anonymous access is sort of required.
Lisa Phifer:Note that data elements requiring gated access whas not defined purely because they were PII - in the EWG Report, purposes were defined as permissible, then data elements were defined for each of those purposes, then criteria were used to categorize some elements as publisc and some s gateed
Lisa Phifer:PII mostly ended up being gated, but that wasn't the only criteria applied
Rod Rasmussen:DDoS protection (for example) requires some sort of rate limiting regardless of authentication or not. There's a certain level of infrastructure that you have to assume for any Internet-facing service, so you need to make sure that you don't create policies that conflict with that.
Lisa Phifer:How about "Should access to gTLD registration "thin data" be controlled in any way?" as alt wording
Maxim Alzoba (FAITID):could it moved to a poll?
Andrew Sullivan:Right, that's the concern I had too
Andrew Sullivan:What Chuck just said about Jim's suggestion is right
Chris Pelling:+1 Rod regarding DDoS and rate limiting
Michael Hammer:+1 Rod.
Kal Feher:@rod, rate limiting for protection of resources doesnt require identification of users. the broader policy issues arise when/if we decide that we don't want mass consumption of data. in those cases identifying the user is required for any effective control
Lisa Phifer:@Maxim, if we arrive at a question, we will poll on it - we need to arrive at the right question that we all understand first
Lisa Phifer:There are multiple concepts embodied in that recommendation: splitting data elements into the min public data set and gated data, and the access controls applied to each of those subsets of data
Andrew Sullivan:I doubt people on the Internet really do understand what "anonymous access" is, given the data we all cheerfully spew as we surf around.
Kal Feher:maybe we rephrase this as data for purposeless queries? only partly joking.
Michael Hammer:At the risk of offending some, given the number of compromised accounts (and hosts) on the internet, anyone who wants anonymous access can have it.
Greg Shatan:For those who don
Lisa Phifer:To reflect the EWG report, we could ask (1) should all data elements remain public? (2) should access be controlled to public data elements? (3) should access be controlled to non-public data elements?
Andrew Sullivan:@Michael: I think we call that pseudonymous, usually
Scott Hollenbeck (Verisign):I don't think "anonymous" is the right way to describe the type of access wer'e debating. "Unauthenticated" might be a better term.
Lisa Phifer:Where all of those questions must be associated with rationale and further deliberation
Andrew Sullivan:@Scott: I like that
Rod Rasmussen:@Kal, digging in on you point a bit (which I agree with) you may not have to absolutely identify a "user" or "abuser" absolutely, but depending on the nature of an attack against a resource, you need to identify a source of an attack, be that a single or spread set of IP addresses, or perhaps a technique (type of query). So "how" vs. "who" I guess to put a point to it.
Paul Keating:You CANNOT answer this question as "yes" or "no"
Greg Shatan:For those who don't want to use compromised accounts or other forms of self-help for anonymity, the issue should be dealt with in the policy. And the issue of authentication may need to be dealt with to minimize use of compromised account.
Rod Rasmussen:@Scott +1
Lisa Phifer:If we answer this question 1) should all data elements remain public? with "no" then we have to identify the data elements that s/b public and those that s/n/b public
Greg Shatan:+1 Paul. This is kind of like asking do you eat meat or are you a vegetarian?
Michael Hammer:I agree with you Greg. Just pointing out that some people don't play by whatever rules are come up with.
Maxim Alzoba (FAITID):@Marika my question related to the next meeting 9th may - it overlaps with GDD Summit in Madrid.
Greg Shatan:Agree, Mike. That's a big part of why we're here in the first place....
Lisa Phifer:The reason the EWG did not recommend that access to the min public data set be unauthenticated is that we wanted to allow for authentication, even for public data, to improve accountability
Kal Feher:@rod. I agree. I was trying to separate the need for identifying for technical purposes as Paul was saying vs the need for identifying for some other broader policy. <- which may arise later in this PDP
Andrew Sullivan:There is no such thing as "completely anonymous" on the Internet
Marika Konings:@Maxim- apologies, but what is the question? Whether there is a meeting next week? As far as I know, the meeting next week will continue as scheduled.
Stephanie Perrin:+1 Lisa
Scott Hollenbeck (Verisign):There is no complete anonymity here for the querying client.
Stephanie Perrin:There are privacy concerns in that data set
Scott Hollenbeck (Verisign):Andrew and I are not sitting next to each other ... :)
Andrew Sullivan:@Stephanie: what is the privacy concern in this data set?
Lisa Phifer:Again - we could ask (1) should all data elements remain public? (2) should access be controlled to public data elements? (3) should access be controlled to non-public data elements?
Vicky Sheckler:i don't believe there are any rational privacy concerns with the thin data elements
Kal Feher:perhaps we separate this into two points: 1.what data doesnt need a purpose or justification to access? 2. how should we allow users to access that?
Stephanie Perrin:I like option 2, because I did not think we had agreed on the data elements that should be public as yet.
Lisa Phifer:@Alan, public = entirely without restriction? That is not quite true for WHOIS today
Andrew Sullivan:as I argued on the list, every part of this data set is needed either in support of basic Internet operation or in service of the operation of the service itself
Andrew Sullivan:and note that I picked a domain that I control so that I assure you all I do not have a privacy concern here :)
Maxim Alzoba (FAITID):@Marika the question is - I think that many of the current participants are not going to be able to attend the meeting (at least I am not sure that I will be able to do so)
Maxim Alzoba (FAITID):@Marika, could we ask participants - if they are able to participate on 9th (by the end of this session)?
Marika Konings:Sure, I'll aim to alert Chuck so it can be covered as part of item 6
Maxim Alzoba (FAITID):thanks
Lisa Phifer:Possible wording: Should "thin data" be accessible wIthout regard to identity of inquirer or purpose of inquiry?
Andrew Sullivan:I can live with that
Stephanie Perrin:Privacy concerns are intrinsically personal, so it is difficult to ascribe the terms "rational" or "Irrantional" to them. We could agree that the data is not sensitive atthough personal, and that there is a public interest in disclosure, but my point is that if the data is generated as a product of setting up my account, it is my personal information.
Alan Greenberg:Excluding tecchnical limitations?
Alex Deacon:"for the avoidance of doubt".....
Andrew Sullivan:@Stephanie: it's not "your account", it's "your domain name" that is involved here
Maxim Alzoba (FAITID):is needs to be in writing to properly assess that
Lisa Phifer:Red X is you disagree: "Thin data" should be accessible wIthout regard to identity of inquirer or purpose of inquiry?
Amr Elsadr:Suggested rewording: Should access to gTLD "thin data" be permissable without regard to the identity of the enquirerer or the purpose of the enquiry?
Andrew Sullivan:friendly amendment then: "except as necessary for normal Internet service operation" to permit rate limiting and so on
Stephanie Perrin:Expiration data surely is generated by my choices, how long I have paid for the service, etc
Maxim Alzoba (FAITID):the wording looks fine
Vicky Sheckler:stephanie - that is not at all consistent with my understanding of privacy laws and principles.
Michael Hammer:Wording looks fine to me.
Andrew Sullivan:Expiration date is determined by the time at which the domain will expire from the registry
Andrew Sullivan:it may or may not be related to how long you paid for it. In fact, registry expiration dates and registar expiration dates are not always the same
Andrew Sullivan:you pay your registrar
Paul Keating:ok
Lisa Phifer:Alternative proposal: Thin data" should be accessible wIthout requiring an inquirer to identify themselves or state their purpose
Michael Hammer:Free as in freedom, not free as in beer.
Maxim Alzoba (FAITID):@Andrew, and registrar should not deplete it's ability to pay too
Lisa Phifer:Alternative proposal: Thin data" should be accessible wIthout requiring an inquirer to identify themselves or state their purpose
Alex Deacon:free beer may help our debate - I would be happy to brew a batch or 3 for the cause :)
Paul Keating:Should access to gTLD "thin data" be permissable without regard to the identity of the enquirerer or the purpose of the enquiry?
Michael Hammer:I prefer acceptable to permissable.
Maxim Alzoba (FAITID):enquirerer does not refer to robots / scripts on servers
Michael Hammer:accessible
Paul Keating:thanks Lisa!
Daniel K. Nanghaka:@Stephanie, I agree the data is your personal information, personal information can be sensitive when it violates your privacy
Lisa Phifer:Alternative proposal: Thin data" should be accessible wIthout requiring an inquirer to identify themselves or state their purpose
Vicky Sheckler:@alex - yea!
Maxim Alzoba (FAITID):and given the attempts to implement RDAP and other machine readable things ... some of users are going to be non-human
Sam Lanfranco:Oh Boy, my position from the start!
Maxim Alzoba (FAITID):so I think it is better to have a reading describing the process and not the person behind it
Kal Feher:the wording implicitly allows a consumer to harvest as much thin RDS data as possible. I have no concerns with this, just pointing it out.
Scott Hollenbeck (Verisign):I like Lisa's better.
Alan Greenberg:his/her/its identity??
Maxim Alzoba (FAITID):I am not sure we see standard for non-human identification any soon :)
Stephanie Perrin:So if we put a red x on this, it could be over the data elements included in thin data, or the bulk access possibiility, or the unauthenticated access possibility.
Lisa Phifer:Put Red X is you disagree: Thin data" should be accessible wIthout requiring an inquirer to identify themselves or state their purpose
Vicky Sheckler:which elements do you think should not be freely accessible?
Vicky Sheckler:any why?
Maxim Alzoba (FAITID):Do we know any reason for other parties than Registrar, Registry and Registrant to see expiry date?
Andrew Sullivan:@Stephanie: the expiration date will help a spammer not at all in the event the spammer doesn't have your email address
Andrew Sullivan:which this data does not contain
Andrew Sullivan:moreover, the reason to avoid authentication is not merely to "hide"
Maxim Alzoba (FAITID):it lowers load on EPP servers, though
Vicky Sheckler:agree w/ chuck we have strong rough consensus,
Chris Pelling:expiration data does help a spammer actually
Andrew Sullivan:It does not help the spammer put the mail in your inbox
Chris Pelling:as some MTAs check expiry data to see if the domain is still live
Vicky Sheckler:agree with Andrew
Maxim Alzoba (FAITID):but without it load on RDDS servers is going to be higher
Andrew Sullivan:@Chris: but that's the other point
Andrew Sullivan:which is that this data is _also_ useful for anti-abuse purposes
Andrew Sullivan:which means that my MTA can also check the RDS to see whether the name is live (or reasonably old, when accepting mail)
Vicky Sheckler:exactly, the likelihood of use for abuse is outweighed by utility in having that data public
Vicky Sheckler:for the reasons Andrew & Maxim have described, among others
Lisa Phifer:Note: We are drifting into deliberation on thin data elements again. We may need to make an assumption about what thin data elements are to just try to answer this question, then go back to individual data elements
Andrew Sullivan:adding authentication to that for a large mail server would make the system less useful
Stephanie Perrin:Anti-spam folks surely are going to need access to deeper data, (gated) and I would certainly like to understand why each data element needs to be public and does no harm
Paul Keating:Thank you Chuck. Great meeting and thoauk you all good night
Maxim Alzoba (FAITID):could we return to question 6?
Andrew Sullivan:I just gave you reasons why for expiration date. Are there any others?
Andrew Sullivan:see also my mail about why these are each important
Maxim Alzoba (FAITID):meeting on 9th? (hopefully not)
Andrew Sullivan:that's why I sent that message
Kal Feher:will we circulate the ccTLD questions via the ccNSO?
Vicky Sheckler:@stephanie - unless the data is clearly personally identifiable information, the question is why should it be private / gated, not the other way around
Paul Keating:Susan, please include all cctlds and not some - we dont want a problem cropping up by sonemone stating that they were not consluted.
Marika Konings:Maxim, it looks like the agenda for the GDD summit finishes at 17.00 local time while the call would start at 18.00 local time - maybe a room or quiet corner could be found where WG members could take the call jointly?
Susan Kawaguchi:@ Kal we intend to send directly to the list of cctld registry we are developing
Susan Kawaguchi:@ Paul we will take that into consideratoin
Maxim Alzoba (FAITID):+1 @Paul
Vicky Sheckler:thanks leadership team and staff!
Chris Pelling:Have fun all
Fabricio Vayra:Thanks, All
Maxim Alzoba (FAITID):bye all
Andrew Sullivan:bye!
Juan Manuel Rojas:Thanks to all.
Nathalie Coupet:Bye
Alex Deacon:bye.
Daniel K. Nanghaka:bye
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170502/4be21a86/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Attendance RDS PDP 02 May 2017 Sheet1.pdf
Type: application/pdf
Size: 24436 bytes
Desc: Attendance RDS PDP 02 May 2017 Sheet1.pdf
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170502/4be21a86/AttendanceRDSPDP02May2017Sheet1-0001.pdf>
More information about the gnso-rds-pdp-wg
mailing list