[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)
Andrew Sullivan
ajs at anvilwalrusden.com
Fri Sep 29 18:44:55 UTC 2017
Hi,
On Fri, Sep 29, 2017 at 10:47:53AM -0700, Jeremy Malcolm wrote:
>
> The reputation systems
> that I'm aware of *are* optional to support.
I think this conflates "optional to use" with "optional (for us) to
support."
It is of course optional for any one to use any given reputation
system, or even to use any of them.
But on the publication side, if you have a bad reputation, that will
have negative consequences for the functioning of your name.
Since we are making policy for a system that is used in support of
domain name operation, we need to make that support work for all the
parts of the operations in question. One of the operations in
question is various reputation systems, so I think it is not optional
for us to support that functionality.
> sponsor of) is often asked to refuse to issue certificates for
> particular domains based on reputation, but has decided that that's not
> part of its job.
Right, and other CAs have different rules. The Internet works because
of voluntary interoperation, and ICANN's job is to enable that
voluntary interoperation through its co-ordination activities.
Therefore, it is required for us to support this kind of voluntary
interoperation.
> of Amazon S3 buckets. There's a lot of phishing content stored under
> that domain from time to time, but assigning a bad reputation to the
> registered owner of amazonaws.com would be pointless and cause lots of
> collateral damage.
And yet, I know some mail systems that just won't accept mail from
names beneath amazonaws.com. That's the way the Internet works.
Best regards,
A
--
Andrew Sullivan
ajs at anvilwalrusden.com
More information about the gnso-rds-pdp-wg
mailing list