[gnso-rds-pdp-wg] CIRCL - Luxembourg CERT Statement on WHOIS
benny at nordreg.se
benny at nordreg.se
Sat Apr 14 16:25:20 UTC 2018
Seriously John can’t you make a single answer here without these harsh comments?
Keep to the subject please.
Blame autocorrect for any strange answers
> On 14 Apr 2018, at 18:03, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:
>
> Answers inline.
>
> --
> John Bambenek
>
>> On Apr 14, 2018, at 10:28, Rubens Kuhl <rubensk at nic.br> wrote:
>>
>>
>>
>>> On 14 Apr 2018, at 11:42, Paul Keating <paul at law.es> wrote:
>>>
>>> To me this is abundantly clear:
>>>
>>> constitutes a legitimate interest of the data controller concerned.
>>>
>>>
>>> The issue is then one of ensuring that access is limited to those falling
>>> within the description in the Recital AND ensuring that the users are
>>> informed and retain such rights relative to the data as the GDPR would
>>> otherwise require.
>>>
>>> Insofar as what data is "strictly necessary and proportionate for the
>>> purposes of ensuring network
>>> and information security,幹, that certainly includes the following:
>>>
>>> Name (or other means of permitting attribution and identification)
>>
>>> Email (same)
>>
>> Other means of attribution and identification is key here: only an unique transformation of that info is required, not the actual info
>
> Wrong.
>>
>>> IP address
>>
>> If you are mentioning the IP address use to create the domain, I don't see that in any RDS system today. I suggest that at first we try using what is already published, and only bringing new data elements later on.
>
> Well A records but that is not in scope here.
>>
>>> Creation date (statistics show that domains are weaponized very shortly
>>> after registraiton. However, once the bad actors are aware of this they
>>> will pivot to using stale domains they have long ago registered)
>>
>> I believe that was supposed to still be part of public WHOIS.
>>
>
> Ok
>
>>> History (this is important so as to track domain abuse both in terms of
>>> highjacking and to verify ownership t rails relative to attribution and
>>> identification)
>>
>> I also don't see that in any RDS system today as well. But anyways, name server history - which is public - is probably good to do the same thing without PII.
>
> Which is why industry has created systems to do this. Very systems that people on this list and loudly and consistently have stated need to be bankrupted.
>
>>
>>
>> Rubens
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
More information about the gnso-rds-pdp-wg
mailing list