[gnso-rds-pdp-wg] CIRCL - Luxembourg CERT Statement on WHOIS
John Bambenek
jcb at bambenekconsulting.com
Sat Apr 14 16:52:31 UTC 2018
If adherence to the following were more practiced, I humbly suggest things would be a lot less contentious.
https://www.icann.org/resources/pages/expected-standards-2016-06-28-en
--
John Bambenek
> On Apr 14, 2018, at 11:25, "benny at nordreg.se" <benny at nordreg.se> wrote:
>
> Seriously John can’t you make a single answer here without these harsh comments?
>
> Keep to the subject please.
>
> Blame autocorrect for any strange answers
>
>> On 14 Apr 2018, at 18:03, John Bambenek via gnso-rds-pdp-wg <gnso-rds-pdp-wg at icann.org> wrote:
>>
>> Answers inline.
>>
>> --
>> John Bambenek
>>
>>> On Apr 14, 2018, at 10:28, Rubens Kuhl <rubensk at nic.br> wrote:
>>>
>>>
>>>
>>>> On 14 Apr 2018, at 11:42, Paul Keating <paul at law.es> wrote:
>>>>
>>>> To me this is abundantly clear:
>>>>
>>>> constitutes a legitimate interest of the data controller concerned.
>>>>
>>>>
>>>> The issue is then one of ensuring that access is limited to those falling
>>>> within the description in the Recital AND ensuring that the users are
>>>> informed and retain such rights relative to the data as the GDPR would
>>>> otherwise require.
>>>>
>>>> Insofar as what data is "strictly necessary and proportionate for the
>>>> purposes of ensuring network
>>>> and information security,幹, that certainly includes the following:
>>>>
>>>> Name (or other means of permitting attribution and identification)
>>>
>>>> Email (same)
>>>
>>> Other means of attribution and identification is key here: only an unique transformation of that info is required, not the actual info
>>
>> Wrong.
>>>
>>>> IP address
>>>
>>> If you are mentioning the IP address use to create the domain, I don't see that in any RDS system today. I suggest that at first we try using what is already published, and only bringing new data elements later on.
>>
>> Well A records but that is not in scope here.
>>>
>>>> Creation date (statistics show that domains are weaponized very shortly
>>>> after registraiton. However, once the bad actors are aware of this they
>>>> will pivot to using stale domains they have long ago registered)
>>>
>>> I believe that was supposed to still be part of public WHOIS.
>>>
>>
>> Ok
>>
>>>> History (this is important so as to track domain abuse both in terms of
>>>> highjacking and to verify ownership t rails relative to attribution and
>>>> identification)
>>>
>>> I also don't see that in any RDS system today as well. But anyways, name server history - which is public - is probably good to do the same thing without PII.
>>
>> Which is why industry has created systems to do this. Very systems that people on this list and loudly and consistently have stated need to be bankrupted.
>>
>>>
>>>
>>> Rubens
>>>
>>> _______________________________________________
>>> gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180414/5e39ab86/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list