[gnso-rds-pdp-wg] ICANN Blog re Session with European DPAs
theo geurts
gtheo at xs4all.nl
Sat Mar 31 20:20:14 UTC 2018
Really?
Shame on you all. SHAME!
Theo
On 31-3-2018 22:08, allison nixon wrote:
> Sorry for being late to the party, but- registrars dominate these
> icann working groups and they dominated this working group too before
> the rest of us showed up. The fact that ICANN makes its money from
> domain fees collected by registrars is also not even debatable. So
> yes, registrars will be blamed, even if that fact offends you. Even if
> the appearance of regulatory capture is unfair (which i am not the
> judge of and so cannot say), that is the appearance at this point.
>
> Its amusing to see the first comment on his blog is from someone
> claiming that the author is not able to use whois for security
> purposes. The same wrong argument made many times on this list by many
> registrars here. The author of the blog post is the vice president of
> RiskIQ. Maybe he knows a thing or two about using whois for security
> purposes. Just maybe. Hahahahahaha.
>
> If you google search for any other news coverage on this situation,
> most of it is pretty critical about the loss of security we are
> looking forward to, and critical of ICANN's procrastination, and so
> far none are heralding this as any kind of great victory for the tiny
> percentage of registrants who will receive a slightly smaller volume
> of one particular kind of spam. You might not like it, but that's how
> it is. We were warning about this for a year now.
>
>
>
> On Mar 31, 2018 3:06 AM, "benny at nordreg.se <mailto:benny at nordreg.se>"
> <benny at nordreg.se <mailto:benny at nordreg.se>> wrote:
>
> I find it highly offending that registrars are blamed for this
> mess.
> http://www.circleid.com/posts/20180330_icann_cannot_expect_the_dpas_to_re_design_whois/
> <http://www.circleid.com/posts/20180330_icann_cannot_expect_the_dpas_to_re_design_whois/>
> It’s a bit late to come up with solutions for something which have
> been known to happen for nearly two years, especially from a part
> of the industry who have work hard to stop any changes.
>
> I as one of many requested you and others to come up with
> solutions which would work for all but all forces was used to
> fight that and fight for the status quo.
>
> I fully understand and acknowledge that security need data to work
> with and these suggestions should have been brought to the table
> loooooong time ago.
>
> --
> Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
>
> Benny Samuelsen
> Registry Manager - Domainexpert
>
> Nordreg AB - ICANN accredited registrar
> IANA-ID: 638
> Phone: +46.42197000 <tel:%2B46.42197000>
> Direct: +47.32260201 <tel:%2B47.32260201>
> Mobile: +47.40410200 <tel:%2B47.40410200>
>
> > On 30 Mar 2018, at 18:08, jonathan m
> <jonathan.matkowsky at riskiq.net
> <mailto:jonathan.matkowsky at riskiq.net>> wrote:
> >
> > Hi Chuck—I’d like to get a discussion going if that’s okay with
> you. I’d like to know whether for the public data set, it is
> feasible to have the following solution for the registrant email.
> It’s based in part on both technical implications and policy
> requirements.
> >
> > 1) Registrar required to notify registrants that starting on x
> date, the registrant org field will be relied on for purposes of
> treating the Whois record as an organizational domain rather than
> as belonging to a natural person. Check your record for accuracy
> because it may have implications for your privacy if you do not
> already have or subscribe to proxy or privacy services. A few
> reminders go out. Educate registrants they may want to update to
> “Domain Admin” instead of having their first and last name for
> organizational domains because starting on x date, existing
> organizational records will otherwise obfuscate or mask the local
> part of the registrant email in public Whois
> >
> > 2) For organizational domains, ICANN will prohibit masking the
> organizational domain name in the registrant email address.
> Registrars are free to mask the local part of the registrant email
> address in accordance with applicable law in the public Whois.
> >
> > 3) for natural persons, registrars will be required to use the
> same encrypted hash algorith so there is parity across databases
> even though there is no centralized database to manage the
> encryption. The policy will be enforced by ICANN and subject to
> auditing. They can warn registrants of the associated risks of
> compromise to give them a chance to take added precautions and
> purchase proxy or privacy services.
> >
> > This would be the minimum requirements for modifying public
> Whois registrant email address to avoid damaging the security and
> stability of the unique identifiers and DNS. If the downside of
> doing this is prohibitive, than ICANN should seek guidance in the
> April meeting on whether the public interest in not damaging
> security and stability outweighs the privacy interference of
> having email addresses remain in the phone books given its not a
> particularly strong personal indicator to begin with as privacy
> and proxy services are available to those that mind as long as
> they are notified.
> >
> > This would result in emails in Whois of natural data subjects
> being uniformly hashed so that you can freely see which hash owns
> what, and Whois of organizations being freely listed with any
> local part of such organizational emails being masked if required
> by applible law.
> >
> > I would like to hear a discussion on this from the group this
> week. Not on the legality of it under GDPR as the Article 29
> working group can weigh in but first we need to discuss the
> architectural and policy issues.
> >
> > Thanks
> > Jonathan
> >
> > On Fri, Mar 30, 2018 at 11:27 AM Chuck <consult at cgomes.com
> <mailto:consult at cgomes.com>> wrote:
> > For any of you who have not seen it, the ICANN Blog re the
> Session with European DPAs that occurred yesterday, here is the link:
> >
> >
> >
> >
> https://www.icann.org/news/blog/data-protection-privacy-issues-update-discussion-with-article-29-en
> <https://www.icann.org/news/blog/data-protection-privacy-issues-update-discussion-with-article-29-en>
> >
> >
> >
> > Chuck
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
> > --
> > Jonathan Matkowsky
> >
> > *******************************************************************
> > This message was sent from RiskIQ, and is intended only for the
> designated recipient(s). It may contain confidential or
> proprietary information and may be subject to confidentiality
> protections. If you are not a designated recipient, you may not
> review, copy or distribute this message. If you receive this in
> error, please notify the sender by reply e-mail and delete this
> message. Thank you.
> >
> >
> *******************************************************************_______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> <https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg>
>
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180331/c4c6e436/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list