<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif">I would strongly object to any of those items being characterized as "content." And even if they were "content," that is not a per se exclusion in any way.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">It's more appropriate to characterize them as "use" and more specifically "abuse."</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Many, if not most, threats to security and other forms of abuse involve both the registration of a domain name and the use of that domain name in some fashion. It's clear and critical that we need to allow for elements of use to be included in the purposes for which RDS data is used.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">This work is done now, regularly and successfully, using WHOIS data among other things. We have no mandate to restrict these uses (and as Greg A. notes, we're at a point where discussion of restrictions are premature).</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">As a final note, discussions about whether something is "required" or "difficult" or "impossible" are largely beside the point, and also raise serious concerns. If a particular use of RDS data is excluded because it's not absolutely required in every instance, or because it's "difficult" but not "impossible" to work without it, there are significant costs and consequences that would arise from any such exclusion. Something that is more difficult is more costly, more complex, more time-consuming, more prone to failure, more burdensome and/or more resource-intensive. Difficulty is a deterrent. We have no mandate as a group to make things more difficult for current users of RDS-type data or to deter legitimate activity.</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Greg Shatan</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 22, 2016 at 9:54 AM, Rob Golding <span dir="ltr"><<a href="mailto:rob.golding@astutium.com" target="_blank">rob.golding@astutium.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Safeguard 3: Should Registry Operators undertake periodic security<br>
checks to analyze whether domains in its gTLD are being used for<br>
threats to security, such as pharming, phishing, malware and botnets?<br>
</blockquote>
<br></span>
None of which requires "registration" data ...<br>
<br>
pharming = content<br>
phishing = content<br>
malware = content<br>
botnets = traffic [and are primarily ip based not domain based]<br>
etc<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
Rob</font></span><div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank">https://mm.icann.org/mailman/l<wbr>istinfo/gnso-rds-pdp-wg</a><br>
</div></div></blockquote></div><br></div>