<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.emailquote, li.emailquote, div.emailquote
{mso-style-name:emailquote;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:1.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#993366;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap: break-word;-webkit-nbsp-mode: space;-webkit-line-break: after-white-space">
<div class="WordSection1">
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#993366">Sorry, I was only responding to Theo’s question about unique anonymous identifiers, and noting that we already have them at our disposal.
The topics you’re describing below are part of a different discussion.<o:p></o:p></span></a></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#993366"><o:p> </o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#993366">Scott<o:p></o:p></span></span></p>
<p class="MsoNormal"><span style="mso-bookmark:_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#993366"><o:p> </o:p></span></span></p>
<span style="mso-bookmark:_MailEndCompose"></span>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Paul Keating [mailto:Paul@law.es]
<br>
<b>Sent:</b> Monday, April 24, 2017 11:31 AM<br>
<b>To:</b> Hollenbeck, Scott <shollenbeck@verisign.com>; 'cdoman@alienvault.com' <cdoman@alienvault.com>; 'gnso-rds-pdp-wg@icann.org' <gnso-rds-pdp-wg@icann.org><br>
<b>Subject:</b> [EXTERNAL] Re: [EXT] Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">Scott,<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">I understand the context. However, I am not sure how the RDS gets you any further unless it is coupled with a requirement that all registrations be verified so
that the gated access will result in meaningful information.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">Also, I am not sure to what extent it would aid in the accuracy of the underlying WHOIS data. People who want to keep their information confidential or who would
otherwise provide fake data will certainly find a way of avoiding having to provide the data you are seeking. Nominet recently (3 years ago :-( ) went through this with the .UK requirement of confirmed WHOIS. They wanted to make sure that registrants were
“connected” to the UK and that the WHOIS data was correct. However, it is a simple process to avoid, including the use of agents and/or dropbox locations and the like. Corporate registrant data remains virtually untraceable (just as real estate holdings
do) in terms of the Beneficial Owners. So, while I sympathize with the desire to have accurate WHOIS data I remain at a loss as to how this can be achieved. Asking Registrars to employ complex and costly investigative or confirmation systems would seem to
conflict with the economic model in which registrars receive very little gross margin (let alone profit) from domain registrations.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">And, while I understand the argument about privacy when it comes to registration data I do not share the opinion that it should all be private. Those desiring
to restrict their personal data can easily do so through use of agents and privacy services. That they chose not to do so is not an issue that IMHO the rest of the public really needs to bear the burden for.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">Disclosure: I am a lawyer in the domain space, a director of DomainTools and an active domain investor. I use WHOIS in my daily practice.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">Paul Keating<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:
</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">"Hollenbeck, Scott" <<a href="mailto:shollenbeck@verisign.com">shollenbeck@verisign.com</a>><br>
<b>Date: </b>Monday, April 24, 2017 at 4:54 PM<br>
<b>To: </b>"<a href="mailto:'cdoman@alienvault.com">'cdoman@alienvault.com</a>'" <<a href="mailto:cdoman@alienvault.com">cdoman@alienvault.com</a>>, Paul Keating <<a href="mailto:paul@law.es">paul@law.es</a>>, "<a href="mailto:'gnso-rds-pdp-wg@icann.org">'gnso-rds-pdp-wg@icann.org</a>'"
<<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Subject: </b>RE: [EXT] Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #B5C4DF 4.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-right:0in" id="MAC_OUTLOOK_ATTRIBUTION_BLOCKQUOTE">
<div>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Chris, in the note below I shared an actual example of an existing contact identifier/handle, “C270-LRMS”. It’s an identifier that’s assigned by the registry
when the contact is created, and it’s guaranteed to be unique within the registry namespace. It can be generated in many different ways (hash values are certainly one possible way) as long as the final value conforms to the syntax described in the EPP specifications.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">One thing that makes these identifiers interesting is that they, too, can be searched for in an RDDS. In theory, we could have a system that returned nothing
but these abstract identifiers in responses to domain name queries. One would then have to issue additional queries to see the details behind the handle, and if the system were designed in such a way it would be possible to restrict access to this information
based on whatever policies exist for access to personally identifiable information.</span><span style="color:black"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Scott</span><span style="color:black"><o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"> </span><span style="color:black"><o:p></o:p></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> Chris Doman [<a href="mailto:cdoman@alienvault.com">mailto:cdoman@alienvault.com</a>]
<br>
<b>Sent:</b> Monday, April 24, 2017 9:38 AM<br>
<b>To:</b> Paul Keating <<a href="mailto:Paul@law.es">Paul@law.es</a>>; Hollenbeck, Scott <<a href="mailto:shollenbeck@verisign.com">shollenbeck@verisign.com</a>>;
<a href="mailto:'gnso-rds-pdp-wg@icann.org">'gnso-rds-pdp-wg@icann.org</a>' <<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a>><br>
<b>Subject:</b> [EXTERNAL] Re: [EXT] Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data</span><span style="color:black"><o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
<div>
<div id="x_divtagdefaultwrapper">
<p><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">Can you provide an example of a handle please for my understanding?<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black"> <o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Calibri",sans-serif;color:black">Do you mean for example a hashed user id from a registrar, or an email address?<o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="text-align:center"><span style="color:black">
<hr size="2" width="98%" align="center">
</span></div>
<div id="x_divRplyFwdMsg">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"><a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>
<<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org">gnso-rds-pdp-wg-bounces@icann.org</a>> on behalf of Paul Keating <<a href="mailto:Paul@law.es">Paul@law.es</a>><br>
<b>Sent:</b> 24 April 2017 14:31:21<br>
<b>To:</b> Hollenbeck, Scott; <a href="mailto:'gnso-rds-pdp-wg@icann.org">'gnso-rds-pdp-wg@icann.org</a>'<br>
<b>Subject:</b> [EXT] Re: [gnso-rds-pdp-wg] international law enforcement association resolution regarding domain registration data</span><span style="color:black"><o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="color:black"> <o:p></o:p></span></p>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;color:black">I would like to understand this further and forgive my ignorance. Could<br>
you please explain what you mean by the following:<br>
<br>
We already have "anonymized unique identifiers" in the form of contact<br>
identifiers, sometimes also known as "handles" (but not to be confused<br>
with handle system (RFC 3650) identifiers). For example, a WHOIS query for<br>
a particular domain to one particular thick RDDS registry service will<br>
return a registrant identifier of "C270-LRMS" in addition to the more<br>
identifiable information that we're all familiar with. RDAP also supports<br>
these identifiers, so they are available for purposes as we see fit to<br>
recommend.<br>
<br>
<br>
<br>
Also, although WHOIS information itself is not always helpful, WHOIS<br>
combined with other data (including DNS and historical data) can be<br>
extremely helpful. So, I am not at all certain as to what is intended by<br>
the message or what the solution proposed is or how it works.<br>
<br>
Thank you,<br>
<br>
Paul Keating<br>
<br>
On 4/24/17, 2:47 PM, "Hollenbeck, Scott via gnso-rds-pdp-wg"<br>
<<a href="mailto:gnso-rds-pdp-wg-bounces@icann.org%20on%20behalf%20of%20gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg-bounces@icann.org on behalf of gnso-rds-pdp-wg@icann.org</a>><br>
wrote:<br>
<br>
>I must have missed this note when it was original sent back in March.<br>
>Chuck asked me to address one of the questions posed below.<br>
><br>
>Scott<br>
><br>
>> -----Original Message-----<br>
>> From: Gomes, Chuck<br>
>> Sent: Monday, April 24, 2017 7:48 AM<br>
>> To: Hollenbeck, Scott <<a href="mailto:shollenbeck@verisign.com">shollenbeck@verisign.com</a>><br>
>> Subject: FW: [EXTERNAL] Re: [gnso-rds-pdp-wg] international law<br>
>> enforcement association resolution regarding domain registration data<br>
>><br>
>> FYI Scott.<br>
>><br>
>> Chuck<br>
>><br>
>> -----Original Message-----<br>
>> From: theo geurts [<a href="mailto:gtheo@xs4all.nl">mailto:gtheo@xs4all.nl</a>]<br>
>> Sent: Thursday, March 02, 2017 4:21 PM<br>
>> To: Gomes, Chuck <<a href="mailto:cgomes@verisign.com">cgomes@verisign.com</a>>; Greg Aaron <<a href="mailto:gca@icginc.com">gca@icginc.com</a>><br>
>> Cc: <a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
>> Subject: [EXTERNAL] Re: [gnso-rds-pdp-wg] international law enforcement<br>
>> association resolution regarding domain registration data<br>
>><br>
>><br>
>> Thanks, Chuck.<br>
>><br>
>> I think it is important that we as a WG understand that gated access<br>
>>could<br>
>> be a recommendation. But it does not single out any other<br>
>> solutions/recommendations, but to get to that point, we should keep<br>
>> exploring.<br>
>><br>
>> To give this some more color. In 2016 we assisted paloaltonetworks.com<br>
>>and<br>
>> shadow server taking down the Prince of Persia malware that went<br>
>> undetected and roamed the internet for ten years (that's a long time<br>
>> folks) <a href="http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-">
http://researchcenter.paloaltonetworks.com/2016/06/unit42-prince-</a><br>
>> of-persia-game-over/<br>
>><br>
>> So the actual WHOIS data was useless in a sense we were dealing with<br>
>> stolen identities.<br>
>> But we were able to map out the botnet controller network through the<br>
>> WHOIS and coordinated with more Registrars to sinkhole the entire lot.<br>
>><br>
>> Again the WHOIS data was useless in this case as it was fake, could have<br>
>> passed every syntax or WHOIS cross-validation check.<br>
>><br>
>> So instead of gated access, why not aim for an RDS that used anonymized<br>
>> unique identifiers that are available for everyone?<br>
><br>
>We already have "anonymized unique identifiers" in the form of contact<br>
>identifiers, sometimes also known as "handles" (but not to be confused<br>
>with handle system (RFC 3650) identifiers). For example, a WHOIS query<br>
>for a particular domain to one particular thick RDDS registry service<br>
>will return a registrant identifier of "C270-LRMS" in addition to the<br>
>more identifiable information that we're all familiar with. RDAP also<br>
>supports these identifiers, so they are available for purposes as we see<br>
>fit to recommend.<br>
><br>
>Scott<br>
>_______________________________________________<br>
>gnso-rds-pdp-wg mailing list<br>
><a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a><br>
<br>
<br>
_______________________________________________<br>
gnso-rds-pdp-wg mailing list<br>
<a href="mailto:gnso-rds-pdp-wg@icann.org">gnso-rds-pdp-wg@icann.org</a><br>
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg">https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg</a></span><span style="color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</div>
</body>
</html>