<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I am back from Rwanda and swimming through the tremendous sea of
comment that has been generated here in the past week. I would
like to pick up on the point Volker made (below) and hope for some
simplicity (and elegance) in dealing with the twin pronged issue
in this sub-stream of communication. There are two parts that get
tangled up. <br>
</p>
<p>First, the provider of the registration service asks for (needs)
information about the registree as a normal matter of business.
Within that data is a means of normal business contact, one that
is valid (probably tested at the onset by using one of the
standard techniques involving a test email, with a code to be
entered into an online form, for confirmation). <br>
</p>
<p>Second, there is the question of whether or not the <i>rest-of-the-world</i>
has access to a means to contact the registree. Since this pdp-wg
has agreed that there should be some way to contact the registree,
the <i>What?</i> (able to contact) and<i> Why?</i> (various
purposes) are agreed upon. The remaining issues are: <i>How? </i>and
<i>By Whom? </i><br>
</p>
<p>Any public access "<i>How?</i>" may be constrained by data
protection policies, but within those constraints the ways of
contact should be resolved by registrar preferences, registree
preferences, and the marketplace within which those preferences
become registration services (using free or fee-for-service proxy
services, or whatever). The pdp-wg policy issue here is simply to
support that at least one channel should exist. <br>
</p>
<p>The "<i>By Whom?</i>" issue is settled. We are talking about
un-gated open access to the everyone (the <i>rest-of-the-world</i>).
Issues dealing with gated data access for LEA, due diligence and
abuse work by others, and for research purposes are, can be, and
should be separate from the relatively simple and straight forward
issue we are dealing with here. <br>
</p>
<ul>
<li>Should there be at least one non-gated means for the public to
send a communication to the registree?<i> Yes!</i></li>
<li>How and by what means? Leave that up to the constraints set by
data protection policies, and mediated in the market place
relationships between registrars and registrees. <br>
</li>
</ul>
<p>My personal observation is that we are making this much more
complicated that we need to. At this level the LEA,due diligence
and abuse work and research purposes do not impact our work since
we are only dealing with the ungated (front gate). to the
communications channel. I see their needs for gated access beyond
that as also beyond our remit, or at least beyond our remit for
the single issue on the table here. <br>
</p>
<p>Sam Lanfranco,</p>
<p>NCSG/NPOC<br>
</p>
<div class="moz-cite-prefix"><i><font color="#660000">On 10/9/2017
4:50 AM, Volker Greimann wrote:<br>
</font></i></div>
<blockquote type="cite"
cite="mid:e4406550-46ea-085c-13b7-e1d1c878c49f@key-systems.net"><i><font
color="#660000">Hi Patrick,
<br>
yes and no. Provided there is a working means of communication
available there is no need to publish the data to the current
extent. And that means of communication could be a link to a
webform, that reveals nothing about the registrant but allows
you to communicate with them, if necessary.
<br>
Best,
<br>
Volker
</font></i><br>
<br>
<font size="-1">Am 03.10.2017 um 21:30 schrieb <a class="moz-txt-link-abbreviated" href="mailto:pkngrds@klos.net">pkngrds@klos.net</a>:
<br>
</font>
<blockquote type="cite"><font size="-1">On 10/3/2017 3:05 PM,
Jeremy Malcolm wrote:
<br>
</font>
<blockquote type="cite"><font size="-1">There is no added value
<br>
in collecting personal information - after all, criminals
are not going
<br>
to provide correct information anyway, and if a domain has
been
<br>
compromised then the personal information of the original
registrant
<br>
isn't going to help much, and its availability in the wild
could cause
<br>
significant harm to the registrant.
<br>
</font></blockquote>
<font size="-1"><br>
How can you say "if a domain has been compromised then the
personal information of the original registrant
<br>
isn't going to help much"? Isn't the ability to contact the
registrant* and let them know that their domain has been
compromised reason enough to keep that information available?
<br>
</font>
<font size="-1"><br>
Patrick Klos
<br>
Klos Technologies, Inc.
<br>
</font>
<font size="-1"><br>
(* Forgive me if I haven't followed every nuance of these
discussions. Is there a distinction between the "original
registrant" and the "current registrant"?)
<br>
</font>
</blockquote>
</blockquote>
<br>
</body>
</html>