<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">John,<div class=""><br class=""></div><div class="">Those use cases are different from the anti-* ones I mentioned. But they are not IP concerns either... </div><div class=""><br class=""></div><div class="">... andI don't think those credibility use cases should be resolved with gated access, because credibility requires public data for everyone to see. Perhaps they are the ones to get consent from the registrant; for instance, if a merchant wants to accept payment provider X, that payment provider can demand that only domains with published RDS data can join. Same thing with CAs: if you want an SSL certificate that depends on RDS data, ask your registrar to make the information public. Otherwise, no SSL certificates for you. </div><div class="">(Note that CAs have other means of confirming control of a domain, like DNS records, e-mail etc. for DV certificates, but for OV and EV certificates, RDS transparency can be a must)</div><div class=""><br class=""></div><div class="">So one feature of a privacy-by-design RDS system should be allowing a registrant to not be private if he or she wants so; if someone wants to stand out for transparency, that should be allowed. </div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Rubens</div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Oct 30, 2017, at 7:46 AM, John Horton <<a href="mailto:john.horton@legitscript.com" class="">john.horton@legitscript.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class=""><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">Just remember that the fact that the information is bogus is, itself, important and useful in some cases. In our work with banks and payment providers, that's considered a high-risk factor at a minimum, and may actually bar an account being provided in other cases (unless it's genuinely Mickey Mouse, of course! He should always have a merchant account.). So, in that case, it's important not just to correlate but to specifically know what the Whois is, if you will. Banks and payment providers, and those of us who help them assess and monitor merchants for potentially useful information to prevent money laundering and similar activity, need to know the information currently contained in the Whois record to assess who actually has control rights over the domain name or if it's bogus, etc.</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444"><br class=""></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#444444">Neil, whatever, man. :) Good luck!</div></div><div class="gmail_extra"><br clear="all" class=""><div class=""><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr" class=""><div class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><div dir="ltr" class=""><font color="#073763" face="arial, helvetica, sans-serif" class="">John Horton<br class="">President and CEO, LegitScript</font><div class=""><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJRXE5UTAtclVxdTg&revid=0B13GfLt8zwZJSG9zOUVwN1lFKzFrRVlnaWU0NGZ4RmdkUjg4PQ" width="96" height="36" class=""><br class=""><div class=""><div style="margin: 0px; font-style: normal; font-variant-caps: normal; font-weight: normal; font-size: 12px; line-height: normal; font-family: Helvetica;" class=""><br class=""></div><div style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-size: 12px; line-height: normal; font-family: Helvetica;" class=""><b class=""><font color="#444444" class="">Follow</font><font color="#0b5394" class=""> </font><font class="">Legit</font><font color="#0b5394" class="">Script</font></b>: <a href="http://www.linkedin.com/company/legitscript-com" style="color:rgb(17,85,204)" target="_blank" class=""><font color="#cc0000" class="">LinkedIn</font></a> | <a href="https://www.facebook.com/LegitScript" style="color:rgb(17,85,204)" target="_blank" class=""><font color="#6aa84f" class="">Facebook</font></a> | <a href="https://twitter.com/legitscript" style="color:rgb(17,85,204)" target="_blank" class=""><font color="#674ea7" class="">Twitter</font></a> | <font color="#ff9900" class=""><u class=""><a href="http://blog.legitscript.com/" style="color:rgb(17,85,204)" target="_blank" class="">Blog</a></u></font> |<font color="#ff9900" class=""> <a href="http://go.legitscript.com/Subscription-Management.html" style="color:rgb(17,85,204)" target="_blank" class=""><font color="#ff9900" class="">Newsletter</font></a></font><br class=""></div><div style="margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-size: 12px; line-height: normal; font-family: Helvetica;" class=""><font color="#ff9900" class=""><br class=""></font></div><div style="text-align: left; margin: 0px; font-style: normal; font-variant-ligatures: normal; font-variant-position: normal; font-variant-caps: normal; font-variant-numeric: normal; font-variant-alternates: normal; font-variant-east-asian: normal; font-size: 12px; line-height: normal; font-family: Helvetica;" class=""><font color="#ff9900" class=""><img src="https://www.legitscript.com/wp-content/uploads/2015/09/LegitScript-Workplace.png" width="46" height="96" class=""><img src="https://docs.google.com/uc?export=download&id=0B13GfLt8zwZJTmNWbmcwOTVJMXc&revid=0B13GfLt8zwZJQlZWOXVGbG9acC9nRGhzdEkxclFJVytCWVNjPQ" width="47" height="96" class=""><br class=""></font></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
<br class=""><div class="gmail_quote">On Mon, Oct 30, 2017 at 3:25 AM, Rubens Kuhl <span dir="ltr" class=""><<a href="mailto:rubensk@nic.br" target="_blank" class="">rubensk@nic.br</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word" class=""><div class="">I've been involved in abuse fighting for quite some time, and my interest in WHOIS data was to correlate objects, not to get the information behind one of them, since that information was bogus, mostly.</div><div class=""><br class=""></div><div class="">So I understand why IP concerns want access to actual WHOIS data, but for anti-*, a simple related query could be enough. So instead of knowing if <a href="http://phishing.com/" target="_blank" class="">phishing.com</a> belongs to Mickey Mouse, you could access <a href="http://rdap.registrar.com/phishing.com?related=yes" target="_blank" class="">rdap.registrar.com/phishing.<wbr class="">com?related=yes</a> and know that the same registrant has also registered <a href="http://farming.com/" target="_blank" class="">farming.com</a>, <a href="http://banknameaccounts.com/" target="_blank" class="">banknameaccounts.com</a> so now you can expand the investigation into those objects. </div><div class=""><br class=""></div><div class="">Knowing that Mickey Mouse registered those domain could bring me some laughs, but no actionable intelligence. </div><span class="HOEnZb"><font color="#888888" class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Rubens</div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""></font></span><div class=""><blockquote type="cite" class=""><span class=""><div class="">On Oct 29, 2017, at 9:27 PM, Neil Schwartzman <<a href="mailto:neil@cauce.org" target="_blank" class="">neil@cauce.org</a>> wrote:</div><br class="m_-985667652442502538Apple-interchange-newline"></span><div class=""><div class=""><div class="h5"><div style="word-wrap:break-word;line-break:after-white-space" class="">All,<div class=""><br class=""></div><div class="">I've decided to withdraw from this and other anti-abuse groups. My best wishes on a successful conclusion to the critically important work you do here. Please don’t mess it up for anti-abuse researchers! For real - our work is what keeps the Internet running, whether you know it, appreciate it, care about it. or not. I am much inclined to believe you do care.</div><div class=""><br class=""></div><div class="">We need access to WHOIS as is, or same level of access of WHOIS WHATWILLBE.</div><div class=""><br class=""></div><div class="">this might be some credentialed, qualified paid access, but please believe me - we Antis aren’t just saying this to be trenchant. Any strident comments come from a fear for all of our future without this cornerstone to our work. I was going to cobble together a use of WHOIS in my work for a day and it took so long because I use it so much, the thing ended up at several tens of thousands of words, and was really boring to read.</div><div class=""><br class=""></div><div class="">Anything less, and things will become an even bigger sewer than it already is. I know you all care, from different angles, so please do bear these words in mind. You argue amongst yourselves, from a position of personal belief in the great goodness this thing of ours has inherent to it. It is a good thing, a great thing, and I intent to use that greatness.</div><div class=""><br class=""></div><div class="">I’ve decided to tackle an easier project; rather than dealing with WHOIS @ ICANN, I’m going to try to bring peace to the Middle East.</div><div class=""><br class=""></div><div class="">Read all about it: <a href="https://medium.com/@neilschwartzman/hate-the-reason-i-quit-spamfighting-866a162d5629" target="_blank" class="">HATE: The Reason I Quit Spamfighting</a></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">Yours truly,</div><div class=""><div class="">
<div style="letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word" class=""><div style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-variant-east-asian:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word" class=""><div style="letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word" class=""><div class=""><br class="m_-985667652442502538Apple-interchange-newline"><br class=""></div><div class="">Neil Schwartzman</div><div class="">Executive Director</div><div class="">Coalition Against Unsolicited Commercial Email</div><div class=""><a href="http://cauce.org/" target="_blank" class="">http://cauce.org</a></div><div class="">Tel : <a href="tel:(303)%20800-6345" value="+13038006345" target="_blank" class="">(303) 800-6345</a></div></div><div class="">Twitter : @cauce</div><div class=""><br class=""></div></div><br class="m_-985667652442502538Apple-interchange-newline" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-variant-numeric:normal;font-variant-alternates:normal;font-variant-east-asian:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br class="m_-985667652442502538Apple-interchange-newline"></div>
</div>
<br class=""></div></div></div></div><span class="">______________________________<wbr class="">_________________<br class="">gnso-rds-pdp-wg mailing list<br class=""><a href="mailto:gnso-rds-pdp-wg@icann.org" target="_blank" class="">gnso-rds-pdp-wg@icann.org</a><br class=""><a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" target="_blank" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a></span></div></blockquote></div><br class=""></div><br class="">______________________________<wbr class="">_________________<br class="">
gnso-rds-pdp-wg mailing list<br class="">
<a href="mailto:gnso-rds-pdp-wg@icann.org" class="">gnso-rds-pdp-wg@icann.org</a><br class="">
<a href="https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg" rel="noreferrer" target="_blank" class="">https://mm.icann.org/mailman/<wbr class="">listinfo/gnso-rds-pdp-wg</a><br class=""></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""></div></body></html>