<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div>hi all,</div><div><br></div><div>here’s a thread to talk about the SSAC comment on EWG initial report.</div><div><br></div><div>here are a few questions. view them as a starting-point, not a rigid requirement. if you have a comment that falls outside of these questions, please go ahead and make your post. i’m just posting these to start conversation, not restrict it.</div><div><br></div><div>- what’s the current status of the EWG work?</div><div><br></div><div>- where are we in the process of establishing a registration data policy?</div><div><br></div><div>- who, if anybody, has taken these SSAC recommendations on board?</div><div><br></div><div>- is there anything that the GNSO, and/or the GNSO Council, should be doing in Singapore to help move this along?</div><div><br></div><div>- are there any other questions people would like to raise about this comment?<br><div><br></div><div><div><div><b>SAC061: </b><b>SSAC Comment on ICANN’s Initial Report from the Expert Working Group on gTLD Directory Services</b></div><div><b><br></b></div><div><a href="http://www.icann.org/en/groups/ssac/documents/sac-061-en.pdf">http://www.icann.org/en/groups/ssac/documents/sac-061-en.pdf</a></div><div><b><br></b></div></div><blockquote style="margin: 0px 0px 0px 40px; border: none; padding: 0px;"><div>Recommendation 1: SSAC reiterates its recommendation from SAC055: The ICANN Board should explicitly <b>defer any other activity (within ICANN’s remit) directed at finding a ‘solution’ to ‘the WHOIS problem’ until the registration data policy has been developed and accepted in the community</b>. The EWG should clearly state its proposal for the purpose of registration data, and focus on policy issues over specific implementations.</div><div><br></div><div>Recommendation 2: The ICANN Board should ensure that a <b>formal security risk assessment of the registration data policy be conducted as an input into the Policy Development Process.</b></div><div><br></div><div>Recommendation 3: SSAC recommends that the EWG state more clearly its positions on the following questions of data availability:</div><div><br></div><div><div><b>A. Why is a change to public access justified?</b></div>This explanation should describe the potential impact upon ordinary Internet users and casual or occasional users of the directory service.</div><div><b><br></b></div><div><div><b>B. Does the EWG believe that access to data currently accessible in generic Top Level Domain (gTLD) WHOIS output should become restricted?</b></div>If so, what fields and to what extent exactly? Under the EWG proposal, queries from non- authenticated requestors would return only “public data available to anyone, for</div><div><b><br></b></div><div><div><b>C. Should all gTLD registries be required to provision their contact data into the Aggregated Registration Data Service (ARDS)? </b></div>There may be jurisdictions that prohibit by law the export of personally identifiable information outside the jurisdiction. If so, the ARDS may not be a viable way to deliver data accuracy and compliance across all gTLDs.</div><div><br></div><div>D. Does the EWG propose <b>more types of sensitive registration data be provisioned into ARDS than are found in current gTLD WHOIS output?</b> </div><div><br></div><div>Recommendation 4: The SSAC suggests that the EWG address this recommendation from SAC058: “SSAC Report on Domain Name Registration Data Validation”3:</div><div>As the ICANN community discusses validating contact information, the SSAC recommends that <b>the following meta-questions regarding the costs and benefits of registration data validation should be answered</b>:</div><div><br></div><div>• <b>What data elements need to be added or validated to comply with requirements or expectations of different stakeholders?</b></div><div><b>• Is additional registration processing overhead and delay an acceptable cost for improving accuracy and quality of registration data?</b></div><div><b>• Is higher cost an acceptable outcome for improving accuracy and quality?</b></div><div><b>• Would accuracy improve if the registration process were to provide natural </b><b>persons with privacy protection upon completion of multi-factored validation?</b></div></blockquote><div><div style="font-weight: bold;"><br></div><div style="font-weight: bold;"><br></div></div></div></div></body></html>