[gnso-rds-pdp-wg] Some reg'n data I think necessary (was Re: GNSO Next-Gen RDS PDP Working Group teleconference)

Mon Mar 21 05:50:06 UTC 2016

Hi,

On Mon, Mar 21, 2016 at 03:37:01AM +0000, Rob Golding wrote:
> >• Every domain on the Internet must have name servers in order to
> >function.
> 
> By 'function' I guess you mean "be used in conjunction with DNS to perform
> some use beyond simply 'registration'" :)

I said, "On the Internet."  If someone wants to register a name and
prevent it being on the Internet, that's also possible, but it was a
case I explicitly said I don't care about, since I'm concerned about
interoperation.  It is a trivial degenerate case (in interoperation
terms) that someone register something and then just not provide the
necessary name servers.

> >event of technical problems, other operators can detect whether there
> >is a gap between what the registry contains and what the authoritative
> >servers contain.
> 
> Nice theory, but in practice no-one really does that.

In practice, everyone does that.  In practice, if the registry
delegation is radically different from the DNS delegation, the
delegation is lame and doesn't work reliably.

> Why ? If a 'service provider' has an issue with their nameservers why is
> that of any concern to anyone else
>  - their customers' will have appropriate contact information already, why
> should it in RDS ?

This appears to suggest that the Internet works by prearranged
customer-vendor relationships only.  I hope for the sake of brevity I
needn't describe why that is obviously false.

> >necessary, for troubleshooting interoperation,

> Whilst potentially convenient, it certainly isn't "necessary" - plenty of
> tlds operate just fine without making expiry information "public", and
> others don't expire at all.

I think the above collapses a distinction I was trying to make, which
is between the collection of data and the anonymous publication of
data.  What I think is that it is entirely necessary for others to
know when a domain will expire, in order to provide reasonable
name-based identification of resources on the Internet.  It does not
follow that all such knowledge need be anonymously available to
everyone.  I thought the rest of my mail made that clear; if not, I
apologise.

> It's [i.e. authInfo] not a requirement of EPP

No, it's true that it's an optional element in the protocol; but this
is a GNSO policy discussion and, AFAICT, authInfo is the only
in-protocol element that we have available for phony-transfer
prevention.  So it's the standard thing.  And …

> not something that should ever be "public"

…I wasn't anyway suggesting it ought to be public.  The basis for my
post was a prior post that asked whether anything needed to be
collected.  The authInfo is, I hope, the minimal thing we agree must
be collected.

> Never. Domains cant "abuse other networks".
> A 'service' can abuse, which may (or may not) somehow be related to a domain
> registration, but the domain itself is not capable of doing any abuse at all

I think this is exactly the sort of distinction without a difference
that has sunk _at least_ 15 years of discussion.  Let's be clear that
not all abuse traffic that claims to be from a domain is in fact abuse
from that domain.  But an abusive service _actually_ operated at a
domain is directly related to the operator of that domain.  For the
operator of the domain delegated the name or network service or
whatever to the very abusing party.

> Which only needs to be known by the registrar (for maintaining the
> registration) and the registry ( in case the registrar somehow fails ) and
> not a reason to make any of the data "public"

Sure.  The WG has to talk about collection of data as well as
publication, it appears.  (I think this scope is way too wide.  But
that's the charter.)

Best regards,

A
-- 
Andrew Sullivan
ajs at anvilwalrusden.com