[gnso-rds-pdp-wg] [For Background] APWG report on phishers use of Domain Name System

Andrew Sullivan ajs at anvilwalrusden.com
Thu Jun 29 21:26:32 UTC 2017 

Hi,

I am sympathetic, as you know, to the concerns of researchers using
the current RDS.  But I think we need to be careful.

On Thu, Jun 29, 2017 at 04:04:18PM -0400, allison nixon wrote:
> -The gated access cannot have an inferior user interface compared to
> current tools

That is not a reasonable requirement: this WG is not responsible for
tool development or design.  The protocol needs to change -- has
certainly needed to for 20 years -- and in order to make that happen
some tools will need to change.  There is no way to guarantee what
people will do to the user interface when they change tools.
Moreover, we don't have a common definition of what an "inferior" user
interface is anyway.  What would be a reasonable requirement is that
it is _possible_ to build a simialr user interface as what already
exists, but atop the new data access protocol.

> -The gated access cannot have an inferior dataset

I don't think this requirement is possible to specify in advance,
since it is precisely what we are arguing about.  Accepting this
requirement would be begging the question.

(I would go through the rest of the items, but I think they have
similar problems.)  More generally,

> The gated system is supposed to replicate in a closed system what the open
> system has accomplished naturally. This is an exceedingly difficult task,
> and the price of failure is high.

I think I disagree with this claim.  We are in fact discussing what
the gated system, if it is created, is supposed to contain.  It is
possible that there are things currently in the public whois that
never should have been published at all, even to authenticated
parties, without some legal processes and I think we are going to have
to argue about that.  I am not claiming that there are such things: I
don't know, and part of my frustration over the last month or two has
been that we have been arguing over the obvious rather than getting
down to this quite difficult issue.

> Users need to be educated about all the risks so they can weigh them in a
> manner that makes the most sense for their situation. It's not just junk
> mail.

I strongly agree with this.  Those registering domain names on the
Internet are not simply passive users, and it is reasonable to treat
them differently than people who are just visiting web pages, for
instance.  Since the test is whether some infringement on people's
data is necessary, we will do well to remember that there is no need
to register domain names on the Internet in order to connect to it or
use it.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list