[gnso-rds-pdp-wg] [For Background] APWG report on phishers use of Domain Name System

Dotzero dotzero at gmail.com
Fri Jun 30 02:15:45 UTC 2017 

Chuck,

Where can one get a transcript or summary of the discussion in Johannesburg?

Michael Hammer

On Thu, Jun 29, 2017 at 9:03 PM, Gomes, Chuck via gnso-rds-pdp-wg <
gnso-rds-pdp-wg at icann.org> wrote:

> Everyone on this thread, please focus on the topic of data elements, and
> more specifically the meta set of possible data elements as we agreed to do
> in Johannesburg on Wednesday.
>
> Chuck
>
> Sent from my iPhone
>
> On Jun 30, 2017, at 1:33 AM, allison nixon <elsakoo at gmail.com> wrote:
>
> >> That is not a reasonable requirement: this WG is not responsible for
> >> tool development or design.  The protocol needs to change -- has
> >> certainly needed to for 20 years -- and in order to make that happen
> >> some tools will need to change.  There is no way to guarantee what
> >> people will do to the user interface when they change tools.
> >> Moreover, we don't have a common definition of what an "inferior" user
> >> interface is anyway.  What would be a reasonable requirement is that
> >> it is _possible_ to build a simialr user interface as what already
> >> exists, but atop the new data access protocol.
>
> My understanding is that under this closed system, the entity responsible
> for building the access method will no longer be "anyone with the
> motivation and talent", as it is now, but rather a single entity that must
> be authorized to work with such "sensitive" data and everyone will have to
> use them from now on. After all, anyone aggregating the whois data and
> reselling it under their interface would defeat the entire point of a gate.
>
> >> I think I disagree with this claim.  We are in fact discussing what
> >> the gated system, if it is created, is supposed to contain.  It is
> >> possible that there are things currently in the public whois that
> >> never should have been published at all, even to authenticated
> >> parties, without some legal processes and I think we are going to have
> >> to argue about that.  I am not claiming that there are such things: I
> >> don't know, and part of my frustration over the last month or two has
> >> been that we have been arguing over the obvious rather than getting
> >> down to this quite difficult issue.
>
> I think it's very much worth arguing about. Let's imagine the practical
> reality of getting that done.
>
> For the legal process route- let's say for the sake of argument in the USA
> it'll require a subpoena because I don't think there's any process that has
> a lower bar. I've never sought a subpoena, but I know that colleagues in my
> industry sometimes do. I've heard that getting subpoenas for cybercrime
> related issues costs between 1 and 10 thousand dollars depending on lawyer
> and jurisdiction and other factors.  Also, using that process will get the
> customer's billing and IP info anyways. So if I have to get a court order,
> then I don't care about WHOIS. I'm getting everything.
>
> I see two possibilities arising from requiring this. Either, a
> near-complete shutdown, or a streamlined process resulting in
> business-as-usual.
>
> If a subpoena is the bar we set, all available information will be sought.
> I can guarantee these queries will also be made against every domain ever
> used in sent e-mail, and every domain queried from a corporate environment,
> at a minimum. This is supposed to enhance privacy? Or is the goal to
> prevent some portion of the queries made for the purposes of network
> defense?
>
> We also face the obvious fact that Russian judges are unlikely to unmask
> whois for Russian domains used to meddle in elections(or any of the obscene
> volume of cybercrime coming from there), and Chinese judges are unlikely to
> unmask Chinese domains used to hack other militaries. Does our working
> group accept these predictable outcomes as valid?
>
> Court orders also take weeks. I'd like to hear a serious proposal on how
> this "legal process" will work and somehow not result in either a 100%
> shutdown of anti-abuse activity or a massive violation of privacy.
>
> >> I strongly agree with this.  Those registering domain names on the
> >> Internet are not simply passive users, and it is reasonable to treat
> >> them differently than people who are just visiting web pages, for
> >> instance.  Since the test is whether some infringement on people's
> >> data is necessary, we will do well to remember that there is no need
> >> to register domain names on the Internet in order to connect to it or
> >> use it.
>
> Public whois has been a fact for a very long time. The only people who are
> shocked by this are uninformed. We can't dismantle the Internet for their
> sake.
>
>
>
>
>
>
> On Thu, Jun 29, 2017 at 5:26 PM, Andrew Sullivan <ajs at anvilwalrusden.com>
> wrote:
>
>> Hi,
>>
>> I am sympathetic, as you know, to the concerns of researchers using
>> the current RDS.  But I think we need to be careful.
>>
>> On Thu, Jun 29, 2017 at 04:04:18PM -0400, allison nixon wrote:
>> > -The gated access cannot have an inferior user interface compared to
>> > current tools
>>
>> That is not a reasonable requirement: this WG is not responsible for
>> tool development or design.  The protocol needs to change -- has
>> certainly needed to for 20 years -- and in order to make that happen
>> some tools will need to change.  There is no way to guarantee what
>> people will do to the user interface when they change tools.
>> Moreover, we don't have a common definition of what an "inferior" user
>> interface is anyway.  What would be a reasonable requirement is that
>> it is _possible_ to build a simialr user interface as what already
>> exists, but atop the new data access protocol.
>>
>> > -The gated access cannot have an inferior dataset
>>
>> I don't think this requirement is possible to specify in advance,
>> since it is precisely what we are arguing about.  Accepting this
>> requirement would be begging the question.
>>
>> (I would go through the rest of the items, but I think they have
>> similar problems.)  More generally,
>>
>> > The gated system is supposed to replicate in a closed system what the
>> open
>> > system has accomplished naturally. This is an exceedingly difficult
>> task,
>> > and the price of failure is high.
>>
>> I think I disagree with this claim.  We are in fact discussing what
>> the gated system, if it is created, is supposed to contain.  It is
>> possible that there are things currently in the public whois that
>> never should have been published at all, even to authenticated
>> parties, without some legal processes and I think we are going to have
>> to argue about that.  I am not claiming that there are such things: I
>> don't know, and part of my frustration over the last month or two has
>> been that we have been arguing over the obvious rather than getting
>> down to this quite difficult issue.
>>
>> > Users need to be educated about all the risks so they can weigh them in
>> a
>> > manner that makes the most sense for their situation. It's not just junk
>> > mail.
>>
>> I strongly agree with this.  Those registering domain names on the
>> Internet are not simply passive users, and it is reasonable to treat
>> them differently than people who are just visiting web pages, for
>> instance.  Since the test is whether some infringement on people's
>> data is necessary, we will do well to remember that there is no need
>> to register domain names on the Internet in order to connect to it or
>> use it.
>>
>> Best regards,
>>
>> A
>>
>> --
>> Andrew Sullivan
>> ajs at anvilwalrusden.com
>> _______________________________________________
>> gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>>
>
>
>
> --
> _________________________________
> Note to self: Pillage BEFORE burning.
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
>
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170629/188b7f49/attachment-0001.html>

More information about the gnso-rds-pdp-wg mailing list