[gnso-rds-pdp-wg] a suggestion for "purpose in detail"

Wed Mar 22 03:42:55 UTC 2017

Inline

Sent from my iPhone

> On Mar 21, 2017, at 22:31, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:
> 
>> On Tue, Mar 21, 2017 at 09:16:45PM -0500, John Bambenek wrote:
>> 
>> I guess I am speaking of masking in a broad sense. What do we allow the consumer to mask and on what terms. 
> 
> Right.  I thought that answering that question was part of our job.

I agree. I postulated one possible answer. 
> 
>> I would disagree on they being separate issues. No matter what
>> technology is created, some things will have to be fully public and
>> some things are subject to debate here.
> 
> What to collect and what can be disclosed are obviously _related_
> issues, but they are separable and I think usefully separated here.
> We'll never get anywhere unless we break these things into manageable
> chunks.
> 
If we are driving this by regulatory burden of DP authorities the fact that they will be dramatically less concerned if the consumer has a true choice is highly relevant up front. 


>> For instance, if we don't make authoritative nameservers fully public without gates, we break the internet. I don't mean that as hyperbole, I mean no internet except for the savants who can us IP addresses for everything. 
>> 
> 
> I don't think anyone has been arguing that nameservers ought to be
> private data, and they clearly need to be collected in order to feed
> the DNS in order to make it work.  But that particular example isn't
> really an interesting one, is it?  Indeed, as I think my lengthy email
> demonstrated, I find it pretty hard to suggest that any "thin" data is
> private; it all certainly needs to be collected to make the system
> work at all.  The same arguments are obviously harder to make for
> people's names and addresses, so there's more to do in that case.

It was an example to prove the point. 
> 
>>>> To enable third-parties to communicate directly to resolve and troubleshoot problems. 
>>> 
>>> I suggest that's already there.
>> 
>> Not in what I saw in the poll. 
> 
> We discussed this bit at some length last week, and my sense of the
> room was that everyone agreed that is a purpose.

Not every stakeholder has an unlimited travel budget to hop on a plane for these events. I had a baby last week. We are doing this by email because global consensus cant be solely a function of who is in a room at one specific event. 
> 
>> But I am not a fair target. I work in investigations and intelligence. So you can send me an email from say citibankcreditcards.com and I'll check the address in whois to compare to a corp registry, or known good domains. I imagine the brand protection investigators could chime in here on their thoughts too. 
>> 
> 
> I think what you're saying is that you use the whois data as one
> piece of input to heuristics that allow you to develop a view about
> the legitimacy of the domain name.  I thought your original wording
> was a little too positivist about the value of the data, but if it's
> instead input to some heuristic mechanism I withdraw that objection.  
> 
>> X.509 certs are more maliciously pointless.
> 
> I'm certainly not going to attempt to argue that the PKI has worked as
> intended.  But in terms of an ordinary user's ability to do anything
> with information, they're what people really use.  (Yes, to their
> peril.)

Fair point. Probably it was an aside to my contempt of the ssl mafia anyway. Let's encrypt is the only honest broker there. 
> 
>> I'd be interested in why you say that? How isn't the domain registration regime a commons? Does ICANN not contractually require certain behaviors of various parties?
>> 
> 
> I think that's rather off topic here, but if you want I'll follow up
> off-list.

Please do. 
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg