[gnso-rds-pdp-wg] a suggestion for "purpose in detail"
Chris Pelling
chris at netearth.net
Thu Mar 23 16:28:33 UTC 2017
Allison,
I agree with Volker here, the majority of registrars I know would if they had a crystal ball as to the use of the domain name would rather not register a domain if it is going to be abusive in any way.
As to the cost, and other views it costs nothing and registrars are here to simply "take the money" when domains are placed on serverHold by registries, the registrar is still on the hook for the renewal costs as 1 example. Another example and like Volker, I do this part in my registrar, complaints of either whois or abuse etc I personally do, so yes, I do a lot of whois lookups too, for example, a complaint comes in, and I do a little bit of googling for common factors in the whois information we have on the domain we have a complaint against and see if other registrars have the same issue with the "registrant".
So I mentioned before (and Chuck asked me to do a write-up that I still have not got around too yet - apologies to all) that registrars who care about their ICANN creds do as much as possible to quash the bad actors and domains that are held.
Personally speaking this whole thread has got rather "heated" - going forward we need to calm this down as it is not getting any of us anywhere.
Kind regards,
Chris
From: "Volker Greimann" <vgreimann at key-systems.net>
To: "allison nixon" <elsakoo at gmail.com>
Cc: "gnso-rds-pdp-wg" <gnso-rds-pdp-wg at icann.org>
Sent: Thursday, 23 March, 2017 15:37:32
Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"
Hi Allison,
I do not know about other registrars, I just know what I see for myself. And from that, it is impossible to generalize the relationship of domain age and abuse. Some domains are aged remain dormant for months or even years before their first abusive use while others are abused from the second they are activated.
If there were a way to prevent registrations for abusive use at the time of registration, most registrars I know would be very happy to know it.
V.
Am 23.03.2017 um 16:31 schrieb allison nixon:
So we make it opt-in. The most abused registrars almost all give free whois privacy (somehow, magically), for at least the first year, and malware domains dont usually last a year, so it changes nothing.
>> No deal. Sorry, but you do not get to claim to be the only source of expertise in your line of work.
I'm sure you already know this about malicious domains, as you are a renowned expert in cybersecurity and researching cybercrime.
On Thu, Mar 23, 2017 at 11:20 AM, Volker Greimann < vgreimann at key-systems.net > wrote:
BQ_BEGIN
Imagine the moaning if we did what he proposed? Registrars activating whois privacy for everyone would all but eliminate the ability of foreign law enforcement and those in the business of fighting cybercrime as a non-authorized entity. Whois as it is today would cease to exist from one day to the next.
I somehow feel that this is not what you really want. So let's try to find a solution that would maintain the essential usability of whois and at the same time remains within the confines of legal requirements. If that is an unreasonable suggestion, you can call me unreasonable.
Am 23.03.2017 um 15:55 schrieb allison nixon:
BQ_BEGIN
The simultaneous moaning over a small whois privacy fee, with the total disregard and ignorance over current whois use cases, and the desire to destroy a company over it(oops, I mean "step on toes"), and impose various other burdens that must be borne by "someone else", because the registrars can't possibly spend a dime... bother me quite a bit more. John's tone is more than justified considering the unreasonable attitudes prevalent here.
If yall are going to claim that all current use cases are not only illegal but invalid, you won't get much sympathy over raising your fees a dollar to make them "legal" again.
On Thu, Mar 23, 2017 at 10:29 AM, Ayden Férdeline < icann at ferdeline.com > wrote:
BQ_BEGIN
(Off-list)
Who is John Bambenek? His tone (and the lack of substance to all of his comments) really bothers me.
- Ayden
On Thu, Mar 23, 2017 at 2:24 pm, John Bambenek via gnso-rds-pdp-wg < gnso-rds-pdp-wg at icann.org > wrote:
BQ_BEGIN
Yes someone will have to pay for it.
You will. And I'll be the one that makes that happen.
Deal with it.
Sent from my iPhone
On Mar 23, 2017, at 09:18, Volker Greimann < vgreimann at key-systems.net > wrote:
BQ_BEGIN
As Robert Heinlein already correctly wrote half a century ago:
"There ain't no such thing as a free lunch"
Someone will have to pay for it. Free whois just means either the community or the customer pays for it some way or another.
So why not rather find a legally compliant solution that would fit the requirements?
Volker
Am 23.03.2017 um 15:11 schrieb John Bambenek:
BQ_BEGIN
Soon all of you will be forced to offer whois privacy for free.
I'll leave it to you to figure out the economics.
Sent from my iPhone
On Mar 23, 2017, at 09:07, Volker Greimann < vgreimann at key-systems.net > wrote:
BQ_BEGIN
Hi Allison,
BQ_BEGIN
Several registrars already offer free whois privacy. They made it work, so you should keep up!
Most such registrars still charge for the same service, it is just that the cost is hidden in their more expensive registration fees. Or they do not handle complaints appropriately. Or, or, or...
Ultimately, someone is going to pay for the service, and it is not the registrar offering it for "free".
TANSTAAFL.
BQ_BEGIN
BQ_BEGIN
Maybe dumb bad actors. Savvy bad actors just populate whois with data of unknowing third parties, thereby rendering any verification and validation instruments useless and inconveniencing the affected data subjects as well.
BQ_END
I'm glad you know so much about how bad actors abuse whois. But from my own limited experiences- I don't see that many input validation mechanisms on bad domains because there are a lot of "555-5555" phone numbers out there and other arbitrary strings.
BQ_END
I see what comes over my desk. Most domains we find involved in whois have perfectly formed and verifiable whois. The data just does not match the person who registered it.
BQ_BEGIN
BQ_BEGIN
Some points/thoughts :
Cost of providing the service (this includes cost of the office, personnel to run it - unless you are going to offer this free "John B" to all ICANN registrars ?)
The underlying data may not even be allowed to be provided to the whois privacy service, unless it is in the local jurisdiction of the registrant.
Harvesting and storage of whois data to be re-wrapped and sold is illegal and many registrars state this on the terms and conditions.
Gated access has to be properly defined for each gate/right of access, an example, a registrar would normally only need access to external whois for the purpose of transferring a domain name - they have no other reason to need access to this data. (registration, is totally different as it doesnt need access to the "whois") As above, storage of whois data is illegal unless it was for a lawful purpose and the only one I can think of is transfers. ICANN require registrars to keep this info for upto 2 or 7 years (cant remember which). This will step on some registrars toes as well as John H's toes whi have a business model around the supply of whois data for commercial gain (namely charging for it).
I am sorry to say that none of what the WG will do or complete will stop bad actors, they are smart, they are not dumb (well some of them are:) )
BQ_END
so who decided that these normal uses of whois are suddenly illegal? I hereby declare my allegiance to the dark side. Down with the government.
BQ_END
Depends on the terms you accept when you make the whois inquiry. You may be violating the terms of the registrar or registry providing the whois service.
Please note that ICANN mandates that registrars have an access agreement in place for any bulk request of whois data, most registrar apply the same rules for use of their whois data in general.
And yes, registrars are free to contractually limit the uses the data they provide can be put to.
BQ_BEGIN
On Thu, Mar 23, 2017 at 8:16 AM, Chris Pelling < chris at netearth.net > wrote:
BQ_BEGIN
Typo materialistic should have been minimalistic
Kind regards,
Chris
From: "Chris Pelling" < chris at netearth.net >
To: "gnso-rds-pdp-wg" < gnso-rds-pdp-wg at icann.org >
Sent: Thursday, 23 March, 2017 12:06:01
Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"
Hi all,
I hope everyone got home safe that attended ICANN58 :)
Having just sat through and played catch up on this thread, a few things stand out to me.
On one side you have a stakeholder person (maybe group) advocating they will pushing for "free whois protection" provided by registrar which simply won't happen - for a number of reasons (see below), whereas the fundamental issue is what will be collected and who will be able to see it. Maybe this could be worked on from a materialistic point of view, really what does WHOIS/RDS need to show as its most basic data, I remember a discussion some months ago where Michele mentioned about simply domain name, dates of registration, expiry and DNS servers. (registrar name and abuse contact details are a given to be shown)
The storage of such data depending on "whom" the registrant and/or other contacts are located, and where it is being seen from (different jurisdiction for example) will come out further down the line in our deliberations.
Some points/thoughts :
* Cost of providing the service (this includes cost of the office, personnel to run it - unless you are going to offer this free "John B" to all ICANN registrars ?)
* The underlying data may not even be allowed to be provided to the whois privacy service, unless it is in the local jurisdiction of the registrant.
* Harvesting and storage of whois data to be re-wrapped and sold is illegal and many registrars state this on the terms and conditions.
* Gated access has to be properly defined for each gate/right of access, an example, a registrar would normally only need access to external whois for the purpose of transferring a domain name - they have no other reason to need access to this data. (registration, is totally different as it doesnt need access to the "whois") As above, storage of whois data is illegal unless it was for a lawful purpose and the only one I can think of is transfers. ICANN require registrars to keep this info for upto 2 or 7 years (cant remember which). This will step on some registrars toes as well as John H's toes whi have a business model around the supply of whois data for commercial gain (namely charging for it).
* I am sorry to say that none of what the WG will do or complete will stop bad actors, they are smart, they are not dumb (well some of them are:) )
As for John H and clowns, I would gladly offer my services to help you get over that :) My issue/phobia is the dark, sadly for me that is a reality I won't be able to overcome.
Kind regards,
Chris
From: "John Horton" < john.horton at legitscript.com >
To: "nathalie coupet" < nathaliecoupet at yahoo.com >
Cc: "gnso-rds-pdp-wg" < gnso-rds-pdp-wg at icann.org >
Sent: Wednesday, 22 March, 2017 16:33:22
Subject: Re: [gnso-rds-pdp-wg] a suggestion for "purpose in detail"
Thanks, Nathalie. I'm sure many share your frustration!
I think that's a constructive question, and I'll jump in. My biggest fear is that in the monitoring that companies like mine do for banks, payment providers, e-commerce companies, etc. that helps determine whether a merchant is who they say they are, and whether they are engaged in other bad activity (i.e., laundering money) will be unable to obtain access to the Whois records we need in order to preserve the integrity of the payments system, protect payment providers from risk, and derivatively protect consumers. In other words, my fear is that we'll lose access to Whois records, which we need for that purpose.
Actually, to be honest, that's not true -- my biggest fear (to answer your question directly) is of clowns, and every time I travel, I ask the hotel to please check for clowns in my closet before I enter the room. But I assume you didn't really want to know my biggest fear -- you just want to know my biggest fear in relation to Whois policy, correct? Two different things, but yeah -- if a clown jumped out of my hotel closet, that would probably be the realization of my biggest fear. That's probably nothing that this working group can do much about, though.
John Horton
President and CEO, LegitScript
Follow Legit Script : LinkedIn | Facebook | Twitter | Blog | Google+
On Wed, Mar 22, 2017 at 9:24 AM, nathalie coupet via gnso-rds-pdp-wg < gnso-rds-pdp-wg at icann.org > wrote:
BQ_BEGIN
+1 I must say I'm a bit disillusioned by the entire process. This PDP should look like a negotiating table, instead it is more like a War of Trenches.
If stakeholders are not motivated to negotiate, there is no sense of urgency and stakes for change are so low, then I wonder what we are doing here in the first place.
Could every stakeholder state what their biggest fear is, and we could try to avoid their realization?
Or maybe, in last resort, we should just vote for the best proposal and go home?
Nathalie
Sent from my iPhone
> On Mar 22, 2017, at 12:06 PM, Andrew Sullivan < ajs at anvilwalrusden.com > wrote:
>
>> On Wed, Mar 22, 2017 at 10:19:56AM -0500, John Bambenek wrote:
>> Yes there is a difference which is why I am using both words. And that's why I am suggesting we talking about optional and maskable fields right up front as part of the requirements discussion not some ancillary discussion that happens later after all the decisions are already made.
>>
>
> I thought the WG had already decided on a different (multi-pass)
> strategy, in which data collection itself was treated first with the
> principle that, if there were some (legitmate, hand-wave hand-wave)
> purpose then collection would be considered. Later, the further
> question of access to such collected items would be taken up.
>
> I don't really care which way we do this, but it seems to me that we
> need to stop arguing about the way by which we'll reach a result and
> start actually doing work in the direction of some result. The
> meta-discussions about process are wearing out contributors (well, at
> least one contributor!) and creating the condition in which those who
> want no changes at all will get their way by exhaustion. If ICANN is
> incapable of coming to terms with the deficiencies of whois (the
> protocol) after all this time, it will be revealed to be ridiculous.
>
> Best regards,
>
> A
>
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> ______________________________ _________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
______________________________ _________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
--
_________________________________
Note to self: Pillage BEFORE burning.
_______________________________________________
gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
BQ_END
BQ_BEGIN
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
BQ_END
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
BQ_END
BQ_END
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
--
_________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________
gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901 Fax.: +49 (0) 6894 - 9396 851 Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg at icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
BQ_END
--
_________________________________ Note to self: Pillage BEFORE burning.
BQ_END
--
Bei weiteren Fragen stehen wir Ihnen gerne zur Verfügung.
Mit freundlichen Grüßen,
Volker A. Greimann
- Rechtsabteilung -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Folgen Sie uns bei Twitter oder werden Sie unser Fan bei Facebook: www.facebook.com/KeySystems www.twitter.com/key_systems Geschäftsführer: Alexander Siffrin
Handelsregister Nr.: HR B 18835 - Saarbruecken
Umsatzsteuer ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu Der Inhalt dieser Nachricht ist vertraulich und nur für den angegebenen Empfänger bestimmt. Jede Form der Kenntnisgabe, Veröffentlichung oder Weitergabe an Dritte durch den Empfänger ist unzulässig. Sollte diese Nachricht nicht für Sie bestimmt sein, so bitten wir Sie, sich mit uns per E-Mail oder telefonisch in Verbindung zu setzen.
--------------------------------------------
Should you have any further questions, please do not hesitate to contact us.
Best regards,
Volker A. Greimann
- legal department -
Key-Systems GmbH
Im Oberen Werk 1
66386 St. Ingbert
Tel.: +49 (0) 6894 - 9396 901
Fax.: +49 (0) 6894 - 9396 851
Email: vgreimann at key-systems.net Web: www.key-systems.net / www.RRPproxy.net www.domaindiscount24.com / www.BrandShelter.com Follow us on Twitter or join our fan community on Facebook and stay updated: www.facebook.com/KeySystems www.twitter.com/key_systems CEO: Alexander Siffrin
Registration No.: HR B 18835 - Saarbruecken
V.A.T. ID.: DE211006534
Member of the KEYDRIVE GROUP www.keydrive.lu This e-mail and its attachments is intended only for the person to whom it is addressed. Furthermore it is not permitted to publish any content of this email. You must not use, disclose, copy, print or rely on this e-mail. If an addressing or transmission error has misdirected this e-mail, kindly notify the author by replying to this e-mail or contacting us by telephone.
_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170323/82a6d91f/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list