[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)

Sam Lanfranco sam at lanfranco.net
Mon Oct 9 12:52:41 UTC 2017 

I am back from Rwanda and swimming through the tremendous sea of comment 
that has been generated here in the past week. I would like to pick up 
on the point Volker made (below) and hope for some simplicity (and 
elegance) in dealing with the twin pronged issue in this sub-stream of 
communication. There are two parts that get tangled up.

First, the provider of the registration service asks for (needs) 
information about the registree as a normal matter of business. Within 
that data is a means of normal business contact, one that is valid 
(probably tested at the onset by using one of the standard techniques 
involving a test email, with a code to be entered into an online form, 
for confirmation).

Second, there is the question of whether or not the /rest-of-the-world/ 
has access to a means to contact the registree. Since this pdp-wg has 
agreed that there should be some way to contact the registree, the 
/What?/ (able to contact) and/Why?/ (various purposes) are agreed upon. 
The remaining issues are: /How? /and /By Whom? /

Any public access "/How?/" may be constrained by data protection 
policies, but within those constraints the ways of contact should be 
resolved by registrar preferences, registree preferences, and the 
marketplace within which those preferences become registration services 
(using free or fee-for-service proxy services, or whatever). The pdp-wg 
policy issue here is simply to support that at least one channel should 
exist.

The "/By Whom?/" issue is settled. We are talking about un-gated open 
access to the everyone (the /rest-of-the-world/). Issues dealing with 
gated data access for LEA, due diligence and abuse work by others, and 
for research purposes are, can be, and should be separate from the 
relatively simple and straight forward issue we are dealing with here.

  * Should there be at least one non-gated means for the public to send
    a communication to the registree?/Yes!/
  * How and by what means? Leave that up to the constraints set by data
    protection policies, and mediated in the market place relationships
    between registrars and registrees.

My personal observation is that we are making this much more complicated 
that we need to. At this level the LEA,due diligence and abuse work and 
research purposes do not impact our work since we are only dealing with 
the ungated (front gate). to the communications channel. I see their 
needs for gated access beyond that as also beyond our remit, or at least 
beyond our remit for the single issue on the table here.

Sam Lanfranco,

NCSG/NPOC

/On 10/9/2017 4:50 AM, Volker Greimann wrote:
/
> /Hi Patrick,
> yes and no. Provided there is a working means of communication 
> available there is no need to publish the data to the current extent. 
> And that means of communication could be a link to a webform, that 
> reveals nothing about the registrant but allows you to communicate 
> with them, if necessary.
> Best,
> Volker /
>
> Am 03.10.2017 um 21:30 schrieb pkngrds at klos.net:
>> On 10/3/2017 3:05 PM, Jeremy Malcolm wrote:
>>> There is no added value
>>> in collecting personal information - after all, criminals are not going
>>> to provide correct information anyway, and if a domain has been
>>> compromised then the personal information of the original registrant
>>> isn't going to help much, and its availability in the wild could cause
>>> significant harm to the registrant.
>>
>> How can you say "if a domain has been compromised then the personal 
>> information of the original registrant
>> isn't going to help much"?  Isn't the ability to contact the 
>> registrant* and let them know that their domain has been compromised 
>> reason enough to keep that information available?
>>
>> Patrick Klos
>> Klos Technologies, Inc.
>>
>> (* Forgive me if I haven't followed every nuance of these 
>> discussions.  Is there a distinction between the "original 
>> registrant" and the "current registrant"?)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171009/b4552f69/attachment.html>

More information about the gnso-rds-pdp-wg mailing list