[gnso-rds-pdp-wg] Reputation systems are not just nice to have (was Re: What we want redux)
Sam Lanfranco
sam at lanfranco.net
Mon Oct 9 12:52:41 UTC 2017
I am back from Rwanda and swimming through the tremendous sea of comment
that has been generated here in the past week. I would like to pick up
on the point Volker made (below) and hope for some simplicity (and
elegance) in dealing with the twin pronged issue in this sub-stream of
communication. There are two parts that get tangled up.
First, the provider of the registration service asks for (needs)
information about the registree as a normal matter of business. Within
that data is a means of normal business contact, one that is valid
(probably tested at the onset by using one of the standard techniques
involving a test email, with a code to be entered into an online form,
for confirmation).
Second, there is the question of whether or not the /rest-of-the-world/
has access to a means to contact the registree. Since this pdp-wg has
agreed that there should be some way to contact the registree, the
/What?/ (able to contact) and/Why?/ (various purposes) are agreed upon.
The remaining issues are: /How? /and /By Whom? /
Any public access "/How?/" may be constrained by data protection
policies, but within those constraints the ways of contact should be
resolved by registrar preferences, registree preferences, and the
marketplace within which those preferences become registration services
(using free or fee-for-service proxy services, or whatever). The pdp-wg
policy issue here is simply to support that at least one channel should
exist.
The "/By Whom?/" issue is settled. We are talking about un-gated open
access to the everyone (the /rest-of-the-world/). Issues dealing with
gated data access for LEA, due diligence and abuse work by others, and
for research purposes are, can be, and should be separate from the
relatively simple and straight forward issue we are dealing with here.
* Should there be at least one non-gated means for the public to send
a communication to the registree?/Yes!/
* How and by what means? Leave that up to the constraints set by data
protection policies, and mediated in the market place relationships
between registrars and registrees.
My personal observation is that we are making this much more complicated
that we need to. At this level the LEA,due diligence and abuse work and
research purposes do not impact our work since we are only dealing with
the ungated (front gate). to the communications channel. I see their
needs for gated access beyond that as also beyond our remit, or at least
beyond our remit for the single issue on the table here.
Sam Lanfranco,
NCSG/NPOC
/On 10/9/2017 4:50 AM, Volker Greimann wrote:
/
> /Hi Patrick,
> yes and no. Provided there is a working means of communication
> available there is no need to publish the data to the current extent.
> And that means of communication could be a link to a webform, that
> reveals nothing about the registrant but allows you to communicate
> with them, if necessary.
> Best,
> Volker /
>
> Am 03.10.2017 um 21:30 schrieb pkngrds at klos.net:
>> On 10/3/2017 3:05 PM, Jeremy Malcolm wrote:
>>> There is no added value
>>> in collecting personal information - after all, criminals are not going
>>> to provide correct information anyway, and if a domain has been
>>> compromised then the personal information of the original registrant
>>> isn't going to help much, and its availability in the wild could cause
>>> significant harm to the registrant.
>>
>> How can you say "if a domain has been compromised then the personal
>> information of the original registrant
>> isn't going to help much"? Isn't the ability to contact the
>> registrant* and let them know that their domain has been compromised
>> reason enough to keep that information available?
>>
>> Patrick Klos
>> Klos Technologies, Inc.
>>
>> (* Forgive me if I haven't followed every nuance of these
>> discussions. Is there a distinction between the "original
>> registrant" and the "current registrant"?)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20171009/b4552f69/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list