[NCAP-Discuss] Honeypot refresher

Warren Kumari warren at kumari.net
Thu Apr 30 17:57:29 UTC 2020 

On Thu, Apr 30, 2020 at 12:40 PM Jeff Schmidt via NCAP-Discuss
<ncap-discuss at icann.org> wrote:
>
> On 4/30/20, 11:23 AM, "Danny McPherson" <danny at tcb.net> wrote:
>
> >    Thanks Jeff, I understand this.
> >    Per Patrik's response and the SAC066 request specifically about this, do
> >    you have any materials that can be shared with the DG on this?  Should
> >    this be a Capital 'O' opinion?
>
> I am not a lawyer; perhaps lawyers on this list can chime in.  My understanding is that a (Capital O) Opinion could be obtained by a party given a specific legal question/situation.  For example, ICANN could request an Opinion from their counsel regarding the issues/liabilities ICANN would face if it contractually required Registries to implement a technical honeypot as described.  Verisign/Other Registries could request an Opinion from their counsel regarding the issues/liabilities if it were to direct data to such a honeypot or run such a honeypot.  Etc.
>
> Of note, the discussions JAS had on this were pre-GDPR and its global friends.  I'm sure the legal/privacy issues have not gotten any better since then.  :-(  From my understanding of GDPR and friends, since the honeypot would solicit and collect PII from covered jurisdictions, it would be covered and subject to associated obligations and liabilities.  Which, at minimum, would create a bunch of (expensive) operational requirements like being able to query the data, delete myself, etc.  It gets really icky.

Yes, it *does* get really icky -- but what is more icky is delegating
a TLD and leaving people in the dark. If CI works, after some amount
of time no-one should be sending data to a honeypot -- and anyone who
is is ripe for getting 0wned by whoever registers the colliding name.

W


>
> Jeff
>
>
> _______________________________________________
> NCAP-Discuss mailing list
> NCAP-Discuss at icann.org
> https://mm.icann.org/mailman/listinfo/ncap-discuss
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

More information about the NCAP-Discuss mailing list