IETF provreg mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: <ross@tucows.com>, "'Michael Young'" <myoung@libertyrms.info>, "'Vittorio Bertola'" <vb@bertola.eu.org>, <ietf-provreg@cafax.se>
From: "Ross Wm. Rader" <ross@tucows.com>
Date: Fri, 17 Jan 2003 12:01:31 -0500
Importance: Normal
In-Reply-To: <000801c2be37$1c9d8840$f80b000a@rraderxp>
Reply-To: <ross@tucows.com>
Sender: owner-ietf-provreg@cafax.se
Subject: RE: An user's point of view on the privacy issue

> Agreed - *but* I don't expect that we'll see many as long as 
> you're up there.

Oops...just re-read that - there was a ":)" that should have ended that
sentence - no ill intended.



                       -rwr




"There's a fine line between fishing and standing on the shore like an
idiot."
- Steven Wright

Get Blog... http://www.byte.org/blog


 

> -----Original Message-----
> From: owner-ietf-provreg@cafax.se 
> [mailto:owner-ietf-provreg@cafax.se] On Behalf Of Ross Wm. Rader
> Sent: Friday, January 17, 2003 9:46 AM
> To: 'Michael Young'; 'Vittorio Bertola'; ietf-provreg@cafax.se
> Subject: RE: An user's point of view on the privacy issue
> 
> 
> > would like to see less soap-box speechs and more work towards
> 
> Agreed - *but* I don't expect that we'll see many as long as 
> you're up there. I don't know about the rest of you, but I do 
> appreciate Vittorio taking the time out to specify what his 
> requirements for the mechanism might be. Once the smart guys 
> figure out where that should happen, specifications such as 
> his will most undoubtedly help you figure out how to make 
> "what it looks like" work.
> 
> I've dropped out of even lurking for the past few days, but 
> suffice to say that this is all moot if the question is still 
> "who" as per Joe's question of the 8th... And, at the risk of 
> getting ahead of myself, I'm also not sure that I've seen an 
> answer to Andrew's question of the 9th regarding what basic 
> "privacy" actually is. From my standpoint, the entire line of 
> conjecture is a bit of a red herring - it may simplify the 
> discussion to look at this as a data ownership/entity 
> relationship/data rights management issue as opposed to the 
> more charged (and elusive) question of "privacy" - unless 
> someone has a reasonable definition of "privacy" that they 
> haven't shared with us...
> 
> 
> 
>                        -rwr
> 
> 
> 
> 
> "There's a fine line between fishing and standing on the 
> shore like an idiot."
> - Steven Wright
> 
> Get Blog... http://www.byte.org/blog
> 
> 
>  
> 
> > -----Original Message-----
> > From: owner-ietf-provreg@cafax.se
> > [mailto:owner-ietf-provreg@cafax.se] On Behalf Of Michael Young
> > Sent: Friday, January 17, 2003 8:49 AM
> > To: 'Vittorio Bertola'; ietf-provreg@cafax.se
> > Subject: RE: An user's point of view on the privacy issue
> > 
> > 
> > Thank you for providing your opinion on privacy issues
> > Vittorio.  I think you'll find by reviewing the list that the 
> > current debate in the provreg working group is not about 
> > whether or not a privacy mechanism is desirable, but really 
> > about the technical implementation and where that should 
> > happen.  There are multiple approaches to how to solve for 
> > this problem, and all of them have their perceived advantages 
> > and disadvantages. Some approaches that are being heavily 
> > advocated from non-technical stakeholders have some serious 
> > implementation and performance impacts, and that's really 
> > whats at the heart of the debate right now.  BTW in my 
> > opinion, this forum is not meant as a venue for the amount of 
> > policy based discussion that has occurred of late - it is 
> > meant to be a technical working group.  Hence I honestly 
> > would like to see less soap-box speechs and more work towards 
> > a compromise, such as the one Janusz posted to the list.  
> > Although that idea got shot down, it
> > was the right kind of effort we should be concentrating on.     
> > 
> > 
> > Michael Young
> > 
> > -----Original Message-----
> > From: owner-ietf-provreg@cafax.se 
> [mailto:owner-ietf-provreg@cafax.se]
> > On Behalf Of Vittorio Bertola
> > Sent: January 17, 2003 5:03 AM
> > To: ietf-provreg@cafax.se
> > Subject: An user's point of view on the privacy issue
> > 
> > 
> > Hello,
> > 
> > I am a newbie of this group and of the IETF WGs in general
> > (please pardon me for anything inappropriate I might 
> > unvoluntarily do). However, I have been discussing DNS 
> > privacy issues extensively in the last years, so please allow 
> > me to give my point of view on the ongoing privacy discussion.
> > 
> > Not addressing the privacy issue in the base protocol would
> > likely imply that the service would often be deployed in real 
> > life without any means to achieve privacy protection. 
> > Unfortunately, the present lack of privacy protection in the 
> > WHOIS system is plainly illegal in many countries, and I 
> > don't think it's reasonable to think that this situation can 
> > go on for long without actual lawsuits starting to happen, 
> > both towards ccTLD and gTLD registries and registrars. 
> > 
> > In fact, as others have already pointed out, many registries
> > (especially European ccTLDs) have already started to allow 
> > opting out from WHOIS under certain conditions or for certain 
> > types of data, or even, have already been sued on this. 
> > Personally, I think that the present situation where gTLD 
> > registrants are required to make all their data public won't 
> > last long.
> > 
> > Thus, any new protocol being created in this field should be
> > able to support the ability to mark data as private - 
> > otherwise in the end it might be useless or even damaging. If 
> > this protocol doesn't implement any simple and standard way 
> > to specify reasonable privacy directives together with data, 
> > it is likely that many registrars and registries will be soon 
> > forced, by law, lawsuits, or public opinion pressure, to add 
> > their own (non-standard and non-interoperable) ones.
> > 
> > The protocol must allow customers to specify privacy
> > conditions with the highest possible granularity, because it 
> > must be able to support policies that will be very different 
> > one from the other and will vary often (much more often than 
> > the protocol itself) according to non-technical decisions. No 
> > privacy policy should be hard-wired in the protocol (and this 
> > includes the policy of "no privacy is possible" that would 
> > result from the lack of privacy specification tools in the 
> > base protocol).
> > 
> > I must also point out that, according for example to the
> > European law, it is the customer, nor the registrar nor the 
> > registry nor any policy or standard making body, that decides 
> > what should be published and what should not. The registrar 
> > or registry are not allowed to alter the customer's 
> > indications on privacy. At most, the registrar/registry may 
> > refuse to supply the service if the customer does not accept 
> > to distribute data that are strictly necessary for the 
> > service to work. (It seems to me very doubtful that 
> > publishing my name and e-mail to the whole world is strictly 
> > necessary for my name servers to work. But this is a policy 
> > and legal discussion anyway, and is out of this list's
> > scope.)
> > 
> > So, the minimum level of granularity that the protocol should
> > support to be applicable in real life is the ability to mark 
> > each field of each domain name registration form as private 
> > or public, singularly for each (domain, field) couple.
> > 
> > The EU law also states that the owner of the data has the
> > right to verify and update the data and retire the consensus 
> > to the distribution at any time. So the protocol should allow 
> > for updates not only of the data but of the privacy indications too.
> > 
> > Theoretically, a registrar could ask separate approvals to
> > the customer for different uses of the same data. In this 
> > case, a mechanism with more levels of privacy would be 
> > necessary. However, this is an option for the registrar, not 
> > a requirement, so this could be left to extensions. 
> > Similarly, a specific approval is required to export data 
> > outside of the European Union, so a mechanism to specify a 
> > list of countries to which data can(not) be exported could be 
> > of use, but this problem can be easily avoided by the 
> > registrar by asking for such consensus, so this could be left 
> > as a possible extension too.
> > 
> > Thus, summarizing, I support the idea that a mechanism to 
> specify (at
> > least) whether each single field of each single domain name
> > is meant to be public or private should be added to the base 
> > protocol, and its implementation should be mandatory.
> > -- 
> > vb.                  [Vittorio Bertola - vb [at] bertola.eu.org]<---
> > -------------------> http://bertola.eu.org/ <-----------------------
> > 
> > 
>

References:
- RE: An user's point of view on the privacy issue
  - From: "Ross Wm. Rader" <ross@tucows.com>

Prev by Date: RE: An user's point of view on the privacy issue
Next by Date: [ietf-provreg] Re: document management
Prev by thread: RE: An user's point of view on the privacy issue
Next by thread: [ietf-provreg] Re: An user's point of view on the privacy issue
Index(es):
- Date
- Thread

Home | Date list | Subject list