To:
Edward Lewis <edlewis@arin.net>
cc:
Vittorio Bertola <vb@bertola.eu.org>, ietf-provreg@cafax.se, brunner@nic-naa.net
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Thu, 23 Jan 2003 16:06:05 -0500
In-Reply-To:
Your message of "Thu, 23 Jan 2003 11:06:16 EST." <a05111b05ba55bfef24b2@[192.149.252.226]>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] where are we with privacy
w.r.t. point 5 We've considered ... bilateral (out of band) contract, between registries and registrars, [SH]. hop-by-hop (in band) announcement, between registries, registrars, (and implicitly resellers) [EBW]. We haven't considered ... end-to-end (in band) requirement, between users and registries [JS, and IESG, cheritably construed], end-to-end (in band) requirement, ditto, with per-hop binding [JS, and IESG, cheritably construed]. If we're to research anything, it isn't "privacy", it is which AAA model is a better fit. We started without users, and resellers were just registrar-bloblets, and for many only CNO (not Cherokee Nation of Oklahoma) "mattered". Those were the consensus points of this mailing list. There is this proto-blob of gunk that arises out of an resource allocation request. In route to the allocator, zero or more intermediaries read, and possibly write, bits of the proto-blob. In EPP, the syntatic form of the proto-blob is XML, and the resource is a domain name. Before we ask what is in the proto-blob, let alone what it signifies, we need to be in agreement who its writers and readers are. If "users" are amongst the writer-set, yet we retain the authentication model we have (only registrars and registries are authenticable), and the effect of these "users" acting as writers on an additional attribute of each element in the schema, we've got what looks like line noise, pre-flipping bits at random, outside of the agency of the authenticated (rrar, rtry) set. Adding users as writers is a change. We can pretend they are simply line noise and not change our model. When we account for the parties, and the transactions between the parties, then we can solve for what thing that isn't AAA the parties are exchanging. No "research" into what "privacy" means, please. The P3P spec group, and the old IRTF activity, did the best they could, without ICANN modifying the value of the work product. Eric (not wearing my tattered P3P Spec Group I.E. hat, just the usual asses ears)