To:
Rick Wesson <wessorh@ar.com>
cc:
Ram Mohan <rmohan@afilias.info>, "Hollenbeck, Scott" <shollenbeck@verisign.com>, "'Edward Lewis'" <edlewis@arin.net>, Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>, ietf-provreg@cafax.se, brunner@nic-naa.net
From:
Eric Brunner-Williams in Portland Maine <brunner@nic-naa.net>
Date:
Sun, 23 Feb 2003 16:50:36 -0500
In-Reply-To:
Your message of "Sun, 23 Feb 2003 11:20:47 PST." <Pine.LNX.4.33.0302231115000.22466-100000@flash.ar.com>
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] FYI: EPP implementation by the Polish registry
Rick,
If rfc3375, sec. 8.4, [1], last sentance read:
The protocol MUST provide services to identify registrant data
publication policies.
Instead of:
The protocol MUST provide services to identify data collection
policies.
Then we'd share a common requirement statement.
A friendly suggestion: pop some <mumble> into a draft of 3375bis and
get it with some similarly inclined co-authors in before the -00 cut
date.
Then we could discuss if 3375 erred (and we all know the putative error
is mine).
With 3375bis creating a registrant participant in EPP, we can look to
the consequences, or if the scope of registrant-as-actor is limited to
<dnp> values.
Comment #1:
Regardless of the contents of a <dnd> container, it does not allow any
party to state the purpose, recipients, retention period, or access to
the publication data, only some binary property of "disclosure". What
does "disclose" mean?
Comment #2:
The <dcp> we've got has a finite set of elements, each taking attribute
values over a finite set, each with a mechanism to extend the set. I'll
use <glob> to discuss, without unnecessary overspecification, the value
space we're exploring, and who sets these values.
If a <glob> arises from some party other than an EPP client or server,
then it must take on values other than those defined between the EPP
nodes, otherwise it has no independent existance.
Example: if registrant_A sets <glob> to <1, 2, 3<2,2>>,
and <glob> values of <0-I, 0-J, 0-K<0-L,0-M>>
are within the repitoire of the registrar/registry,
then there is no way of verifying that the registrar
didn't set the value of <glob> to a value in its
repitoire, in particular, <1, 2, 3<2,2>>.
So, the registrant only becomes "visible" when s/he goes off-reservation
and uses some portion of the value-space that is outside of the operational
practice of the registrar/registry, either because they subset the maximal
defined set of values, or because the registrant extends the maximal
defined set of values.
So, if the registrant creates a <glob> that is outside the space of values
either defined in some standard or operational practice, then the registrant
exists as an independent actor.
So, that's the first awkwardness. The registrant must utter something that
is a complete surprise to the registrar/registry, such as using "00" as a
value for the ccType element, or defining (an extended utility type) a cc5Type
with the length value 5, to allow codes outside of the 639:2 set of values,
e.g., change "US" to "BUSH2".
The second awkwardness is that for the registrant's access policy assertion
to be non-fictional, it has to be capable of binding the conduct of some
other actor, and for the conduct of that actor in varience of that policy
to be detectable.
So, to continue with the ccType example, the registrant would have to be
able to cause an <info> command response to be generated, and in particular,
determine if the contact:postalInfoType's child element either has
a value of "00" or type cc5Type.
Alternatively, for valid values (subsetted by the operational practice of
the registrar/registry), or valid extensions, valid values by the registrant
would result in protocol errors generated by either the EPP client or server.
So, what does a registrant bring to the party, and is it actually worth
having?
Suppose Randy wanted to no-disclosurer for his name as registrant of psg.
If the <dcp> exchange between Tucows and VGRS has
<recipient><ours/></recipient>
what requirement hasn't been met?
If it is
<recipient><ours/><public/></recipient>
then Tucows is free to error-out and fail the data propogation to VGRS.
If the <dnd> exchange between Randy and Tucows and VGRS has
<dnd><contact:name></dnd>
and for reasons discussed above, the semantic of <dnd> is opaque to the
EPP entities, under what set of circumstances could Tucows error out and
fail the data propogation to VGRS? Only if VGRS generated an error? What
if VGRS had an accept-all or refuse-any for non-empty <dcp> elements?
Why do we even need Randy to be involved in this <dnd><contact:name></dnd>?
If Randy can't do anything surprising, then we can whittle his set of
choices down to {0,1}, without loss of generality.
I don't play a lawyer on the net, but there are reasons why 46/95/EC et
seq. has the exposure of the data collection policies of the data collector
as the object of its descriptive focus.
I believe in Satanism, mocking the IESG, depricating the brownie baking
skills of Laura Bush, and that "empowering the registrant" is significantly
harder than beliving in it.
Worst ;-)
Eric