> -----Original Message----- > From: Niels ten Oever [mailto:li...@digitaldissidents.org] > Sent: Wednesday, April 19, 2017 6:15 PM > To: Hollenbeck, Scott <shollenb...@verisign.com>; Gould, James > <jgo...@verisign.com>; 'regext@ietf.org' <regext@ietf.org> > Subject: [EXTERNAL] Re: [regext] I-D Action: draft-ietf-regext- > verificationcode-01.txt > > Hi Scott, > > On 04/18/2017 03:47 PM, Hollenbeck, Scott wrote: > > (Sorry, resending due to a corporate mailer encryption setting user > error on my part). > > > >> -----Original Message----- > >> From: Niels ten Oever [mailto:li...@digitaldissidents.org] > >> Sent: Tuesday, April 18, 2017 9:29 AM > >> To: Gould, James <jgo...@verisign.com>; Hollenbeck, Scott > >> <shollenb...@verisign.com>; 'regext@ietf.org' <regext@ietf.org> > >> Subject: [EXTERNAL] Re: [regext] I-D Action: draft-ietf-regext- > >> verificationcode-01.txt > >> > >> Hi James, > >> > >> You're right. In Berlin I mentioned it in relation to the > >> verification code draft (and brought up the statement about it [0]), > >> but similar there are definitely also considerations for the resellers > draft. > > > > Could you elaborate on that, please? The reseller (soon to be generic > > organization, I believe) draft(s) describe a means of exchanging > > information to identify an organization. Which bits of information do > > you see having human rights considerations? > > > > Thanks for bringing up human rights considerations here. If I understand > draft-ietf-regext-reseller-01 correctly, one could force a customer in > country X to have a 'reseller:name type="loc" in country X' which could > impact the ability of a user to acquire a domain. > > It would help to understand the reason of adding this to the spec.
That specific field is used to identify the name of the reseller business in a localized (a representation commonly understood by people living in some local area, such as the German word "hund" vs. the English word "dog" for people living in Berlin) form. It's included in the spec because the name of a reseller entity (or any other organizational entity) is what people typically see when interacting with these entities. The name is thus very useful information. > impact the ability of a user to acquire a domain Are you implying that the ability to acquire any domain I want is a fundamental right? If so, we are in for some interesting debates. Here's a very specific example: DENIC has a cooperative membership structure that allows members to provide services to resellers (see link below). A reseller of .de domains could very well be identified with a 'reseller:name type="loc" in Germany', and someone who wishes to register a .de domain must (is forced to?) do so through a member of the cooperative or through a reseller of a member. Is this a human rights restriction? I personally don't think it is, even though I am in fact restricted in my ability to acquire a .de domain. > >> Question is: should we create privacy considerations per draft, or > >> would it make more sense to make a draft with Privacy Considerations > >> for EPP (similar to RFC7819 did for DHCP). > > > > I don't know that I can answer that question without a better > > explanation of the kinds of things to be considered. I *can* see > > issues associated with personal privacy and the publication of contact > > information in WHOIS and/or RDAP (which points towards considerations > > for a document like RFC 5733), but where do you see considerations for > > a document like RFC 5732 in which there is no exchange of information > associated with humans? > > It depends whether we're thinking about privacy consideration, or human > rights considerations as you brought up. If we focus on privacy > considerations, then focusing on RFCs that deal with PII makes most sense, > but other drafts defintely have an impact on freedom of assembly, > association, etc. I don't understand why you've drawn a distinction between "privacy consideration, or human rights considerations" as quoted above. Privacy is addressed in Section 6.2.2 of draft-irtf-hrpc-research, so there appears to be a relationship. Anyway, I agree in principle that we need to be concerned about privacy considerations. I could still use help with specific examples where you see impacts on freedom of assembly or association. Scott * https://www.denic.de/fileadmin/public/documents/Media/DENIC-Factsheet_Web.pdf _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
