Hi all,
Il 24/01/2019 13:19, Hollenbeck, Scott ha scritto:
-----Original Message-----
From: regext <regext-boun...@ietf.org> On Behalf Of Niels ten Oever
Sent: Thursday, January 24, 2019 5:37 AM
To: regext@ietf.org
Subject: [EXTERNAL] Re: [regext] Call for adoption: draft-loffredo-regext-
rdap-reverse-search
On 1/23/19 8:26 PM, John Levine wrote:
In article <0f07073e-9e96-3dee-2c39-9aef91dc9...@digitaldissidents.org>
you write:
There is also no limitation or specific use defined, which makes this
protocol in direct violation of with the GDPR.
I'm sorry, but that assertion is not even wrong.
The GDPR affects entities that process or control data related to EU
people. It is not about technical specifications that someone subject
to the GDPR might use at some future time. It's up to the processors
and controllers to figure out if they're subject to the GDPR and if so
how their processing complies with it (keeping in mind that "consent"
is pretty low on the list of criteria.)
I don't plan to further engage with this unfounded line of argument.
For anyone interested in actual work, the ICANN EPDP on this topic is
grinding along and it seems reasonably likely that they will have sort
of reverse search, maybe plain text, maybe hashed identifiers so you
can ask questions like what are all the domains with the same contact
address as this one without knowing what the contact address is.
I totally agree with John here: let's await what comes out of the ICANN EPDP
and see whether this is actually something that is warranted and build it to
that spec.
ICANN isn't the only potential user of this technology. I'd like to make sure
that this draft can address any ICANN-specific use cases, but I don't think we
should sit around and wait for one particular constituent to get its act
together. Assuming that we have non-ICANN use cases to consider, it would make
more sense to start work now and defer completion until we're comfortable that
all anticipated use cases are addressed.
Scott
+ 1
I believe that nobody here is thinking to a misuse of this technology.
Each RDAP provider implementing this capability is subject (like each
WHOIS provider has been subject so far) to some law about personal data
protection defining de facto the legal use.
If WG members agree that it is wothwhile for RDAP users, we should move
forward and be sure that RDAP providers will rely on policies described
in RFC7481 to control its availability, just in the same way people
adopt security measures to control the access to systems, applications,
services, and so on.
That being said, in order to avoid any misunderstanding, I'm changing
the draft to better explain some permissible use cases.
mario
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
--
Dr. Mario Loffredo
Servizi Internet e Sviluppo Tecnologico
CNR - Istituto di Informatica e Telematica
via G. Moruzzi 1, I-56124 PISA, Italy
E-Mail: mario.loffr...@iit.cnr.it
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
