On Thu, Jan 24, 2019 at 02:44:16PM +0100, Mario Loffredo wrote: > Hi all, > > Il 24/01/2019 13:19, Hollenbeck, Scott ha scritto: > > > -----Original Message----- > > > From: regext <regext-boun...@ietf.org> On Behalf Of Niels ten Oever > > > Sent: Thursday, January 24, 2019 5:37 AM > > > To: regext@ietf.org > > > Subject: [EXTERNAL] Re: [regext] Call for adoption: draft-loffredo-regext- > > > rdap-reverse-search > > > > > > > > > > > > On 1/23/19 8:26 PM, John Levine wrote: > > > > In article <0f07073e-9e96-3dee-2c39-9aef91dc9...@digitaldissidents.org> > > > you write: > > > > > There is also no limitation or specific use defined, which makes this > > > protocol in direct violation of with the GDPR. > > > > I'm sorry, but that assertion is not even wrong. > > > > > > > > The GDPR affects entities that process or control data related to EU > > > > people. It is not about technical specifications that someone subject > > > > to the GDPR might use at some future time. It's up to the processors > > > > and controllers to figure out if they're subject to the GDPR and if so > > > > how their processing complies with it (keeping in mind that "consent" > > > > is pretty low on the list of criteria.) > > > > > > > > I don't plan to further engage with this unfounded line of argument. > > > > > > > > For anyone interested in actual work, the ICANN EPDP on this topic is > > > > grinding along and it seems reasonably likely that they will have sort > > > > of reverse search, maybe plain text, maybe hashed identifiers so you > > > > can ask questions like what are all the domains with the same contact > > > > address as this one without knowing what the contact address is. > > > > > > > I totally agree with John here: let's await what comes out of the ICANN > > > EPDP > > > and see whether this is actually something that is warranted and build it > > > to > > > that spec. > > ICANN isn't the only potential user of this technology. I'd like to make > > sure that this draft can address any ICANN-specific use cases, but I don't > > think we should sit around and wait for one particular constituent to get > > its act together. Assuming that we have non-ICANN use cases to consider, it > > would make more sense to start work now and defer completion until we're > > comfortable that all anticipated use cases are addressed. > > > > Scott > > + 1 > > I believe that nobody here is thinking to a misuse of this technology. > > Each RDAP provider implementing this capability is subject (like each WHOIS > provider has been subject so far) to some law about personal data protection > defining de facto the legal use. > > If WG members agree that it is wothwhile for RDAP users, we should move > forward and be sure that RDAP providers will rely on policies described in > RFC7481 to control its availability, just in the same way people adopt > security measures to control the access to systems, applications, services, > and so on. > > That being said, in order to avoid any misunderstanding, I'm changing the > draft to better explain some permissible use cases.
I agree with both Scott and Mario here. Additionally, the discussion on this list with Mario has satisified my reservations, and I fully support the adoption of this document. -andy _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
