Hi Jason- This looks like there was a lot of thought put into the three paths of potential solution. This is a slow-simmer stew problem that has had a lot of new ingredients and dietary requirements and allergies added, so I envy you, chef. We're still trying to microwave our way out of it. In the three options, they are leaving largely unaddressed the realm of unaffiliated third parties, known or not. This is still a number of fundamental gaps. "How does the registrar provide data they don't have?" "How does the registrar fulfill their obligations of notice, disruption of service, or other areas that require communication with an end registrant?" Subjectivity: "What constitutes 'Known'?" Let's also look at subjectivity regions that are going to need better definitions. There are disconnects related to interpretation of 'known' that will plague us, where one could have conflicting perspectives on if a registrar did or did not know a domain name registrant was providing proxy service to a third party. The proposals around use of regular expressions or pattern matching the org or registrant first name or last name fields are not an adequate remedy for demonstration of 'known' or enough to act with an appropriate level of elegance as a registrar. When I listen closely to requesters from law enforcement, security practitioners and intellectual property interests and hear their pain points about the particularly problematic situations like 'nested proxy layers' or that drove the concept of accreditation of Privacy Proxy (P2 because I am tired of typing those) providers, it was to get at the information of the beneficial owner, for research or enforcement. There is a narrative that suggests that by volume, the majority of P2 are affiliated with the registrar. While this is true, it is the last mile of those which are not affiliated represent the largest challenges, with the least solutions. I have been presented examples of P2 layered 3-4 operators deep - which are a challenge to get ultimately to the responsible party. the $64,000 question here : Was that a description of a law enforcement agent attempting to get to a perpetrator, or I was describing a legitimate corporate tactic of obfuscating the identity of a real domain owner? Should the corporation have a different set of rules? Ultimately, I suspect there is an interest in trying to salvage something that was developed over a decade ago out of respect for the time investments made back then and since, but we really have a lot of gaps that should be considered. Jothan Frakes This email and any attachments may contain confidential and/or privileged information intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient, please notify the sender immediately and delete this message. Any unauthorized use, disclosure, or distribution is prohibited. On Mon, May 12, 2025 at 10:28 AM Jason Kean via Gdd-gnso-ppsai-impl < gdd-gnso-ppsai-impl@icann.org> wrote:
Dear IRT,
The next IRT meeting is scheduled for *Thursday 15 May @15:30 UTC*. During this session, we will introduce three accreditation models ICANN org believes align with the PPSAI Final Report policy recommendations’ intent and review the *IRT’s task (below)* in greater detail. *Please make every effort to attend this important session. *
The IRT’s input will inform Threshold Question B <https://docs.google.com/spreadsheets/d/1rqfRaG1yL8HU48u0_3rIHkREoWN0Psr0rT_I...> :* Can an accreditation model without a formal Accreditation Program remain consistent with the policy recommendations? *This is based on the IRT comment asking if the community had ever concluded that a formal Accreditation Program was needed/wanted, having found no evidence in previous discussions.
*IRT Task*: Review and comment on accreditation models <https://docs.google.com/document/d/14FEv67ER-Qnz2iKiYCCGY8bK4Gky9Thi/edit?us...>. *Due Friday, 30 May 2025*
IRT input is needed on the models to identify* whether any of these options cannot be implemented in accordance with the policy recommendations and why, *and *where further GNSO guidance is needed.*
*To support your comments, please cite*:
- the PPSAI Final Report, - discussions in the original PDP Working Group, and/or - discussions in the former IRT where appropriate
*Avoid IRT comments that*:
- Identify a personal accreditation model preference, or one based on SO/AC/group affiliation, rather than making an assessment based on the scope given to us by the Final Report. - Identify known implementation challenges which have already been noted and listed for further implementation planning discussions.
*Reminder*: only highlight the specific area of related text when making comments.
We look forward to seeing you this Thursday.
Best,
Jason
Jason Kean
Sr. Manager, Reviews and Stakeholder Support
Internet Corporation for Assigned Names and Numbers (ICANN)
www.icann.org
*Upcoming Schedule*:
- *15 May @15:30 UTC:* IRT meeting introducing the accreditations models and detailing IRT task instructions.
- *27-28 May: *ICANN 83 Prep Week. The *Prep Week schedule* <https://icann83.sched.com/> will be published on 5 May 2025
- *30 May:* Deadline for IRT to submit its comments on the accreditation models.
- *11 June*: ICANN83 session in Prague from 9:00am - 10:15am local time. The IRT will discuss the input provided on the accreditations models. - To register for ICANN83, visit: https://events.icann.org/icann83/registration
_______________________________________________ Gdd-gnso-ppsai-impl mailing list -- gdd-gnso-ppsai-impl@icann.org To unsubscribe send an email to gdd-gnso-ppsai-impl-leave@icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.