From: <gnso-rds-pdp-3-bounces@icann.org> on behalf of David Cake <dave@davecake.net>
Date: Tuesday, October 17, 2017 at 4:47 AM
To: "gnso-rds-pdp-3@icann.org" <gnso-rds-pdp-3@icann.org>
Subject: [Gnso-rds-pdp-3] lets get started

We will try for another meeting later in the week, but we can’t wait until then to get started, as our 

‘m hoping to kick off discussion with this email. 

Our goal is to produce, over the next week and a bit, roughly two pages or so of definition of DNS Certification as a purpose for RDS data and access. 

We might want to start by expanding the definition very carefully, specifying the who and why at every stage.

We might want to expand the use cases in detail, for example looking at the different types of DNS certification, and which data is necessary for each, and being specific about the data required. 

We might want to look at alternatives to accessing RDS data. 

I don’t think we have anyone on this call who works for a CA. The closest we probably have is some people from EFF (Jeremy’s employer) are involved in the Lets Encrypt project, and might be able to help us with some technical questions. I know some of the technical issues related to Certification a bit, but only some. We should expect that some of our work may change in detailed discussion with a CA technical expert, but that is no reason not to get started. 

The EWG report includes this definition, which we might want to consider as a bare minimum starting point

Tasks within the scope of this purpose include a Certification Authority (CA) issuing an X.509 certificate to a subject identified by a domain name. To accomplish this task, the user needs to confirm that the DN is registered to the certificate subject; doing so requires access to all public and gated data about the Registrant.

Which parts of that do we agree with, which deserve further consideration?

David