David: My apologies for not making the call this morning. Seeing I was involved in the EWG, I can tell the team that in the EWG discussions, the focus was on system-to-system identification and verification. I can tell you that almost all the use cases that anchored this purpose tended to online systems where the trust relationship extended to definite authoritative responses to identity challenges for transactional conversations in an upper [software] layer. These non-exhaustive list included online payment systems, online banking platforms, interactions of health providers with online health record portals, student management systems etc. Because we believe auditability is central to the idea of accuracy and purposeful and only permitted purposeful use, we also considered auditing whether by reputation companies or researchers as secondary use cases that could be supported here. Best, -Carlton -Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Tue, Oct 17, 2017 at 6:47 AM, David Cake <dave@davecake.net> wrote:
The first meeting, unfortunately, only two of us attended, so we cancelled it.
We will try for another meeting later in the week, but we can’t wait until then to get started, as our ‘m hoping to kick off discussion with this email.
Our goal is to produce, over the next week and a bit, roughly two pages or so of definition of DNS Certification as a purpose for RDS data and access.
We might want to start by expanding the definition very carefully, specifying the who and why at every stage.
We might want to expand the use cases in detail, for example looking at the different types of DNS certification, and which data is necessary for each, and being specific about the data required. We might want to look at alternatives to accessing RDS data.
I don’t think we have anyone on this call who works for a CA. The closest we probably have is some people from EFF (Jeremy’s employer) are involved in the Lets Encrypt project, and might be able to help us with some technical questions. I know some of the technical issues related to Certification a bit, but only some. We should expect that some of our work may change in detailed discussion with a CA technical expert, but that is no reason not to get started.
The EWG report includes this definition, which we might want to consider as a bare minimum starting point
Tasks within the scope of this purpose include a Certification Authority (CA) issuing an X.509 certificate to a subject identified by a domain name. To accomplish this task, the user needs to confirm that the DN is registered to the certificate subject; doing so requires access to all public and gated data about the Registrant.
Which parts of that do we agree with, which deserve further consideration?
David
_______________________________________________ Gnso-rds-pdp-3 mailing list Gnso-rds-pdp-3@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-3