On 2016-12-07 14:55, Greg Aaron wrote:
Speaking of key concepts… people often say "registration data" when they really mean "contact data."
I find that what they really mean is generally "stuff I see on a whois lookup" which is all sorts of data * data about registrar * data about registration * data about registrant * data about registry * data about regulator * T&Cs etc
the THIN DATA. This data is factual
Sometimes
accurate,
At a certain point-in-time, dependant on the source you are obtaining it from
is not personally identifiable,
It could be possible to identify a person from the data, but it's not as straightforward as printing their name & address
and I think is completely noncontroversial.
Several items in what you're grouping as "thin data" are definately controversial, and a regular cause of problems
The second kind of registration data is CONTACT DATA
Yes
In the coming discussions, one approach could be: There are good reasons to publish the thin data … is there any compelling reason _not_ to publish it?
Reasons not to ? * it's unnecessary to the functioning of the domain/internet * the EWG said not to make it all freely available * select items shouldn't necessarily be mandated / public * it costs time/effort/money to collect, store, display etc * it's a security risk and so on There are good reasons for _some_ of what you refer to as thin data being available (registrar name for example) and other elements to authorised viewers on a need-to-know Perhaps anon/open data access should be to the minimum elements necessary, with anything else being subject to knowing * who they are * what data they're authorised to see * what exactly that data is going to be used for * agreement to be slapped if they misuse or redistribute the data
_"The EWG unanimously recommends abandoning today's WHOIS model of giving every user the same entirely anonymous public access to (often inaccurate) gTLD registration data.
100% behind that :)
_While basic data would remain publicly available,
So ideally we just need to identify "basic data" which I'd suggest is * domain name * domain registrar
the rest would be accessible only to accredited requestors who identify themselves, state their purpose, and agree to be held accountable for appropriate use."_
Yes, everything else comes under "why do you need to know" Rob