Hi Richard
retired last year
Congrats :)
to explain the difference between the Intelligence services and LEA.
Because many in the WG have not yet met each-other face-to-face, I do of course accept that there will be instances where we are all unable to determine the attitude / involvement / education / skill-level / whatever of other participants. For the avoidance of doubt, and because several on and off-list replies have brought this up, I am well aware of the differences between those 'roles'. Whilst never considered as "smartest person in the room" (and wouldn't want to be, how else will I learn anything) I would place myself slightly to the right of "crazy" but squarely in the middle of "not actually stupid". That I also find myself in the position of reminding to a learned group of individuals on an Internet Policy mailing list how to interpret tone and intent from a text-based medium (which is primarily done through the use of the use of a "smiley") shouldn't, but somehow does, astound me - so for those that missed it, the comment was clearly marked by the :wink: at the end of the line.
Also as am now be working for RIPE NCC (a RIR) as a Consultant am also happy at the same time, explain to you about the RIPE Database.
Having been a RIPE LIR for more than 10 years before you started being an LEA Rep for them, feel I have a reasonably good understanding of the DB, but thank you for the offer. When opportunity arises, and I sincerely hope it does (assuming Brits are still allowed to travel to Belgium after Brexit) I'd love to sit down with you for beers and a chat about RIPE and, far more interesting to me, your other roles/experience. But, the fact remains, however well maintained and managed the RIPE-DB is, "hole-punching" has been a common practice for 20 years (and not all RIRs follow the same practices in the same way as the RIPE NCC) and it is extremely prevalent now, and sub-allocation/assignment are industry norms. So we need to dispell any attempt at creating/perpetuating a myth that any RIR DB could be a 1-stop-shop for finding out who is "behind" an IP address and it's obvious parallel that any RDAP-DB will be a 1-stop-shop for finding out who is "behind" a domain name As to the possible criminality of a domain name - as opposed to the possible criminality of something accessed over the public internet which may or may not involve a domain name at somepoint during an access method - whole different discussion. ? Can the current WHOIS data provide insight/help/whatever to (insert-group-with-agenda-here) ? Probably, correctly interpreted _data_ can be used for a purpose. ? Should (insert-group-with-agenda-here) have free, unrestricted access to the data ? Debatable, depends on the 'group' and the viewpoint of the data subject. ? Are there parallels of other 'ownership' databases being public ? Not sure, I'm not aware of any supplier who makes a complete list of all their customers private/location/purchase details public. Consider : ? Why doesn't every Gov't make a complete list of all its' citizens and their private/location details public ? Because ... a. they don't know b. what they do know would only be accurate as at compilation time c. someone knows keeping such data private inherrently makes the people more secure etc That's before adding that through interpretation/extrapolation it would ultimately allow the use of that list by anyone to ensure it becomes ultimately trivial to find out any other piece of information about that citizen. Rob -- Rob Golding rob.golding@astutium.com Astutium Ltd, Number One Poultry, London. EC2R 8JR * domains * hosting * vps * servers * cloud * backups *