[Ietf-not43] -02 requirements draft

Paul Stahura stahura@enom.com
Thu, 7 Nov 2002 18:57:00 -0800 

Eric,

Another question.
I think I must not get this whole thing, and
unfortunately I am not able to attend the IETF
meeting to get clued in at a higher bandwidth.

Anyway, you said
"First is that the owners of
the source databases will almost certainly have to give their permission
for this model to work."

Does that mean that if the "owners" are required to give out the data
(which is at least the case nowadays), then therefore they are unable to
restrict access (give their permission) so the model will not work?

If so then the model pre-supposes policy since it won't
work if a certain policy (which happens to 
be the one in effect today) is chosen in the future.
I thought it was supposed to be policy-agnostic.
I do see that the spec allows permission level to be set to zero
(today's requirement) or some higher more restrictive level, 
but I guess you are saying
that many other benefits (for example the ability to charge) are not
realized if it is required by policy people to be zero, 
so therefore policy people won't set it to zero for everyone, and
maybe zero (most open) only for the few such as law enforcement.
Or will it be up to the registrar/registries to set it how they decide?
I hope you are correct in that assumption.
But what happens if policy people stick with status quo (its all public
info)?

Hope this permission-policy-impact-on-model question 
is not out of line for this list.

Paul


-----Original Message-----
From: Eric A. Hall [mailto:ehall@ehsco.com] 
Sent: Thursday, November 07, 2002 4:50 PM
To: Paul Stahura
Cc: ietf-not43@lists.verisignlabs.com
Subject: Re: [Ietf-not43] -02 requirements draft



[top-posting to keep the context]

My personal vision is that some third-party will emerge to offer catalog
servers. Think Google/AltaVista and the like, and apply it here. Law
enforcement will need to do the same kind of thing, although probably on a
much smaller scale, and probably on different terms.

A few VERY important considerations here... First is that the owners of
the source databases will almost certainly have to give their permission
for this model to work. The owners of the data have all of the power here.
They can limit the number of queries or they can simply filter all queries
from that third-party if they choose, thereby forcing the third-party to
request higher access on some kind of limited terms, including privacy
controls, query rates, or anything else thate the original providers may
or may not be subject to. They can also demand some kind of payment for
this access, if they want.

This goes for every operator of any partition in the mesh. Wheras the
Swedish NIC may have a bunch of issues that need to be resolved, I'd
probably let Google have guest access to my local server (but not
privileged access) without asking for anything.

This also means that if law enforcement wanted to get anything special
they would also have to go to the source for permission, which may or may
not be allowed or justified, depending on the issues at hand.

I honestly believe that this is the only model that will survive the
myrida cross jurisdictional issues we are looking at, and I also think it
satisfies the concerns below for reimbursement.

on 11/7/2002 3:57 PM Paul Stahura wrote:
> This will cost money to develop.
> Who will the development costs be passed to?
> Unless something changes,
> I find it interesting that the costs will be passed to the people
supplying
> the information (registrants in the form of higher registration fees) 
> not to the people requesting and using it for fun and profit.
> It would probably be cheaper (not just dollars but cpu cycles)
>  for registrars/registries to just give
> their information to a single "law enforcement", 
> say daily via an FTPed XML file, than to implement 
> and maintain a complex distributed query scheme.
> IPR community would then just ask law enforcement to run their queries.
> 
> 
> Paul
> 
> 
> -----Original Message-----
> From: Rick Wesson [mailto:wessorh@ar.com] 
> Sent: Wednesday, November 06, 2002 4:04 PM
> To: Leslie Daigle
> Cc: fausett@lextext.com; ietf-not43@lists.verisignlabs.com
> Subject: Re: [Ietf-not43] -02 requirements draft 
> 
> 
> 
> Leslie,
> 
> 
>>As for the "all domains owned by Joe Example", we've heard this
>>requirement from both IPR and law enforcement communities.
> 
> 
> at issue is that this same style of query is exactly what direct
marketeers
> want too. while i have herd from the IPR community I don't see them
> offering to fund the development and deployment of such services.
> 
> though we may have some actors that desire these services I see no reason
> to offer them for free. This is why I have proposed a requirement for
> settlements.
> 
> I also can't see how we can tell the diference between an authorized user
> that is a Direct Marketer and one that is from law enforcement.
> 
> 
> best,
> 
> -rick
> 
> 
> _______________________________________________
> Ietf-not43 mailing list
> Ietf-not43@lists.verisignlabs.com
> http://lists.verisignlabs.com/mailman/listinfo/ietf-not43
> _______________________________________________
> Ietf-not43 mailing list
> Ietf-not43@lists.verisignlabs.com
> http://lists.verisignlabs.com/mailman/listinfo/ietf-not43

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/
_______________________________________________
Ietf-not43 mailing list
Ietf-not43@lists.verisignlabs.com
http://lists.verisignlabs.com/mailman/listinfo/ietf-not43