[Ietf-not43] Comments on CRISP Requirements draft-06 and CRIS P Internet Resour ce Number Requirements draft-00

Wed Nov 12 09:49:04 EST 2003

Vittorio,

Thanks for commenting.  The Requirements document as it stands currently
overlooks the fact that the general public uses Whois.  My proposed remedy
would simply clarify that.  

Also, the Requirements document already contains statements that approach,
if not encompass, policy statement, particularly Section 3.1.14 on Privacy
Labels.  My proposed amendment would do no more than what the Privacy Labels
section does.  

Finally, your solution, "if you need to know more, you might simply obtain
the registrant and registrar contacts and then ask them directly," will not
work if the data is phony.  

Thanks again.  I look forward to your response,

Ryan 

-----Original Message-----
From: Vittorio Bertola [mailto:vb at bertola.eu.org]
Sent: Wednesday, November 12, 2003 9:13 AM
To: 'ietf-not43 at lists.verisignlabs.com'
Subject: Re: [Ietf-not43] Comments on CRISP Requirements draft-06 and
CRISP Internet Resour ce Number Requirements draft-00

Ryan Lehning ha scritto:
> The draft protocol outlined in the Requirements document fails to fully
> describe the community of users who need access to Internet resource
> information, including registrant data for domain name registrations.  As
> such, I propose an amendment to section 2.4 "End Users," to include a new
> subsection 2.4.7 as follows:

Are you sure that this is appropriate for a protocol requirements 
document? IMHO, a good part of your text is just a collection of 
personal opinions that are neither uncontroversial nor objective. For 
example:

 > The general public use of directory
> services facilitates consumer protection, prevention of fraud, protection
of
> minors, and transparency of the Internet.

This is just an opinion - in fact, I have heard many people complaining 
that public use of directory services, by exposing people's identities 
and contact details, hugely increases the chances for identity theft, 
frauds and personal harassment.

 > 		3.1.15.2 Service Description
 >
 > 		Though registries may have different policies regarding
 > access to their data, the accuracy of that data is vital to the
 > stability and security of the Internet.

Again, this is just your personal opinion on a policy issue. I don't 
think that it is appropriate for a technical document to make this kind 
of statements.

More generally, I don't get the need to add features to the protocol to 
send this kind of data to the client. You might then add a feature to 
specify from which host the domain name registration form was filled, or 
which browser was used during the registration process, or whether it 
was raining on the day the domain was registered, or other tons of 
irrelevant personal and impersonal information...

I think that the protocol should stay focused on meeting the need for 
exchanging contact details, rather than being overloaded with other 
purposes; if you need to know more, you might simply obtain the 
registrant and registrar contacts and then ask them directly. After all, 
that's exactly what the protocol is meant for.
-- 
.oOo.oOo.oOo.oOo vb.
Vittorio Bertola - vb [a] bertola.eu.org
http://bertola.eu.org/    <-- Vecchio sito, nuovo toblog!

_______________________________________________
Ietf-not43 mailing list
Ietf-not43 at lists.verisignlabs.com
https://lists.verisignlabs.com/mailman/listinfo/ietf-not43