Re: [HR-rt] [regext] Human Rights Review of draft-ietf-regext-verificationcode

Niels ten Oever <lists@digitaldissidents.org> Fri, 05 October 2018 08:20 UTC

Return-Path: <lists@digitaldissidents.org>
X-Original-To: hr-rt@ietfa.amsl.com
Delivered-To: hr-rt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09779130DE8; Fri, 5 Oct 2018 01:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XHcGxN6RQ5rV; Fri, 5 Oct 2018 01:20:13 -0700 (PDT)
Received: from smarthost1.greenhost.nl (smarthost1.greenhost.nl [195.190.28.92]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 42111130DC6; Fri, 5 Oct 2018 01:20:13 -0700 (PDT)
Received: from smtp.greenhost.nl ([213.108.110.112]) by smarthost1.greenhost.nl with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from <lists@digitaldissidents.org>) id 1g8LLF-0006hk-At; Fri, 05 Oct 2018 10:20:11 +0200
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>, "'jgould=40verisign.com@dmarc.ietf.org'" <jgould=40verisign.com@dmarc.ietf.org>
Cc: "'hr-rt@irtf.org'" <hr-rt@irtf.org>, "'hrpc@irtf.org'" <hrpc@irtf.org>, "'regext@ietf.org'" <regext@ietf.org>, "'gurshabad@cis-india.org'" <gurshabad@cis-india.org>
References: <EE368E9F-E08F-4960-BC0D-88B94D66EF02@verisign.com> <20181003134215.GA23633@mir> <641561c1e0c94f93b45ff3c0809cea27@verisign.com> <b865e4c6-6d49-319f-9bea-2e7ecbefc7e1@digitaldissidents.org> <298864300d064f669a79ab84a942c3e3@verisign.com>
From: Niels ten Oever <lists@digitaldissidents.org>
Openpgp: preference=signencrypt
Autocrypt: addr=lists@digitaldissidents.org; prefer-encrypt=mutual; keydata= xsFNBFgpcR0BEACnfvNwTMlN+pyZT0AFYhWqxG3N4AoPIeNfbxLQH7dk8ZL7Ls05xtORfnu9 ovoaRrZpDufkMviUFidNYePbQNdgf63vWVgwpQR7utluwWraetcmZOu6tayJuyBK2b6d2Z23 MJAQxfa2/GMlN3QkvobaoyKtgbc8rOCgNla7WwkgtiVJ89xbAUHXPFpKWZluVRjaFh4p5C5r 7E5OvUiEGLQ5Cn2ir2PGIyIVqjB+hLTyaI6dIGCz2jtL0RATjmsmYUX7UkU/pz8MPPC2BJ5P KU9pdXMRBhAStxcph8vCo2ze9xSi3+1/5A2ULVtvO4s0hZ+exbTfMxMg3H5CCRFEEJXlQEXa Cd0ZHvqcv5xq8n9w/Ccd0CqYWATIwyP8Jlzd+BY3QGTWnWlgoAbs3Guh/pFYhEFNuuAF5Jk1 k5OlNGsRE/LQJmbT5SE7AtLJLbWewcHlEyIH+K6J8uVa4ExLXmRy+eRkFaxjGy3fLlUpy1Ee 1kU7VsQ/TZ8g8ujsMzxqsdB6y0TD/kVlWaDqPL6F+b+pm3lAuCBGWM1YZROTG58R6pD7sNVm i0ift4dIttAsg+2KoShm9A8kQ3tACXZDgNPC0l7VOqnVayjnF0RmjGeiX7PjOcLQCZ9a5wAH 5mrXMaKvfszqAVkP9HSrk1QVZOipF6vEimL43Czy7Rp1aUaUwwARAQABzShOaWVscyB0ZW4g T2V2ZXIgPG1haWxAbmllbHN0ZW5vZXZlci5uZXQ+wsGZBBMBCABDAhsjBQkJZgGABwsJCAcD AgEGFQgCCQoLBBYCAwECHgECF4AWIQQkWAtwXEr9ipSIZDoO2D86RorIswUCWyJaFgIZAQAK CRAO2D86RorIs8I2D/wNc4kT+dRC3Y9lSygeVWuxNj21z/QlbNvfXx9NicgBx4uCjsCm0ZhS 6qnp0uHYZYr8rdIzrL3GazyEuG9uvNzZBvIHm92UY1x0NH0TOVbGwJCWKULStvg9S+DjmNgp x8XM9amCtuXZyCiESeoOVRUanzD1JIidJtKgDfxvC63kqYoXl3azP0ra2nZbpktMm2fW5YdN D6kp6otjBH/jtpLay1CpVDS2Ehl3rLXJVUu96hlBnQB8q+64qyhTZ23HnbU+ib5Zb3OFgYoB KHjukJ4tV4x9rQprCQeirKX627vcNniDPnMp/nr9Qww6iVidX2vsG/22cx8MqLfs4B9tOVCJ Ft9D7MOwxOWgKnaYvrPZBOEmnuGq7btQe1tQZukL1Z83jKkV/e43k1gJaRt4Nl3/6YYCAlnn aQwRmySxznojsEl+X41UaJ6QFcoCphucOHoO9MeVzuNzgOgodXXEvlA8OJAqxRbE5AqB0leJ z1PfyrF1lsy8ETPRGKUKPBVed1vpZCQBfd/5RksOYBGhyfQ8p0w0hGs8SG6Xl6UtorJ+baLZ ZtnYbakfroxQBsF4bD/0P4fZ8wvTUDNLT8WN/9KFoTXrKn2pTLD+V9iw6nQAH4LSPw0G8XsL ce3Ihkf/2bvorGCUO7YXG4u6FPzEHsa/ZNfWHA5kbpGfwe2OVYNeI87BTQRYKXEdARAAxYOE 3/AFmEfQ0SVVFujYFhZKX+BGXolYytC2a1soZogVYTIIlypxkRtN+ljteFAY3xX/El7cx5Fx j+uXvLKAm9xQRI/DCug7/NGULMk9bDK5bzSGw817cyiL5Kb+0RkWj2Y5ArOAK6XPGBZWZTHw yIawsSCN9AhDXZQWVRqkR1QXcq3IYKl+OHWMO7+1VfixCSakNf7T/Kiq46rQEPW8Eghk6CVO BR8xUCBbyk5aRW4VSGO6pUD3H21ur+5fTLsVyan1NHhxNNiXfnEJKr+JI5dXSkj7WqA5n8IT aNdFSAttkdT56wAQpxE2h8zaOmBaFUWQ4D8SdXDVymP5QMtLG+ItMMiNV6kXgsRFugAKM5yZ tPP9gIX+ic8QO5iuct37bRXJU/rmrH54Ab0kyAeeRE7oSsfTZPKvgtUh7VLAUEw/wy6TORJH E8JMaX0yYT6h4PGRS3mNM4bka8hjdfcrexI0zSqFOl2I22zQlG3YqSzIvVh98W67hxfAIaCV aTfJLFPEru3drxNwi6ogdkRmcLGKqqTgeYItrvITyFvzqbrcO2exp0KKEK3cDIZypqHHUf4+ uPlDtuExehLsNOMpjP8qhZpFtyLeDS07qunbvstcyvR30wOJ3DyAbHGzq739UyDcO9Jt5jwO DyVwk3MK5Em4pJ0+IAJx+F6gta0Bk2MAEQEAAcLBZQQYAQgADwUCWClxHQIbDAUJCWYBgAAK CRAO2D86RorIs0ykD/4t151SZG9MbeKRVKbs9Ecjady9bO0L3oBos4rhqY12ha8smFlsUzvb gB4CtkBuXQlq+plOBWv+rFEThOzy3bezgEDjlxycoO1W2wJD6E7Fo9fkHT6UOm9fQBkuKRqK 83OGnfM02qP1Ky8d7EoZz+nTSMf/DJgWw1YRKrXkMHBwKD83lCENsmePWE5AjMqk8cojPv9O y1wWy6fHjwx3r+wQSokBNfxgQyAFonmgBbhlic/pZUYRSIcldyUlaomrjFfr4egzmNE7aWDv LwOUYKevBIeJJcqTyfAn3TtJbPCEHOC2+lP6EcmPFyhQdiia+RqOClumqbWOPeQ2VM8j7NWv KKmBNBB5OJ/rmHogbNU+wWPJ723qMBoOp1jIwFNkQhx01W6v55VMwLr+IuBKY1ggJ2BhwQiG pWv4tMc5oB/qVh3my1VO65ErcJ3S9blpwJdDj5/YDOU7BKEmpRUP+xkaryNzH2x7FzrOOHzJ BX6jeYZabGvnTicQlBAzfGpblFqV3YN6EhCF2AHmGLTZ/DrjGYToIsW8cXlEMqN4u8ODEUY0 OhbnytnopKJKk99bwMoCqDkfQvT3LKDWtZj9NzFndfuoKXsVpwAitrG0mau0/16DKDyVWdtJ 9DYmtE40zO6g70VVxUj+dKt2hbJTy/KQTb7Ijhw7wZrGp/P7nhbVyA==
Message-ID: <dd066886-caf9-e7a4-7019-7a5220070442@digitaldissidents.org>
Date: Fri, 05 Oct 2018 10:20:08 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <298864300d064f669a79ab84a942c3e3@verisign.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Authenticated-As-Hash: 29cc722430e8f1f6ed904119444c0d49b0f3ee91
X-Virus-Scanned: by clamav at smarthost1.samage.net
X-Scan-Signature: 10fb2eeb1e6a32429c7ce102d6ec6cdf
Archived-At: <https://mailarchive.ietf.org/arch/msg/hr-rt/uG5-Dbt31G2T_AqQ1EAIsiwLBVE>
Subject: Re: [HR-rt] [regext] Human Rights Review of draft-ietf-regext-verificationcode
X-BeenThere: hr-rt@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Human Rights Protocol Considerations Review Team <hr-rt.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hr-rt>, <mailto:hr-rt-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hr-rt/>
List-Post: <mailto:hr-rt@irtf.org>
List-Help: <mailto:hr-rt-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hr-rt>, <mailto:hr-rt-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Oct 2018 08:20:17 -0000

On 10/04/2018 08:34 PM, Hollenbeck, Scott wrote:
>> -----Original Message-----
>> From: Niels ten Oever <lists@digitaldissidents.org>
>> Sent: Thursday, October 04, 2018 8:36 AM
>> To: Hollenbeck, Scott <shollenbeck@verisign.com>;
>> 'jgould=40verisign.com@dmarc.ietf.org'
>> <jgould=40verisign.com@dmarc.ietf.org>
>> Cc: 'hr-rt@irtf.org' <hr-rt@irtf.org>; 'hrpc@irtf.org' <hrpc@irtf.org>;
>> 'regext@ietf.org' <regext@ietf.org>; 'gurshabad@cis-india.org'
>> <gurshabad@cis-india.org>
>> Subject: [EXTERNAL] Re: [regext] Human Rights Review of draft-ietf-regext-
>> verificationcode
>>
>> Hi Scott,
>>
>> On 10/04/2018 02:26 PM, Hollenbeck, Scott wrote:
>>>> -----Original Message-----
>>>> From: regext <regext-bounces@ietf.org> On Behalf Of Niels ten Oever
>>>> Sent: Wednesday, October 03, 2018 9:42 AM
>>>> To: Gould, James <jgould=40verisign.com@dmarc.ietf.org>
>>>> Cc: hr-rt@irtf.org; hrpc@irtf.org; regext@ietf.org; gurshabad@cis-
>>>> india.org
>>>> Subject: [EXTERNAL] Re: [regext] Human Rights Review of
>>>> draft-ietf-regext- verificationcode
>>>>
>>>> Hi James,
>>>>
>>>> On Wed, Oct 03, 2018 at 01:14:10PM +0000, Gould, James wrote:
>>>>> Thanks for the review, Gurshabad. I'll consider your feedback in the
>>>> context of technical issues with the draft.  The registration of
>>>> domain names in some jurisdictions may be subject to various
>>>> requirements that involve verification by a party other than the
>> registry.
>>>>
>>>> Could you please be so kind to link to some of these legal
>> requirements?
>>>
>>> There are several examples of registry operators that require
>> verification as part of their domain registration process. Here are a few
>> ccTLD examples:
>>>
>>> https://www.denic.de/en/faqs/faqs-for-domain-applicants/#faq-19
>>>
>>> https://www.nic.fr/en/resources/faq/general-faq/
>>> (Look for the "I am a private individual; am I entitled to file a
>>> domain name under the .fr or .re TLD?" and "I represent a French or
>>> foreign company / association / national or international institution;
>>> what are my rights with regard to filing a domain name under the TLDs
>>> operated by AFNIC ?" questions under "Choosing a domain name".)
>>>
>>> https://www.about.us/policies/ustld-nexus-requirements
>>>
>>> Any one of these registries could use the verification code approach if
>> it were available.
>>>
>>
>> Thanks for your reply. I interviewed the people from Denic and Nic.fr and
>> they explicitly told me they would not use external verification, but
>> rather do this is in house. So I am not sure how they would use this
>> extension.
> 
> They are examples of requirements for verification. With the use of
> verification codes as described in the draft, clients (registrars or
> registrants) have a choice of verification providers (VSPs) to perform
> verification in a way that protects the privacy of the data. Choosing between
> in-house verification or external verification is an architectural decision,
> and this helps make the latter option possible.
> 
>>> In addition, Section 3.7.2 of the 2013 ICANN Registrar Accreditation
>> Agreement (RAA) says, "Registrar shall abide by applicable laws and
>> governmental regulations".
>>>
>>
>> I have reviewed several legal framework but did not find laws or
>> regulation that made this obligatory. It would be great if you could link
>> to national laws or regulations that would demand a third party identity
>> verification.
> 
> Here's one example of a regulation that could be met using the approach
> described in the draft:
> 
> https://www.ecfr.gov/cgi-bin/text-idx?SID=d611d7d4bd8f3155d3262ea4857c011e&mc=true&node=pt41.3.102_6173&rgn=div5
> 
> The draft does not use terms like "obligatory" or "demand". As it says in the
> Introduction, "A locality MAY ...".
> 

If there is only one instance in which this MAY be useful, perhaps there
is no need for standardization of this extension?

Best,

Niels



-- 
Niels ten Oever
Researcher and PhD Candidate
Datactive Research Group
University of Amsterdam

PGP fingerprint	   2458 0B70 5C4A FD8A 9488
                   643A 0ED8 3F3A 468A C8B3