Re: [HR-rt] [regext] Human Rights Review of draft-ietf-regext-verificationcode

"Hollenbeck, Scott" <shollenbeck@verisign.com> Thu, 04 October 2018 18:38 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: hr-rt@ietfa.amsl.com
Delivered-To: hr-rt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CF0A12426A; Thu, 4 Oct 2018 11:38:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HvMB9RPompw4; Thu, 4 Oct 2018 11:38:11 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2C6F128D0C; Thu, 4 Oct 2018 11:38:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=5148; q=dns/txt; s=VRSN; t=1538678291; h=from:to:cc:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=ValRVKmIS58gELW2Ntbra/rOZj+Ep3XZAPJ0UkTKSZU=; b=W6j2c9aE81Xk2I1Ql2nuOKq8qg5XQZkdyqsaiWOQ0Jh8X6KO7TrPJ8jJ YNwOnqzdxtYxGLuB27pOO5iMEmP6B/kAvEcWJ1p3o9Yo+xBM4VRr3nYTF 2/kbaCWCKpLTMWYi34kJPtKZDSIQP+MOIeZ90CeOjUMf8Aw8MBndzpNP4 E85blkvVOFQJd9FRH14HpQUFmD2M+/E78t0AEerxCQntEIhOOWJaFAFhQ TcBEqhJUhGvIQooQg/hq04rAP7u8xKda9r25Yaf69UXlcx4MlkXSo8PZi 6EmN83aetmUp8lGGmUN82Wnz5tUOsR0QTPIMtdU7KGbeZcsca3fMW93PB w==;
X-IronPort-AV: E=Sophos;i="5.54,341,1534809600"; d="scan'208";a="6276834"
IronPort-PHdr: =?us-ascii?q?9a23=3AbX3/mRZgMTToaSjc63JKbRf/LSx+4OfEezUN459i?= =?us-ascii?q?sYplN5qZps+zbB7h7PlgxGXEQZ/co6odzbaO7Oa4ASQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7?= =?us-ascii?q?Ovr6GpLIj8Swyuu+54Dfbx9HiTahY75+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYe?= =?us-ascii?q?RWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZ?= =?us-ascii?q?TAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+t4b1rSBv1gy?= =?us-ascii?q?kZMTA3/nzchshpgK9UpR6soQF0zYzJb4GPLPdwfr3Tc84GRWRPXchRWS5OAoKg?= =?us-ascii?q?YIUAAOUMJvpYoJL/p1cSsReyGQuhCeXywTFInH/22qg63vwvHQ/E2wwgG9YOv2?= =?us-ascii?q?rSrNruKqgdTeO1wLHVxjvec/xW3iv96JTGfhs8pvyMRrJwcc3VyUkrCQzFiE6f?= =?us-ascii?q?ppL5MDOWzekNrXaU7/BhVeK0im4npAdxriKzyccrj4nEn4QYwU3K+yV+xYY6P9?= =?us-ascii?q?y4SEhjbNG+C5RQsDyaN5dsTsM/WGFkoCc6yrsbtp66ZicG0pMnxwTQa/CfboeH?= =?us-ascii?q?/BTjVOeNLjtimX1qZqqziAiu/kiu0O3wTMa00FFUriZdlNnMt2wC2wbd6sidTP?= =?us-ascii?q?Z240Sv2S6X2gzO9u1IO104mKjVJpI737I9lpQevV7MEyL1gEn6kbOael859uWq?= =?us-ascii?q?9+jreKjqq5CfOoNulw3zMbwimsKhDuk7LgQDWm2W9Oag27H/50L0RahGgeEqna?= =?us-ascii?q?TcsJ3VONoUpqC8DgJRz4ks9giwAjG729oCh3YHNkhKeBefgojsPFHBPe73AO+k?= =?us-ascii?q?g1SpjDdr3/fGPqD9ApnVLnjMjrPhfbFl5kNB1AQ91c1T6JJMBL8OIf3/RlL9uM?= =?us-ascii?q?bGDhAlNAy02f7nBM9n2YwDQ26PHLWZMLjUsVOS+u0vJOyMaJcUuDb7Nfcl++bj?= =?us-ascii?q?gWIllVMHYKWk35UaZGqlEvlmLUiVe3Xhj9QZHWcPpAU+TejqiFOYUT5UYna/R7?= =?us-ascii?q?k85jE8CIKiCYfMWIatj6ef0yinHZ1bfX5GBU6WEXfpbIWEWvgMaCSILsB9lTwE?= =?us-ascii?q?UKCtS5U92hG2qA/6171nI/LQ+i0ZrpLjyMN16vbOmhEz+jx0Dtid3HuJT25pn2?= =?us-ascii?q?MIXCQ23KFirkNjzFeDzbN4j+ZfFdxJ6PNDSh06OoLEz+xmF9DyXRrMftWGSFah?= =?us-ascii?q?X9WmBSw+Q8o+ztMSfUZyBc+ijhHY3yqrDL8VkaaHC4Az8qLZxHX+OsN9xGzc1K?= =?us-ascii?q?Y9lVUmQ9VANXGohqJl8AjTHYHJmV2Dl6m2baQcwDLN9GCbwGqOpkFUSRRwUbne?= =?us-ascii?q?UHAefEvWsdr56lnFT7+0BrQtKhFBxtKaKqtWdt3pik1LRPf5ONTGf228gGawBQ?= =?us-ascii?q?yUxrOCdobqfH8d3CrFAkgejw8T5WqGNRQ5Biq5uWLREjNuGkzgYkPw6uR+qW20?= =?us-ascii?q?TlM6zw2QaE1hzbW18AYPhfOAU/MTwq4EuCA5pjV7AVa9xcnWC9qaqAV6ZqpTfM?= =?us-ascii?q?gw70tG1WLCrgB9P5qgIL1jhlEEaQh3uFnu1xokQrlHxIJlqHIx0BFaJaOX0U9I?= =?us-ascii?q?cz+ZxovxNrDRNnK0+wqgJOSejlXfy8qN0qsO5/UkolHvvRqyF0Yv9Wl8ld5P3C?= =?us-ascii?q?3Yrt+FDgUVTJb9Bxpv6RVgpqrbbS977ITR/XFpOLO/9D7Px9xvA/EqhVzoK9VQ?= =?us-ascii?q?N76AGFquS9MXHcm1KeMs3VOuazoIOelI/+g1Mt+oMfyc1/j4EvxnmWfsrWND5I?= =?us-ascii?q?172E+H9G40ceXPw4pPi6WD3gyDUzr6hlqqsejplJpFfjAdGCy0zi2yV90ZXbF7?= =?us-ascii?q?YYteUTTmGMaw3NgrwsLg?=
X-IPAS-Result: =?us-ascii?q?A2FYAAA0XbZb/zCZrQpSCRkBAQEBAQEBAQEBAQEHAQEBAQE?= =?us-ascii?q?BgVMCAQEBAQELAYJrgScKg2qDSpJ4gy8OjjyEZIE/NAcMARgPB4ECgzwCF4QwN?= =?us-ascii?q?gsNAQMBAQEBAQECAQECgQUMgjYkD0s6MAEBAQEBAQEBAQEBAQEBAQEBAQEBARU?= =?us-ascii?q?CHxQiGwEBAQECAQEiEUUMBAIBCBEEAQEBAgImAgICJgoVCAgCBAENBQiDGoF5F?= =?us-ascii?q?6RygS6DcIYhgQuKOIFCPoQkgxsBAxiBHUGCaoJXAog4hWKPPQMGAoZIhW+BZII?= =?us-ascii?q?bH4FMS4QXiT2SMwGDBAIEAgQFAhSBSQSCA3CDCAEBMgmCHBcRg2iBC0GDFYJtg?= =?us-ascii?q?lFvAQEIjCCBHwEB?=
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1531.3; Thu, 4 Oct 2018 14:34:43 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1531.003; Thu, 4 Oct 2018 14:34:43 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "'lists@digitaldissidents.org'" <lists@digitaldissidents.org>, "'jgould=40verisign.com@dmarc.ietf.org'" <jgould=40verisign.com@dmarc.ietf.org>
CC: "'hr-rt@irtf.org'" <hr-rt@irtf.org>, "'hrpc@irtf.org'" <hrpc@irtf.org>, "'regext@ietf.org'" <regext@ietf.org>, "'gurshabad@cis-india.org'" <gurshabad@cis-india.org>
Thread-Topic: [EXTERNAL] Re: [regext] Human Rights Review of draft-ietf-regext-verificationcode
Thread-Index: AQHUWxr5hyC056QopEWFVA23IQF5HKUNyqSAgAE2IjCAAEmNAIAAIQvA
Date: Thu, 4 Oct 2018 18:34:42 +0000
Message-ID: <298864300d064f669a79ab84a942c3e3@verisign.com>
References: <EE368E9F-E08F-4960-BC0D-88B94D66EF02@verisign.com> <20181003134215.GA23633@mir> <641561c1e0c94f93b45ff3c0809cea27@verisign.com> <b865e4c6-6d49-319f-9bea-2e7ecbefc7e1@digitaldissidents.org>
In-Reply-To: <b865e4c6-6d49-319f-9bea-2e7ecbefc7e1@digitaldissidents.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/hr-rt/ulpmDUfA2O8a7kUWdIUB19rQHPA>
Subject: Re: [HR-rt] [regext] Human Rights Review of draft-ietf-regext-verificationcode
X-BeenThere: hr-rt@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Human Rights Protocol Considerations Review Team <hr-rt.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/hr-rt>, <mailto:hr-rt-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/hr-rt/>
List-Post: <mailto:hr-rt@irtf.org>
List-Help: <mailto:hr-rt-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/hr-rt>, <mailto:hr-rt-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 18:38:13 -0000

> -----Original Message-----
> From: Niels ten Oever <lists@digitaldissidents.org>;
> Sent: Thursday, October 04, 2018 8:36 AM
> To: Hollenbeck, Scott <shollenbeck@verisign.com>;;
> 'jgould=40verisign.com@dmarc.ietf.org';
> <jgould=40verisign.com@dmarc.ietf.org>;
> Cc: 'hr-rt@irtf.org'; <hr-rt@irtf.org>;; 'hrpc@irtf.org'; <hrpc@irtf.org>;;
> 'regext@ietf.org'; <regext@ietf.org>;; 'gurshabad@cis-india.org';
> <gurshabad@cis-india.org>;
> Subject: [EXTERNAL] Re: [regext] Human Rights Review of draft-ietf-regext-
> verificationcode
>
> Hi Scott,
>
> On 10/04/2018 02:26 PM, Hollenbeck, Scott wrote:
> >> -----Original Message-----
> >> From: regext <regext-bounces@ietf.org>; On Behalf Of Niels ten Oever
> >> Sent: Wednesday, October 03, 2018 9:42 AM
> >> To: Gould, James <jgould=40verisign.com@dmarc.ietf.org>;
> >> Cc: hr-rt@irtf.org; hrpc@irtf.org; regext@ietf.org; gurshabad@cis-
> >> india.org
> >> Subject: [EXTERNAL] Re: [regext] Human Rights Review of
> >> draft-ietf-regext- verificationcode
> >>
> >> Hi James,
> >>
> >> On Wed, Oct 03, 2018 at 01:14:10PM +0000, Gould, James wrote:
> >>> Thanks for the review, Gurshabad. I'll consider your feedback in the
> >> context of technical issues with the draft.  The registration of
> >> domain names in some jurisdictions may be subject to various
> >> requirements that involve verification by a party other than the
> registry.
> >>
> >> Could you please be so kind to link to some of these legal
> requirements?
> >
> > There are several examples of registry operators that require
> verification as part of their domain registration process. Here are a few
> ccTLD examples:
> >
> > https://www.denic.de/en/faqs/faqs-for-domain-applicants/#faq-19
> >
> > https://www.nic.fr/en/resources/faq/general-faq/
> > (Look for the "I am a private individual; am I entitled to file a
> > domain name under the .fr or .re TLD?" and "I represent a French or
> > foreign company / association / national or international institution;
> > what are my rights with regard to filing a domain name under the TLDs
> > operated by AFNIC ?" questions under "Choosing a domain name".)
> >
> > https://www.about.us/policies/ustld-nexus-requirements
> >
> > Any one of these registries could use the verification code approach if
> it were available.
> >
>
> Thanks for your reply. I interviewed the people from Denic and Nic.fr and
> they explicitly told me they would not use external verification, but
> rather do this is in house. So I am not sure how they would use this
> extension.

They are examples of requirements for verification. With the use of
verification codes as described in the draft, clients (registrars or
registrants) have a choice of verification providers (VSPs) to perform
verification in a way that protects the privacy of the data. Choosing between
in-house verification or external verification is an architectural decision,
and this helps make the latter option possible.

> > In addition, Section 3.7.2 of the 2013 ICANN Registrar Accreditation
> Agreement (RAA) says, "Registrar shall abide by applicable laws and
> governmental regulations".
> >
>
> I have reviewed several legal framework but did not find laws or
> regulation that made this obligatory. It would be great if you could link
> to national laws or regulations that would demand a third party identity
> verification.

Here's one example of a regulation that could be met using the approach
described in the draft:

https://www.ecfr.gov/cgi-bin/text-idx?SID=d611d7d4bd8f3155d3262ea4857c011e&mc=true&node=pt41.3.102_6173&rgn=div5

The draft does not use terms like "obligatory" or "demand". As it says in the
Introduction, "A locality MAY ...".

Scott