IETF Logo Mail Archive

[regext] Re: [Ext] WGLC: draft-ietf-regext-epp-eai (was: WGLC: draft-ietf-regext-rdap-rir-search-09)

Gavin Brown <gavin.brown@icann.org> Wed, 20 November 2024 13:34 UTC

Return-Path: <gavin.brown@icann.org>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 493ABC18DBBB for <regext@ietfa.amsl.com>; Wed, 20 Nov 2024 05:34:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wC5SG0eeOJFu for <regext@ietfa.amsl.com>; Wed, 20 Nov 2024 05:34:13 -0800 (PST)
Received: from ppa3.lax.icann.org (ppa3.lax.icann.org [192.0.33.78]) by ietfa.amsl.com (Postfix) with ESMTP id 7E5B6C15199B for <regext@ietf.org>; Wed, 20 Nov 2024 05:34:13 -0800 (PST)
Received: from MBX112-W2-CO-2.pexch112.icann.org (out.mail.icann.org [64.78.33.6]) by ppa3.lax.icann.org (8.18.1.2/8.18.1.2) with ESMTPS id 4AKDYB7m029737 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 20 Nov 2024 13:34:11 GMT
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Wed, 20 Nov 2024 05:34:10 -0800
Received: from MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) by MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) with mapi id 15.02.1544.011; Wed, 20 Nov 2024 05:34:10 -0800
From: Gavin Brown <gavin.brown@icann.org>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>
Thread-Topic: [regext] [Ext] WGLC: draft-ietf-regext-epp-eai (was: WGLC: draft-ietf-regext-rdap-rir-search-09)
Thread-Index: AQHbO1DhuFxR2z/uFEiIp+VQl8Zktw==
Date: Wed, 20 Nov 2024 13:34:10 +0000
Message-ID: <B365F743-13D8-47F4-9E81-7B60AA7F6983@icann.org>
References: <73182D47-F3BB-4765-8795-180BAEE4A73D@elistx.com> <dba8d9ed-6e14-4e87-93c4-f5c614c346e4@denic.de> <10EF311E-6DEE-4400-AF22-A65EFBF54875@elistx.com> <D21B7C67-360B-4FFD-A05C-1B03DE06C7DF@icann.org> <514a9f8b86834877b6e8a365fbcaf205@verisign.com>
In-Reply-To: <514a9f8b86834877b6e8a365fbcaf205@verisign.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.47.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C8174E7EDFD4824996B6CD69333D5459@pexch112.icann.org>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.62.30 definitions=2024-11-20_10,2024-11-20_01,2024-09-30_01
Message-ID-Hash: ZJQQUWXO3B64KY7CR5KL7HQA4EAT2X5L
X-Message-ID-Hash: ZJQQUWXO3B64KY7CR5KL7HQA4EAT2X5L
X-MailFrom: gavin.brown@icann.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "regext@ietf.org" <regext@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [regext] Re: [Ext] WGLC: draft-ietf-regext-epp-eai (was: WGLC: draft-ietf-regext-rdap-rir-search-09)
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Tla0NrWx-lgrf80_D8lDLkqEigM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>

Hi Scott,

> On 20 Nov 2024, at 12:38, Hollenbeck, Scott <shollenbeck@verisign.com> wrote:
> 
> [snip]
> 
>> 2. There is no Privacy Considerations section. Given that this document
>> pertains to transmission of email addresses, this should probably be
>> corrected.
> 
> [SAH] I just read RFC 6973. It mentions email addresses once, in Section 5.2.1:
> 
> "For example, an initiator's persistent use of the same device ID, certificate, or email address across multiple interactions could allow recipients (and observers) to correlate all of the initiator's communications over time."
> 
> I can capture that, but is there anything else that would need to be noted? My immediate thought is that I could say something about the possibility of these email addresses being disclosed by systems like WHOIS and RDAP. The use of a privacy/proxy service can mitigate that risk. Anything else?

I don't believe there's much privacy prior art in EPP-related RFCs, and I don't think the additional email address that this document adds to the contact object data model deserves special consideration.

I would suggest something along the lines of:-

The content of <addlEmail:email> elements may be may be processed by EPP clients and servers in the same way as that of <contact:email> elements, including publication in directory services such as [RDAP](informative ref to STD 95). Most data protection regulations recognise email addresses as personal data, so any policies governing the collection, transmission and processing of contact information by EPP clients and servers should apply equally to <addlEmail:email> elements as to <contact:email> elements.

G.

--
Gavin Brown
Principal Engineer, Global Domains & Strategy
Internet Corporation for Assigned Names and Numbers (ICANN)

https://www.icann.org

v2.46.0 | Report a Bug | By Email | System Status