Hi Ronald, Please see replies below.
On Wed, Jul 20, 2022 at 4:52 AM Ronald F. Guilmette via db-wg <[email protected]> wrote: > > In message > <CAKvLzuFZDSk11aW=j0ufpns5i+-2bmdhfkj7pqfauu-nhhe...@mail.gmail.com> > denis walker <[email protected]> wrote: > > >During the conversion we had some time ago about contacts we concluded that > >no one is going to visit a contact or post them a letter. > > No, "we" didn't. Unless you are using the term "we" here in the royal sense. > > >The IRT object also had a mandatory address attribute that is defined in > >the documentation as: > > > >"This is a full postal address for the business contact represented by this > >irt object." > > > >Does anyone think we actually need a postal address for a contact for a > >CSIRT team? > > Yes. I do. > > You haven't yet answered _any_ of the fundamental questions I've asked > about your ongoing efforts to hide information, to wit: > > *) Other than you and Cynthia, who is asking for and/or demanding these > various deliberate obfuscation steps? It might mostly be me and Denis advocating for this policy change, however there hasn't been a lot of people active on the db-wg lately in any discussions. Additionally I have only seen you and one other person primarily argue against this proposal. I seem to recall some people being supportive to this idea at RIPE84 but I do not remember the details so take that with a grain of salt. > *) Why is the hiding of information even a priority? Hiding information is good from a privacy standpoint so you have to weigh the benefit of having the data public against the privacy implications of publishing it. (and consider any potential legal issues/requirements) > *) What is the plan? Who is going to do the work, when, and what is the > cost? The implementation details would be discussed later as Denis has said, however obviously it would be the RIPE NCC that would do the work of actually implementing it. > *) Are these deliberate obfsucation steps still being justified on the > basis of GDPR, or do you now accept as fact that GDPR is irrelevant in > the context of the RIPE data base, and that it does not currently compel > RIPE to make any changes to the public WHOIS data base whatsoever? Denis has already mentioned in an email regarding 2022-01 that he will not address any more GDPR issues until there has been a legal review as many of us are not lawyers. While I can't speak for Denis, you have not convinced me that GDPR is somehow irrelevant in the context of personal data but I also don't want to discuss it further until the NCC legal team has done their legal review. > *) If the goal is to hide information, then why not just take the entire > RIPE WHOIS data base offline and hide the whole thing behind some sort of > permission-wall that can only be pierced with a legal warrant? > > (That last question is, of course, the essential point, since that endpoint > seems rather clearly to be the direction in which this is all headed.) This question is not really an "essential point" in my opinion as there is a big difference between hiding postal addresses and hiding abuse email addresses and route(6) objects. I would argue that a postal address is very rarely needed in the context of networks while abuse email addresses and route(6) objects are important to the operation of many networks. > Regards, > rfg > > > P.S. I really don't care if I am the only one on this mailing list who > is representing the interests of law enforcement and legitimate security > researchers, or if I have to endure the slings and arrows that come with > that. It's a tough job, but somebody has to push back against all of > these subtle incremental efforts to hide the WHOIS by chipping away at it, > little by little. -Cynthia -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
