> -----Original Message----- > From: Niels ten Oever <[email protected]> > Sent: Thursday, October 04, 2018 8:36 AM > To: Hollenbeck, Scott <[email protected]>; > '[email protected]' > <[email protected]> > Cc: '[email protected]' <[email protected]>; '[email protected]' <[email protected]>; > '[email protected]' <[email protected]>; '[email protected]' > <[email protected]> > Subject: [EXTERNAL] Re: [regext] Human Rights Review of draft-ietf-regext- > verificationcode > > Hi Scott, > > On 10/04/2018 02:26 PM, Hollenbeck, Scott wrote: > >> -----Original Message----- > >> From: regext <[email protected]> On Behalf Of Niels ten Oever > >> Sent: Wednesday, October 03, 2018 9:42 AM > >> To: Gould, James <[email protected]> > >> Cc: [email protected]; [email protected]; [email protected]; gurshabad@cis- > >> india.org > >> Subject: [EXTERNAL] Re: [regext] Human Rights Review of > >> draft-ietf-regext- verificationcode > >> > >> Hi James, > >> > >> On Wed, Oct 03, 2018 at 01:14:10PM +0000, Gould, James wrote: > >>> Thanks for the review, Gurshabad. I'll consider your feedback in the > >> context of technical issues with the draft. The registration of > >> domain names in some jurisdictions may be subject to various > >> requirements that involve verification by a party other than the > registry. > >> > >> Could you please be so kind to link to some of these legal > requirements? > > > > There are several examples of registry operators that require > verification as part of their domain registration process. Here are a few > ccTLD examples: > > > > https://www.denic.de/en/faqs/faqs-for-domain-applicants/#faq-19 > > > > https://www.nic.fr/en/resources/faq/general-faq/ > > (Look for the "I am a private individual; am I entitled to file a > > domain name under the .fr or .re TLD?" and "I represent a French or > > foreign company / association / national or international institution; > > what are my rights with regard to filing a domain name under the TLDs > > operated by AFNIC ?" questions under "Choosing a domain name".) > > > > https://www.about.us/policies/ustld-nexus-requirements > > > > Any one of these registries could use the verification code approach if > it were available. > > > > Thanks for your reply. I interviewed the people from Denic and Nic.fr and > they explicitly told me they would not use external verification, but > rather do this is in house. So I am not sure how they would use this > extension.
They are examples of requirements for verification. With the use of verification codes as described in the draft, clients (registrars or registrants) have a choice of verification providers (VSPs) to perform verification in a way that protects the privacy of the data. Choosing between in-house verification or external verification is an architectural decision, and this helps make the latter option possible. > > In addition, Section 3.7.2 of the 2013 ICANN Registrar Accreditation > Agreement (RAA) says, "Registrar shall abide by applicable laws and > governmental regulations". > > > > I have reviewed several legal framework but did not find laws or > regulation that made this obligatory. It would be great if you could link > to national laws or regulations that would demand a third party identity > verification. Here's one example of a regulation that could be met using the approach described in the draft: https://www.ecfr.gov/cgi-bin/text-idx?SID=d611d7d4bd8f3155d3262ea4857c011e&mc=true&node=pt41.3.102_6173&rgn=div5 The draft does not use terms like "obligatory" or "demand". As it says in the Introduction, "A locality MAY ...". Scott _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
