On 10/04/2018 08:34 PM, Hollenbeck, Scott wrote:
>> -----Original Message-----
>> From: Niels ten Oever <[email protected]>
>> Sent: Thursday, October 04, 2018 8:36 AM
>> To: Hollenbeck, Scott <[email protected]>;
>> '[email protected]'
>> <[email protected]>
>> Cc: '[email protected]' <[email protected]>; '[email protected]' <[email protected]>;
>> '[email protected]' <[email protected]>; '[email protected]'
>> <[email protected]>
>> Subject: [EXTERNAL] Re: [regext] Human Rights Review of draft-ietf-regext-
>> verificationcode
>>
>> Hi Scott,
>>
>> On 10/04/2018 02:26 PM, Hollenbeck, Scott wrote:
>>>> -----Original Message-----
>>>> From: regext <[email protected]> On Behalf Of Niels ten Oever
>>>> Sent: Wednesday, October 03, 2018 9:42 AM
>>>> To: Gould, James <[email protected]>
>>>> Cc: [email protected]; [email protected]; [email protected]; gurshabad@cis-
>>>> india.org
>>>> Subject: [EXTERNAL] Re: [regext] Human Rights Review of
>>>> draft-ietf-regext- verificationcode
>>>>
>>>> Hi James,
>>>>
>>>> On Wed, Oct 03, 2018 at 01:14:10PM +0000, Gould, James wrote:
>>>>> Thanks for the review, Gurshabad. I'll consider your feedback in the
>>>> context of technical issues with the draft. The registration of
>>>> domain names in some jurisdictions may be subject to various
>>>> requirements that involve verification by a party other than the
>> registry.
>>>>
>>>> Could you please be so kind to link to some of these legal
>> requirements?
>>>
>>> There are several examples of registry operators that require
>> verification as part of their domain registration process. Here are a few
>> ccTLD examples:
>>>
>>> https://www.denic.de/en/faqs/faqs-for-domain-applicants/#faq-19
>>>
>>> https://www.nic.fr/en/resources/faq/general-faq/
>>> (Look for the "I am a private individual; am I entitled to file a
>>> domain name under the .fr or .re TLD?" and "I represent a French or
>>> foreign company / association / national or international institution;
>>> what are my rights with regard to filing a domain name under the TLDs
>>> operated by AFNIC ?" questions under "Choosing a domain name".)
>>>
>>> https://www.about.us/policies/ustld-nexus-requirements
>>>
>>> Any one of these registries could use the verification code approach if
>> it were available.
>>>
>>
>> Thanks for your reply. I interviewed the people from Denic and Nic.fr and
>> they explicitly told me they would not use external verification, but
>> rather do this is in house. So I am not sure how they would use this
>> extension.
>
> They are examples of requirements for verification. With the use of
> verification codes as described in the draft, clients (registrars or
> registrants) have a choice of verification providers (VSPs) to perform
> verification in a way that protects the privacy of the data. Choosing between
> in-house verification or external verification is an architectural decision,
> and this helps make the latter option possible.
>
>>> In addition, Section 3.7.2 of the 2013 ICANN Registrar Accreditation
>> Agreement (RAA) says, "Registrar shall abide by applicable laws and
>> governmental regulations".
>>>
>>
>> I have reviewed several legal framework but did not find laws or
>> regulation that made this obligatory. It would be great if you could link
>> to national laws or regulations that would demand a third party identity
>> verification.
>
> Here's one example of a regulation that could be met using the approach
> described in the draft:
>
> https://www.ecfr.gov/cgi-bin/text-idx?SID=d611d7d4bd8f3155d3262ea4857c011e&mc=true&node=pt41.3.102_6173&rgn=div5
>
> The draft does not use terms like "obligatory" or "demand". As it says in the
> Introduction, "A locality MAY ...".
>
If there is only one instance in which this MAY be useful, perhaps there
is no need for standardization of this extension?
Best,
Niels
--
Niels ten Oever
Researcher and PhD Candidate
Datactive Research Group
University of Amsterdam
PGP fingerprint 2458 0B70 5C4A FD8A 9488
643A 0ED8 3F3A 468A C8B3
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
