- See handout: 18JanMeeting-PurposesForThinData-Handout.pdf
- DN Certification - how is thin data used in this regard and why is it helpful? Certificate authorities, when they receive a request for a digital certificate, they investigate who the organization / individual is applying. Number of standards set by the CA browser forum which is the controlling authority. All of the CAs basically use the same practices / processes. Want to make sure that the person requesting is say who they are and representing who they say they are representing. Bind identity with the domain name. Information currently available in WHOIS is essential part of this process. Outside of gTLDs in a ccTLDs world there is a lot of frustration as CAs often do not know how to undertake this validation as the information is not necessarily publicly available. Which data elements do CAs look at and does it very per type of certificate? Different types of certificates, with different levels of 'validation'. From a purely thin data perspective, is there any usage of that or is it more focused on the 'thick' data? All data that CAs have access to is used. Automated processes that use the different data sources. Higher level of certification does require access to thick data. Not having access would have a significant impact on CAs. No clear plan B. Is DN Certification a legitimate purpose for thin data? Nameservers are slightly useful, but main interest will be in thick data as that is required to carry out the type of validaton discussed. No objections by those on the call to include DN certification as a valid purpose for thin data. (note this is still about purpose for collection - disclosure is for a subsequent discussion).
- A question that will need to be further deliberated in the future is whether authenticators, who arguably ought to be trusted parties, should be harvesting this data off an open WHOIS. If this is what they are doing as part of their functions, they could be autheticated to seek the data at a deeper level.
Action item #1: Poll to include question to verify that there is support for domain name certification as a legitimate purpose for thin data.
- Business Domain Name Purchase or Sale. Valid purpose for data that is already collected for other legitimate purposes. Need to set the parameters for disclosure. If in the end the WG decides that certain data elements do not have a purpose in terms of disclosure, it may not need to be collected.
Action item #2: Poll to include question to verify that there is support for Business Domain Name Purchase or Sale as a legitimate purpose for thin data.
- Academic / Public Interest DNS Research - usually there is a requirement that the data set be archived and available to viewers / readers so they are able to replicate and build upon the research. Is there a risk that the data would go into the public domain, which it shouldn't? It may turn out to be a legitimate purpose but can it be provided to be in compliance with data protection / privacy legislation? Will need to be considered at a later stage.
Action item #3: Poll to include question to verify that there is support for Academic / Public Interest DNS Research as a legitimate purpose for thin data collection.
Possible WG Agreement #6: Regulatory and Contractual Enforcement is a legitimate purpose for "thin data" collection
Action item #4: Poll to include question to verify that there is support for Regulatory and Contractual Enforcement as a legitimate purpose for thin data collection.
Possible WG Agreement #7: Criminal Investigation & DNS Abuse Mitigation is a legitimate purpose for "thin data" collection
Action item #5: Poll to include question to verify that there is support for Criminal Investigation & DNS Abuse Mitigation is a legitimate purpose for thin data collection.
- Legal Actions - identified purpose in EWG report, although it didn't identify thin data as a required element (apart from domain name). Knowing the registrar is also important when legal action is undertaken. Similarly name servers can provide useful information. Proposal to add name servers and sponsoring registrar as a data element.
Action item #6: Poll to include question to verify that there is support for Legal Actions is a legitimate purpose for thin data collection.
- Individual Internet Use - could include 'good Samaritan' actions (identifying potential issues such as expiration of domain name).