[Fwd: [registry-discuss] Zone transfers from .nz name servers]
2Day Chief Enthusiast wrote: |> |> >I haven't yet got the draft minutes but my recollection of the |> >ISOCNZ Council meeting on Friday is that the consensus was to |> > do exactly that |> >- for reasons of both privacy act considerations and anti-spamming. |> |> Yet another example of ISOCNZ making decisions without consulting |> industry. Extremely bad form. | | I'd say that ISOCNZ did consult industry and are in the process of doing | so. Some weeks ago the ISOCNZ technical committee, John Vorstermans, | Mark Davies and Roger De Salis talked to Joe Abley and myself. If they | didn't talk with Peter that doesn't mean they didn't talk with industry. ===================================================================== Exactly 10 days ago, I did send out an email to the ISOCNZ council, plus Andy and Joe, with proposal to possibly restrict zone transfers. The sequence was:- 1/ Put an inital proposal to the council plus others to ensure that the technical proposal was sound, and find out if there were i) raving objections, ii) muted dissent iii) muted assent iv) other. 2/ Post the corrected proposal to the NOG for comment. 3/ Assemble and Post feedback to the NOG, and come to a acceptable consensus. Unfortunately real work interfered with this timetable. This email represents step 2. The proposal was informally discussed at the last council meeting, which I was not able to fully attend. Here is the proposal in full, as it was sent out earlier. I remind interested parties that this is a PROPOSAL. Thoughtful comment, dissent and wisely worded counter propoosals will all be thoroughly considered. Here is the proposal as originally sent out. ======================================================================== PROPOSAL:- The caretaker of the registry has been concerned for sometime about the ability to do a complete download of the zone files, and then trawl them for useful information. Typically why people do this is to keep score, and we have no evidence that people have used this information for malicious purposes thus far. But the information does contain personal information, which it must do to permit network operators to rightfully go about their business, and brilliant efforts to keep the internet running. It also potentially offers plenty of SPAM potential. If whole downloads were restricted, but reasonable queries of a moderate length we allowed, and a working who-is was on line, and there was an ability to run reasonable global queries (eg no of domains by provider etc etc), is a restriction on possible global downloads reasonable. A positive suggestion here is that global downloads continue to be permitted, but the receiver must authenticate themselves, so reasonable use can be estimated. A parallel example is Cisco's shipping database. You have query access (via login) to any information, but you need a valid number to be able to extract the single event. There is no way to get the whole of shipping details at that second. But in theory it is all there. The proposal is therefore to propose some minor technical changes with an eye on the Privacy requirements, but ensure that sufficiently useful access and information exists to permit the nog to do their job. I would be most interested to collect opinions about positive technical suggestions, leave it the way it is, or make these suggested changes. Rgds Roger De Salis ====================================================== Joe's comments came back as:- (and appear to me to be eminently reasonable. I hope he will not mind me re-publishing.) For the record, it's only ns99 and rata that currently permit zone transfers; none of the others do. A good compromise might be to restrict zone transfers from ns99 to "all authoritative servers plus authorised hosts" to allow people like Peter to continue to pull the data, without having to mess about with ftp. Domainz could authorise hosts as they saw fit (I would expect the authorisation policy to be fairly non-restrictive). The driver for doing this, remember, is to prevent the unscrupulous walking the DNS, enumerating domain names for the purposes of evil spam; it's not to stop record harvesting for the purposes of generating statistics. This is just for ns99 -- I would expect other authoritative servers to deny transfers from _anybody_. Maintaining a current transfer access list on every secondary is unnecessary. Being overly restrictive on this issue could be problematic anyway; for example CLEAR and Xtra have access to the zone files since they operate authoritative nameservers for the benefit of the community. It would be bizarre if other providers were denied access to the same information simply because they're small (or focused on niche services). Joe ================================================================ -- \_ Roger De Salis Cisco Systems NZ Ltd
Typically why people do this is to keep score, and we have no evidence that people have used this information for malicious purposes thus far.
If you have no evidence of misuse of data, then why propose a change to the status quo?
But the information does contain personal information,
Ok, lets take an example:- The .co.nz zone file has more than a few resource records in it. Which records in particular contain the "personal information" you speak about? Post an example to this list so I can understand your concern. regards Peter Mott Chief Enthusiast 2Day Internet Limited http://www.2day.net.nz -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
But the information does contain personal information,
Ok, lets take an example:-
The .co.nz zone file has more than a few resource records in it. Which records in particular contain the "personal information" you speak about?
The zone files don't in themselves contain "personal information", at least by my reading of the definition in the Privacy Act: ``Personal information'' means information about an identifiable individual; and includes information contained in any register of deaths kept under the Births and Deaths Registration Act 1951 But the registration details do, and arguably, the zone file data is a key to that information. I don't think it's unreasonable to ask that privacy and commercial sensitivity concerns be respected when handling such information. And Peter, if you're so keen on examples, how about some examples of the sorts of things you actually want to achieve by having zone file data? Perhaps there are other ways of achieving the same thing without having to handle a complete list. -- don --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
The zone files don't in themselves contain "personal information", at least by my reading of the definition in the Privacy Act:
``Personal information'' means information about an identifiable individual; and includes information contained in any register of deaths kept under the Births and Deaths Registration Act 1951
Great, so we agree on this at least.
But the registration details do, and arguably, the zone file data is a key to that information.
This discussion is not about the registry database. Its about zone data. They are quite different things. It appears that we now have agreement that:- a) There being *no* personal information held in the .nz zone files and b) There is no evidence of misuse of zone data There is NO good reason whatever to restrict XFRs from ns99.waikato.ac.nz regards Peter Mott Chief Enthusiast 2Day Internet Limited http://www.2day.net.nz -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
2Day Chief Enthusiast wrote:
Typically why people do this is to keep score, and we have no evidence that people have used this information for malicious purposes thus far.
If you have no evidence of misuse of data, then why propose a change to the status quo?
The reasoning is that changes to pivacy legislation call the ability to perform zone transfers without restriction into question. The European Union in particular are starting to push very hard about data-privacy compliance issues. So the objective of this exercise is to pre-empt any regulatory cause for concern within, and without NZ, and continue with a workable, diverse system that equitably supports the needs of EVERYONE, both net administrators and users. The NOG as a whole, suggesting a regulatory framework is much more preferable to Parliamentarians imposing a set of regulations upon the NZ internet. Personal Opinion on:==================================== I don't want an Internet in NZ, regulated like China, Singapore or Australia. Personal Opinion off:=================================== Rgds Roger De Salis
But the information does contain personal information,
Ok, lets take an example:-
The .co.nz zone file has more than a few resource records in it. Which records in particular contain the "personal information" you speak about?
Post an example to this list so I can understand your concern.
regards
Peter Mott Chief Enthusiast 2Day Internet Limited http://www.2day.net.nz -/-
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- \_ Roger De Salis Cisco Systems NZ Ltd
The reasoning is that changes to pivacy legislation call the ability to perform zone transfers without restriction into question.
What specific changes? Why dont you tell us the full story. This is like extracting teeth! regards Peter Mott Chief Enthusiast 2Day Internet Limited http://www.2day.net.nz -/- --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Thu, May 27, 1999 at 01:13:55PM +1200, Roger De Salis wrote:
Personal Opinion on:==================================== I don't want an Internet in NZ, regulated like China, Singapore or Australia. Personal Opinion off:===================================
Ohhh come on - The internet in Australia is not regulated. I can say anything I choose. There is no one to stop me from sayin FGf}{@$tsg NO CARRIER --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (4)
-
2Day Chief Enthusiast -
Dean Pemberton -
Don Stokes -
Roger De Salis