Re: [gnso-consumercci-dt] Final Version - CTCCC Advice Leter

[Evan Leibovitch <evan@xxxxxxxxx>]

On 3 December 2012 16:24, Neuman, Jeff <Jeff.Neuman@xxxxxxxxxx> wrote:



> **
>
> When you boil it down, you are measuring whether someone did or did not do
> something you never asked or required them to do in the first place.
>

If that's how you see it, then there's no shame as being measured not to do
it.

Look at Consumer Reports, or any reasonably impartial public-interest
measurement site of this kind. They have a list of minimum requirements in
what they measure; anything not meeting those minimums is deemed
unacceptable. But CR doesn't stop there; it measures many, many things that
are not legally required of suppliers but seen as beneficial to users.

IE, measurements of public services are not just to see who meets the
minimum requirements. Usually they are used to demonstrate when those
minimums are exceeded.



>  You also talk about the real world outside our bubble and I think that
> is helpful to discuss.  But do you honestly thing that the real world cares
> whether a .neustar has a page up on its main site its policies and
> restrictions.  Not at all.
>

Then I guess that is the core of our disagreement. Whether that's demanded
or not of all TLDs, I think it ought to be measured whether it exists.

Remember, I'm not coming at this from the PoV of potential registrants. I
don't care *at all* whether there are instructions on "why this TLD" or
"how you can get a domain in this TLD". What I do care about is what a
member of the public does if they get spam, or malware, or a DDoS attack,
etc traceable to a *.neustar domain. Anyone in this situation, anyone in
the world DOES (IMO) need to know, at a basic level how the second level is
allocated (is it all corporate only? franchisees? Resellers? Licensees?).
It's about measuring disclosure of disclosing policies about who
(generally) uses domains in the TLD, regardless of whether the viewer of
this information themselves can get one.

As a member of the public I don't really care whether the RAA or AG demand
this or not. To my view, it's in your interest as well as the public's to
be able to openly facilitate tracing such bad activity, and eventually law
enforcement will extract it from you anyway regardless of what ICANN does.
So I see this as not just a legitimate thing to measure but a necessary one.

If anyone here has at all interpreted my issues as a demand for "how do I
get a domain here" or "what are the benefits of this TLD" information from
closed TLDs, please understand that it was never my interest or intent. My
insistence of auditing disclosure of domain allocation policies is tied to
accountability and security -- the "confidence" side of the metrics as
opposed to choice or competition.

If a TLD is accessible by the public its subdomains have the potential for
abuse of the public. Metrics ought to give trust that publicly accessible
TLDs -- including (indeed, ESPECIALLY including) closed ones -- provide
useful information in case a domain in their TLD is a source of problems.
The expansion should not be seen to cause greater insecurity, and these
metrics are a necessary part of that. Taking it out -- or replacing it with
functionally-useless "understanding measurement" -- is a bad mistake.

- Evan