Hi Pawel, Great questions, see inline.
I’ve seen a few other emails on different ID that had simar concept, we can integrate for sure. Didn’t get a change to read/skim those. Jacques CLASSIFICATION:CONFIDENTIAL From: kowa...@denic.de <kowa...@denic.de> Sent: November 16, 2023 3:27 AM To: Jacques Latour <jacques.lat...@cira.ca>; regext@ietf.org Cc: Don Slaunwhite <don.slaunwh...@cira.ca>; t...@internetnz.net.nz Subject: [EXT] Re: [regext] I-D draft-latour-pre-registration Hi Jack, Skimming through the document I have 3 questions / observations: 1. why you decided to break the flow into 2 commands with create and validate? What shall happen afterwards to the object(s) created in the first step? In this context the approach in draft-ietf-regext-validate to have temporary objects created implicitly with check:validate command, even if the process is asynchronous, seems more plausible to me. I agree, I’m not an EPP expert and if we decide this is a good idea we can find the best way of doing this. My thinking was when we give the data to the registry there’s a time gap for analysis, if the EPP answer 10 or 30 seconds later, is that too long? So after a maximum time period that a registrar can hold the registration process then they could issue a verify to get answer, I don’t know, maybe they can even cancel the credit card transaction like 10 minutes after if the score is high… it can be asynchronous verify 10 minutes later?… 1. The draft tells a lot about ML/AI, while actually it can be any type of validation. It can be static, rule based or even manual if you wish. I would not narrow down the use-case just to ML/AI. Yes, absolutely, for example, in Canada, verify the address is legit with Canada Post. Also, rule based = if Santa Claus register a domain with address in South Pole, we all know it’s North Pole, so Score = 100 😉 1. Section 8 is for me too deep into policy setting/suggesting and not in the area of technical protocol. The protocol shall define whether the result is discrete value (with maybe IANA repository) or continuos score and the number format, but not going beyond that. Note that the same protocol could be also used for other purposes other than abuse, like eligibility check based on other criteria. This was for getting people to think of the process, specially that the score can tell the RAR to suspend/block the registration, and some instance the RGY can suspend/block after it’s submitted by the RAR. So multiple use cases, can be made more generic. Kind regards, Pawel Am 15.11.23 um 16:56 schrieb Jacques Latour: Hi all, At the ICANN78 meeting and other venues, there were quite a lot of discussion on AI/ML abuse detection related discussions and presentations. 1. Example: https://static.sched.com/hosted_files/icann78/de/4%20%2020231023-TechDay-AI%20at%20EURid.pdf But this is after the fact, after a registration is completed, so we thought of a new extension to allow the registrar to ask the registry that have this real time capabilities to analyse the pre-registration information and return a quality score to better inform the process. draft-latour-pre-registration-00 - EPP Pre-Registration Verification (ietf.org)<https://datatracker.ietf.org/doc/draft-latour-pre-registration/> Have a read, Jack CLASSIFICATION:CONFIDENTIAL _______________________________________________ regext mailing list regext@ietf.org<mailto:regext@ietf.org> https://www.ietf.org/mailman/listinfo/regext
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
