Interesting People mailing list archives
Re Whois is dead as Europe hands DNS overlord ICANN its arse
From: "Dave Farber" <farber () gmail com>
Date: Sun, 15 Apr 2018 15:01:21 -0400
Begin forwarded message:
From: Phil Pennock <phil.pennock () spodhuis org> Date: April 15, 2018 at 2:59:55 PM EDT To: dave () farber net Cc: Karl Auerbach <karl () cavebear com> Subject: Re: [IP] Re Whois is dead as Europe hands DNS overlord ICANN its arseOn 2018-04-14 at 16:23 -0400, Karl Auerbach wrote: It has long been proposed to ICANN that when someone comes along and wants to make a whois inquiry that they (the accuser) should first have to jump through a few hoops:There are more reasons to use WHOIS than for assertions of copyright/trademark rights or more generally than for making accusations. Reasons I've used that come immediately to mind: 1. Debugging problems and finding technical contacts when there's a problem; eg, DNS broken, look for an email address in a different domain, reach out to get things fixed. Whois Privacy services are not a problem here, as long as the mail does actually get through to the registrant's technical contact. 2. Determining who is behind an organization, to help friends/family establish how much they want to trust a website with personal data, or for one employer to link to a history via BBB complaints to decide how cautiously to proceed with sponsoring an event. 3. Patiently walking people through understanding the difference between DNS glue records and in-zone records and how they also need to update their delegation records; this one can be done with queries against the parent, but that's just _confusing_ to non-experts. Pointing to the NS records in WHOIS is significantly clearer and gets the point across, "these are the nameservers which are on file, and are how the rest of the world knows to reach your nameservers; you're having problems because they don't match." 4. Part of automated checks to make sure that domains have not been hijacked, and to have even basic diagnostic information to start recovery in the event that a domain has been hijacked. 5. Using the timestamps to show when a domain was registered (reputation stuff, or countering FUD claims) or when it was last modified (things are broken right now ... they've just changed something, they've messed things up, nothing we can do on our side, but I'll see if I can reach someone on their side to make sure that they're aware of the issue). Registration of a domain-name is not an intrinsic requirement for being online; there is a trade-off to be made between privacy and accountability. While we might not have the balance correct right now, a demand for anonymity in the name of privacy runs counter to accountability. We expect companies to be registered, with their principal officers part of the registration, part of public data which can be queried. We expect charities to have to disclose who is running them. None of that should disappear simply because of moving online. Domain hijackers must be rubbing their hands with glee knowing that the most basic diagnosis tool for determining "who is believed to control this domain" is going away. There are ways around it, for when you eventually determine that this must be the source of problems, but most registrars do not provide any tooling for registrants to determine who currently is the owner, or really expose any of the EPP information. Domain hijacking is about to get a whole lot more profitable, with time-to-recovery increasing drastically (or becoming outright infeasible). Moving towards "WHOIS privacy services should be a default and no-cost extra, but the email forwarders must be professionally maintained and tested" would ease the balance. The nonsense routine mails of "does your email address still work" could be sent via the privacy addresses and have additional checks optionally built in, so that those mails actually serve a useful purpose instead of being mostly theatre. Applauding the removal of public accountability will backfire. -Phil
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-4ac2c253 Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180415150129:655F6134-40DF-11E8-A41B-F864BAD179F0 Powered by Listbox: http://www.listbox.com
Current thread:
- Re Whois is dead as Europe hands DNS overlord ICANN its arse Dave Farber (Apr 15)
- <Possible follow-ups>
- Re Whois is dead as Europe hands DNS overlord ICANN its arse Dave Farber (Apr 15)
- Re Whois is dead as Europe hands DNS overlord ICANN its arse Dave Farber (Apr 15)
- Re Whois is dead as Europe hands DNS overlord ICANN its arse Dave Farber (Apr 15)
- Re Whois is dead as Europe hands DNS overlord ICANN its arse Dave Farber (Apr 16)