Re Whois is dead as Europe hands DNS overlord ICANN its arse

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: Phil Pennock <phil.pennock () spodhuis org>
> Date: April 15, 2018 at 2:59:55 PM EDT
> To: dave () farber net
> Cc: Karl Auerbach <karl () cavebear com>
> Subject: Re: [IP] Re Whois is dead as Europe hands DNS overlord ICANN its arse
>
> > On 2018-04-14 at 16:23 -0400, Karl Auerbach wrote:
> > It has long been proposed to ICANN that when someone comes along and
> > wants to make a whois inquiry that they (the accuser) should first
> > have to jump through a few hoops:
>
> There are more reasons to use WHOIS than for assertions of
> copyright/trademark rights or more generally than for making
> accusations.
>
> Reasons I've used that come immediately to mind:
> 1. Debugging problems and finding technical contacts when there's a
>   problem; eg, DNS broken, look for an email address in a different
>   domain, reach out to get things fixed.  Whois Privacy services are
>   not a problem here, as long as the mail does actually get through to
>   the registrant's technical contact.
> 2. Determining who is behind an organization, to help friends/family
>   establish how much they want to trust a website with personal data,
>   or for one employer to link to a history via BBB complaints to decide
>   how cautiously to proceed with sponsoring an event.
> 3. Patiently walking people through understanding the difference between
>   DNS glue records and in-zone records and how they also need to update
>   their delegation records; this one can be done with queries against
>   the parent, but that's just _confusing_ to non-experts.  Pointing to
>   the NS records in WHOIS is significantly clearer and gets the point
>   across, "these are the nameservers which are on file, and are how the
>   rest of the world knows to reach your nameservers; you're having
>   problems because they don't match."
> 4. Part of automated checks to make sure that domains have not been
>   hijacked, and to have even basic diagnostic information to start
>   recovery in the event that a domain has been hijacked.
> 5. Using the timestamps to show when a domain was registered (reputation
>   stuff, or countering FUD claims) or when it was last modified (things
>   are broken right now ... they've just changed something, they've
>   messed things up, nothing we can do on our side, but I'll see if I
>   can reach someone on their side to make sure that they're aware of
>   the issue).
>
> Registration of a domain-name is not an intrinsic requirement for being
> online; there is a trade-off to be made between privacy and
> accountability.  While we might not have the balance correct right now,
> a demand for anonymity in the name of privacy runs counter to
> accountability.
>
> We expect companies to be registered, with their principal officers part
> of the registration, part of public data which can be queried.  We
> expect charities to have to disclose who is running them.  None of that
> should disappear simply because of moving online.
>
> Domain hijackers must be rubbing their hands with glee knowing that
> the most basic diagnosis tool for determining "who is believed to
> control this domain" is going away.  There are ways around it, for when
> you eventually determine that this must be the source of problems, but
> most registrars do not provide any tooling for registrants to determine
> who currently is the owner, or really expose any of the EPP information.
> Domain hijacking is about to get a whole lot more profitable, with
> time-to-recovery increasing drastically (or becoming outright
> infeasible).
>
> Moving towards "WHOIS privacy services should be a default and no-cost
> extra, but the email forwarders must be professionally maintained and
> tested" would ease the balance.  The nonsense routine mails of "does
> your email address still work" could be sent via the privacy addresses
> and have additional checks optionally built in, so that those mails
> actually serve a useful purpose instead of being mostly theatre.
>
> Applauding the removal of public accountability will backfire.
>
> -Phil



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915&id_secret=18849915-4ac2c253
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20180415150129:655F6134-40DF-11E8-A41B-F864BAD179F0
Powered by Listbox: http://www.listbox.com