nanog mailing list archives

Re: Is WHOIS going to go away?

From: Rubens Kuhl <rubensk () gmail com>
Date: Wed, 18 Apr 2018 17:56:21 -0300

On Wed, Apr 18, 2018 at 5:51 PM, Florian Weimer <fw () deneb enyo de> wrote:

* Filip Hruska:

On 04/14/2018 07:29 PM, Florian Weimer wrote:

* Filip Hruska:

EURID (.eu) WHOIS already works on a basis that no information about

the

registrant is available via standard WHOIS.
In order to get any useful information you have to go to
https://whois.eurid.eu and make a request there.

Seems like a reasonable solution.

Why?  How does the protocol matter?

Either you may publish individual personal information for use by the
general public, or you may not.  Adding a 4 to the port number doesn't
change that.


The EURID webwhois cannot be scraped, there are anti-bot measures in
place (captcha, throttling, all information displayed in images).
Scraping WHOIS systems for thousands domains at once using the WHOIS
protocol is easy though. There are "WHOIS History" sites which scrape
all domains and then publish the data along with the date of retrieval.

GDPR contains this in relation to the right to erasure:

 1. Where the controller has made the personal data public and is
    obliged pursuant to paragraph 1 to erase the personal data, *the
    controller, taking account of available technology and the cost of
    implementation, shall take reasonable steps, including technical
    measures, to inform controllers which are processing the personal
    data that the data subject has requested the erasure* by such
    controllers of any links to, or*copy or replication of, those
    personal data*.


Wouldn't that require a channel to the recipient of WHOIS data, so
that the controller can notify those who have accessed it once erasure
is requested?

A simple webform doesn't achieve that because it's not much different
from the way traditional WHOIS works.


A simple webform doesn't provide the personal data, just relay a message.
Anyways, I heard registrars mentioning a double form where the e-mail
address of the party sending the message to the domain owner is first
confirmed before relaying the message.
That would provide accountability for who sent what, if the message turns
out to be harassment, threatening or alike.


Rubens

Current thread:

Re: Is WHOIS going to go away?, (continued)
- - - Re: Is WHOIS going to go away? Stephen Satchell (Apr 14)
    - Re: Is WHOIS going to go away? Filip Hruska (Apr 14)
    - Re: Is WHOIS going to go away? Aaron C. de Bruyn via NANOG (Apr 14)
    - Re: Is WHOIS going to go away? bzs (Apr 14)
    - RE: Is WHOIS going to go away? Keith Medcalf (Apr 14)
    - Re: Is WHOIS going to go away? Rich Kulawiec (Apr 19)
    - Re: Is WHOIS going to go away? bzs (Apr 19)
  - Re: Is WHOIS going to go away? Florian Weimer (Apr 14)
    - Re: Is WHOIS going to go away? Filip Hruska (Apr 14)
    - Re: Is WHOIS going to go away? Florian Weimer (Apr 18)
    - Re: Is WHOIS going to go away? Rubens Kuhl (Apr 18)
    - Re: Is WHOIS going to go away? Rich Kulawiec (Apr 19)
    - Re: Is WHOIS going to go away? Aaron C. de Bruyn via NANOG (Apr 19)
    - Re: Is WHOIS going to go away? bzs (Apr 19)
    - RE: Is WHOIS going to go away? Badiei, Farzaneh (Apr 24)
    - RE: Is WHOIS going to go away? bzs (Apr 19)
    - Re: Is WHOIS going to go away? John Levine (Apr 19)
    - Re: Is WHOIS going to go away? bzs (Apr 19)
    - Re: Is WHOIS going to go away? Badiei, Farzaneh (Apr 24)
    - Re: Is WHOIS going to go away? bzs (Apr 20)
    - Re: Is WHOIS going to go away? Suresh Ramasubramanian (Apr 24)

(Thread continues...)