IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Mon, 08 July 2019 22:01 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFFD5120278 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 15:01:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.297
X-Spam-Level:
X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cflWPuKuE-3t for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 15:01:11 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E0551202CF for <dnsop@ietf.org>; Mon, 8 Jul 2019 15:01:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=UNrY9VhHTPC8Wx+GGDKnV5MNmyn1mR8lepv8tv8sRkk=; b=pgmcbSeBaB2Cs0yZTuR/85NRh zr/XP2zK3Db9LCqi9o53O0XPcUlJTIz9uFSQ1wlnHqmzzo/5Y2QJUeW7czJh5tMs0OHDktj3CPqbf J8tRt777Kqq2Y4C+vrhe495k5SX6B1OwgEaHPsYFmBKTNk4jZkTQFZbhPNrY/FA53H/zo=;
Received: from [216.169.1.210] (port=1298 helo=[192.168.11.116]) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hkbh5-0003si-IN; Mon, 08 Jul 2019 18:01:07 -0400
Content-Type: multipart/alternative; boundary="Apple-Mail-895BCBFE-BDE8-4240-B632-68B165FF1628"
Mime-Version: 1.0 (1.0)
From: John Bambenek <jcb@bambenekconsulting.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <CABf5zvLqpBPtEykOi5p4GvOEvLV=61KmcAEQ6w4VgFrw8nZ41Q@mail.gmail.com>
Date: Mon, 08 Jul 2019 17:01:07 -0500
Cc: Bill Woodcock <woody@pch.net>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <A8DFB31C-D8EA-4439-8CAF-5E35A410C489@bambenekconsulting.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <E45936AC-3CBF-4E09-8F1B-311EAA482BC1@pch.net> <CABf5zvLqpBPtEykOi5p4GvOEvLV=61KmcAEQ6w4VgFrw8nZ41Q@mail.gmail.com>
To: Steve Crocker <steve@shinkuro.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/0cJ5RBjeJfAlsJDfhPOgq8fAwrY>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 22:01:23 -0000

Like I said, I’m ok with someone lying to me. Its easy to detect and easy to deal with. For instance, in DNS a mailserver could query these records, see phone number is set to 0000000000 and then just reject email from said domain. With existing whois that was never possible, due to rate limiting. 

The domain registrant system issue was easy to solve. Make private domain registrations free for everyone who wanted it. That solution was rejected out of hand be registries and registrars at ICANN. Likely because they want the system to die entirely. Differentiated access sounds nice, but those who govern such things have made clear it will the differentiation is “do you have a court order”. I’ve been party to those discussions and my view is that the multi-stakeholder model isn’t going to work. 

The fundamental issue is voluntary interconnection. If you want to connect to me, I should have a programmatic way to get something about you to make that decision. You can publish nothing if you want, or publish fake info. And I can do what I want with it. 

But having been part of the conversation at ICANN, I have zero confidence that RDAP or any other system will ever be deployed in a meaningful way to get access to this data. Hence this proposal, which I harbor no illusions is a second-best to an independent third party making this available in a way usable by systems in a programmatic fashion. The best way just isn’t going to happen. 

—
John Bambenek

On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sales@bambenekconsulting.com for details

On Jul 8, 2019, at 16:52, Steve Crocker <steve@shinkuro.com> wrote:

> John and Bill,
> 
> Let me offer a slightly different perspective.  The proposal would provide a way for domain name owners to publish information that they want published, and it would, of course, be publicly available.
> 
> The pre-GDPR whois system collected contact information from registrants irrespective of whether the registrant would have chosen to provide it.  That's a fundamentally flawed structure, i.e. the incentives are misaligned.
> 
> I'm not immediately persuaded the proposed solution, i.e. allowing registrants to publish what they want via DNS records, will result in a large amount of incorrect data.  What's the motivation to publish wrong information as opposed to simply not publishing anything?  On the other hand, it doesn't address the main issue under consideration these days, a differentiated access system.  Thus, in my view, the proposal would provide a solution to the easiest portion of the problem space and would not address any of the deeper issues.
> 
> Steve
> 
> 
>> On Mon, Jul 8, 2019 at 5:45 PM Bill Woodcock <woody@pch.net> wrote:
>> 
>> 
>> > On Jul 8, 2019, at 2:38 PM, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
>> > 
>> > All-
>> > 
>> > In response to ICANN essentially removing most of the fields in WHOIS for domain records, Richard Porter and myself created a draft of an implementation putting these records into DNS TXT records. It would require self-disclosure which mitigates the sticky issues of GDPR et al. Would love to get feedback.
>> 
>> Good in principle, but the information in whois has always been, at least nominally, third-party vetted.  This would not be.  So my worry is that either it would get no uptake, or it would get filled with bogus information.  It’s a little hard for me to imagine it being widely used for valid information, though that would of course be the ideal outcome.
>> 
>> So, no problem with this in principle, but I’d like to see some degree of consensus that user-asserted content is sufficient for people’s needs.
>> 
>>                                 -Bill
>> 
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email