IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Tue, 09 July 2019 12:51 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98B0712014E for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 05:51:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.298
X-Spam-Level:
X-Spam-Status: No, score=-4.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YsXbUlB2lyr1 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 05:51:09 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAAD0120145 for <dnsop@ietf.org>; Tue, 9 Jul 2019 05:51:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=wrD3++8snZeR7hEc8Jq/7YHU0263KvDI+NcjpsJdWp4=; b=pJ5Yc/U7P4X0bgut8ManFZyDS DhnVbVJS1COXY3MgxfimgJqlPmuXveDNaTRmcd+bARQMto1xMFEDxiPz834a+gjOEGJmxomEe/29u pW8uc7I3xrxR9AoafHudYgMrCueXrmz6Oo4BG3vVWWFfbjSbShOTak+87T+M2YRzhnj3Q=;
Received: from c-67-167-98-187.hsd1.il.comcast.net ([67.167.98.187]:52123 helo=[192.168.11.181]) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hkpaL-0006Zy-M7; Tue, 09 Jul 2019 08:51:05 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: John Bambenek <jcb@bambenekconsulting.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <951917683.625.1562666989030@appsuite-gw1.open-xchange.com>
Date: Tue, 09 Jul 2019 07:50:57 -0500
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <4EA5B8FE-384F-45DA-A814-0663E307FA90@bambenekconsulting.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <E45936AC-3CBF-4E09-8F1B-311EAA482BC1@pch.net> <CABf5zvLqpBPtEykOi5p4GvOEvLV=61KmcAEQ6w4VgFrw8nZ41Q@mail.gmail.com> <A8DFB31C-D8EA-4439-8CAF-5E35A410C489@bambenekconsulting.com> <951917683.625.1562666989030@appsuite-gw1.open-xchange.com>
To: Vittorio Bertola <vittorio.bertola@open-xchange.com>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/50hUM6l28ctbbjHcNgnlRS4C98E>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 12:51:12 -0000

Below

—
John Bambenek

On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sales@bambenekconsulting.com for details

On Jul 9, 2019, at 05:09, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org> wrote:

> 
>> Il 9 luglio 2019 00:01 John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> ha scritto:
>> 
>> 
>> Like I said, I’m ok with someone lying to me. Its easy to detect
>> and easy to deal with. For instance, in DNS a mailserver could 
>> query these records, see phone number is set to 0000000000 and 
>> then just reject email from said domain. With existing whois that 
>> was never possible, due to rate limiting.
> 
> At first sight, your proposal looked ok - if someone wants to publish their information voluntarily, why not? But then I read this and now I am seriously concerned: it looks like this is explicitly being designed to penalize registrants that care about their privacy and choose not to publish information about themselves (or publish fake information, which used to be the only practical way in the old mandatory Whois times).

One use case is to create reputational data. Punish is an interesting word, it assumes one has the right to access another parties resources. They do not. A fundamental principle of the internet is voluntary interconnection. I can deny access to anyone at any time, for any reason I wish. 

> 
>> The domain registrant system issue was easy to solve. Make 
>> private domain registrations free for everyone who wanted it.
>> That solution was rejected out of hand be registries and 
>> registrars at ICANN. Likely because they want the system to die 
>> entirely. Differentiated access sounds nice, but those who govern
>> such things have made clear it will the differentiation is “do 
>> you have a court order”. I’ve been party to those discussions and
>> my view is that the multi-stakeholder model isn’t going to work.
> 
> Your frustrations are understandable, and personally I hope that ICANN manages to set up a usable differentiated access system soon and I even contributed some ideas to it. However, basically what you are saying is that you are not happy with the result of the policy development process in the proper place (i.e. ICANN), so you are now trying to use the IETF to bypass that consensus. Is this really the right thing to do for the IETF?

I have contributed ideas to it. It has been made clear the differentiation will be “do you have a court order or not” which means the system will assuredly be useless. 

If there were a serious policy development process at ICANN, you’d have a point. 

That said, this isn’t about policy this is about a protocol. If someone wanted to publish information, this is a means to do it. IETF can’t make anyone do anything. This could be an RFC tomorrow and everyone could ignore it. The same way if someone got fed up with HTTP, they could make a different protocol and submit it here. 

> 
>> The fundamental issue is voluntary interconnection. If you want
>> to connect to me, I should have a programmatic way to get 
>> something about you to make that decision. You can publish 
>> nothing if you want, or publish fake info. And I can do what I
>> want with it.
> 
> I understand this viewpoint, I'm not saying it does not make sense, but this looks too much like the email authentication stuff that has made it increasingly difficult to run independent mail servers and still get your messages accepted by the big platforms. If between "you" and "the entity that wants to connect to you" there is a fundamental difference in size and power, this becomes a way for you to force the other party into whatever you want - it is not a peer relationship any more. So, before proceeding with this (if ever), some thoughts should be given to potential centralizing effects and how to deal with them.

Not unfair, but the ease of implementation of these methods is far simpler than, say DKIM. 


> 
> --
> Vittorio Bertola | Head of Policy & Innovation, Open-Xchange
> vittorio.bertola@open-xchange.com
> Office @ Via Treviso 12, 10144 Torino, Italy

v2.23.0 | Report a Bug | By Email