IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Tue, 09 July 2019 18:32 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF2BD12006B for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 11:32:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.288
X-Spam-Level:
X-Spam-Status: No, score=-4.288 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GasfcdbRd1L2 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 11:32:35 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C75D12000F for <dnsop@ietf.org>; Tue, 9 Jul 2019 11:32:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=Content-Type:In-Reply-To:MIME-Version: Date:Message-ID:From:References:To:Subject:Sender:Reply-To:Cc: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=KOvzwZ3DjgqXoax7hCEnOBOFFpDsaZ0BG9BRDAKnsIs=; b=UtcQqi4ssmspRqgneqh13KQKL VvOBtipS+P8wUB/XYZJSoSorBiaf9kdGroIU0Xxo90O0CVcv16xrZZZxgc8IbJWWsPHD0EkFErdlR 46i9ZsubKnidb2OLkTr/gAvAbnrpv8j/XJi4iI/VljHtw7cDI1qfG/6dQRd0O3e9ChcOg=;
Received: from [216.169.1.210] (port=14683 helo=jcb.local) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hkuun-0005CG-Af for dnsop@ietf.org; Tue, 09 Jul 2019 14:32:33 -0400
To: dnsop@ietf.org
References: <23e86618-610f-8b49-a3bc-4417ebc28efd@bambenekconsulting.com> <YDgWic8mGpxJeIMdsWLQJ8o4cTsEx4k7MecSj2522353@mailpile> <d421a54f-ef91-9527-c2d2-88fbd00bbc59@bambenekconsulting.com> <D887D10B-1952-40A0-B8FA-B6003FE907C8@fugue.com>
From: John Bambenek <jcb@bambenekconsulting.com>
Openpgp: preference=signencrypt
Message-ID: <37b4fda9-3c78-1921-429b-7741482f429a@bambenekconsulting.com>
Date: Tue, 09 Jul 2019 13:32:33 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <D887D10B-1952-40A0-B8FA-B6003FE907C8@fugue.com>
Content-Type: multipart/alternative; boundary="------------8ABB00AE4534ADC0E4D6357F"
Content-Language: en-US
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/5JrOpU11Lp_JodpU7yvbksQmky0>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 18:32:37 -0000

Then why do we allow them to have social media accounts, email accounts,
etc?

How many RFCs involve using passwords somewhere in them? We know users
pick bad passwords. We know users reuse passwords. And we know
credential theft and misuse is a big problem. Were these same
considerations given to those proposals? If not, why is THIS proposal
that involves basically phone numbers and email addresses getting this
scrutiny?

If this is the hangup, then why isn't there a PIA (or related) process
for every I-D and RFC? What formal process should I undergo to have this
evaluated? Or should there be one created?


On 7/9/19 1:21 PM, Ted Lemon wrote:
> On Jul 9, 2019, at 2:04 PM, John Bambenek
> <jcb=40bambenekconsulting.com@dmarc.ietf.org
> <mailto:jcb=40bambenekconsulting.com@dmarc.ietf.org>> wrote:
>> Can't this be mitigated by any number of forms of user education?
>
> The evidence is crystal clear on this point: no, it can’t.   It is not
> possible for a person who is informed on this topic to believe otherwise.
>
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop

v2.23.0 | Report a Bug | By Email