IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

Jim Reid <jim@rfc1035.com> Tue, 09 July 2019 13:32 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F87D12015B for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 06:32:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8oXIjO8FOsrf for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 06:32:23 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8746B120157 for <dnsop@ietf.org>; Tue, 9 Jul 2019 06:32:23 -0700 (PDT)
Received: from wallace.rfc1035.com (hutch.rfc1035.com [195.54.233.70]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 43C1724205E6; Tue, 9 Jul 2019 13:32:21 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com>
Date: Tue, 09 Jul 2019 14:32:19 +0100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <233E0AD8-97FE-466C-9B6C-D7A376031C3B@rfc1035.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com>
To: John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MiCHdRoiSueEWScsfeXq3Re1UD8>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 13:32:25 -0000

On 8 Jul 2019, at 22:38, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
> 
> In response to ICANN essentially removing most of the fields in WHOIS for domain records, Richard Porter and myself created a draft of an implementation putting these records into DNS TXT records. It would require self-disclosure which mitigates the sticky issues of GDPR et al. Would love to get feedback. 

I think this is a spectacularly bad idea.

1. The intractable policy problems around whois won't/can't be solved by moving them from port 43 to port 53.

2. These policy problems are out of scope for the IETF. It deals with technical and operational matters around protocol design and deployment. Policy issues are handled in other fora - like ICANN. The IETF should keep well away from the whois policy swamp. The wrangling over whois policy at ICANN has gone on and on for 20+ years. It shows no sign of reaching a consensus. Dragging the IETF in to that screamfest is not going to improve matters.

3. Your proposal doesn't mitigate GDPR issues. At best it'll just move the goalposts. The roles of Data Controller/Processor/Subject won't necessarily fit with the roles that update, manage and publish DNS data.

If I outsource my DNS to $registrar and/or $dnshoster, one or other of them might (or might not) be the Data Controller. Or it might (or might not) be me. The same does for the Data Processor role. So who'd be on the hook for GDPR compliance?

DNS providers who are largely untroubled by GDPR today could be obliged to register because your proposal would mean they'd be publishing and processing Personal Data. As things stand currently, it's already clear who has those responsibilities - the registry that provides the whois server. In your proposal, it's not so obvious. And when I am the Data Controller, I will probably need to get consent to publish Personal Data in the DNS (or anywhere else) for an admin or tech or whatever contact who isn't me. Why should I be expected to bother with that hassle?

4. It's unwise to use TXT records in this way. Pick another RRtype. TXT records are already overloaded and used for all sorts of things. What if someone's already got a TXT record with RDATA that begins with (say) "aname="? It's also a bad idea to require a specific subdomain for these RRs. How will this work for a domain name that's too long to accommodate an additional _whois label? And where would the contact data for _whois.example.com get stored? That doesn't necessarily have the same contact data as its parent.


BTW, whois was originally intended to provide a way to publish out-of-band contact data so the domain holder could be contacted whenever their DNS or email was broken. Putting this info in the DNS would defeat that.

v2.23.0 | Report a Bug | By Email