Re: [DNSOP] Proposal: Whois over DNS
Paul Wouters <paul@nohats.ca> Tue, 09 July 2019 01:01 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A66C6120278 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 18:01:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4rNkOVR0S_mj for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 18:01:52 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05CA812024E for <dnsop@ietf.org>; Mon, 8 Jul 2019 18:01:50 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 45jPCv1hZZzCv1; Tue, 9 Jul 2019 03:01:47 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1562634107; bh=IZnYWpXJdZlmumfJGNN8DAolUSYb4gy6ULoW/BwPUPQ=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ZPnna+k19hVYLab1jUg90tt7HJl404fJS1JKfUzbTnMg4lAB19DdNOUfKd0hSrLpB hKwRBKZcBM9VAhS92MIKDXxI6H3zPBmAovErwDRIIpGkvW//iK/SKbeEg39FTh1fZQ gJ4dMq6rw6QncuECMXyt7cvX7DpOi7pL6yJpjClU=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id YtFQuLxY4E07; Tue, 9 Jul 2019 03:01:45 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 9 Jul 2019 03:01:44 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 4D5116D05; Mon, 8 Jul 2019 21:01:43 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 4D5116D05
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 2C32740B82BE; Mon, 8 Jul 2019 21:01:43 -0400 (EDT)
Date: Mon, 08 Jul 2019 21:01:43 -0400
From: Paul Wouters <paul@nohats.ca>
To: John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org>
cc: dnsop@ietf.org
In-Reply-To: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com>
Message-ID: <alpine.LRH.2.21.1907082043180.22495@bofh.nohats.ca>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/MscCqxCbXiKRoFf5M_rrO3Jx0us>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 01:01:56 -0000
On Mon, 8 Jul 2019, John Bambenek wrote: An interresting idea, but .... > Domain contact information over DNS provides a vehicle for > exchanging contact information in a programmatic and reliable > manner. DNS has a ubiquitous presence within the internet > infrastructure and will act as a reliable publication method for > contact information exchange. It's not really reliable in the case of malicious DNS. The point for me for using whois is hardly ever to find a domain contact, but to find a way to step beyond the malicious registrant. WHOIS/RDAP lets me jump to the Registrar. In the case where you would want to reach the domain for non-malicious purposes, a contact form on their website or using the SOA record email address would (and does) work fine. Appendix A and the Copyright notice at the top conflict or repeat. As for some technical points: - The WHOIS/RDAP can be rate limited, DNS queries can't. - WHOIS can be recorderd historically, for DNS queries this is much harder to do - especially if domains use a TTL=0 as default that also applies to these records. - One cannot know where zone cuts are (public suffix problem), so mis-redirection can happen - Which is more secure/valuable, the topmost _whois entries or the lower ones? eg _whois.toronto.nohats.ca or _whois.nohats.ca. - Use example.com, not exampledomain.com (see RFC 2606) - sub-types in TXT records You put everything under _whois.example.com but then use sub-typing within the TXT record. Wouldn't it be better to use the prefix instead of subtyping,eg: _name._admin._whois.example.com IN TXT "Dan Draper" _tel._admin._whois.example.com IN TXT "+1-555-123-4567" _name._billing._whois.example.com IN TXT "Peggy Olson" _email._techical._whois.example.com IN TXT "staff@example.com" This would avoid awkward references to "aname" (which might become an RRTYPE) or "tname", etc. - The use of "all" is also a bit awkward. In the end, I feel this effort shares most of its issues with the "security.txt" efforts of https://tools.ietf.org/html/draft-foudil-securitytxt which I also thought was not a good idea. See the various discussions on the saag list there for details on trustworthiness of information, and the multiple locations of information problem, which are problems present here as well. Paul
- [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Bill Woodcock
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Steve Crocker
- Re: [DNSOP] Proposal: Whois over DNS Patrick Mevzek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Bill Woodcock
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Bill Woodcock
- Re: [DNSOP] Proposal: Whois over DNS Patrick Mevzek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Paul Wouters
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS william manning
- Re: [DNSOP] Proposal: Whois over DNS Vittorio Bertola
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Jim Reid
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Bjarni Rúnar Einarsson
- Re: [DNSOP] Proposal: Whois over DNS David Waitzman
- Re: [DNSOP] Proposal: Whois over DNS Joe Abley
- Re: [DNSOP] Proposal: Whois over DNS Ted Lemon
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Rubens Kuhl
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Paul Vixie
- Re: [DNSOP] Proposal: Whois over DNS Jim Reid
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Jim Reid
- Re: [DNSOP] Proposal: Whois over DNS Joe Abley
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Bjarni Rúnar Einarsson
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Ted Lemon
- Re: [DNSOP] Proposal: Whois over DNS Bjarni Rúnar Einarsson
- Re: [DNSOP] Proposal: Whois over DNS Jim Reid
- Re: [DNSOP] Proposal: Whois over DNS Steve Crocker
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Ted Lemon
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Ted Lemon
- Re: [DNSOP] Proposal: Whois over DNS Paul Wouters
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- [DNSOP] Proposal: Whois over DNS Steve Crocker
- Re: [DNSOP] Proposal: Whois over DNS Vittorio Bertola
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Bjarni Rúnar Einarsson
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Peter DeVries
- Re: [DNSOP] Proposal: Whois over DNS Ted Lemon
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Ted Lemon
- Re: [DNSOP] Proposal: Whois over DNS Jim Reid
- [DNSOP] dictionary of registration data elements Jim Reid
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Brian Dickson
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS George Michaelson
- Re: [DNSOP] Proposal: Whois over DNS Viktor Dukhovni
- Re: [DNSOP] Proposal: Whois over DNS Paul Vixie
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Paul Vixie
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Mark Andrews
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Philip Homburg
- Re: [DNSOP] Proposal: Whois over DNS Jim Reid
- Re: [DNSOP] Proposal: Whois over DNS Philip Homburg
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Philip Homburg
- Re: [DNSOP] Proposal: Whois over DNS Joe Abley
- Re: [DNSOP] Proposal: Whois over DNS David Conrad
- Re: [DNSOP] Proposal: Whois over DNS John Bambenek
- Re: [DNSOP] Proposal: Whois over DNS Michele Neylon - Blacknight
- Re: [DNSOP] Proposal: Whois over DNS Dr Eberhard W Lisse
- Re: [DNSOP] Proposal: Whois over DNS Michele Neylon - Blacknight