Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Mon, 08 July 2019 21:47 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 986DC12008F for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 14:47:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.298
X-Spam-Level:
X-Spam-Status: No, score=-4.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jRnxEApSCKs3 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 14:47:21 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBCE2120326 for <dnsop@ietf.org>; Mon, 8 Jul 2019 14:47:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=XndWpULhqduTexlRg+TV9/vXbwnJ4jpN6UfcxsMFViU=; b=nsKSFrFbh/A9ni8pPHKkggrhj uRG5zGu+YiICtd9ufhFX8/sjabWD5BapskdW1dJ3BPRqPhktMMyaQ+uTp7wS8Otdx2WMk7dvnDzah T4lI6va/IDsrCIUhP5UvkDNBYu5WKdJln5ICyr8kWaw0XCwnAjZarbHTy8NBFBVJwaC5w=;
Received: from [216.169.1.210] (port=17604 helo=[192.168.11.116]) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hkbTf-0003MU-5q; Mon, 08 Jul 2019 17:47:15 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: John Bambenek <jcb@bambenekconsulting.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <E45936AC-3CBF-4E09-8F1B-311EAA482BC1@pch.net>
Date: Mon, 08 Jul 2019 16:47:15 -0500
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <5290236B-66BC-4C6E-B924-747CBD07F329@bambenekconsulting.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <E45936AC-3CBF-4E09-8F1B-311EAA482BC1@pch.net>
To: Bill Woodcock <woody@pch.net>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/S3Cb20uNQpWjZvDsj68HMiEChpg>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 21:47:32 -0000

That is the weakness but if the third party vetting (which let’s be honest consisted of sending an email to any address and seeing if someone clicked a link) won’t be done anymore because registrars and registries refuse to do it under the guise of “privacy”, where else can you go for vetting?

That said, my profession is an intel analyst. I’m ok with junk data because junk data tells me something (the owner of the domain is a liar, and I should be weary). Also, even intelligence agencies have a hard time generating truly random but believable data. We were able to use information reuse (even though it was junk info) to track and enumerate election information operations. 

—
John Bambenek

On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sales@bambenekconsulting.com for details

On Jul 8, 2019, at 16:42, Bill Woodcock <woody@pch.net> wrote:

> 
> 
>> On Jul 8, 2019, at 2:38 PM, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
>> 
>> All-
>> 
>> In response to ICANN essentially removing most of the fields in WHOIS for domain records, Richard Porter and myself created a draft of an implementation putting these records into DNS TXT records. It would require self-disclosure which mitigates the sticky issues of GDPR et al. Would love to get feedback.
> 
> Good in principle, but the information in whois has always been, at least nominally, third-party vetted.  This would not be.  So my worry is that either it would get no uptake, or it would get filled with bogus information.  It’s a little hard for me to imagine it being widely used for valid information, though that would of course be the ideal outcome.
> 
> So, no problem with this in principle, but I’d like to see some degree of consensus that user-asserted content is sufficient for people’s needs.
> 
>                                -Bill
>