IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

David Waitzman <djw+ietf@fsi.io> Tue, 09 July 2019 14:21 UTC

Return-Path: <djw+ietf@fsi.io>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E8C120451 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 07:21:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aiNO176TValf for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 07:21:18 -0700 (PDT)
Received: from mail.fsi.io (mail.fsi.io [104.244.14.182]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E857012044E for <dnsop@ietf.org>; Tue, 9 Jul 2019 07:21:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at fsi.io
From: David Waitzman <djw+ietf@fsi.io>
Content-Type: multipart/alternative; boundary="Apple-Mail=_C4968787-8026-4706-8AB3-7676DB4339BC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 09 Jul 2019 10:21:14 -0400
References: <233E0AD8-97FE-466C-9B6C-D7A376031C3B@rfc1035.com> <FUkLTVMXAgJMiDybUjWJmf4VMxMskCZdtairxrSf2353@mailpile>
To: dnsop <dnsop@ietf.org>
In-Reply-To: <FUkLTVMXAgJMiDybUjWJmf4VMxMskCZdtairxrSf2353@mailpile>
Message-Id: <E25E1E24-1C58-4CCC-878C-B0ACC79C10C2@fsi.io>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/SEVLFFouXd99aQTVtPHpVMzvKts>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 14:21:20 -0000

To go along with this proposal, maybe we can adapt the approach from RFC3514 for DNS?
We could send a new RRTYPE with a bitfield value, giving a more granular level of detail than that in RFC3514.  RFC3514 was constrained to only use one bit because IP headers are small; with DNS, we don't have the same level of constraint.

I would suggest that responses for all new GTLDs have the bit for "evil" set to 1, unless responses are sent via RFC1149, in which case they'd merit a default of 0.

On Jul 9, 2019, at 05:09, Vittorio Bertola <vittorio.bertola=40open-xchange.com@dmarc.ietf.org <mailto:vittorio.bertola=40open-xchange.com@dmarc.ietf.org>> wrote:
> 
>> Il 9 luglio 2019 00:01 John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org <mailto:jcb=40bambenekconsulting.com@dmarc.ietf.org>> ha scritto:
>> 
>> 
>> Like I said, I’m ok with someone lying to me. Its easy to detect
>> and easy to deal with. For instance, in DNS a mailserver could 
>> query these records, see phone number is set to 0000000000 and 
>> then just reject email from said domain. With existing whois that 
>> was never possible, due to rate limiting.
> 
> At first sight, your proposal looked ok - if someone wants to publish their information voluntarily, why not? But then I read this and now I am seriously concerned: it looks like this is explicitly being designed to penalize registrants that care about their privacy and choose not to publish information about themselves (or publish fake information, which used to be the only practical way in the old mandatory Whois times).


-david waitzman

v2.23.0 | Report a Bug | By Email