IETF Logo Mail Archive

[DNSOP] Proposal: Whois over DNS

Steve Crocker <steve@shinkuro.com> Tue, 09 July 2019 16:27 UTC

Return-Path: <steve@shinkuro.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F4231205FD for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 09:27:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Level:
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=shinkuro-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IcV6oNKJ0Xts for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 09:27:06 -0700 (PDT)
Received: from mail-yb1-xb32.google.com (mail-yb1-xb32.google.com [IPv6:2607:f8b0:4864:20::b32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C150012022B for <DNSOP@ietf.org>; Tue, 9 Jul 2019 09:27:05 -0700 (PDT)
Received: by mail-yb1-xb32.google.com with SMTP id f195so6048486ybg.9 for <DNSOP@ietf.org>; Tue, 09 Jul 2019 09:27:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shinkuro-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=rhjg0aaXfo9bCVhtdIl9f+/mzB7ZQyCWbo8lji35pnY=; b=gA9uRA7pEBzE8izgHmJRnJoNP7l3IXF0Yxt6YDLZeKi4Y3+UO9EatjVtUfkJPXjngJ 3E/GJ8rl6TZfJyxPXO0TsQHMN/gC9V1OxcvLqejambZktjY4Yg4RXAxXJlrwI+J3nguf KBK/CX2dZphyR4c7C+VW/Km5WUugyYZD7hhf9X4yUiwww4rtaWZrIQPpaKDpUXpwhBoj ZurnahwVizuqVaD07+wOARS+7J9o2yGF2ihYI4H3ZnKw7yrSRKIt+Ild0Gc5h28pfuyQ eNc+FwDMur5uyPGxMZzpBGf18nK0UIs5plzYfTg146jzR0+Qx8q3YcQbycpAw+tJ/EbW krsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=rhjg0aaXfo9bCVhtdIl9f+/mzB7ZQyCWbo8lji35pnY=; b=BNyHzZ/mfrPOUcIdZ9l8o7Cqx0bSbxHHKmeu5f8uLQkN2Selu3q5jKhCZN1mtdlVEx twWh9sLI/S9M1RZ88C2684T9YE3o+q618Hhf//0m+bzJ6KKUF5irnjWbkZ1zD3375r8o 8QWbXdVfUjdC9l3VJ+2px5gF39krxDVXmWkDE3EZSar/syIsQOb8XdyP8M3UqrZ103jf AdYYreluZ03fgNPW5yjjovgR1XePLrf/Gvnz8PTMde81fX8Jq+LUD9jz/lL9A8o7GzFM E3Yc70oj9spbyU93J0Ww9eNsAZ3p+5zphmo7OIx1SEpE5ZQvJE/jvhLnMc2B+Lzb6bR6 zg0g==
X-Gm-Message-State: APjAAAVlhP/PI38Cw9J5agfQzFqY7mcoc4evfX4hjnnhw6MAVxvHqUHz HGiFFVEuofFMTv4mOQpV8jIMR2MY9zI2mzxrRjxuQqX2
X-Google-Smtp-Source: APXvYqzNtSBOUDLtEcLkNiyDLyxMoIn89Y8r2W02Y0Xdz8Ow5UsPwQBtawMHMUfCI74aJLXgF47F6IrgJ+Gd0R2s7qs=
X-Received: by 2002:a25:2cc4:: with SMTP id s187mr1791960ybs.457.1562689624509; Tue, 09 Jul 2019 09:27:04 -0700 (PDT)
MIME-Version: 1.0
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <233E0AD8-97FE-466C-9B6C-D7A376031C3B@rfc1035.com> <93244821-6C22-457F-BA06-CF43CA9FD12B@bambenekconsulting.com> <F45666C7-181A-4853-897E-40D5C0EA972B@fugue.com> <37daa562-c8a0-ec11-8a3f-ffebfb464d16@bambenekconsulting.com> <CABf5zvKtkVX+1WLoNcjwmff6-KoOxjVxh9cwZYS0YVO4PAVq4w@mail.gmail.com>
In-Reply-To: <CABf5zvKtkVX+1WLoNcjwmff6-KoOxjVxh9cwZYS0YVO4PAVq4w@mail.gmail.com>
From: Steve Crocker <steve@shinkuro.com>
Date: Tue, 09 Jul 2019 12:26:52 -0400
Message-ID: <CABf5zvLvicDeSEfgkBotwRp=UYpKf3ryp-Cz-T+SjSBA6d8GNg@mail.gmail.com>
To: dnsop <DNSOP@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f6a4e5058d4207e7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/XQ-3gnwxmpIDm_LQAWBJBF9VbFo>
Subject: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 16:27:09 -0000

Folks,

Let me share a somewhat broader perspective.  I was chair of the ICANN
board for several years.  During that period, I attempted, without success,
to reset the dialog related to whois.  After I stepped off the board in
late 2017, I decided to take another run at the problem.  I've been working
quietly with a small, excellent group to see if we can provide some useful
tools for assisting the community in thinking about the policy issues.  Our
first goal is to provide a policy framework for expressing the wide variety
of policies in this area, both existing and proposed.  We're not quite
ready to release this framework, but it's coming along and I hope to be
able to publish it shortly.  That said, I can share a few points.

   1.  "Whois" is a somewhat ill-fitting handle.  The policy problems
   extend beyond contact data to include quite few other types of data, some
   of which are inherently public such as the DNS records, some of which are
   inherently extremely sensitive such credit card numbers, and others which
   fall somewhere in between such as dates of registration and expiration.

   I'll also note that WHOIS arose in the days of the Arpanet, prior to the
   existence of the domain name system and prior to the Internet.  The admin
   and tech contacts referred to the people running the time-shared systems
   that were hosts on the Arpanet, and these contacts were published so they
   could reach each other.  Almost fifty years later and a millionfold
   expansion, it's not a surprise the original concepts are not a perfect fit.

   2. Of the various contacts that are usually published, only the
   registrant contact has any real meaning.  For most registrations, the admin
   and tech contacts have no agreed upon meaning.  By "an agreed upon meaning"
   I mean an explicit statement of the authority (what the contact may do) and
   responsibility (what the contact is supposed to do) so that both the
   contact and everyone who accesses the contact data would share the same
   understanding.

   One of the most important roles in the entire structure is the person
   who has the account with the registrar and therefore has direct, electronic
   control of all the data.  We use the term "account holder" for this role.
   It may or may not be the same as the registrant.

   Other contact data is occasionally published, e.g. billing contact,
   legal contact, etc.  While the meaning of these roles is alluded to in the
   name, there is usually nothing explicit about authority and responsibility.

   3. The policy issues related to all of this are quite tangled.  The
   registrar and the registrar are the primary parties involved.  The
   blazingly simple and obvious fact is that neither of these parties have any
   trouble with the accuracy or meaning of the data they share with
each other *that
   are related to the actual process of registration*.  The registrar is
   primarily concerned with getting paid and the registrant is primarily
   concerned with having his registration active.  The trouble comes from the
   many third parties who have developed practices and policies related to the
   registration data.  A full discussion of these multiple parties, their
   motivations and needs, and the wide variety of policy issues requires much
   more space and attention than is appropriate for this note and this thread,
   but a couple of specific points are relevant and worth emphasizing.

   4. It's important to separate (a) the definition of the data elements,
   (b) the policies governing who should have access to which data elements,
   and (c) the access mechanisms.  As I said in an earlier note, the proposal
   being discussed in this thread, viz to use DNS to publish contact data,
   speaks to only a small portion of the overall problem.  Because the
   proposed mechanism is DNS, the data will presumably be public and provided
   at the discretion of the registrant.   This is useful for some purposes,
   but it clearly does not address the larger policies issues of allowing
   different groups to have differing levels of access to various types of
   data.

   5. With respect to the role of the IETF, I agree the policy issues
   belong elsewhere.  That said, there is, I believe, a natural role for the
   IETF that matches one part of the current proposal.  All parties will
   benefit if there is a dictionary of the possible registration data
   elements.  As I suggested in point 1 above, the relevant data elements
   include more than just contact data.  And even with respect to contact
   data, a more precise definition of the various roles would be quite helpful.

   The distinction implied here is the separation of the definition of the
   data elements from the publication mechanism.

I would strongly support an effort within the IETF to create and maintain a
dictionary of registration data elements.  This would probably be in the
form of an IANA-maintained registry, with oversight from DNSOP.

Steve

v2.23.0 | Report a Bug | By Email