Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Mon, 08 July 2019 22:07 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A69FF120077 for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 15:07:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQmecdSzGw2R for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 15:07:17 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D475120098 for <dnsop@ietf.org>; Mon, 8 Jul 2019 15:07:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=9nGExgOpYCQdRQR714MatOYOaSQt88j/VPsP2XW0bR4=; b=FMvL1gEaSfolwMgRt8EauokmD me1p5glefwkAUrIU1eYZOoHP3EL+niBPzTkJErk6ircJaOA8VFn7N+3vFcT0JCGNhdemU6JEdMPXn 3fEZngGp/+uG069w89Jb1ULEO8ZMekjDA+zZ1pWftZKRKX5rQyk6a3z/WoC6T4+16JR9o=;
Received: from [216.169.1.210] (port=25237 helo=[192.168.11.116]) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hkbn0-00044l-QC; Mon, 08 Jul 2019 18:07:14 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: John Bambenek <jcb@bambenekconsulting.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <EFE68648-242A-4B82-BE13-6A9EA9D2089A@pch.net>
Date: Mon, 08 Jul 2019 17:07:15 -0500
Cc: dnsop@ietf.org, John Curran <jcurran@arin.net>
Content-Transfer-Encoding: quoted-printable
Message-Id: <495837EC-00BA-447A-98A5-B77EB720E8F3@bambenekconsulting.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <E45936AC-3CBF-4E09-8F1B-311EAA482BC1@pch.net> <5290236B-66BC-4C6E-B924-747CBD07F329@bambenekconsulting.com> <EFE68648-242A-4B82-BE13-6A9EA9D2089A@pch.net>
To: Bill Woodcock <woody@pch.net>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/dU17ho80XgEQut4G3ZC2NqrwtP0>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2019 22:07:20 -0000

Yes, bifurcation of whois is a problem. I’d rather it all be in one place, but that door was closed and not by me. 

—
John Bambenek

On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sales@bambenekconsulting.com for details

On Jul 8, 2019, at 17:04, Bill Woodcock <woody@pch.net> wrote:

> 
> 
>> On Jul 8, 2019, at 2:47 PM, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
>> 
>> That is the weakness but if the third party vetting (which let’s be honest consisted of sending an email to any address and seeing if someone clicked a link) won’t be done anymore because registrars and registries refuse to do it under the guise of “privacy”, where else can you go for vetting?
> 
> It’s also worth remembering that forward and reverse work very differently in this regard, and the RIRs haven’t given up the whois fight yet.  They do strong vetting (requiring articles of incorporation, tracking down and eliminating fraudulent entries, etc.) that’s not done in the forward DNS space.
> 
> So now you’d have the potential for conflicting RIR-provided and user-provided whois information in the reverse space.  Again, not a reason not to do this, but a word of caution that it’ll make the world a slightly more complicated place.
> 
>> That said, my profession is an intel analyst. I’m ok with junk data because junk data tells me something (the owner of the domain is a liar, and I should be weary). Also, even intelligence agencies have a hard time generating truly random but believable data. We were able to use information reuse (even though it was junk info) to track and enumerate election information operations.
> 
> Oh, I think we’re all a little weary by now.  :-)
> 
> Yes, I take your point and agree that bad data is significantly better than no data, if it’s all taken with the appropriate grain of salt.
> 
> 
>>> On Jul 8, 2019, at 16:42, Bill Woodcock <woody@pch.net> wrote:
>>> 
>>> 
>>> 
>>>> On Jul 8, 2019, at 2:38 PM, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
>>>> 
>>>> All-
>>>> 
>>>> In response to ICANN essentially removing most of the fields in WHOIS for domain records, Richard Porter and myself created a draft of an implementation putting these records into DNS TXT records. It would require self-disclosure which mitigates the sticky issues of GDPR et al. Would love to get feedback.
>>> 
>>> Good in principle, but the information in whois has always been, at least nominally, third-party vetted.  This would not be.  So my worry is that either it would get no uptake, or it would get filled with bogus information.  It’s a little hard for me to imagine it being widely used for valid information, though that would of course be the ideal outcome.
>>> 
>>> So, no problem with this in principle, but I’d like to see some degree of consensus that user-asserted content is sufficient for people’s needs.
>>> 
>>>                              -Bill