IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

Ted Lemon <mellon@fugue.com> Tue, 09 July 2019 18:37 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E9A56120A30 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 11:37:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.593
X-Spam-Level:
X-Spam-Status: No, score=-0.593 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 93AfR0ekA2Ny for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 11:37:46 -0700 (PDT)
Received: from mail-qt1-x832.google.com (mail-qt1-x832.google.com [IPv6:2607:f8b0:4864:20::832]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB76120A2F for <dnsop@ietf.org>; Tue, 9 Jul 2019 11:37:31 -0700 (PDT)
Received: by mail-qt1-x832.google.com with SMTP id k10so15048238qtq.1 for <dnsop@ietf.org>; Tue, 09 Jul 2019 11:37:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=SZKdwbzd+PTGAY4Sf1jVdJ8YnZjsfYbM1cq34bBcVB8=; b=YsdarccDfNcX+hkRV4zIgtVb2WVAGaR/EocKyTiPvVhvoNgAG05D8hPAGxsCzLmPeL /Ksi/3OrX/qPASLTjUC5VIjSrIZEDoZaNhv3GHNBX3UoTfmjKGm7kmOugh477uySWj3/ MmlgGLNM/XN5xGhP4uuvxYOAvMnRwbHPm+oTZFcFWZsfiQYS/42wFV7ZsMt0LbpatruB gsXLHORFEAMaSfzNMslOD2Sf3ADj+rGVLk7O5WStL48XXuYhGdDO8moAo419XopsQaMo mIwzvrk4AMsPSa3FYqQpDpxGz/t9AD8z74LssljcJrxdO38+q1/0zZTMTdb+3Af+OO4v NfRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=SZKdwbzd+PTGAY4Sf1jVdJ8YnZjsfYbM1cq34bBcVB8=; b=ZGglsm3a2BUQw4/ReZNDJGuMZmWFFlUxPrGOFZMplY37en0AM4DmXA5vbf5hF5dRrH gqeY3cdkwyqiK1SNA1zthz13PW7cFD0yagNYyW2EvBAMCDprq9j9RdJ0NCBikUinFLkl KeKK5nznap+bHNq9cq/uMmbxAieURP4JaoESzGLzR+oo9x7nJuQ5w1ZwRBDnx/QauXCS 8rfHKCjuDF0878xcAAPrAqPPnMiFWiqVXvOL7QhPC/HYPXRKkEBWwJuNSfIMYrYsH//a Y0VrsC+vA/SOLXYV3qC0FNjQ//tcY9PNXRBtf0WMCoGrAdNjFweKF5LmZJgYSpfamNw+ RblA==
X-Gm-Message-State: APjAAAUfPryZWhvQ/uH3yflvIeFyzrUpl7YadmYSKl+9l9QzcjpW/Lbc SE0U2Voe6DMcDorKHdRJ8nfDtBnJMBo=
X-Google-Smtp-Source: APXvYqz7wPXpiM9oT1eOT7/DPc/mh1FLwEcMqTpxoGTJsm4jnRYLxJdDhyASa0a6XidBjUbY5IRDoQ==
X-Received: by 2002:a0c:b521:: with SMTP id d33mr20901173qve.239.1562697450698; Tue, 09 Jul 2019 11:37:30 -0700 (PDT)
Received: from ?IPv6:2001:470:c1a2:1:1dd2:b78f:3be7:8c79? ([2001:470:c1a2:1:1dd2:b78f:3be7:8c79]) by smtp.gmail.com with ESMTPSA id t67sm9237399qkf.34.2019.07.09.11.37.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 11:37:30 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <0FF35FAD-9F98-42AD-B097-F633E22E4CA5@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_9047A1F0-2973-4773-8933-5382A94C17DC"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 09 Jul 2019 14:37:27 -0400
In-Reply-To: <37b4fda9-3c78-1921-429b-7741482f429a@bambenekconsulting.com>
Cc: dnsop@ietf.org
To: John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org>
References: <23e86618-610f-8b49-a3bc-4417ebc28efd@bambenekconsulting.com> <YDgWic8mGpxJeIMdsWLQJ8o4cTsEx4k7MecSj2522353@mailpile> <d421a54f-ef91-9527-c2d2-88fbd00bbc59@bambenekconsulting.com> <D887D10B-1952-40A0-B8FA-B6003FE907C8@fugue.com> <37b4fda9-3c78-1921-429b-7741482f429a@bambenekconsulting.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/nUKLnnDb82sKt3KkKi62qYZfl80>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 18:37:49 -0000

On Jul 9, 2019, at 2:32 PM, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
> Then why do we allow them to have social media accounts, email accounts, etc?
> 
We don’t.
> How many RFCs involve using passwords somewhere in them? We know users pick bad passwords. We know users reuse passwords. And we know credential theft and misuse is a big problem. Were these same considerations given to those proposals? If not, why is THIS proposal that involves basically phone numbers and email addresses getting this scrutiny?
> 
If someone were to propose using passwords in a new specification, I think it would see fairly significant pushback.
> If this is the hangup, then why isn't there a PIA (or related) process for every I-D and RFC? What formal process should I undergo to have this evaluated? Or should there be one created?
> 
There is.  There are several RFCs that you should read that talk about the problem.  You are expected to know about them.

e.g.: https://tools.ietf.org/html/rfc6973 <https://tools.ietf.org/html/rfc6973>
e.g.: https://tools.ietf.org/html/rfc8280 <https://tools.ietf.org/html/rfc8280>
e.g.: https://tools.ietf.org/html/rfc2804 <https://tools.ietf.org/html/rfc2804>
e.g.: https://tools.ietf.org/html/rfc7258 <https://tools.ietf.org/html/rfc7258>

I could go on, but these are the low-hanging fruit.

v2.23.0 | Report a Bug | By Email