IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

Ted Lemon <mellon@fugue.com> Tue, 09 July 2019 14:29 UTC

Return-Path: <mellon@fugue.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9EBC12016A for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 07:29:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.603
X-Spam-Level:
X-Spam-Status: No, score=-0.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fugue-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oBR1J2qe9Ag3 for <dnsop@ietfa.amsl.com>; Tue, 9 Jul 2019 07:28:59 -0700 (PDT)
Received: from mail-qt1-x844.google.com (mail-qt1-x844.google.com [IPv6:2607:f8b0:4864:20::844]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8177120165 for <dnsop@ietf.org>; Tue, 9 Jul 2019 07:28:59 -0700 (PDT)
Received: by mail-qt1-x844.google.com with SMTP id z4so18353492qtc.3 for <dnsop@ietf.org>; Tue, 09 Jul 2019 07:28:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fugue-com.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=4f4RhNGUDylU+eR3F1T+4N3DrVpj4Ldrmff0JsDzpAw=; b=JXtIMVPvONEt7JrGFYx2pikOkFn8MmMz4Y392otf0zWlavZXCAKtdY3avFz5t8MhCa bbj0yHDdcpOaUx56AKnudJiuVnmqn82mIh4rHWbux6XYySjq9vdfyPkewk+zSG60xf56 cqfy0K3IWX+Bm9nu8SvNUbHUtyhMN5ec2FoOdTLIpr9LsCKXeTMLS/7E4fca1qc74kv/ 0I9SNMwo1yVRZcvu7cE3tp58Px+a/Xt+4yHA44LEaZ7eP9nZQ/XUqWeF5x55p5q9KtFV UDf8bPQ01UB9VtegDRhPWcKvavd+ycokZ/QDvYEC+Toy9SxhOU8qHPi4Avx6MwolRnOl 92NQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=4f4RhNGUDylU+eR3F1T+4N3DrVpj4Ldrmff0JsDzpAw=; b=RBqGfM9Ea2P3681lG+oOmDQE12q0xCzuOoKLkmV9kOr57lvsLEXs8dNDvnhTNTpP9D i3cMc5yRk9G9ipFfNaiphkZQkNqTg4qycjfauVEEHebYHjd2jw+WIoCLLpB43lu5Vpcr 0yfsYLdwHuVistHc6Imu6Tdpgp4l/+Pi3lEAip5xcVxkmIehoKMwtwz43RkyrnSIvHCy K+4f+HNI0QDjbEvbCEptALUSTorQSrig6D+JJp9o0TEwmwhEx30QU+tRXP5PSOKjUncI K1b6q0n+khgDyYygxHFk1hLYb9vC4yv/YCkJ3Ev/k+I+f1i5RGXZ3e105LQeQbpdYaf9 GMwg==
X-Gm-Message-State: APjAAAVbMC8SEF1pZ8iESJE0YbZRgVp3Eb9gKB+swgBSV/Xmv/4y0VHQ bARP/8fCsAISepBG9MyKnd5Gmw==
X-Google-Smtp-Source: APXvYqzLk5cQY2BZ5ad14gtZt3BR7Xmrfe0GCn2vZLw+2e1Jxb+qpXPGMSTKzP3qhgG4cFMvfVMmmQ==
X-Received: by 2002:ac8:2b10:: with SMTP id 16mr18629321qtu.351.1562682538912; Tue, 09 Jul 2019 07:28:58 -0700 (PDT)
Received: from [192.168.1.103] (c-73-186-137-119.hsd1.nh.comcast.net. [73.186.137.119]) by smtp.gmail.com with ESMTPSA id 18sm6204411qkh.77.2019.07.09.07.28.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 09 Jul 2019 07:28:58 -0700 (PDT)
From: Ted Lemon <mellon@fugue.com>
Message-Id: <F45666C7-181A-4853-897E-40D5C0EA972B@fugue.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_272AC2C5-41AC-4320-AE4E-86E27F2F0EE1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Tue, 09 Jul 2019 10:28:51 -0400
In-Reply-To: <93244821-6C22-457F-BA06-CF43CA9FD12B@bambenekconsulting.com>
Cc: Jim Reid <jim@rfc1035.com>, dnsop@ietf.org
To: John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <233E0AD8-97FE-466C-9B6C-D7A376031C3B@rfc1035.com> <93244821-6C22-457F-BA06-CF43CA9FD12B@bambenekconsulting.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/p0WwIggKxv5yIATtgio8PBbDARs>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 14:29:02 -0000

On Jul 9, 2019, at 10:07 AM, John Bambenek <jcb=40bambenekconsulting.com@dmarc.ietf.org> wrote:
> But ICANN won’t allow such a system with meaningful data, so here we are. 

The question you should be asking is “why not?”   The answer is that nobody whose info you need will publish it, because the info you need is from people who are engaging in misfeasance or malfeasance.  The people who will publish accurate information here are likely naive, so you’ve really just created a vuln that bad actors can exploit.

You can’t use the fact that no information, or false information, is provided as a basis for seeking out bad actors, because any sensible person will not put their information in this database unless they have to to get something they need.  If they have to to get something they need, they will likely put in false information, because they have no legal obligation to do otherwise, and putting in correct information would not be in their interests.   So all you’ve done here is create two attack surfaces.

The first attack is against people who are naive: you now have personal information about them that they shouldn’t have given you.   The second attack is that you can use the fact that someone posts false information, or doesn’t provide information, as a pretext for investigating them.

If you genuinely think this is worth doing, please come up with a real-world use case that meets the following three criteria:

It would be in my interest to put information about myself in this database
That information would be useful to you, or to someone specific whom you can identify
My participation in, or non-participation in, this mechanism is entirely voluntary, and can’t be used against me

You haven’t done that yet.  If this depends on people acting against their own interests, we shouldn’t publish it.  If it solves a paper problem but isn’t actually useful, we shouldn’t publish it.  It needs to solve a real problem in a way that is ethical.   I don’t think it does.

v2.23.0 | Report a Bug | By Email