IETF Logo Mail Archive

Re: [DNSOP] Proposal: Whois over DNS

John Bambenek <jcb@bambenekconsulting.com> Tue, 09 July 2019 01:32 UTC

Return-Path: <jcb@bambenekconsulting.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA01D12024E for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 18:32:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bambenekconsulting.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cDZcY5DR5vQz for <dnsop@ietfa.amsl.com>; Mon, 8 Jul 2019 18:32:34 -0700 (PDT)
Received: from chicago.bambenekconsulting.com (chicago.bambenekconsulting.com [99.198.96.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89AF11202F8 for <dnsop@ietf.org>; Mon, 8 Jul 2019 18:32:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=bambenekconsulting.com; s=default; h=To:References:Message-Id: Content-Transfer-Encoding:Cc:Date:In-Reply-To:From:Subject:Mime-Version: Content-Type:Sender:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=O7XnpmhnS3ORaWsMXV5baUl1cxPmErHWbRiEbxxm/oM=; b=ETXmzkQ79FzAvlQYrUHmqsLaF AU6q3gy8xNe4pa5cUfFqMKhSmtPJYc9ujd9VBzqeoJgjfcnjtHa7roFW5+jGaFjjKtzUUCJXlO3XQ JUnDPwXg28Rfy7wNIq/EIb7PAQ70CH1lKGfQpj340Iix81x3Ke8rf4YYlohgzE/tutNog=;
Received: from c-67-167-98-187.hsd1.il.comcast.net ([67.167.98.187]:51341 helo=[192.168.11.181]) by chicago.bambenekconsulting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92) (envelope-from <jcb@bambenekconsulting.com>) id 1hkezf-0008Kk-0W; Mon, 08 Jul 2019 21:32:31 -0400
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (1.0)
From: John Bambenek <jcb@bambenekconsulting.com>
X-Mailer: iPhone Mail (16F203)
In-Reply-To: <alpine.LRH.2.21.1907082043180.22495@bofh.nohats.ca>
Date: Mon, 08 Jul 2019 20:32:30 -0500
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <2154CD79-6DE9-46C7-B754-112302FB61C5@bambenekconsulting.com>
References: <1CA7BF1B-DF50-443B-9219-55259835FE23@bambenekconsulting.com> <alpine.LRH.2.21.1907082043180.22495@bofh.nohats.ca>
To: Paul Wouters <paul@nohats.ca>
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - chicago.bambenekconsulting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - bambenekconsulting.com
X-Get-Message-Sender-Via: chicago.bambenekconsulting.com: authenticated_id: jcb@bambenekconsulting.com
X-Authenticated-Sender: chicago.bambenekconsulting.com: jcb@bambenekconsulting.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/s5OPv9zHpr2FUfm82u_1n59RSDs>
Subject: Re: [DNSOP] Proposal: Whois over DNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jul 2019 01:32:38 -0000

Below

—
John Bambenek

On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sales@bambenekconsulting.com for details

On Jul 8, 2019, at 20:01, Paul Wouters <paul@nohats.ca> wrote:

> On Mon, 8 Jul 2019, John Bambenek wrote:
> 
> An interresting idea, but ....
> 
>>   Domain contact information over DNS provides a vehicle for
>>   exchanging contact information in a programmatic and reliable
>>   manner. DNS has a ubiquitous presence within the internet
>>   infrastructure and will act as a reliable publication method for
>>   contact information exchange.
> 
> It's not really reliable in the case of malicious DNS. The point for me
> for using whois is hardly ever to find a domain contact, but to find
> a way to step beyond the malicious registrant. WHOIS/RDAP lets me jump
> to the Registrar.

Reliable for what use case? Creating benevolent data artificially is hard. 

Whois/rdap WOULD let you jump to the registrar, but all the data will be redacted and odds are we won’t get access at all anyway. 

> 
> In the case where you would want to reach the domain for non-malicious
> purposes, a contact form on their website or using the SOA record email
> address would (and does) work fine.
> 

If the website is owned, the contact form can’t be trusted. I know of no one who uses SOA for anything other than tracking and correlating domains. Odds are for the overwhelming majority of domains, SOA points to registrar or a non-existent or unmonitored mailbox. 

> Appendix A and the Copyright notice at the top conflict or repeat.

Will fix. 

> 
> As for some technical points:
> 
> - The WHOIS/RDAP can be rate limited, DNS queries can't.

This is a feature, not a bug. 

> - WHOIS can be recorderd historically, for DNS queries this is much
>  harder to do - especially if domains use a TTL=0 as default that
>  also applies to these records.

Whois CAN be recorded historically, but that data is inaccessible until DomainTools came along. In response, the registrars and registries (who consider Domaintools a criminal operation but oddly the criminals using their service they regard as clients) have used the smoke of GDPR to simply redact everything in whois. 

> - One cannot know where zone cuts are (public suffix problem), so
>  mis-redirection can happen

Similar with whois today, no?

> - Which is more secure/valuable, the topmost _whois entries or the lower
>  ones? eg _whois.toronto.nohats.ca or _whois.nohats.ca.


Most specific, assuming you want toronto.nohats.ca as opposed to nohats.ca. But this is possible in DNS. It is not in whois. 
> 
> - Use example.com, not exampledomain.com (see RFC 2606)

Ok will fix. 
> 
> - sub-types in TXT records
> 
> You put everything under _whois.example.com but then use sub-typing
> within the TXT record. Wouldn't it be better to use the prefix instead
> of subtyping,eg:
> 
>    _name._admin._whois.example.com IN TXT "Dan Draper"
>    _tel._admin._whois.example.com IN TXT "+1-555-123-4567"
>    _name._billing._whois.example.com IN TXT "Peggy Olson"
>    _email._techical._whois.example.com IN TXT "staff@example.com"
> 
> This would avoid awkward references to "aname" (which might become an
> RRTYPE) or "tname", etc.

Valid feedback. Submitting an I-D was the starting point to finalize a standard. It can be done any number if ways, in theory. The point is to come up with some consensus that makes sense. 

> 
> - The use of "all" is also a bit awkward.
> 

Recommendation?

> 
> In the end, I feel this effort shares most of its issues with the
> "security.txt" efforts of https://tools.ietf.org/html/draft-foudil-securitytxt
> which I also thought was not a good idea. See the various discussions
> on the saag list there for details on trustworthiness of information,
> and the multiple locations of information problem, which are problems
> present here as well.
> 
> Paul

v2.23.0 | Report a Bug | By Email