IETF Logo Mail Archive

Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 01 May 2012 13:28 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA03021E80C8 for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 06:28:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.626
X-Spam-Level:
X-Spam-Status: No, score=-102.626 tagged_above=-999 required=5 tests=[AWL=-0.028, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWxtSWe3xHNJ for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 06:28:39 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id 5058421E809C for <weirds@ietf.org>; Tue, 1 May 2012 06:28:39 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.25]) by mail.cloudmark.com with bizsmtp id 4dUe1j0010ZaKgw01dUeB9; Tue, 01 May 2012 06:28:38 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=T7IOvo2Q c=1 sm=1 a=LdFkGDrDWH2mcjCZERnC4w==:17 a=ldJM1g7oyCcA:10 a=Z73QZrJw8dEA:10 a=zutiEJmiVI4A:10 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=m9shYIPOAAAA:8 a=yk0J6UvAAAAA:8 a=CFpexY6UAAAA:8 a=wczQm49WUS2qmDyG6qwA:9 a=_5VdN42Lfk_zEErQdZ8A:7 a=QEXdDO2ut3YA:10 a=VEMw6CfBd8EA:10 a=lZB815dzVvQA:10 a=kGcXSB3dMsEA:10 a=27Eze70B_hNofF2z:21 a=a8GWT2m2RUH34oHC:21 a=yMhMjlubAAAA:8 a=SSmOFEACAAAA:8 a=ACX8Cp-v-r-4XIxzy1gA:9 a=FmPaoXJ0MQIQAaviYx8A:7 a=gKO2Hq4RSVkA:10 a=UiCQ7L4-1S4A:10 a=hTZeC7Yk6K0A:10 a=nd44Qh_iTHKGDkRb:21 a=pKK87QCPeOKFh0yg:21 a=LdFkGDrDWH2mcjCZERnC4w==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas901.corp.cloudmark.com ([fe80::2524:76b6:a865:539c%10]) with mapi id 14.01.0355.002; Tue, 1 May 2012 06:28:38 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "weirds@ietf.org" <weirds@ietf.org>
Thread-Topic: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt
Thread-Index: AQHNJti1X6PeA+oH50GMkDXgVQjCepazZDKQgACJ2QCAAI1uAIAANWiAgACbs4CAAAy5gP//lXzQ
Date: Tue, 01 May 2012 13:28:37 +0000
Message-ID: <9452079D1A51524AA5749AD23E003928107D26@exch-mbx901.corp.cloudmark.com>
References: <20120501024631.97808.qmail@joyce.lan> <6DAAECD8-30D3-4195-BE44-C95D0EE3ECE3@icann.org> <0145b859-fce2-488d-a9a9-b629525e2b6b@email.android.com>
In-Reply-To: <0145b859-fce2-488d-a9a9-b629525e2b6b@email.android.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [67.160.203.60]
Content-Type: multipart/alternative; boundary="_000_9452079D1A51524AA5749AD23E003928107D26exchmbx901corpclo_"
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1335878918; bh=EaGq5o0NdYgE8FP8fqOsDxHbZfnhjs+0RPVXZc2S7co=; h=From:To:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:MIME-Version; b=qZM8Bqv0VKUgvfLQfvhNFMetyCI5Z4qjHGoTjyKQVdyv5q7leBfTQjWP9z4y1a3vy PXL4Ve05PMKkRxWTzwyGlqeSzCBHrgb64MyA42scAffdct3y54MqYoSaUSZ8dLpiDy bb9iHcd22cE6DM+pDzcjKv8jcrcpC2tZJPEWwiMo=
Subject: Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/weirds>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 13:28:40 -0000

Doesn’t http/https already include an authentication framework for clients?

-MSK

From: weirds-bounces@ietf.org [mailto:weirds-bounces@ietf.org] On Behalf Of Patrick Vande Walle
Sent: Tuesday, May 01, 2012 5:49 AM
To: Dave Piscitello; John Levine
Cc: weirds@ietf.org
Subject: Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt

-1.

While I can see the usefulness of such an information in specific criminal investigations, I think the registry or registrar could provide this information out of band to the relevant law enforcement authorities, when asked properly.

As mentioned already, IP addresses are considered as personal data under some jurisdictions.

If anything, this thread also shows the need to come up with an authentication framework. It is not just a nice to have option, but should be an integral part of the deliverables.

Patrick Vande Walle

Dave Piscitello <dave.piscitello@icann.org<mailto:dave.piscitello@icann.org>> a écrit :

+1

In a searchable world, sometimes all you have is the IP of the name server that's resolving the malicious/harmful domain. So asking "what other domains host zone files at this IP?", "who registered those domains?", and "what registrar is sponsoring the registrations?" are all useful crumbs that often help you identify names used by in a campaign, or the registrant names used in association with a criminal enterprise.

On Apr 30, 2012, at 10:46 PM, John Levine wrote:

>> I find the notion of asking a domain registrar for information about an
>> IP address to be confusing.  Is the user expecting to know who they
>> should contact about that IP address, are they expecting to find all the
>> possible mappings of labels to that IP address , or are they expecting
>> to have the domain query service perform a reverse l

 ookup

for them?
>
> For a name registry or registrar, I'd be thrilled to get a list of
> name servers they know about that resolve to that IP.  A common bad
> guy trick is to register a bunch of names, stick them all on the same
> servers, but use a different subdomain name for each one, e.g. foo.biz<http://foo.biz>
> has name server ns1.foo.biz<http://ns1.foo.biz> and bar.biz<http://bar.biz> has ns1.bar.biz<http://ns1.bar.biz> , but they're
> really the same IP.
>
> R's,
> John
>

________________________________

> weirds mailing list
> weirds@ietf.org<mailto:weirds@ietf.org>
> https://www.ietf.org/mailman/listinfo/weirds

________________________________

weirds mailing list
weirds@ietf.org<mailto:weirds@ietf.org>
https://www.ietf.org/mailman/listinfo/weirds

--
Envoyé de mon téléphone. Excusez la brièveté.

v2.38.3 | Report a Bug | By Email | System Status