IETF Logo Mail Archive

Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt

Don Blumenthal <dblumenthal@pir.org> Tue, 01 May 2012 13:24 UTC

Return-Path: <dblumenthal@pir.org>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17FF321E8085 for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 06:24:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.046
X-Spam-Level:
X-Spam-Status: No, score=-2.046 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_COM=0.553]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Npgb3Q394Adn for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 06:24:44 -0700 (PDT)
Received: from PIR-MAIL-01.PIR.com (mail.pir.org [72.44.190.134]) by ietfa.amsl.com (Postfix) with ESMTP id D491121E8053 for <weirds@ietf.org>; Tue, 1 May 2012 06:24:42 -0700 (PDT)
Received: from PIR-MAIL-01.PIR.com ([192.168.27.12]) by pir-mail-01 ([192.168.27.12]) with mapi; Tue, 1 May 2012 09:24:41 -0400
From: Don Blumenthal <dblumenthal@pir.org>
To: Patrick Vande Walle <patrick@vande-walle.eu>, Dave Piscitello <dave.piscitello@icann.org>, John Levine <johnl@iecc.com>
Date: Tue, 01 May 2012 09:24:39 -0400
Thread-Topic: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt
Thread-Index: Ac0nncN9NNsy7nWyQt6gTy6iIcdv6w==
Message-ID: <CBC55ACB.E664%dblumenthal@pir.org>
In-Reply-To: <0145b859-fce2-488d-a9a9-b629525e2b6b@email.android.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.0.120402
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "weirds@ietf.org" <weirds@ietf.org>
Subject: Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/weirds>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 13:24:45 -0000

I used to be in Internet LE. Out of band may not be sufficient for legal reasons or because of timeliness. It's obviously better than nothing and often all that's available currently but I thought I should clarify the point.

FWIW, relative old timers in Internet LE miss the days when Whois records often included registrant ID numbers.

Don


From: Patrick Vande Walle <patrick@vande-walle.eu<mailto:patrick@vande-walle.eu>>
To: Dave Piscitello <dave.piscitello@icann.org<mailto:dave.piscitello@icann.org>>, John Levine <johnl@iecc.com<mailto:johnl@iecc.com>>
Cc: "weirds@ietf.org<mailto:weirds@ietf.org>" <weirds@ietf.org<mailto:weirds@ietf.org>>
Subject: Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt

-1.

While I can see the usefulness of such an information in specific criminal investigations, I think the registry or registrar could provide this information out of band to the relevant law enforcement authorities, when asked properly.

As mentioned already, IP addresses are considered as personal data under some jurisdictions.

If anything, this thread also shows the need to come up with an authentication framework. It is not just a nice to have option, but should be an integral part of the deliverables.

Patrick Vande Walle


Dave Piscitello <dave.piscitello@icann.org<mailto:dave.piscitello@icann.org>> a écrit :

+1

In a searchable world, sometimes all you have is the IP of the name server that's resolving the malicious/harmful domain. So asking "what other domains host zone files at this IP?", "who registered those domains?", and "what registrar is sponsoring the registrations?" are all useful crumbs that often help you identify names used by in a campaign, or the registrant names used in association with a criminal enterprise.

On Apr 30, 2012, at 10:46 PM, John Levine wrote:

>> I find the notion of asking a domain registrar for information about an
>> IP address to be confusing.  Is the user expecting to know who they
>> should contact about that IP address, are they expecting to find all the
>> possible mappings of labels to that IP address , or are they expecting
>> to have the domain query service perform a reverse l
 ookup
for them?
>
> For a name registry or registrar, I'd be thrilled to get a list of
> name servers they know about that resolve to that IP.  A common bad
> guy trick is to register a bunch of names, stick them all on the same
> servers, but use a different subdomain name for each one, e.g. foo.biz<http://foo.biz>
> has name server ns1.foo.biz<http://ns1.foo.biz> and bar.biz<http://bar.biz> has ns1.bar.biz<http://ns1.bar.biz> , but they're
> really the same IP.
>
> R's,
> John
>
________________________________

> weirds mailing list
> weirds@ietf.org<mailto:weirds@ietf.org>
> https://www.ietf.org/mailman/listinfo/weirds

________________________________

weirds mailing list
weirds@ietf.org<mailto:weirds@ietf.org>
https://www.ietf.org/mailman/listinfo/weirds

--
Envoyé de mon téléphone. Excusez la brièveté.

v2.38.3 | Report a Bug | By Email | System Status