IETF Logo Mail Archive

Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt

Patrick Vande Walle <patrick@vande-walle.eu> Tue, 01 May 2012 12:49 UTC

Return-Path: <patrick@vande-walle.eu>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 64DF221E851A for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 05:49:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.264
X-Spam-Level:
X-Spam-Status: No, score=-1.264 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, HTML_TAG_BALANCE_HEAD=1.334]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RcfP23RlySQW for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 05:49:45 -0700 (PDT)
Received: from lucifer.abilit.eu (lucifer.abilit.eu [85.93.218.208]) by ietfa.amsl.com (Postfix) with ESMTP id 592C021E84C4 for <weirds@ietf.org>; Tue, 1 May 2012 05:49:45 -0700 (PDT)
Received: from mail2.isoc.lu (ISOC.abilit.eu [10.10.13.199]) by lucifer.abilit.eu (Postfix) with ESMTPS id AB02E360122; Tue, 1 May 2012 14:49:43 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by mail2.isoc.lu (Postfix) with ESMTP id 4B8C83015F5; Tue, 1 May 2012 14:49:43 +0200 (CEST)
Received: from mail2.isoc.lu ([127.0.0.1]) by localhost (mail2.isoc.lu [127.0.0.1]) (maiad, port 10024) with ESMTP id 10006-02; Tue, 1 May 2012 14:49:30 +0200 (CEST)
Received: from HTC-Desire.fritz.box (103.51-65-87.adsl-dyn.isp.belgacom.be [87.65.51.103]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: patrick@vande-walle.eu) by mail2.isoc.lu (Postfix) with ESMTPSA id 19ECB3015F2; Tue, 1 May 2012 14:49:30 +0200 (CEST)
VBR-Info: md=vande-walle.eu; mc=all; mv=dwl.spamhaus.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=vande-walle.eu; s=Sig; t=1335876570; bh=4WnMMOgjIEhwZ2d2UX0DizNKRExok+eNiE9zXxTx/MA=; h=In-Reply-To:References:Subject:From:Date:To:CC; b=ltchQ2NCCjblrOhZ1GQXe+kIytDR8WnNStkFdhaPpqIXutqohfVaI0W0OkaZ8nYBd FgXcudcznNN38ILfADeBcCBeVJWEZWvsNOMISizgd9p+Gz/lxLI6lvQGbTNaCsuxHr gyqH1Ex8yJuP3pUNxJ+mfqKDHG4Tv+eo6FgObTKY=
User-Agent: K-9 Mail pour Android
In-Reply-To: <6DAAECD8-30D3-4195-BE44-C95D0EE3ECE3@icann.org>
References: <20120501024631.97808.qmail@joyce.lan> <6DAAECD8-30D3-4195-BE44-C95D0EE3ECE3@icann.org>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----ZZRYYPL9FCFRG9XUC6PM7TFWQAYOGT"
From: Patrick Vande Walle <patrick@vande-walle.eu>
Date: Tue, 01 May 2012 14:49:19 +0200
To: Dave Piscitello <dave.piscitello@icann.org>, John Levine <johnl@iecc.com>
Message-ID: <0145b859-fce2-488d-a9a9-b629525e2b6b@email.android.com>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.3.4 (mail2.isoc.lu [0.0.0.0]); Tue, 01 May 2012 14:49:30 +0200 (CEST)
X-Virus-Scanned: Maia Mailguard 1.0.3
Cc: "weirds@ietf.org" <weirds@ietf.org>
Subject: Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/weirds>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 12:49:46 -0000

-1.

While I can see the usefulness of such an information in specific criminal investigations, I think the registry or registrar could provide this information out of band to the relevant law enforcement authorities, when asked properly.

As mentioned already, IP addresses are considered as personal data under some jurisdictions.

If anything, this thread also shows the need to come up with an authentication framework. It is not just a nice to have option, but should be an integral part of the deliverables.

Patrick Vande Walle


Dave Piscitello <dave.piscitello@icann.org> a écrit :

>+1
>
>In a searchable world, sometimes all you have is the IP of the name
>server that's resolving the malicious/harmful domain. So asking "what
>other domains host zone files at this IP?", "who registered those
>domains?", and "what registrar is sponsoring the registrations?" are
>all useful crumbs that often help you identify names used by in a
>campaign, or the registrant names used in association with a criminal
>enterprise. 
>
>On Apr 30, 2012, at 10:46 PM, John Levine wrote:
>
>>> I find the notion of asking a domain registrar for information about
>an
>>> IP address to be confusing.  Is the user expecting to know who they
>>> should contact about that IP address, are they expecting to find all
>the
>>> possible mappings of labels to that IP address , or are they
>expecting
>>> to have the domain query service perform a reverse lookup for them? 
>> 
>> For a name registry or registrar, I'd be thrilled to get a list of
>> name servers they know about that resolve to that IP.  A common bad
>> guy trick is to register a bunch of names, stick them all on the same
>> servers, but use a different subdomain name for each one, e.g.
>foo.biz
>> has name server ns1.foo.biz and bar.biz has ns1.bar.biz , but they're
>> really the same IP.
>> 
>> R's,
>> John
>> _______________________________________________
>> weirds mailing list
>> weirds@ietf.org
>> https://www.ietf.org/mailman/listinfo/weirds
>
>_______________________________________________
>weirds mailing list
>weirds@ietf.org
>https://www.ietf.org/mailman/listinfo/weirds

-- 
Envoyé de mon téléphone. Excusez la brièveté.

v2.38.3 | Report a Bug | By Email | System Status