IETF Logo Mail Archive

Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt

Arturo Servin <aservin@lacnic.net> Tue, 01 May 2012 15:20 UTC

Return-Path: <aservin@lacnic.net>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4C60621F8ABA for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 08:20:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.911
X-Spam-Level:
X-Spam-Status: No, score=0.911 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_HOST_EQ_D_D_D_D=0.765, HOST_EQ_DIALUP=0.862, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RCVD_IN_SORBS_DUL=0.877, RDNS_DYNAMIC=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kAVd0eFGrLAV for <weirds@ietfa.amsl.com>; Tue, 1 May 2012 08:20:52 -0700 (PDT)
Received: from mail.lacnic.net.uy (mail.lacnic.net.uy [IPv6:2001:13c7:7001:4000::3]) by ietfa.amsl.com (Postfix) with ESMTP id BE33621F8ABD for <weirds@ietf.org>; Tue, 1 May 2012 08:20:51 -0700 (PDT)
Received: from [192.168.1.101] (r186-48-223-201.dialup.adsl.anteldata.net.uy [186.48.223.201]) by mail.lacnic.net.uy (Postfix) with ESMTP id 17D9E308427; Tue, 1 May 2012 12:20:58 -0300 (UYT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: multipart/alternative; boundary="Apple-Mail=_ADF5ABC1-8572-4A61-AD46-60D08C54F881"
From: Arturo Servin <aservin@lacnic.net>
In-Reply-To: <0145b859-fce2-488d-a9a9-b629525e2b6b@email.android.com>
Date: Tue, 01 May 2012 12:20:47 -0300
Message-Id: <25F98C9D-3F87-49C8-86F7-3E3797779F14@lacnic.net>
References: <20120501024631.97808.qmail@joyce.lan> <6DAAECD8-30D3-4195-BE44-C95D0EE3ECE3@icann.org> <0145b859-fce2-488d-a9a9-b629525e2b6b@email.android.com>
To: Patrick Vande Walle <patrick@vande-walle.eu>
X-Mailer: Apple Mail (2.1257)
X-LACNIC.uy-MailScanner-Information: Please contact the ISP for more information
X-LACNIC.uy-MailScanner: Found to be clean
X-LACNIC.uy-MailScanner-SpamCheck:
X-LACNIC.uy-MailScanner-From: aservin@lacnic.net
Cc: John Levine <johnl@iecc.com>, "weirds@ietf.org" <weirds@ietf.org>
Subject: Re: [weirds] I-D Action: draft-hollenbeck-dnrd-ap-query-00.txt
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/weirds>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2012 15:20:54 -0000

	Agree with Patrick.

	I do not really see the relevance to include that field. 

	And as Andy mentioned in another e-mail, where is that info in the current whois and more important, why?


/as

On 1 May 2012, at 09:49, Patrick Vande Walle wrote:

> -1.
> 
> While I can see the usefulness of such an information in specific criminal investigations, I think the registry or registrar could provide this information out of band to the relevant law enforcement authorities, when asked properly.
> 
> As mentioned already, IP addresses are considered as personal data under some jurisdictions.
> 
> If anything, this thread also shows the need to come up with an authentication framework. It is not just a nice to have option, but should be an integral part of the deliverables.
> 
> Patrick Vande Walle
> 
> 
> Dave Piscitello <dave.piscitello@icann.org> a écrit :
> +1
> 
> In a searchable world, sometimes all you have is the IP of the name server that's resolving the malicious/harmful domain. So asking "what other domains host zone files at this IP?", "who registered those domains?", and "what registrar is sponsoring the registrations?" are all useful crumbs that often help you identify names used by in a campaign, or the registrant names used in association with a criminal enterprise. 
> 
> On Apr 30, 2012, at 10:46 PM, John Levine wrote:
> 
> >> I find the notion of asking a domain registrar for information about an
> >> IP address to be confusing.  Is the user expecting to know who they
> >> should contact about that IP address, are they expecting to find all the
> >> possible mappings of labels to that IP address , or are they expecting
> >> to have the domain query service perform a reverse l
>  ookup
> for them? 
> > 
> > For a name registry or registrar, I'd be thrilled to get a list of
> > name servers they know about that resolve to that IP.  A common bad
> > guy trick is to register a bunch of names, stick them all on the same
> > servers, but use a different subdomain name for each one, e.g. foo.biz
> > has name server ns1.foo.biz and bar.biz has ns1.bar.biz , but they're
> > really the same IP.
> > 
> > R's,
> > John
> >
> 
> > weirds mailing list
> > weirds@ietf.org
> > https://www.ietf.org/mailman/listinfo/weirds
> 
> 
> weirds mailing list
> weirds@ietf.org
> https://www.ietf.org/mailman/listinfo/weirds
> 
> -- 
> Envoyé de mon téléphone. Excusez la brièveté.
> _______________________________________________
> weirds mailing list
> weirds@ietf.org
> https://www.ietf.org/mailman/listinfo/weirds

v2.38.3 | Report a Bug | By Email | System Status