proposal to waive publication of whois data

[Carlos Afonso]

Good initiative, Robin!

--c.a.

Robin Gross wrote:
> Hi there,
> 
> Today, Avri Doria of NomCom, Wendy Seltzer of ALAC, and myself have made 
> a proposal to no longer publish whois data on the net. The "Stability 
> and Security proposal" is attached and below. Ross Rader of the 
> Registrars also supports this proposal. It should cause a stir.....
> 
> Since Biz & IPR continue to make proposals to frustrate privacy and the 
> security of Internet users, we thought we'd make a proposal of our own.
> 
> Robin
> 
> ====================
> 
> RETHINKING THE ROLE OF ICANN AND THE GTLD WHOIS TO ENHANCE THE SECURITY 
> AND STABILITY OF THE DNS
> 
> 
> A PROPOSAL FOR THE GNSO TASK FORCE ON WHOIS SERVICES
> 
> PREPARED DECEMBER, 2006
> 
> BACKGROUND
> 
> I) The purpose of Whois
> 
> It is widely accepted that the primary original uses of the gTLD Whois 
> service is to use it for the purpose of coordinating technical actors as 
> they seek to resolve operational issues related to the security and 
> stability of the DNS and a well-functioning internet.
> 
> Present day examples of this are many;
> 
> ● Network operators and service providers use Whois data to prevent or 
> detect sources of security attacks of their networks and servers;
> ● Emergency response and network abuse teams use Whois data to identify 
> sources of spam and denial of service attacks and incidents;
> ● Commercial internet providers use Whois data to support technical 
> operations of ISPs and network administrators;
> ● ISPs and Web hosting companies use Whois data to identify when a 
> domain name has been deleted, and remove redundant DNS information from 
> ISP name servers
> 
> The importance of this original purpose was reaffirmed in the GNSO 
> council's recommended definition on the purpose of Whois:
> 
> "The purpose of the gTLD Whois service is to provide information 
> sufficient to contact a responsible party for a particular gTLD domain 
> name who can resolve, or reliably pass on data to a party who can 
> resolve, issues related to the configuration of the records associated 
> with the domain name within a DNS name server."
> 
> The scope of use has increased considerably beyond this over time, a 
> subject that has already been substantially considered by the GNSO Whois 
> Task Force and Council. The scope of use of the internet has also 
> changed over time, as have the management tools used to administer these 
> uses.
> 
> In each of these examples, the truly useful information is not the 
> contact information for the domain name registrant in question, it is 
> the name server information for the name in question. Unfortunately, 
> neither is reliable or truly useful in any real way because 
> authoritative information about DNS resources doesn’t live in a gTLD 
> database, it lives inside the DNS itself.
> 
> The validity of the data in a gTLD Whois database has no impact on the 
> operational integrity of the DNS.
> 
> Due to this disconnect between these two systems, network systems 
> managers rarely rely on gTLD Whois service when they seek to investigate 
> or resolve serious network operations and technical coordination issues. 
> An entirely different set of tools and resources that relies on 
> authoritative data have evolved that support the requirements of these 
> types of users. For example, a network administrator might use “dig” or 
> “nslookup” to determine the source of a DNS problem or the network 
> location of a mail server being abused to send spam email. All of these 
> tools are publicly available at no charge, internet standards based, and 
> in widespread use.
> 
> Furthermore, from a network management perspective, not only is the data 
> in the DNS more authoritative (and therefore useful), it is also more 
> comprehensive. A typical DNS record can include information about the 
> network location of any and all web servers, email servers and other 
> resources associated with a specific domain name – at all sub-levels 
> associated with the specific DNS entry (i.e., the second, third and 
> fourth levels of the domain hostname). The gTLD whois service contains 
> none of this important information.
> 
> When DNS data is used in conjunction with the IP Address Whois data 
> sourced from providers like ARIN or RIPE, a network administrator is 
> able to form a fully authoritative view of not only the services 
> associated with a specific domain name, but also the identity of the 
> entity that physically hosts those resources and how to contact that 
> entity. All of this data exists outside the gTLD Whois system.
> 
> II) ICANN’s Role
> 
> The scope and authority of ICANN’s policy-making responsibilities is 
> limited by its bylaws;
> 
> The mission of The Internet Corporation for Assigned Names and Numbers 
> ("ICANN") is to coordinate, at the overall level, the global Internet's 
> systems of unique identifiers, and in particular to ensure the stable 
> and secure operation of the Internet's unique identifier systems. In 
> particular, ICANN:
> 
> 1. Coordinates the allocation and assignment of the three sets of unique 
> identifiers for the Internet, which are:
> 
> a. Domain names (forming a system referred to as "DNS");
> 
> b. Internet protocol ("IP") addresses and autonomous system ("AS") 
> numbers; and
> 
> c. Protocol port and parameter numbers.
> 
> 2. Coordinates the operation and evolution of the DNS root name server 
> system.
> 
> 3. Coordinates policy development reasonably and appropriately related 
> to these technical functions.
> 
> ICANN’s role is primarily that of a technical coordinator and developer 
> of policy to support that coordination.
> 
> III) ICANN’s Scope
> 
> There are many other uses of gTLD Whois - most or all of which have been 
> documented by the GNSO Whois Task Force . Creating policy to manage, 
> influence, prevent or encourage most of this use is out of scope for ICANN.
> 
> IV) Technical coordination in the real world
> 
> Most technical coordination of DNS administration, abuse and network 
> management issues occurs without ICANN’s involvement. Private sector 
> coordination is more likely through CERT, NANOG, Reg-OPS and other 
> forums, than those operated by ICANN. These initiatives are often ad hoc 
> and key players do often not understand the importance and value of 
> participation. This is an area where small improvements in the overall 
> level of cooperation between the various initiatives would lead to 
> substantial improvement in the overall security of the internet and DNS 
> infrastructure.
> 
> 
> POLICY IMPLICATIONS
> 
> Given that the original beneficiaries of the gTLD Whois service have 
> developed superior alternate methods of coordinating their activities, 
> and that the remaining uses of this service are out of scope relative to 
> ICANN’s scope and mission, and that the abuse of this data has caused a 
> significant barrier to the security of millions of Internet users, we 
> propose the following;
> 
> 1) that ICANN waive all Whois publication requirements for gTLD 
> registries and registrars;
> a. If the Whois publication requirements cannot be waived for the 
> registries and registrar, then registrars should be limited to only 
> publishing contact information for the person or entity responsible for 
> managing the authoritative DNS server;
> 
> 2) that ICANN immediately undertake to create a study of where it might 
> best contribute to coordinating the network management activities of 
> registration interests, network operators and service providers and law 
> enforcement agencies. This should be done with the goal of ensuring that 
> emergency response and technical abuse prevention is well coordinated 
> and the overall interests of internet users are appropriately protected 
> by a secure and functional domain name system.
> 
> 3) That ICANN undertake to develop a statement of best practices that 
> registration interests should apply when working with law enforcement 
> interests, network operators and other legitimate parties concerned with 
> public safety, legislative enforcement, network management and abuse, 
> and the protection of critical information technology infrastructure.
>