proposal to waive publication of whois data

Erick Iriarte Ahon faia at AMAUTA.RCP.NET.PE
Thu Dec 7 22:17:02 CET 2006


We need to difference between personal data and corporative data.....

The idea is good, the way is not good!

Erick


At 03:11 p.m. 07/12/2006, Carlos Afonso wrote:
>Good initiative, Robin!
>
>--c.a.
>
>Robin Gross wrote:
>>Hi there,
>>Today, Avri Doria of NomCom, Wendy Seltzer of 
>>ALAC, and myself have made a proposal to no 
>>longer publish whois data on the net. The 
>>"Stability and Security proposal" is attached 
>>and below. Ross Rader of the Registrars also 
>>supports this proposal. It should cause a stir.....
>>Since Biz & IPR continue to make proposals to 
>>frustrate privacy and the security of Internet 
>>users, we thought we'd make a proposal of our own.
>>Robin
>>====================
>>RETHINKING THE ROLE OF ICANN AND THE GTLD WHOIS 
>>TO ENHANCE THE SECURITY AND STABILITY OF THE DNS
>>
>>A PROPOSAL FOR THE GNSO TASK FORCE ON WHOIS SERVICES
>>PREPARED DECEMBER, 2006
>>BACKGROUND
>>I) The purpose of Whois
>>It is widely accepted that the primary original 
>>uses of the gTLD Whois service is to use it for 
>>the purpose of coordinating technical actors as 
>>they seek to resolve operational issues related 
>>to the security and stability of the DNS and a well-functioning internet.
>>Present day examples of this are many;
>>● Network operators and service providers use 
>>Whois data to prevent or detect sources of 
>>security attacks of their networks and servers;
>>● Emergency response and network abuse teams 
>>use Whois data to identify sources of spam and 
>>denial of service attacks and incidents;
>>● Commercial internet providers use Whois 
>>data to support technical operations of ISPs and network administrators;
>>● ISPs and Web hosting companies use Whois 
>>data to identify when a domain name has been 
>>deleted, and remove redundant DNS information from ISP name servers
>>The importance of this original purpose was 
>>reaffirmed in the GNSO council's recommended 
>>definition on the purpose of Whois:
>>"The purpose of the gTLD Whois service is to 
>>provide information sufficient to contact a 
>>responsible party for a particular gTLD domain 
>>name who can resolve, or reliably pass on data 
>>to a party who can resolve, issues related to 
>>the configuration of the records associated 
>>with the domain name within a DNS name server."
>>The scope of use has increased considerably 
>>beyond this over time, a subject that has 
>>already been substantially considered by the 
>>GNSO Whois Task Force and Council. The scope of 
>>use of the internet has also changed over time, 
>>as have the management tools used to administer these uses.
>>In each of these examples, the truly useful 
>>information is not the contact information for 
>>the domain name registrant in question, it is 
>>the name server information for the name in 
>>question. Unfortunately, neither is reliable or 
>>truly useful in any real way because 
>>authoritative information about DNS resources 
>>doesn’t live in a gTLD database, it lives inside the DNS itself.
>>The validity of the data in a gTLD Whois 
>>database has no impact on the operational integrity of the DNS.
>>Due to this disconnect between these two 
>>systems, network systems managers rarely rely 
>>on gTLD Whois service when they seek to 
>>investigate or resolve serious network 
>>operations and technical coordination issues. 
>>An entirely different set of tools and 
>>resources that relies on authoritative data 
>>have evolved that support the requirements of 
>>these types of users. For example, a network 
>>administrator might use “dig” or 
>>“nslookup” to determine the source of a DNS 
>>problem or the network location of a mail 
>>server being abused to send spam email. All of 
>>these tools are publicly available at no 
>>charge, internet standards based, and in widespread use.
>>Furthermore, from a network management 
>>perspective, not only is the data in the DNS 
>>more authoritative (and therefore useful), it 
>>is also more comprehensive. A typical DNS 
>>record can include information about the 
>>network location of any and all web servers, 
>>email servers and other resources associated 
>>with a specific domain name ­ at all 
>>sub-llevels associated with the specific DNS 
>>entry (i.e., the second, third and fourth 
>>levels of the domain hostname). The gTLD whois 
>>service contains none of this important information.
>>When DNS data is used in conjunction with the 
>>IP Address Whois data sourced from providers 
>>like ARIN or RIPE, a network administrator is 
>>able to form a fully authoritative view of not 
>>only the services associated with a specific 
>>domain name, but also the identity of the 
>>entity that physically hosts those resources 
>>and how to contact that entity. All of this 
>>data exists outside the gTLD Whois system.
>>II) ICANN’s Role
>>The scope and authority of ICANN’s 
>>policy-making responsibilities is limited by its bylaws;
>>The mission of The Internet Corporation for 
>>Assigned Names and Numbers ("ICANN") is to 
>>coordinate, at the overall level, the global 
>>Internet's systems of unique identifiers, and 
>>in particular to ensure the stable and secure 
>>operation of the Internet's unique identifier systems. In particular, ICANN:
>>1. Coordinates the allocation and assignment of 
>>the three sets of unique identifiers for the Internet, which are:
>>a. Domain names (forming a system referred to as "DNS");
>>b. Internet protocol ("IP") addresses and 
>>autonomous system ("AS") numbers; and
>>c. Protocol port and parameter numbers.
>>2. Coordinates the operation and evolution of 
>>the DNS root name server system.
>>3. Coordinates policy development reasonably 
>>and appropriately related to these technical functions.
>>ICANN’s role is primarily that of a technical 
>>coordinator and developer of policy to support that coordination.
>>III) ICANN’s Scope
>>There are many other uses of gTLD Whois - most 
>>or all of which have been documented by the 
>>GNSO Whois Task Force . Creating policy to 
>>manage, influence, prevent or encourage most of 
>>this use is out of scope for ICANN.
>>IV) Technical coordination in the real world
>>Most technical coordination of DNS 
>>administration, abuse and network management 
>>issues occurs without ICANN’s involvement. 
>>Private sector coordination is more likely 
>>through CERT, NANOG, Reg-OPS and other forums, 
>>than those operated by ICANN. These initiatives 
>>are often ad hoc and key players do often not 
>>understand the importance and value of 
>>participation. This is an area where small 
>>improvements in the overall level of 
>>cooperation between the various initiatives 
>>would lead to substantial improvement in the 
>>overall security of the internet and DNS infrastructure.
>>
>>POLICY IMPLICATIONS
>>Given that the original beneficiaries of the 
>>gTLD Whois service have developed superior 
>>alternate methods of coordinating their 
>>activities, and that the remaining uses of this 
>>service are out of scope relative to ICANN’s 
>>scope and mission, and that the abuse of this 
>>data has caused a significant barrier to the 
>>security of millions of Internet users, we propose the following;
>>1) that ICANN waive all Whois publication 
>>requirements for gTLD registries and registrars;
>>a. If the Whois publication requirements cannot 
>>be waived for the registries and registrar, 
>>then registrars should be limited to only 
>>publishing contact information for the person 
>>or entity responsible for managing the authoritative DNS server;
>>2) that ICANN immediately undertake to create a 
>>study of where it might best contribute to 
>>coordinating the network management activities 
>>of registration interests, network operators 
>>and service providers and law enforcement 
>>agencies. This should be done with the goal of 
>>ensuring that emergency response and technical 
>>abuse prevention is well coordinated and the 
>>overall interests of internet users are 
>>appropriately protected by a secure and functional domain name system.
>>3) That ICANN undertake to develop a statement 
>>of best practices that registration interests 
>>should apply when working with law enforcement 
>>interests, network operators and other 
>>legitimate parties concerned with public 
>>safety, legislative enforcement, network 
>>management and abuse, and the protection of 
>>critical information technology infrastructure.


More information about the Ncuc-discuss mailing list