proposal to waive publication of whois data
KathrynKL at AOL.COM
KathrynKL at AOL.COM
Fri Dec 8 03:49:21 CET 2006
All, I support what Robin, Avri and Wendy have written. It adhers to the
purpose of Whois approved by the GNSO Council and it moves things in the right
direction.
The fact is that neither phone numbers nor email addresses have any
mandatory publication -- not for companies or individuals or the range of
noncommercial and hobby interests in between. If we did have mandatory publication
requirements for phone numbers and email addresses, then I am certain you would
find business and IP creating a range of uses and arguing that they are all
crucial to their profit -- as they do today with Whois. The fact is that with
unlisted and partially listed phone numbers, email and chatroom identifies,
business and IP must make due with supoenas and due process (and they seem to
survive and still have a profit).
Danny, I don't have a problem with supoenas and due process. Years ago, the
US government wanted AT&T, then the monopoly telephone provider in the US to
provide unlimited access to wiretap calls in the US. The General Counsel (a
former trial attorney at Nuremberg) said No. He said that the telephone
system would only thrive if people and businesses believed their privacy would
be protected and he negotiated the US wiretap laws that set a standard and
model for privacy in the communication system.
We don't have that balance of privacy and process in the Whois system and we
badly need I see no reason for Whois to be different. Law enforcement
needs to get thousands of subpoenas for unlisted numbers, to wiretap calls and to
direct ISPs to hand over the identities behind email and chat room names.
It is the way we protect human rights organizations, individuals, political
and community organizations (even unpopular ones) and even businesses (who
often suffer from unfair competition practices). That's the balance and the
protection of privacy.
I think this proposal gets it right, and I think it is consistent with the
decision made by the entire convened NCUC meeting in Marrakech -- a group with
even more policy authority than the policy committee. We spent a lot of
time on this issue and we agreed that due process and subpoenas should be the
position of the NCUC. This proposal should, of course, be presented for
discussion, as it is here. But to me it adheres to the principles this
constituency has supported with huge amount of blood, sweat and tears for close to half
a decade.
Best, Kathy
,
Today, Avri Doria of NomCom, Wendy Seltzer of ALAC, and myself have made
a proposal to no longer publish whois data on the net. The "Stability
and Security proposal" is attached and below. Ross Rader of the
Registrars also supports this proposal. It should cause a stir.....
Since Biz & IPR continue to make proposals to frustrate privacy and the
security of Internet users, we thought we'd make a proposal of our own.
Robin
====================
RETHINKING THE ROLE OF ICANN AND THE GTLD WHOIS TO ENHANCE THE SECURITY
AND STABILITY OF THE DNS
A PROPOSAL FOR THE GNSO TASK FORCE ON WHOIS SERVICES
PREPARED DECEMBER, 2006
BACKGROUND
I) The purpose of Whois
It is widely accepted that the primary original uses of the gTLD Whois
service is to use it for the purpose of coordinating technical actors as
they seek to resolve operational issues related to the security and
stability of the DNS and a well-functioning internet.
Present day examples of this are many;
● Network operators and service providers use Whois data to prevent or
detect sources of security attacks of their networks and servers;
● Emergency response and network abuse teams use Whois data to identify
sources of spam and denial of service attacks and incidents;
● Commercial internet providers use Whois data to support technical
operations of ISPs and network administrators;
● ISPs and Web hosting companies use Whois data to identify when a
domain name has been deleted, and remove redundant DNS information from
ISP name servers
The importance of this original purpose was reaffirmed in the GNSO
council's recommended definition on the purpose of Whois:
"The purpose of the gTLD Whois service is to provide information
sufficient to contact a responsible party for a particular gTLD domain
name who can resolve, or reliably pass on data to a party who can
resolve, issues related to the configuration of the records associated
with the domain name within a DNS name server."
The scope of use has increased considerably beyond this over time, a
subject that has already been substantially considered by the GNSO Whois
Task Force and Council. The scope of use of the internet has also
changed over time, as have the management tools used to administer these
uses.
In each of these examples, the truly useful information is not the
contact information for the domain name registrant in question, it is
the name server information for the name in question. Unfortunately,
neither is reliable or truly useful in any real way because
authoritative information about DNS resources doesn’t live in a gTLD
database, it lives inside the DNS itself.
The validity of the data in a gTLD Whois database has no impact on the
operational integrity of the DNS.
Due to this disconnect between these two systems, network systems
managers rarely rely on gTLD Whois service when they seek to investigate
or resolve serious network operations and technical coordination issues.
An entirely different set of tools and resources that relies on
authoritative data have evolved that support the requirements of these
types of users. For example, a network administrator might use “dig” or
“nslookup” to determine the source of a DNS problem or the network
location of a mail server being abused to send spam email. All of these
tools are publicly available at no charge, internet standards based, and
in widespread use.
Furthermore, from a network management perspective, not only is the data
in the DNS more authoritative (and therefore useful), it is also more
comprehensive. A typical DNS record can include information about the
network location of any and all web servers, email servers and other
resources associated with a specific domain name – at all sub-levels
associated with the specific DNS entry (i.e., the second, third and
fourth levels of the domain hostname). The gTLD whois service contains
none of this important information.
When DNS data is used in conjunction with the IP Address Whois data
sourced from providers like ARIN or RIPE, a network administrator is
able to form a fully authoritative view of not only the services
associated with a specific domain name, but also the identity of the
entity that physically hosts those resources and how to contact that
entity. All of this data exists outside the gTLD Whois system.
II) ICANN’s Role
The scope and authority of ICANN’s policy-making responsibilities is
limited by its bylaws;
The mission of The Internet Corporation for Assigned Names and Numbers
("ICANN") is to coordinate, at the overall level, the global Internet's
systems of unique identifiers, and in particular to ensure the stable
and secure operation of the Internet's unique identifier systems. In
particular, ICANN:
1. Coordinates the allocation and assignment of the three sets of unique
identifiers for the Internet, which are:
a. Domain names (forming a system referred to as "DNS");
b. Internet protocol ("IP") addresses and autonomous system ("AS")
numbers; and
c. Protocol port and parameter numbers.
2. Coordinates the operation and evolution of the DNS root name server
system.
3. Coordinates policy development reasonably and appropriately related
to these technical functions.
ICANN’s role is primarily that of a technical coordinator and developer
of policy to support that coordination.
III) ICANN’s Scope
There are many other uses of gTLD Whois - most or all of which have been
documented by the GNSO Whois Task Force . Creating policy to manage,
influence, prevent or encourage most of this use is out of scope for ICANN.
IV) Technical coordination in the real world
Most technical coordination of DNS administration, abuse and network
management issues occurs without ICANN’s involvement. Private sector
coordination is more likely through CERT, NANOG, Reg-OPS and other
forums, than those operated by ICANN. These initiatives are often ad hoc
and key players do often not understand the importance and value of
participation. This is an area where small improvements in the overall
level of cooperation between the various initiatives would lead to
substantial improvement in the overall security of the internet and DNS
infrastructure.
POLICY IMPLICATIONS
Given that the original beneficiaries of the gTLD Whois service have
developed superior alternate methods of coordinating their activities,
and that the remaining uses of this service are out of scope relative to
ICANN’s scope and mission, and that the abuse of this data has caused a
significant barrier to the security of millions of Internet users, we
propose the following;
1) that ICANN waive all Whois publication requirements for gTLD
registries and registrars;
a. If the Whois publication requirements cannot be waived for the
registries and registrar, then registrars should be limited to only
publishing contact information for the person or entity responsible for
managing the authoritative DNS server;
2) that ICANN immediately undertake to create a study of where it might
best contribute to coordinating the network management activities of
registration interests, network operators and service providers and law
enforcement agencies. This should be done with the goal of ensuring that
emergency response and technical abuse prevention is well coordinated
and the overall interests of internet users are appropriately protected
by a secure and functional domain name system.
3) That ICANN undertake to develop a statement of best practices that
registration interests should apply when working with law enforcement
interests, network operators and other legitimate parties concerned with
public safety, legislative enforcement, network management and abuse,
and the protection of critical information technology infrastructure.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20061207/50ca47ae/attachment.html>
More information about the Ncuc-discuss
mailing list