ICANN/DNSO
DNSO Mailling lists archives

[ga-full]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [ga] OECD vs ICANN, re: WHOIS accuracy


On Sat, 6 Jul 2002, Kent Crispin wrote:

> > If you are concerned about tracking down spammers and those who run 
> > accused services, such as web sites accused of engaging in bad behaviour, 
> > you are much more likely to reach a responsible person via the IP address 
> > whois data than the DNS data.
> 
> This is circular reasoning.  The main reason for lack of effectiveness of
> DNS whois in finding problems is *precisely* that DNS whois is not
> maintained very well, and is very easy to fake.  This is exactly the
> question at issue.  *If* DNS whois were accurate, then it would be a
> highly effective way to reach the problem source.

Considering that the author if the previous paragraph has admitted that he
has forged names and addresses, he can attest to how easy it is to do,
thus rendering DNS whois information, even if accurate, generally useless.

IP numbers, unlike DNS names, are much harder to spoof - oh yes, they can
be spoofed on source addresses, but as useful destination addresses,
unless they are consistent with routing, they aren't particularly useful.  
Because of this built-in technical pressure for addresses to be accurate,
one can place more trust that one is using the IP based whois with a valid
lookup-key.

The interests of a few trademark owners is hardly a reason to use a system
- DNS whois - that is highly susceptable to false or erroneous data and,
when accurate, is a major violation of privacy.

I have heard that the author of the quoted paragraph was the originator of 
the rather good idea that each zone should have a well known TXT record 
containing highly stylized whois information - in other words, each 
domain name operator becomes his/her own whois publisher without the need 
for a central repository.

Except for domain names, I know of no non-dangerous instrumentality for
which the purchaser is required to divulge private information onto a
public register that has no form of access control and that conforms to no
privacy regime, no matter how minimal or weak.

In addition, any acceptable whois, whether it be for IP or DNS, ought to
conform to the standard set of privacy principles - among which are that
those who query the data must prove their legitimate need for the data,
identify themselves, prove their identity, and be known to the data
subject.

		--karl--








--
This message was passed to you via the ga-full@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga-full" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>