Re[2]: [ga] WHOIS policy primer

[Karl Auerbach <karl@CaveBear.com>]

On Tue, 27 Aug 2002, Allan Liska wrote:

> I don't think it is a fallacy at all.  Owning/Renting a domain carries
> with it certain responsibilities.  Among those responsibilities is
> providing a contact for that domain, just as people are responsible
> for having a working postmaster@ address.

Why should one who is on the net be required to have e-mail?

As an analogy - businesses are only required to file a DBA (doing business 
as)/fictitious name statement - they need not have entries in phone books, 
need not even have a telephone or fax.  And corporations are often nearly 
anonymous - even ICANN's data with the California Secretary of State are 
rather unrevealing about who is behind it.

You have not said why one must reveal one's identity and address and phone 
number to the public for unregulated data mining.  What values are 
promoted by such disclosures?

> You are mistaken when you say that the owner of an IP Address has more
> operational value than a domain owner.  There are times when the owner
> of an IP Address will be different than the owner of a domain name.

Right.  But it's rather hard to forge an IP address on a two way (TCP) 
connection.  And if you are being bothered by something coming from an IP 
address, you can query IP whois (not DNS whois) and find out who is 
operating that computer/network.  You can ask that person and perhaps try 
to compell that person to answer through threat of legal processes.

This is very much like what is happening with Verizion and its resistance 
to pressures put onto it by the music/movie community.

> Examples of times when I have needed to get in touch with a domain
> owner:
> 
> 1. Receiving virus infected e-mails from a user of a domain.  Yes, I
> can /dev/null the e-mails, but I want the account cleaned up -- the
> ISP is not going to do that, the owner of the domain will.

Have you ever tried?  I've found that with the degree of forgery that 
source domains are worthless - but a source IP almost always turns of a 
valid, and often a quite cooperative, contact.

Those who have blocks of IP addresses have operational needs - making 
routing work is a cooperative venture - and these operational needs create 
a pressure for improved quality of information.  Those pressures do not 
exist in DNS-land.

> 2. DNS mis-configuration issues.  If I run across a problem with a
> domain name, I need to have an address I can contact to help correct the
> problems.

Again, find the IP address of the DNS server, go to ARIN's IP whois, find 
the netblock operator and find out who really runs that machine.

(And DNS operator who wants to be found, can easily do so:
Give this a try:
	% dig whois.cavebear.com txt

(For fun you might want to try:
	% dig @npax.cavebear.com mc.cavebear.com axfr
)


> There are other reasons for getting in touch with a domain owner
> directly.  For this reason it is important to have valid contact
> information for that domain name.

You may find it convenient, but in the social balance that is "privacy" 
what is convenient to one is not necessarily a justification to force 
others to disclose what is information about themselves that they may not 
wish to make available to any and all.

There's a balancing act here, and I don't find DNS whois to have 
sufficient worth - much less sufficient data integrity and quality - to 
counterbalance the damage that is caused by the coerced disclosure of 
people's names, addresses, phone numbers, and e-mail addresses.

		--karl--


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html