RE: [ga] whois: issues with uniformity

["Abel Wisman" <abel@able-towers.com>]

This has to be the umpteenth time these "arguments" have been used, and
never to the satisfaction of anyone except the ones using them.


The examples given are "nonsensical" at best, complaining to the "owner"
of a "spamvertized" domain is about the same as reacting to the "if you
want to be removed" line at the bottom of most.

Finding the domain owner when nameservers are down doesn't do you one
bit of good, most of them (99.98%) do not run those servers and
therefore can't do a thing and if anyone setting up a domain/dns file
does not have a "hostmaster@" address set, they don't deserve any
warning on "down" sites.

The attacks are normally spoofed so a decent ip tracking and an
IP-search will lead you to the IP-block "owner" and therefore far more
usefull contact points.


Furthermore on CRISP: this is a WG that is "discussing" how it will
define a standard mechanism that can be used for finding authoritative
information associated with a label, a protocol to transport queries and
responses for accessing that information, and a first profile (schema &
queries) to support commonly-required queries for domain registration
information. 

It is not a solution for current problems, because it is years away, if
not eternity, from reaching adulthood and it states itself it will not
be backward compatible with whois.

For now we have whois, which basic setup was ok, but has been abused
over the years.
Adeption of some simple "agreements" to the use/display of the whois
content could solve most problems with that whois.

If one reads the original rfc one will notice that each used field had a
usage, and non was ever containing the "owner's" address and email, for
the simple reason that the owner was not an interesting entity for the
usage of which whois was designed for.


It was not until later in the development that people were "allowed" to
fill in the other then owner fileds themselves, thus losing all sensible
uses for whois. The registry of that moment is "to blame" for that
development, not whois itself.

If usage of the fields would be restored to their original purpose and
content, then a lot of problems would be solved outright.

As for "cross-registry" searches, depending on the depth of that "need"
one needs the willing co-operation of all registries in the world,
something that is not likely to happen, due to local laws and political
situations.

It would be a good thing if the "search-strings" and "formats" would be
alike and for many cc-tld's this is already the case.
More indepth searchability is in my opinion something that is a
commercial venture development and therefore most likley not suitable
for any policy.

CRISP would fit such a bill, perhaps that is why VRGS is sponsoring it.

If you want to learn more about the work on whois, and make an impact of
no matter how big a size on the development of current whois, then you
are invited to read the whois TF maillist and submit comments to that
TF, which can still be done.

For now, whois is two things: a rfc to which most countries are
sensitive enough to have such a feature enabled and a contractual
obligation for g-tld's which most of them are unhappy with, demands on
the databases for the latter group would be for commercial reasons higly
unacceptable for those parties and with very good reasons, whether we
adhere to that or not.

Kind regards

Abel Wisman



-----Original Message-----
From: owner-ga-full@dnso.org [mailto:owner-ga-full@dnso.org] On Behalf
Of Stephane Bortzmeyer
Sent: 27 December 2002 12:34
To: Vittorio Bertola
Cc: Stephane Bortzmeyer; ga@dnso.org
Subject: Re: [ga] whois: issues with uniformity


On Fri, Dec 27, 2002 at 10:44:44AM +0100,
 Vittorio Bertola <vb@bertola.eu.org> wrote 
 a message of 75 lines which said:

> The reasons given there are: "protection of intellectual property 
> rights, consumer protection issues, investigation of illegal 
> activities as well as daily routine business".

Let's expand a typical "daily routine business". You receive a spam
which advertises an email address in hotsex@coldmail.com. You want to
complain to the people at coldmail.com. It is very convenient to find an
email address.

Or the email to myfriend@somewhere.bj bounces and you see that all the
nameservers of somewhere.bj are broken. It is very convenient to find
either an email address in another domain or a fax number to warn them.

(Do note that I gave examples where you know the domain. If you know the
IP address, such as when you are attacked by
Nimda/CodeRed/Microsoft-worm-of-the-day, you need also a whois entry.
They are provided by the RIRs which, unfortunately, are not the object
of the same public scrutiny as the ICANN.)

> The first three ones are good, but once you publish the name of the 
> registrant, and perhaps a postal address, they have been satisfied. 
> There's no need for my e-mail or telephone number.

I disagree.

> breach of law, you can go to the police - they should have

Do note that, of the typical situations I gave as example, only one is a
(possible) breach of the law.

> >At least one very good reason: although not perfect, IETF is *much* 
> >more democratic than ICANN. In the IETF, at-large participation (with

> >all its limits and its problems) is a reality for many years.
> 
> But it is a participation limited to a very technical environment. If 
> this was enough, there would be no need for ICANN in the first place

Before ICANN, the root of the DNS was not managed by the IETF but by
another private US company.

> Now, we all know that ICANN has failed to build consensus around 
> itself,

This is the understatement of the century :-)

> doubtful and yet to be proved. But this doesn't mean that the idea of 
> a global policy forum, where only issues that strictly need global 
> coordination are discussed, and where not just technical people are 
> involved, is bad. (And please note that I *am* a technical person :) )

I do not see the issue as "technical persons who know better against the
ignorant mob of dummies". The good thing about IETF is not that it is
technical, it is that it tries to be democratic.

I agree that it would be nice to have a global (non technical) policy
body. But it does not exist. And ICANN does not show the slightest sign
of being able to be that body.

(Do note that I wrote "body" and not "forum": we have many forums, such
as this former GA list, icannwatch.org, etc. But forums are places to
talk, not to take decisions.)

> ICANN, even if slowly, is starting to build instruments
> for real public participation, and perhaps even funding them. If you 
> want to go to the IETF as a user, you have to pay your trip.

I wasn't aware that ICANN has a budget for trips to Rio de Janeiro. I
will not apply, we have enough money in Europe, but does it mean that
people from Asia or Africa will be able to receive financial help for
the trip? On what grounds will the applications be accepted/refused?

> >This is why I directed people from the former GA toward the CRISP 
> >woking group so they can provide useful input.
> 
> Is there still time, for example, to get amendments to that draft? Or 
> is it too late?

I believe there is time. Thomas Roessler's proposal about
internationalization seems to have been accepted quite easily.
 

--
This message was passed to you via the ga-full@dnso.org list. Send mail
to majordomo@dnso.org to unsubscribe ("unsubscribe ga-full" in the body
of the message). Archives at http://www.dnso.org/archives.html


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html