Re: [ga] whois.txt, ala robots.txt, as a standard ?

["Ross Wm. Rader" <ross@tucows.com>]

Its the right track Karl, but the right answer is:

> Assuming for the moment that ISP's and such obtained value out of DNS
> whois information - That still doesn't justify them mucking around unless
> certain conditions are met:

1. The registrant has given the accessor (ISP in your example) specific
permission to access and use their data.


                     -rwr




Got Blog? http://www.byte.org

"People demand freedom of speech as a compensation for the freedom of
thought which they seldom use."
 - Soren Kierkegaard



----- Original Message -----
From: "Karl Auerbach" <karl@CaveBear.com>
To: "Ram Mohan" <rmohan@afilias.info>
Cc: <ross@tucows.com>; "'George Kirikos'" <gkirikos@yahoo.com>;
<ga@dnso.org>
Sent: Friday, February 07, 2003 1:01 AM
Subject: Re: [ga] whois.txt, ala robots.txt, as a standard ?


>
> On Thu, 6 Feb 2003, Ram Mohan wrote:
>
> > Interesting thoughts and an interesting premise.  The problem is, that
the
> > groups you mention here (marketers, IP folks, etc) are not the only
people
> > who utilize Whois information.
> >
> > System operators (including technicians, systems administrators
responding
> > to abuse, etc) often depend solely on information found in Whois to
> > determine next courses of action for serious network and other related
> > issues.
>
> I disagree - Folks in NOCs *do* use something called "whois", but it most
> often it is a distinct set of databases pertaining to IP address
> allocations.
>
> Why do NOC folks use the IP "whois"?  Simply because the key that one has
> for the lookup is less easily forged.  Domain names on purported spam
> e-mail are only ocassionally accurate.  But the IP address on a TCP
> connection has intrinsic value because a TCP connection can not be formed
> unless both the source and destination address are actually reachable.
>
> Assuming for the moment that ISP's and such obtained value out of DNS
> whois information - That still doesn't justify them mucking around unless
> certain conditions are met:
>
>   1. That a person who acquires a domain name is informed from the outset
> that such access will be performed by ISP people.  (I.e. actual or implied
> consent by the data subject.)
>
>   2. The person who is doing the looking is actually a real ISP person
> following up on a specific legitimate problem.
>
> It would not be all that hard for anyone claiming to be an "ISP" to jump
> through some qualification hoops in order to gain a whois access
> credential.  For instance, once a year.
>
> The burden of proving that access to personally identifiable information
> is a valid access ought to fall on the person requesting access, not on
> the data subject.
>
> > Your premise is also that all individuals provide accurate information.
We
> > know (you definitely do, as a registrar) that some of the most egregious
> > violators make sure that they provide _false_ information.
>
> Why are people who feel they need to protect their privacy "egregious
> violators".  Suppose you had young children, would you feel comfortable
> publishing your (and thus their) addresses and phone numbers onto an open
> directory?
>
> > Giving individuals the sole right to provide information about them
> > seems to swing the pendulum too far one way.
>
> It's their information; they have the right to control it.
>
> > ....  However, your suggested solution provides a
> > wonderful shelter for every spammer, DDoS violator and domain-slammer to
> > hide behind.
>
> Nonesense.  If there are reasonable grounds to believe that someone has
> violated a civil or criminal law, there are well established legal
> procedures (many of which involve going before a neutral magistrate and
> making a showing of those reasonable grounds) to obtain access to things
> like domain name registration databases.
>
> Absent such a showing, there is no reason to violate privacy.  That is,
> unless one accepts as a working premise that those who are accused are
> considered guilty until they prove otherwise.
>
> > The Whois Task Force is working on providing meaningful recommendations
> > that, among other things, addresses the issue of Bulk Whois.
>
> Until they establish that there is a reason for public publication of DNS
> registration information in the first place, such recommendations are
> fundamentally useless.
>
> > The IETF Provreg group is debating adding a <privacy> element as a
> > standard part of the de-facto standard domain protocol (EPP).
>
> If you follow what is going on there, they are debating whether even to
> include some very weak, and potentially useless, mechanisms, and only
> because the IESG is holding the working group's feet to the fire.
>
> > Let's be careful not to throw the baby out with the bath water.
>
> And let's be careful not to turn whois into Megan's law in reverse: in
> which internet users are forced to publish their (and their children's)
> names, addresses, and phone numbers for the benefit of any and all
> predators.
>
> --karl--
>
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>
>

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html