Re: [ga] whois.txt, ala robots.txt, as a standard ?

[Jeff Williams <jwkckid1@ix.netcom.com>]

Marilyn and all former DNSO GA members,

  I meant to reply to this the other day but I got a bit distracted...
( See More below your comments Marilyn )

Cade,Marilyn S - LGCRP wrote:

> Putting up a web site is not the same thing as contacting an ISP and subscribing and getting an email account. Some may wish the assumptions regarding those actions and what the expectation of privacy is are the same, but I don't see how they are.

  With regards to privacy and security they are exactly the same Marilyn.
Not all Domain Names have web sites.  I would argue most don't as
a matter of fact.  Listing a registrants personal and private information,
including Personal address, Phone # and E-Mail address exposes the
registrant to spam, stalking, and potential duping/indetity theft.  Ergo
the same or even better protections for registrants must be afforded
the registrant.  Of course we have already seen most of these
egregious negative perpetration's occur to registrants already
as has been frequently demonstrated by reports, court filings,
and the like discussed on this very forum.  Why You Marilyn
cannot or will not seem to grasp the problem reasonably is
beyond common reason...  :(

>
>
> The difference between those acts is pretty profound. In one case, one subscribes to a domain name for the purpose of         holding one's self out to communicate with the public.

  Not true in many cases here Marily.  As has been demonstrated many times
before on this very forum, many registrants do not use their registered
Domain Name for web site public purposes, and other still, have login
password just to access their Web site when they have one for their
Domain Name.

> ISPs provide a reasonable expectation of privacy to the subscriber, and their service agreements specify what that is. The agreements which registrars should provide information about the publication of data in the WHOIS.

  Agreed here.  However that is not what is happening, and all ICANN
registrars are bound by the same Registrar contract to be accredited.
Hence leaving the registrant no good or actual choices.  So that
argument is bunkum, and has sense Joe Sims botched those
Registrar contracts.

>
>
> When you put up a web site, you are inviting the public at large to visit your site and to use the content on it; perhaps with subscription, perhaps for free.

  ALso complete nonsense.  Many websites are not accessible unless
you have a Login and Password.  So therefore that content is restricted
accordingly and not public or for general public consumption.

>
>
> Yes, I understand that some people think that domain names are substituable for email addresses. That's an interesting, and unproven model for the "average" user.

  Define average Marilyn.  I doubt that you can accurately.

> Not the techie oriented crowd who hangs around ICANN, but those everyday users of the Internet and other communications services who are focused on their daily lives, and their businesses, not on technology and its fascinations. :-) THAT was not meant as in any way critical, just a note that well, there are are millions of email users out there and they are quite happily served by ISPs. AND the ISPs are quite happy serving them.

  Many non technical types or registrants/users also do not have a web site
for their Domain Names that I know personally.  Some only use IP
addresses for instance.  Others still just want a Domain Name for
E-Mail purposes only, and still others have a number of other
non-web site business uses for their Domain names..  You are
showing your ignorance here Marilyn...  :(

>
>
> As to policy questions, versus personal opinions, the question of whether all data that is presently in the WHOIS should be there is a topic yet to be discussed as policy; the question of whether there is a need for differentiated access to data elements is yet to be discussed as policy.

  Than why is in the Whois Task Forces final report Marilyn?

>  The WHOIS TF will be recommending further policy examination. The final report on some of its work is published for final comment. When we say "final report", we mean final report about this particular set  of work. The Council will determine further work, but I expect that there will be support for next steps.

  The registrants and interested parties should be determining what further
work is needed...

>
>
> Secondly, Karl, you are both right and wrong regarding WHAT WHOIS. I've had conversations with both system administrators adn enforcement teams from various companies -- they tell me that in fact both kinds of WHOIS are used and that both are higly inaccurate, filled with "aged" data, and with purposeful errors, ... that is, unless there is overcrowding at various residential locations at the North Pole and non-resident citizens of the US are invited to bunk in, in apparently the numbers of dozens to hundreds at the U.S. White House. Oh, yes, one more, and unless "XXX" has now become a working area code in the US.  Accuracy remains a problem in both "kinds" of WHOIS -- IP and DNS. :-)

  Area codes should not need to be displayed at all in WHois data, and
really no phone numbers are needed except for Admin. contact
phone Numbers.  Hence your argument here, although cleverly
delivered is not reasonable on that score.  As to addresses, those
too for the registrant, should not be displayed in Whois queries
either, as that it the crux of the security and Privacy problem
presently.  However for Admin. contact address, that should be
listed in a Whois query.

>
>
> Marilyn Cade
>
> -----Original Message-----
> From: Ross Wm. Rader [mailto:ross@tucows.com]
> Sent: Friday, February 07, 2003 1:25 AM
> To: Karl Auerbach; Ram Mohan
> Cc: 'George Kirikos'; ga@dnso.org
> Subject: Re: [ga] whois.txt, ala robots.txt, as a standard ?
>
> Its the right track Karl, but the right answer is:
>
> > Assuming for the moment that ISP's and such obtained value out of DNS
> > whois information - That still doesn't justify them mucking around unless
> > certain conditions are met:
>
> 1. The registrant has given the accessor (ISP in your example) specific
> permission to access and use their data.
>
>                      -rwr
>
> Got Blog? http://www.byte.org
>
> "People demand freedom of speech as a compensation for the freedom of
> thought which they seldom use."
>  - Soren Kierkegaard
>
> ----- Original Message -----
> From: "Karl Auerbach" <karl@CaveBear.com>
> To: "Ram Mohan" <rmohan@afilias.info>
> Cc: <ross@tucows.com>; "'George Kirikos'" <gkirikos@yahoo.com>;
> <ga@dnso.org>
> Sent: Friday, February 07, 2003 1:01 AM
> Subject: Re: [ga] whois.txt, ala robots.txt, as a standard ?
>
> >
> > On Thu, 6 Feb 2003, Ram Mohan wrote:
> >
> > > Interesting thoughts and an interesting premise.  The problem is, that
> the
> > > groups you mention here (marketers, IP folks, etc) are not the only
> people
> > > who utilize Whois information.
> > >
> > > System operators (including technicians, systems administrators
> responding
> > > to abuse, etc) often depend solely on information found in Whois to
> > > determine next courses of action for serious network and other related
> > > issues.
> >
> > I disagree - Folks in NOCs *do* use something called "whois", but it most
> > often it is a distinct set of databases pertaining to IP address
> > allocations.
> >
> > Why do NOC folks use the IP "whois"?  Simply because the key that one has
> > for the lookup is less easily forged.  Domain names on purported spam
> > e-mail are only ocassionally accurate.  But the IP address on a TCP
> > connection has intrinsic value because a TCP connection can not be formed
> > unless both the source and destination address are actually reachable.
> >
> > Assuming for the moment that ISP's and such obtained value out of DNS
> > whois information - That still doesn't justify them mucking around unless
> > certain conditions are met:
> >
> >   1. That a person who acquires a domain name is informed from the outset
> > that such access will be performed by ISP people.  (I.e. actual or implied
> > consent by the data subject.)
> >
> >   2. The person who is doing the looking is actually a real ISP person
> > following up on a specific legitimate problem.
> >
> > It would not be all that hard for anyone claiming to be an "ISP" to jump
> > through some qualification hoops in order to gain a whois access
> > credential.  For instance, once a year.
> >
> > The burden of proving that access to personally identifiable information
> > is a valid access ought to fall on the person requesting access, not on
> > the data subject.
> >
> > > Your premise is also that all individuals provide accurate information.
> We
> > > know (you definitely do, as a registrar) that some of the most egregious
> > > violators make sure that they provide _false_ information.
> >
> > Why are people who feel they need to protect their privacy "egregious
> > violators".  Suppose you had young children, would you feel comfortable
> > publishing your (and thus their) addresses and phone numbers onto an open
> > directory?
> >
> > > Giving individuals the sole right to provide information about them
> > > seems to swing the pendulum too far one way.
> >
> > It's their information; they have the right to control it.
> >
> > > ....  However, your suggested solution provides a
> > > wonderful shelter for every spammer, DDoS violator and domain-slammer to
> > > hide behind.
> >
> > Nonesense.  If there are reasonable grounds to believe that someone has
> > violated a civil or criminal law, there are well established legal
> > procedures (many of which involve going before a neutral magistrate and
> > making a showing of those reasonable grounds) to obtain access to things
> > like domain name registration databases.
> >
> > Absent such a showing, there is no reason to violate privacy.  That is,
> > unless one accepts as a working premise that those who are accused are
> > considered guilty until they prove otherwise.
> >
> > > The Whois Task Force is working on providing meaningful recommendations
> > > that, among other things, addresses the issue of Bulk Whois.
> >
> > Until they establish that there is a reason for public publication of DNS
> > registration information in the first place, such recommendations are
> > fundamentally useless.
> >
> > > The IETF Provreg group is debating adding a <privacy> element as a
> > > standard part of the de-facto standard domain protocol (EPP).
> >
> > If you follow what is going on there, they are debating whether even to
> > include some very weak, and potentially useless, mechanisms, and only
> > because the IESG is holding the working group's feet to the fire.
> >
> > > Let's be careful not to throw the baby out with the bath water.
> >
> > And let's be careful not to turn whois into Megan's law in reverse: in
> > which internet users are forced to publish their (and their children's)
> > names, addresses, and phone numbers for the benefit of any and all
> > predators.
> >
> > --karl--
> >
> >
> > --
> > This message was passed to you via the ga@dnso.org list.
> > Send mail to majordomo@dnso.org to unsubscribe
> > ("unsubscribe ga" in the body of the message).
> > Archives at http://www.dnso.org/archives.html
> >
> >
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html
>
> --
> This message was passed to you via the ga@dnso.org list.
> Send mail to majordomo@dnso.org to unsubscribe
> ("unsubscribe ga" in the body of the message).
> Archives at http://www.dnso.org/archives.html

Regards,

--
Jeffrey A. Williams
Spokesman for INEGroup LLA. - (Over 129k members/stakeholders strong!)
================================================================
CEO/DIR. Internet Network Eng. SR. Eng. Network data security
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com
Contact Number: 214-244-4827 or 214-244-3801


--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html