NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Mime-Version:
1.0
Sender:
Non-Commercial User Constituency <[log in to unmask]>
X-To:
Robin Gross <[log in to unmask]>
Date:
Fri, 8 Dec 2006 07:01:14 -0500
Reply-To:
Milton Mueller <[log in to unmask]>
Subject:
Re: proposal to waive publication of whois data
From:
Milton Mueller <[log in to unmask]>
X-cc:
Avri Doria <[log in to unmask]>, [log in to unmask]
Content-Type:
multipart/mixed; boundary="=__Part1A3E2B1A.2__="
Parts/Attachments:
text/plain (8 kB) , Whois Security and Stability v1.5.doc (47 kB) 
I have proposed edits to parts of the report. The first section struck me as a bit unclear; first you say that Whois data is routinely used by network operators to maintain technical stability, then you say it is not. I think we need to clear that up. 

I have proposed a title that links ICANN's mission to your proposal. The "rethinking" word makes it appear as if we are proposing something radical but in fact we are simply proposing to confine icann to its actual mission, and to expose all the other uses of whois publication as part of a commercial interest and not required for technical coordination. 

The report and proposal however is great! I really like it.  

In relation to the "beating something with nothing" debate, I like the fact that the proposal comes up with a much more rational approach to the law enforcement issue. We really do have "something" now. Great work, Avri, Robin and Wendy. (Was Ross also involved?)

>>> Robin Gross <[log in to unmask]> 12/7/2006 3:09:30 PM >>>
Hi there,

Today, Avri Doria of NomCom, Wendy Seltzer of ALAC, and myself have made 
a proposal to no longer publish whois data on the net. The "Stability 
and Security proposal" is attached and below. Ross Rader of the 
Registrars also supports this proposal. It should cause a stir.....

Since Biz & IPR continue to make proposals to frustrate privacy and the 
security of Internet users, we thought we'd make a proposal of our own.

Robin

====================

RETHINKING THE ROLE OF ICANN AND THE GTLD WHOIS TO ENHANCE THE SECURITY 
AND STABILITY OF THE DNS


A PROPOSAL FOR THE GNSO TASK FORCE ON WHOIS SERVICES

PREPARED DECEMBER, 2006

BACKGROUND

I) The purpose of Whois

It is widely accepted that the primary original uses of the gTLD Whois 
service is to use it for the purpose of coordinating technical actors as 
they seek to resolve operational issues related to the security and 
stability of the DNS and a well-functioning internet.

Present day examples of this are many;

* Network operators and service providers use Whois data to prevent or 
detect sources of security attacks of their networks and servers;
* Emergency response and network abuse teams use Whois data to identify 
sources of spam and denial of service attacks and incidents;
* Commercial internet providers use Whois data to support technical 
operations of ISPs and network administrators;
* ISPs and Web hosting companies use Whois data to identify when a 
domain name has been deleted, and remove redundant DNS information from 
ISP name servers

The importance of this original purpose was reaffirmed in the GNSO 
council's recommended definition on the purpose of Whois:

"The purpose of the gTLD Whois service is to provide information 
sufficient to contact a responsible party for a particular gTLD domain 
name who can resolve, or reliably pass on data to a party who can 
resolve, issues related to the configuration of the records associated 
with the domain name within a DNS name server."

The scope of use has increased considerably beyond this over time, a 
subject that has already been substantially considered by the GNSO Whois 
Task Force and Council. The scope of use of the internet has also 
changed over time, as have the management tools used to administer these 
uses.

In each of these examples, the truly useful information is not the 
contact information for the domain name registrant in question, it is 
the name server information for the name in question. Unfortunately, 
neither is reliable or truly useful in any real way because 
authoritative information about DNS resources doesn't live in a gTLD 
database, it lives inside the DNS itself.

The validity of the data in a gTLD Whois database has no impact on the 
operational integrity of the DNS.

Due to this disconnect between these two systems, network systems 
managers rarely rely on gTLD Whois service when they seek to investigate 
or resolve serious network operations and technical coordination issues. 
An entirely different set of tools and resources that relies on 
authoritative data have evolved that support the requirements of these 
types of users. For example, a network administrator might use "dig" or 
"nslookup" to determine the source of a DNS problem or the network 
location of a mail server being abused to send spam email. All of these 
tools are publicly available at no charge, internet standards based, and 
in widespread use.

Furthermore, from a network management perspective, not only is the data 
in the DNS more authoritative (and therefore useful), it is also more 
comprehensive. A typical DNS record can include information about the 
network location of any and all web servers, email servers and other 
resources associated with a specific domain name * at all sub-levels 
associated with the specific DNS entry (i.e., the second, third and 
fourth levels of the domain hostname). The gTLD whois service contains 
none of this important information.

When DNS data is used in conjunction with the IP Address Whois data 
sourced from providers like ARIN or RIPE, a network administrator is 
able to form a fully authoritative view of not only the services 
associated with a specific domain name, but also the identity of the 
entity that physically hosts those resources and how to contact that 
entity. All of this data exists outside the gTLD Whois system.

II) ICANN's Role

The scope and authority of ICANN's policy-making responsibilities is 
limited by its bylaws;

The mission of The Internet Corporation for Assigned Names and Numbers 
("ICANN") is to coordinate, at the overall level, the global Internet's 
systems of unique identifiers, and in particular to ensure the stable 
and secure operation of the Internet's unique identifier systems. In 
particular, ICANN:

1. Coordinates the allocation and assignment of the three sets of unique 
identifiers for the Internet, which are:

a. Domain names (forming a system referred to as "DNS");

b. Internet protocol ("IP") addresses and autonomous system ("AS") 
numbers; and

c. Protocol port and parameter numbers.

2. Coordinates the operation and evolution of the DNS root name server 
system.

3. Coordinates policy development reasonably and appropriately related 
to these technical functions.

ICANN's role is primarily that of a technical coordinator and developer 
of policy to support that coordination.

III) ICANN's Scope

There are many other uses of gTLD Whois - most or all of which have been 
documented by the GNSO Whois Task Force . Creating policy to manage, 
influence, prevent or encourage most of this use is out of scope for ICANN.

IV) Technical coordination in the real world

Most technical coordination of DNS administration, abuse and network 
management issues occurs without ICANN's involvement. Private sector 
coordination is more likely through CERT, NANOG, Reg-OPS and other 
forums, than those operated by ICANN. These initiatives are often ad hoc 
and key players do often not understand the importance and value of 
participation. This is an area where small improvements in the overall 
level of cooperation between the various initiatives would lead to 
substantial improvement in the overall security of the internet and DNS 
infrastructure.


POLICY IMPLICATIONS

Given that the original beneficiaries of the gTLD Whois service have 
developed superior alternate methods of coordinating their activities, 
and that the remaining uses of this service are out of scope relative to 
ICANN's scope and mission, and that the abuse of this data has caused a 
significant barrier to the security of millions of Internet users, we 
propose the following;

1) that ICANN waive all Whois publication requirements for gTLD 
registries and registrars;
a. If the Whois publication requirements cannot be waived for the 
registries and registrar, then registrars should be limited to only 
publishing contact information for the person or entity responsible for 
managing the authoritative DNS server;

2) that ICANN immediately undertake to create a study of where it might 
best contribute to coordinating the network management activities of 
registration interests, network operators and service providers and law 
enforcement agencies. This should be done with the goal of ensuring that 
emergency response and technical abuse prevention is well coordinated 
and the overall interests of internet users are appropriately protected 
by a secure and functional domain name system.

3) That ICANN undertake to develop a statement of best practices that 
registration interests should apply when working with law enforcement 
interests, network operators and other legitimate parties concerned with 
public safety, legislative enforcement, network management and abuse, 
and the protection of critical information technology infrastructure.

ATOM RSS1 RSS2