Good initiative, Robin! --c.a. Robin Gross wrote: > Hi there, > > Today, Avri Doria of NomCom, Wendy Seltzer of ALAC, and myself have made > a proposal to no longer publish whois data on the net. The "Stability > and Security proposal" is attached and below. Ross Rader of the > Registrars also supports this proposal. It should cause a stir..... > > Since Biz & IPR continue to make proposals to frustrate privacy and the > security of Internet users, we thought we'd make a proposal of our own. > > Robin > > ==================== > > RETHINKING THE ROLE OF ICANN AND THE GTLD WHOIS TO ENHANCE THE SECURITY > AND STABILITY OF THE DNS > > > A PROPOSAL FOR THE GNSO TASK FORCE ON WHOIS SERVICES > > PREPARED DECEMBER, 2006 > > BACKGROUND > > I) The purpose of Whois > > It is widely accepted that the primary original uses of the gTLD Whois > service is to use it for the purpose of coordinating technical actors as > they seek to resolve operational issues related to the security and > stability of the DNS and a well-functioning internet. > > Present day examples of this are many; > > ● Network operators and service providers use Whois data to prevent or > detect sources of security attacks of their networks and servers; > ● Emergency response and network abuse teams use Whois data to identify > sources of spam and denial of service attacks and incidents; > ● Commercial internet providers use Whois data to support technical > operations of ISPs and network administrators; > ● ISPs and Web hosting companies use Whois data to identify when a > domain name has been deleted, and remove redundant DNS information from > ISP name servers > > The importance of this original purpose was reaffirmed in the GNSO > council's recommended definition on the purpose of Whois: > > "The purpose of the gTLD Whois service is to provide information > sufficient to contact a responsible party for a particular gTLD domain > name who can resolve, or reliably pass on data to a party who can > resolve, issues related to the configuration of the records associated > with the domain name within a DNS name server." > > The scope of use has increased considerably beyond this over time, a > subject that has already been substantially considered by the GNSO Whois > Task Force and Council. The scope of use of the internet has also > changed over time, as have the management tools used to administer these > uses. > > In each of these examples, the truly useful information is not the > contact information for the domain name registrant in question, it is > the name server information for the name in question. Unfortunately, > neither is reliable or truly useful in any real way because > authoritative information about DNS resources doesn’t live in a gTLD > database, it lives inside the DNS itself. > > The validity of the data in a gTLD Whois database has no impact on the > operational integrity of the DNS. > > Due to this disconnect between these two systems, network systems > managers rarely rely on gTLD Whois service when they seek to investigate > or resolve serious network operations and technical coordination issues. > An entirely different set of tools and resources that relies on > authoritative data have evolved that support the requirements of these > types of users. For example, a network administrator might use “dig” or > “nslookup” to determine the source of a DNS problem or the network > location of a mail server being abused to send spam email. All of these > tools are publicly available at no charge, internet standards based, and > in widespread use. > > Furthermore, from a network management perspective, not only is the data > in the DNS more authoritative (and therefore useful), it is also more > comprehensive. A typical DNS record can include information about the > network location of any and all web servers, email servers and other > resources associated with a specific domain name – at all sub-levels > associated with the specific DNS entry (i.e., the second, third and > fourth levels of the domain hostname). The gTLD whois service contains > none of this important information. > > When DNS data is used in conjunction with the IP Address Whois data > sourced from providers like ARIN or RIPE, a network administrator is > able to form a fully authoritative view of not only the services > associated with a specific domain name, but also the identity of the > entity that physically hosts those resources and how to contact that > entity. All of this data exists outside the gTLD Whois system. > > II) ICANN’s Role > > The scope and authority of ICANN’s policy-making responsibilities is > limited by its bylaws; > > The mission of The Internet Corporation for Assigned Names and Numbers > ("ICANN") is to coordinate, at the overall level, the global Internet's > systems of unique identifiers, and in particular to ensure the stable > and secure operation of the Internet's unique identifier systems. In > particular, ICANN: > > 1. Coordinates the allocation and assignment of the three sets of unique > identifiers for the Internet, which are: > > a. Domain names (forming a system referred to as "DNS"); > > b. Internet protocol ("IP") addresses and autonomous system ("AS") > numbers; and > > c. Protocol port and parameter numbers. > > 2. Coordinates the operation and evolution of the DNS root name server > system. > > 3. Coordinates policy development reasonably and appropriately related > to these technical functions. > > ICANN’s role is primarily that of a technical coordinator and developer > of policy to support that coordination. > > III) ICANN’s Scope > > There are many other uses of gTLD Whois - most or all of which have been > documented by the GNSO Whois Task Force . Creating policy to manage, > influence, prevent or encourage most of this use is out of scope for ICANN. > > IV) Technical coordination in the real world > > Most technical coordination of DNS administration, abuse and network > management issues occurs without ICANN’s involvement. Private sector > coordination is more likely through CERT, NANOG, Reg-OPS and other > forums, than those operated by ICANN. These initiatives are often ad hoc > and key players do often not understand the importance and value of > participation. This is an area where small improvements in the overall > level of cooperation between the various initiatives would lead to > substantial improvement in the overall security of the internet and DNS > infrastructure. > > > POLICY IMPLICATIONS > > Given that the original beneficiaries of the gTLD Whois service have > developed superior alternate methods of coordinating their activities, > and that the remaining uses of this service are out of scope relative to > ICANN’s scope and mission, and that the abuse of this data has caused a > significant barrier to the security of millions of Internet users, we > propose the following; > > 1) that ICANN waive all Whois publication requirements for gTLD > registries and registrars; > a. If the Whois publication requirements cannot be waived for the > registries and registrar, then registrars should be limited to only > publishing contact information for the person or entity responsible for > managing the authoritative DNS server; > > 2) that ICANN immediately undertake to create a study of where it might > best contribute to coordinating the network management activities of > registration interests, network operators and service providers and law > enforcement agencies. This should be done with the goal of ensuring that > emergency response and technical abuse prevention is well coordinated > and the overall interests of internet users are appropriately protected > by a secure and functional domain name system. > > 3) That ICANN undertake to develop a statement of best practices that > registration interests should apply when working with law enforcement > interests, network operators and other legitimate parties concerned with > public safety, legislative enforcement, network management and abuse, > and the protection of critical information technology infrastructure. >