ICANN/DNSO
DNSO Mailling lists archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

Re[2]: [ga] WHOIS policy primer


-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

Hello Karl,

Tuesday, August 27, 2002, 11:45:40 PM, you wrote:

KA> On Tue, 27 Aug 2002, Allan Liska wrote:

>> I don't think it is a fallacy at all.  Owning/Renting a domain carries
>> with it certain responsibilities.  Among those responsibilities is
>> providing a contact for that domain, just as people are responsible
>> for having a working postmaster@ address.

KA> Why should one who is on the net be required to have e-mail?

One who is on the Internet is not required to have e-mail.  One who
has a domain name has  certain responsibilities, and must have an
e-mail.  In fact, at a minimum, all domain owners are required to have
a postmaster@ address.

KA> You have not said why one must reveal one's identity and address and phone
KA> number to the public for unregulated data mining.  What values are
KA> promoted by such disclosures?

I didn't say they should reveal the address for public data mining.
In fact many registrars are taking steps to prevent data mining of
whois databases, I applaud those steps.  That does not mean that there
should not be a valid contact information for all domains, one who can
speak authoritatively for the organization.

>> You are mistaken when you say that the owner of an IP Address has more
>> operational value than a domain owner.  There are times when the owner
>> of an IP Address will be different than the owner of a domain name.

KA> Right.  But it's rather hard to forge an IP address on a two way (TCP)
KA> connection.  And if you are being bothered by something coming from an IP
KA> address, you can query IP whois (not DNS whois) and find out who is
KA> operating that computer/network.  You can ask that person and perhaps try
KA> to compell that person to answer through threat of legal processes.

That is a misnomer, it is very easy to forge an IP Address, in fact,
it is done all the time.  The problem with the TCP handshake, is that
the receiving end always believes the sender is who he says he is.

>> Examples of times when I have needed to get in touch with a domain
>> owner:
>>
>> 1. Receiving virus infected e-mails from a user of a domain.  Yes, I
>> can /dev/null the e-mails, but I want the account cleaned up -- the
>> ISP is not going to do that, the owner of the domain will.

KA> Have you ever tried?  I've found that with the degree of forgery that
KA> source domains are worthless - but a source IP almost always turns of a
KA> valid, and often a quite cooperative, contact.

KA> Those who have blocks of IP addresses have operational needs - making
KA> routing work is a cooperative venture - and these operational needs create
KA> a pressure for improved quality of information.  Those pressures do not
KA> exist in DNS-land.

I guess I work with a better class of people on the Internet.  I have
had to use whois information on many occasions, and I am usually
successful.  If registrars  are compelled to enforce valid contact
information, then your odds should improve as well.  DNS is all about
being cooperative.  If you want to send e-mail, have your DNS
propagate, etc you have to be cooperative.  It is no different than
routing.

Why would I e-mail a NOC because an end user of an end user has a
virus on one of their workstations?  That's ludicrous, and any good
NOC engineer will laugh at you for that type of request.



>> 2. DNS mis-configuration issues.  If I run across a problem with a
>> domain name, I need to have an address I can contact to help correct the
>> problems.

KA> Again, find the IP address of the DNS server, go to ARIN's IP whois, find
KA> the netblock operator and find out who really runs that machine.

The DNS server most likely does not belong to the domain owner.  I
would expect that the domain owner outsources their DNS management.
But a domain owner should always be responsible for making requests,
so I am not going to bypass the owner of the domain, I will let the
owner of the domain forward the request to their DNS management
company.


>> There are other reasons for getting in touch with a domain owner
>> directly.  For this reason it is important to have valid contact
>> information for that domain name.

KA> You may find it convenient, but in the social balance that is "privacy"
KA> what is convenient to one is not necessarily a justification to force
KA> others to disclose what is information about themselves that they may not
KA> wish to make available to any and all.

Well, it is sort of like writing a check.  I may not want every
cashier at Target to have my address, but if I want to write checks, I
don't have any choice -- if I want privacy, I can pay cash.  If you
want to maintain privacy on the Internet, don't register a domain
name.

Also, as I have stated in the past, I have no objection to using proxy
information as DNS contacts, as long as the person on the other side
of the e-mail is responsive to queries.


allan
- --
Allan Liska
allan@allan.org
http://www.allan.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUAPWxOPH+n87oa5a9VAQHr9QP/ZnipK1uBZPj6mgJrMlS9ZObulhzxN/4c
BndLtqUCk+4T6Remp9wyQ93ZiMji9IzXfd2Wp/MAqzqdLFx1bBcJ17fxGkjnGep1
zregUI4ztb4DbSkCSv4jzzPZVZ3DLBXrdSG05yVv0K8Xu/IOujlgbgAxtdz3vyPg
U92jIlp/7Hw=
=iq7P
-----END PGP SIGNATURE-----

--
This message was passed to you via the ga@dnso.org list.
Send mail to majordomo@dnso.org to unsubscribe
("unsubscribe ga" in the body of the message).
Archives at http://www.dnso.org/archives.html



<<< Chronological Index >>>    <<< Thread Index >>>