On 2019-07-08 16:38 -0500, John Bambenek
<jcb=40bambenekconsulting....@dmarc.ietf.org> wrote:
In response to ICANN essentially removing most of the fields in WHOIS
for domain records, Richard Porter and myself created a draft of an
implementation putting these records into DNS TXT records.
Not all registered domains are published (no NS records), so what about
those?
Also your proposal puts the onus of (valid) information publishing on
the registrant of each domain, no more on the registrar or the registry,
because
_whois.example.com is under the control of example.com and not under
control of the registry under which example.com lives and neither its
registrar as the DNS provider may not be the registrar.
So what did I not understand about who controls and where do the
_whois.example.com RRs exist?
As for:
"This means that if a domain owner were compromised,
someone else has contact information to get in touch with the true
own to organize remediation."
It depends on how you define "domain owner were compromised".
This could as well mean "have access to registrar panel to configure
this domain" which in turns means "being able to put whatever
nameservers, and hence DNS records as one wishes". But you may be
relying on the TTLs of old records?
(a point not discussed I think; would long TTLs be good for those records?).
Also, a similar idea was floated on the regext mailing list sometimes ago:
https://www.ietf.org/archive/id/draft-brown-whoami-02.txt
This was using well known URIs to publish whois data and the URI DNS RR.
--
Patrick Mevzek
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop