> On Jul 8, 2019, at 2:47 PM, John Bambenek > <jcb=40bambenekconsulting....@dmarc.ietf.org> wrote: > > That is the weakness but if the third party vetting (which let’s be honest > consisted of sending an email to any address and seeing if someone clicked a > link) won’t be done anymore because registrars and registries refuse to do it > under the guise of “privacy”, where else can you go for vetting?
It’s also worth remembering that forward and reverse work very differently in this regard, and the RIRs haven’t given up the whois fight yet. They do strong vetting (requiring articles of incorporation, tracking down and eliminating fraudulent entries, etc.) that’s not done in the forward DNS space. So now you’d have the potential for conflicting RIR-provided and user-provided whois information in the reverse space. Again, not a reason not to do this, but a word of caution that it’ll make the world a slightly more complicated place. > That said, my profession is an intel analyst. I’m ok with junk data because > junk data tells me something (the owner of the domain is a liar, and I should > be weary). Also, even intelligence agencies have a hard time generating truly > random but believable data. We were able to use information reuse (even > though it was junk info) to track and enumerate election information > operations. Oh, I think we’re all a little weary by now. :-) Yes, I take your point and agree that bad data is significantly better than no data, if it’s all taken with the appropriate grain of salt. > On Jul 8, 2019, at 16:42, Bill Woodcock <wo...@pch.net> wrote: > >> >> >>> On Jul 8, 2019, at 2:38 PM, John Bambenek >>> <jcb=40bambenekconsulting....@dmarc.ietf.org> wrote: >>> >>> All- >>> >>> In response to ICANN essentially removing most of the fields in WHOIS for >>> domain records, Richard Porter and myself created a draft of an >>> implementation putting these records into DNS TXT records. It would require >>> self-disclosure which mitigates the sticky issues of GDPR et al. Would love >>> to get feedback. >> >> Good in principle, but the information in whois has always been, at least >> nominally, third-party vetted. This would not be. So my worry is that >> either it would get no uptake, or it would get filled with bogus >> information. It’s a little hard for me to imagine it being widely used for >> valid information, though that would of course be the ideal outcome. >> >> So, no problem with this in principle, but I’d like to see some degree of >> consensus that user-asserted content is sufficient for people’s needs. >> >> -Bill
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop