Yes, bifurcation of whois is a problem. I’d rather it all be in one place, but that door was closed and not by me.
— John Bambenek On July 1st, 2019, my DGA feeds are converting to a CC-BY-NC-SA 4.0 license which means commercial use will require a license. Contact sa...@bambenekconsulting.com for details On Jul 8, 2019, at 17:04, Bill Woodcock <wo...@pch.net> wrote: > > >> On Jul 8, 2019, at 2:47 PM, John Bambenek >> <jcb=40bambenekconsulting....@dmarc.ietf.org> wrote: >> >> That is the weakness but if the third party vetting (which let’s be honest >> consisted of sending an email to any address and seeing if someone clicked a >> link) won’t be done anymore because registrars and registries refuse to do >> it under the guise of “privacy”, where else can you go for vetting? > > It’s also worth remembering that forward and reverse work very differently in > this regard, and the RIRs haven’t given up the whois fight yet. They do > strong vetting (requiring articles of incorporation, tracking down and > eliminating fraudulent entries, etc.) that’s not done in the forward DNS > space. > > So now you’d have the potential for conflicting RIR-provided and > user-provided whois information in the reverse space. Again, not a reason > not to do this, but a word of caution that it’ll make the world a slightly > more complicated place. > >> That said, my profession is an intel analyst. I’m ok with junk data because >> junk data tells me something (the owner of the domain is a liar, and I >> should be weary). Also, even intelligence agencies have a hard time >> generating truly random but believable data. We were able to use information >> reuse (even though it was junk info) to track and enumerate election >> information operations. > > Oh, I think we’re all a little weary by now. :-) > > Yes, I take your point and agree that bad data is significantly better than > no data, if it’s all taken with the appropriate grain of salt. > > >>> On Jul 8, 2019, at 16:42, Bill Woodcock <wo...@pch.net> wrote: >>> >>> >>> >>>> On Jul 8, 2019, at 2:38 PM, John Bambenek >>>> <jcb=40bambenekconsulting....@dmarc.ietf.org> wrote: >>>> >>>> All- >>>> >>>> In response to ICANN essentially removing most of the fields in WHOIS for >>>> domain records, Richard Porter and myself created a draft of an >>>> implementation putting these records into DNS TXT records. It would >>>> require self-disclosure which mitigates the sticky issues of GDPR et al. >>>> Would love to get feedback. >>> >>> Good in principle, but the information in whois has always been, at least >>> nominally, third-party vetted. This would not be. So my worry is that >>> either it would get no uptake, or it would get filled with bogus >>> information. It’s a little hard for me to imagine it being widely used for >>> valid information, though that would of course be the ideal outcome. >>> >>> So, no problem with this in principle, but I’d like to see some degree of >>> consensus that user-asserted content is sufficient for people’s needs. >>> >>> -Bill _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
