Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

ICANN Working Group Seeks To Kill WHOIS

Soulskill posted 1 year,26 days | from the your-computer-is-broadcasting-an-ip-address dept.

Network 155

angry tapir writes "An Internet Corporation for Assigned Names and Numbers working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralized data store maintained by a third party that would be responsible for authorizing 'requestors' who want to obtain domain information."

cancel ×

155 comments

not having read TFA (5, Informative)

Tastecicles (1153671) | 1 year,26 days | (#44108937)

Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?

BTW, I think the headline is a: alarmist and b: misleading. It would be better written as "ICANN Working Group seeks to replace WHOIS."

Re:not having read TFA (5, Informative)

Samantha Wright (1324923) | 1 year,26 days | (#44108979)

Here's your answer:

"Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.

Basically, they'd be extracting a licensing fee from the current people you go to for WHOIS lookups. Arguably this could be called "killing" WHOIS since it means taking away its... free spirit.

Re:not having read TFA (5, Interesting)

icebike (68054) | 1 year,26 days | (#44109187)

I'm fine with whois, even though it has been steadily degraded by private registrations recently.

I'm not convinced there is any realistic reason this information needs to be private, although I might feel differently if i lived somewhere else in the world where angry armed mods drag you from your home for expressing a view point. On the flip side of that, simply knowing that your information is available tends to induce better behavior on the Web.

But by and large, I think people should be able to know who owns a site, or who is fronting for the owner. It helps a great deal when trying to track down and report abuse.

I rather suspect mine is not a popular view.

Re:not having read TFA (-1)

Anonymous Coward | 1 year,26 days | (#44109329)

jeez, get over yourself! you didn't say anything but white bread

Having read TFA and the propsal (5, Informative)

Frobnicator (565869) | 1 year,26 days | (#44109389)

They are not talking about blocking all access to the data.

They propose keeping a good portion of the existing data available through anonymous public requests, exactly the way current WHOIS system works today. The big difference is that there will be a single source; you won't need to do the two-step process currently in place.

They are also proposing adding additional contact fields that have been frequently requested for WHOIS data.

They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals. In particular it does not talk about refusing access, simply limiting the requests to authenticated users to prevent thinks like bulk-searches that scammers frequently use. The report recommends only limited fields require authenticated access, not those used commonly by individuals or by website administrators for abuse mitigation.

Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) that are not currently available, but will be very useful for domain abusers spanning many TLDs.

None of that requires an NSA database (0)

Anonymous Coward | 1 year,26 days | (#44109545)

None of the things you've listed require the database to be centralized in NSA land.

" The big difference is that there will be a single source; you won't need to do the two-step process currently in place. "
It's one step now, you're just using the wrong Whois tool.

"They are also proposing adding additional contact fields that have been frequently requested for WHOIS data."
By who? Not by me.

"They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals."
Wait, *more* data or *less* data? So NSA gets the data but other countries don't.

"Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) "
The only people who ever wanted that was the RIAA and MPAA, and they wanted it for copyright reasons. Search of whois data is already available on websites.

" domain abusers"
So a new crime of domain abuse ?

Re:None of that requires an NSA database (1)

Anne Thwacks (531696) | 1 year,26 days | (#44109617)

So a new crime of domain abuse ?

Dont think of the children - it will land you in jail!

Re:Having read TFA and the propsal (4, Insightful)

Anonymous Coward | 1 year,26 days | (#44109681)

I for one prefer to have my domain details stored in my own country. We have reasonably decent privacy protection laws here, and I think the current system is adequate but am concerned about having a larger offshore database with more detail stored overseas if that country does not have sufficient privacy protection (likely).

Re:Having read TFA and the propsal (0)

Anonymous Coward | 1 year,26 days | (#44109883)

The problem is that is the current proposal, which is fine.

I wonder how many months will pass until the "terms" are changed and ALL accesses will require a signup and a fee.

Re:Having read TFA and the propsal (4, Interesting)

Forever Wondering (2506940) | 1 year,26 days | (#44110387)

What constitutes an authorized user?

I have a honeypot on my home server to collect phony/random/orchestrated login/breakin attempts. A log entry has time, IP, username, pw. Eventually, I'd like to do further automated scripting. Namely, take the IP address, do a whois on it, look for the abuse contact email at the ISP, and email them the relevant log entries, with a polite request to investigate.

If they're legit, they may want to take action against one of their users who is doing massive attempts at system breakins. That is, such attempted login/breakin activity is against the law in certain countries. It's also [probably] a violation of the ISP's TOS. I've read that many ISPs don't even know that their customers are doing such things and welcome being told because the customer activity can expose the ISP to a degree of legal liability [safe harbor notwithstanding].

Currently, in whois data, there is no [universally used] standard for the abuse mailbox. It can be:
    abuse-mailbox: ...
    Remarks: Send abuse email to ...
    % Remarks ...
    # Send abuse reports to ...
So, standardization would be nice.

However, an interesting wrinkle. Although I get attempts from all over the world, most of the breakin attempts I get come from .cn hosts [just sayin ...]. The whois data from these is _always_ 100% complete and well organized. I guess they're compelled to do this by the gov't there. If, as proposed, the information goes to a central repository in [presumably] another country, there would be no way to compel an ISP to provide accurate/complete information cross-border.

So, how does this shape up under the new proposal? Which country's laws would govern this? Per-country top level domains like .cn and .uk present fewer problems. But, what about the more generic .com, .org, etc.?

Re:not having read TFA (0)

Anonymous Coward | 1 year,26 days | (#44110229)

I rather suspect mine is not a popular view.

It isn't, in fact, in Europe this practice would violate the law(s) there, especially in Germany.

Re:not having read TFA (1)

houstonbofh (602064) | 1 year,26 days | (#44109245)

Here's your answer:

"Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.

Basically, they'd be extracting a licensing fee from the current people you go to for WHOIS lookups. Arguably this could be called "killing" WHOIS since it means taking away its... free spirit.

But how does my CLI pay the fee?

Re:not having read TFA (4, Funny)

Mitchell314 (1576581) | 1 year,26 days | (#44109263)

Text-based 'punch the monkey' ads. Using nCurses.

Re:not having read TFA (0)

Anonymous Coward | 1 year,26 days | (#44110399)

I believe the presumption is that your CLI would request information from somebody who does pay a fee, who in practice would probably end up being RedHat or the FSF or somebody.

Requestors is the NSA (0)

Anonymous Coward | 1 year,26 days | (#44109311)

a) There will be one central database, it will be in the USA.
b) Moving a database from one place to another fixes nothing. It does however change the jurisdiction of the data.
c) The database needs an authoritative copy of your WhoIs, how will they know your identity?
d) The DNS provider currently is the one who handles billing (and has thus has your identity confirmed). This new authority will need some for of identity document to confirm the same.
e) So an identity document record will be added to this database and a requirement to hold a domain.
f) Now add an NSA secret warrant and you have the ultimate goal.

Re:Requestors is the NSA (4, Insightful)

Samantha Wright (1324923) | 1 year,26 days | (#44109337)

Given ICANN's track record, I'm pretty sure they're just looking for more public resources to carve up and monetize.

Re:not having read TFA (5, Informative)

black3d (1648913) | 1 year,26 days | (#44109009)

No specific word from the article on charges per se, however I don't think "seeks to kill WHOIS" is alarmist. The plan is to basically remove the WHOIS system, and instead have all the data managed by a "third party", to whom you have to apply to if you want any information on a particular domains ownership, rather than they automated system we have now.

FTA:
Access to the 'live' domain records maintained by gTLD registries would also be possible via the ARDS "upon request and subject to controls to deter overuse or abuse of this option". "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.

Re:not having read TFA (1)

ukpyr (53793) | 1 year,26 days | (#44109125)

There is also an anonymously queryable subset of the records in the report. I haven't read the full report yet to see what that entails. Not saying it's super-duper, but it's not quite that bad.

Re:not having read TFA (4, Insightful)

icebike (68054) | 1 year,26 days | (#44109241)

If you have to have permission, you will certainly pay a fee, ig for no other reason than to pay the wages of the permission issuers.

Third Party? (1)

Jane Q. Public (1010737) | 1 year,26 days | (#44110071)

Yeah, right. Like Network Solutions turned out to be a great idea or something.

Re:not having read TFA (3, Interesting)

Anonymous Coward | 1 year,26 days | (#44109173)

Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?

This is going to make it difficult for visitors to a site, to let the site owners know, personally, that they've been hacked. Ive stopped two websites so far, from spreading viruses after they've got hacked due to using old joomla 1.2. Blackhole exploit redirects, i beleive the term is.

Re:not having read TFA (4, Informative)

Anonymous Coward | 1 year,26 days | (#44109795)

It would be better written as "ICANN Working Group seeks to replace WHOIS."

"ICANN Working Group seeks to monetize WHOIS..." is probably more accurate.

Single point of failure. (5, Insightful)

Anonymous Coward | 1 year,26 days | (#44108945)

A corporation is a single point of failure. As ICANN repeatedly demonstrates.

Re:Single point of failure. (1)

icebike (68054) | 1 year,26 days | (#44109191)

And yet the net survives.

Re:Single point of failure. (3)

game kid (805301) | 1 year,26 days | (#44109553)

...despite ICANN, not because of.

Re:Single point of failure. (0)

Anonymous Coward | 1 year,26 days | (#44109861)

ICANN: Yes I Can!

Did i just read... (3, Insightful)

Anonymous Coward | 1 year,26 days | (#44108949)

"centralized data store maintained by a third party"

Also the US government would certainly love to manage such entity.

So that's a huge no.

Re:Did i just read... (5, Informative)

gandhi_2 (1108023) | 1 year,26 days | (#44109061)

Once upon a time the US Government was THE Consortion for assigned names and numbers. They were THE registrar.

They gave it up.

Re:Did i just read... (0)

Anonymous Coward | 1 year,26 days | (#44109141)

Once upon a time the US Government was THE Consortion for assigned names and numbers. They were THE registrar.

They gave it up.

Consortium not consortion

Re:Did i just read... (5, Insightful)

Opportunist (166417) | 1 year,26 days | (#44109151)

Good ol' times. Back when we were the free world. Remember those times? Life was good. The older ones might even remember it.

Be honest. Do you think this would happen now?

Re:Did i just read... (2)

icebike (68054) | 1 year,26 days | (#44109285)

Insightful.

The Internet was built so fast that governments had no idea what was happening or what it would become.

Of course back then, governments didn't seem to care what people did, and didn't need to control everything.
Not likely the internet would be allowed to be built at all today, certainly not one that crossed borders.

Re:Did i just read... (1)

Somebody Is Using My (985418) | 1 year,26 days | (#44110703)

Good ol' times. Back when we were the free world. Remember those times? Life was good.

I do, however, remember when more people bought into that fabrication than they do today.

Mind you, I still think there's a lot of freedom available in the "free world" and - both then and now - more opportunities for the common citizenry than one might find in a more totalitarian regime. That I can write this diatribe without any fear of retribution is only one example.

But that "freedom" came at a price, usually paid by citizens of less successful nations. And even the citizens of the free world were as often censored, monitored and controlled in the past as they are today. Trust in the government (often unwarranted), fear of the Enemy (whomever he might have been) and a lack of a method to widely disseminate any abuses resulted in many of these problems being overlooked.

Thanks to the Internet, the latter problem has been solved, greatly reducing the former (trust in government). That's why they play the terrorist angle so strongly (our new Enemy). And it's why they strive to reduce the effectiveness of the Internet with tactics like the article in question.

So no, the "free world" was never as free as we remember it being in the past. It was always a quagmire of corruption and greed dragging down the principles on which it was built. It's just that those flaws are made more obvious to the layman thanks to the Internet.

Re:Did i just read... (4, Informative)

Anonymous Coward | 1 year,26 days | (#44109633)

Nope--it wasn't the Gummint that kept that data, it was Jon Postel. He may have been supported indirectly by the Feds, but he sure kept his honesty and integrity. Things have sure gone downhill since he died.

It's a bit ironic, though, that his name wasn't on any of the RFC's relating to whois.

huh (1)

Anonymous Coward | 1 year,26 days | (#44108951)

whois icann?

Re:huh (4, Funny)

BonThomme (239873) | 1 year,26 days | (#44109199)

two fitty, please

Re:huh (1)

c0lo (1497653) | 1 year,26 days | (#44109601)

two fitty, please

I see your 2 fitty and raise you to five fitty [vgdanas.hr] (and, if that's not enough, there [news.com.au] you have some more)

Now... I'll call... whois icann?

Well there goes the neighborhood (4, Insightful)

Anonymous Coward | 1 year,26 days | (#44108955)

Great, so we are going to privatize the WHOIS service and make it much more difficult (pay per query?) to get information out of it.

Guessing one of the usual corrupt telcos or domain name registration companies will bid to be the 'third party' and find a way to fuck this up good.

Re:Well there goes the neighborhood (0)

icebike (68054) | 1 year,26 days | (#44109205)

Although I agree with you, I can't help but noticing the irony of posting that opinion as an AC.

Re:Well there goes the neighborhood (0)

Anonymous Coward | 1 year,26 days | (#44110349)

Yes, because as soon as you mention 'icebike' everyone immediately knows you're John A. Smith from 746 Evergreen Terrace.

Posting as 'icebike' or anonymous coward is exactly the same, so it is laughable for you to accuse anyone of the very same thing you're doing.

Btw, I'm not the GP AC.

Re:Well there goes the neighborhood (1)

oobayly (1056050) | 1 year,26 days | (#44110679)

Ah, so that's who Ned Flanders' other neighbours are. I always wondered.

Nothing like (-1)

Anonymous Coward | 1 year,26 days | (#44108997)

putting all your eggs in one basket. That's about as STUPID as getting married to a woman. There's nothing quite like finding a cute 10 year old boy, dragging him off into one of the school bathrooms, and having your way with him, as the blood from his asshole lubricates your cock. It's even better when he's got diarrhea, because then you'll have some extra lube, and it's so much more degrading when you eventually make the dumb sonofabitch suck the cum, shit, and blood off your cock. But don't worry, as long as you give him some a football, he'll be cool with it. Us teachers know how to rape, and rape, and rape, and all of you will shame the victim and try to get me off scot free because he was dressed like a slut. Gay Pride Forever.

Horrible for network security... (5, Informative)

marciot (598356) | 1 year,26 days | (#44109013)

As a system admin, I tend to use WHOIS to figure out who is hitting my firewall, or to investigate if traffic is flowing to suspicious domains. Would really suck if WHOIS became a pay service, making it easier for the bad guys to hide.

Re:Horrible for network security... (3, Funny)

gandhi_2 (1108023) | 1 year,26 days | (#44109081)

I know, right?

Imagine having to PAY to find out you are being attacked by.... "DOMAINS BY PROXY, LLC"

Re:Horrible for network security... (1)

Anonymous Coward | 1 year,26 days | (#44109223)

Actually, under the plan authorized requestors would be able to find out the proxy service's customer info. So if you registered through a proxy service, the little people can't find out your info, but any large corporation, or LEA can.

Re:Horrible for network security... (5, Insightful)

icebike (68054) | 1 year,26 days | (#44109309)

If i was getting paid each time you wanted to find out who was attacking you, I might be tempted to make sure you were attacked more often... Just sayin...

Re:Horrible for network security... (2)

Frobnicator (565869) | 1 year,26 days | (#44109403)

From TFA and the report, those fields are recommended to remain public and anonymous. The biggest difference is that they recommend having a single step process instead of the current two-step process of first looking up the registrar and then using that registrar's WHOIS system.

Network abuse mitigation is specifically listed as a use case that should not require an account.

Re:Horrible for network security... (0)

Anonymous Coward | 1 year,26 days | (#44110681)

and if someone didn't like you causing me to have to pay then someone might DDOS the THIRD PARTY system and no one can look up anything.

Re:Horrible for network security... (3, Interesting)

Opportunist (166417) | 1 year,26 days | (#44109159)

The tinfoil-hat enthusiast in me would say that this may be one of the intentions behind it.

Re:Horrible for network security... (0)

Anonymous Coward | 1 year,26 days | (#44110687)

WHOIS is next to useless for tracking abuse these days because of anonymizing services, and before they became popular owners could enter in any false info they wanted. There's nothing wrong with it in and of itself, but there really needs to be a system of verification in place and a surefire way of looking up who owns a domain. I know, I know, good luck with that.

How monetize "whois"... (5, Insightful)

Macdude (23507) | 1 year,26 days | (#44109021)

This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.

Re: How monetize "whois"... (0)

Redmancometh (2676319) | 1 year,26 days | (#44109219)

Which is so much different than the extortion game known as "private registration." Pay us or we put all your personal info (including address!) Into an extremely accessible, public system.

This is the same thing as always, but now the cost burden is on the requestor instead of the proprietor.

How horrible.

Re: How monetize "whois"... (0)

Anonymous Coward | 1 year,26 days | (#44110175)

AFAICT, most reputable registrars provide a whois privacy service for free.

Re:How monetize "whois"... (4, Insightful)

damn_registrars (1103043) | 1 year,26 days | (#44109221)

This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.

Have you tried searching for a WHOIS record lately? Well over 90% of the records I have searched for in the past 2-3 years have been intentionally obfuscated by various systems as it is. This only accelerates their profits. This is, of course, the only thing the guys at ICANN have been interested in for some time (remember the auctions for gTLDs?).

Re:How monetize "whois"... (1)

houstonbofh (602064) | 1 year,26 days | (#44109269)

Have you tried searching for a WHOIS record lately? Well over 90% of the records I have searched for in the past 2-3 years have been intentionally obfuscated by various systems as it is. This only accelerates their profits. This is, of course, the only thing the guys at ICANN have been interested in for some time (remember the auctions for gTLDs?).

Actually, yes. And for finding out who owns an IP block it is still surprisingly complete. I will sure miss being able to find complete netblocks to blackhole in the firewall.

Re:How monetize "whois"... (0)

Anonymous Coward | 1 year,26 days | (#44110231)

Yes all records contain bullshit because, well, ICANN is responsible for the data there.

Great job they do for the mandatory fee, right?

Surely, allowing them to charge for the privilege of changing that info And now for reading it surely will improve everything!

Code word for SURVEILLANCE (0)

Anonymous Coward | 1 year,26 days | (#44109225)

Currently the DNS Whois information is set by the DNS host which is NOT under US control. So a German domain company sees the logins and any identity documentation needed for the German .DE domain owner but the NSA doesn't.

The published information is often just a subset of that information and often out of date.

By 'centralizing' it, ICANN can force an identity requirement on ALL domains. e.g. require a passport or id card.

Which in turn would let them fill the new NSA Domain to Identity Card database with the worlds identity cards.

Oh no, WHOIS DATA MIGHT BE INACCURATE! (1)

Anonymous Coward | 1 year,26 days | (#44109025)

However can we tell if someone is spoofing their WHOIS data? Quick, we have to make a completely unnecessary power grab before it's too late!

Thanks but no thanks, ICANN.

I don't like the sound of this (5, Insightful)

Sean (422) | 1 year,26 days | (#44109029)

What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.

Re:I don't like the sound of this (1)

Phroggy (441) | 1 year,26 days | (#44109117)

What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.

Yes. This. Just trying to figure out "is this domain registered, or is it available?" is a complete pain in the ass, for any sort of automated system.

Re:I don't like the sound of this (4, Informative)

Sean (422) | 1 year,26 days | (#44109145)

dig @a.gtld-servers.net example.com in soa

If you don't get NXDOMAIN then it's registered.

Re:I don't like the sound of this (1)

Phroggy (441) | 1 year,26 days | (#44109235)

dig @a.gtld-servers.net example.com in soa

If you don't get NXDOMAIN then it's registered.

What about detecting domains that have just expired, but haven't been removed yet? And not just for .com but for other TLDs (and second-level domains as appropriate, see http://publicsuffix.org/ [publicsuffix.org] ) as well.

Re:I don't like the sound of this (1)

Sean (422) | 1 year,26 days | (#44109405)

Yeah, registration expiry info is only available in WHOIS, not in the zone itself.

Dealing with other TLDs that allow second-level requires knowledge of their structures. Some of them have wildcards too, and that is detectable. Anyone doing this kind of automation can figure it out. It's not hard, it just sucks.

Re:I don't like the sound of this (1)

markhb (11721) | 1 year,26 days | (#44110699)

What about detecting domains that have just expired, but haven't been removed yet?

Oh, you mean like the domain squatters do?

Re:I don't like the sound of this (1)

houstonbofh (602064) | 1 year,26 days | (#44109275)

dig @a.gtld-servers.net example.com in soa

If you don't get NXDOMAIN then it's registered.

Until they start serving search adds instead...

Re:I don't like the sound of this (0)

Anonymous Coward | 1 year,26 days | (#44109691)

gtld-servers.net is only responsible for certain TLDs (ex. .com and .net). They have nothing to do with .org, or other TLDs.

The more accurate answer (as you probably know anyway, sorry for being pedantic in that case) is "query the root servers relevant to that TLD and ask". And if you don't know what rootservers are responsible for the TLD? Ask [a-m].root-servers.net for the NS records for the tld itself (and don't forget the trailing dot!), i.e.:

dig @a.root-servers.net org. ns

And those may change too. The current authoritative rootserver list used by Internet-facing resolvers worldwide is here: ftp://ftp.internic.net/domain/named.cache [internic.net]

Sometimes this is known as "named.root". Enjoy!

Re:I don't like the sound of this (1)

raju1kabir (251972) | 1 year,26 days | (#44110385)

Fascinating. I wondered who registered sean-is-mistaken.co.uk.

Re:I don't like the sound of this (4, Informative)

Sean (422) | 1 year,26 days | (#44109133)

Everyone go here and let them know we don't want this.

https://www.icann.org/en/groups/other/gtld-directory-services/share-24jun13-en.htm [icann.org]

Re:I don't like the sound of this (1)

markzip (1313025) | 1 year,26 days | (#44109267)

Thanks for this link. I read TFA, but I'm afraid that someone with a /. number as high as mine is still not really able to answer the questions on that survey. Perhaps someone with the /. number of 422 might explain? Quoting from the survey: The EWG is eager to obtain your input, including on the following questions:

Regarding the EWG's suggested Aggregated RDS model, are there additional advantages and disadvantages that should be considered? In such a model, which data repository (ARDS or Registry) should be considered authoritative?

Regarding the EWG's suggested Aggregated RDS model, are there additional advantages and disadvantages that should be considered? In such a model, which data repository (ARDS or Registry) should be considered authoritative?

Could the EWG's recommendations for purpose-driven authenticated Gated Access to validated registration data satisfy identified RDS users and their needs? In such a model, how would requestors be identified, authorized and issued RDS access credentials? In particular, who would accredit law enforcement agents, based on what criteria?

Could the EWG's recommendations for purpose-driven authenticated Gated Access to validated registration data satisfy identified RDS users and their needs? In such a model, how would requestors be identified, authorized and issued RDS access credentials? In particular, who would accredit law enforcement agents, based on what criteria?

Could the EWG's recommendations for addressing maximum protected registration satisfy both accountability needs and the privacy needs of at-risk individuals? How might a suitable solution be identified and funded?

Could the EWG's recommendations for addressing maximum protected registration satisfy both accountability needs and the privacy needs of at-risk individuals? How might a suitable solution be identified and funded?

Are the users and purposes identified by the EWG thus far sufficiently representative? Are there any significant gaps in users and purposes that must be addressed? Are the users and purposes identified by the EWG thus far sufficiently representative? Are there any significant gaps in users and purposes that must be addressed?

Given the desire for an extensible next-generation RDS that might accommodate the needs of a rapidly-evolving global Internet, how could future new users and purposes be accommodated? Who would decide on permitted purposes, using what criteria?

Given the desire for an extensible next-generation RDS that might accommodate the needs of a rapidly-evolving global Internet, how could future new users and purposes be accommodated? Who would decide on permitted purposes, using what criteria?

Are the registration data elements identified by the EWG thus far sufficiently representative of the data required for each identified purpose? Are there any significant gaps in data elements that must be addressed?

Are the registration data elements identified by the EWG thus far sufficiently representative of the data required for each identified purpose? Are there any significant gaps in data elements that must be addressed?

How should public and gated data elements be classified? What criteria should the EWG apply to make initial recommendations in this area?

How should public and gated data elements be classified? What criteria should the EWG apply to make initial recommendations in this area?

What community needs should be considered during the EWG's discussion of registration data storage duration, escrow and access log requirements?

What community needs should be considered during the EWG's discussion of registration data storage duration, escrow and access log requirements?

The EWG acknowledges that deploying and operating the suggested RDS will incur costs. In such a system, how could or should those costs be borne?

The EWG acknowledges that deploying and operating the suggested RDS will incur costs. In such a system, how could or should those costs be borne?

End quote

Re:I don't like the sound of this (5, Insightful)

Sean (422) | 1 year,26 days | (#44109383)

You don't have to answer all of them. You don't have to directly answer their questions either. You could just say things like:

- I don't want this. This system is not in my best interest.
- I don't want to register with anyone to query this data.
- Abuse mitigation should be handled by each registrar, this is a good way for them to differentiate themselves.
- I don't want to pay for this system at all
- Law enforcement should be given no special access at all. Nobody should accredit them.

You could also contact your registrar if you own a lot of domains and let them know you don't support this move at all. Ask them to oppose it.

Re:I don't like the sound of this (1)

zoomshorts (137587) | 1 year,26 days | (#44110141)

Amen !

Re:I don't like the sound of this (3, Informative)

SAH (191023) | 1 year,26 days | (#44110465)

What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.

There's IETF work under way to develop standard formats for whois-like queries and responses: http://datatracker.ietf.org/wg/weirds/charter/

Stupid Idea (5, Insightful)

Etherwalk (681268) | 1 year,26 days | (#44109039)

There should be a way for any person to contact any domain owner or domain-owning company. Putting a service in to vet requests will make it harder.

This is bad. And less transparent. And less distributed. And more expensive.

Re:Stupid Idea (2)

tlhIngan (30335) | 1 year,26 days | (#44109249)

There should be a way for any person to contact any domain owner or domain-owning company.

Which is the current problem with WHOIS - because it's easily accessible by everyone, everyone abuses it. So the end result is that all information is now hidden by proxies. The fact alone pretty much makes WHOIS useless if you need to contact someone.

A more restricted service that prevents abuse and requires all information be accurate (i.e., no proxies) and pointing to real people would be much more useful.

Either that or ICANN can simply announce all domains are owned by the contacts listed in WHOIS - if you use a proxy service, the proxy service owns the domain and all domains as such have been handed to a third party.

Re:Stupid Idea (2)

raju1kabir (251972) | 1 year,26 days | (#44110389)

The fact alone pretty much makes WHOIS useless if you need to contact someone.

I use one of those proxy services to register domains. They require a valid email address and test periodically to make sure it works. They publish an auto-generated random-looking email address for each domain, and reliably forward mail to the address I've provided. People who need to contact me are able to do so instantly.

Re:Stupid Idea (2)

houstonbofh (602064) | 1 year,26 days | (#44109283)

This is bad. And less transparent. And less distributed. And more expensive.

But as long as we save one child... I mean, as long as at least one person makes a boat load of money, it will be worth it.

Why? (1)

Reaperducer (871695) | 1 year,26 days | (#44109049)

Seems like a solution in search of a problem.

Though it would be nice to see some of the WHOIS spam cleaned up.

Even some of Google's WHOIS information has been jihacked by pr0n advertisers.

Under who's jurisdiction? (1)

c0lo (1497653) | 1 year,26 days | (#44109069)

data store maintained by a third party

What domain privacy [wikipedia.org] rules would be [wired.com] applicable?

The current solution (1)

slashmydots (2189826) | 1 year,26 days | (#44109075)

Find someone with private registration services. Record all fields. Put those fields into your website. Then some BS data request or subpoena or whatever would result in the private registration company claiming there is no associated record and some huge argument, none of which results in them getting your data. It's ridiculously insecure and a horrible idea to attach your name to a website. That's just asking for nonstop trouble, spam, scam calls, scam e-mails, domain scams, threats, etc.

Re:The current solution (1)

Animats (122034) | 1 year,26 days | (#44109363)

It's ridiculously insecure and a horrible idea to attach your name to a website. That's just asking for nonstop trouble, spam, scam calls, scam e-mails, domain scams, threats, etc.

What trouble? My real name and phone have been on all my WHOIS records for two decades. There's some spam, but the filters stop that. Maybe two phone calls a year. One threat in the last decade, from a scammer. He's no longer in business.

If you're running a business, you're supposed to disclose the actual name and address from which the business is conducted, at least in California and in the European Union. "Private registration" is a slimeball indicator for a site with any commercial purpose.

s/Kill/Commercialize/ (0)

Anonymous Coward | 1 year,26 days | (#44109077)

'nuff said.

Outsourcing (2)

quilombodigital (1076565) | 1 year,26 days | (#44109079)

They just fired the guy responsible for this form [icann.org] and want to outsource it.

Like or don't like, let ICANN know (1)

Anonymous Coward | 1 year,26 days | (#44109101)

http://www.icann.org/en/groups/other/gtld-directory-services/share-24jun13-en.htm

Re:Like or don't like, let ICANN know (1)

ukpyr (53793) | 1 year,26 days | (#44109143)

^^^ This.

Aren't statists wonderful? (0)

Anonymous Coward | 1 year,26 days | (#44109103)

Everything must be orderly. No rough edges or flaws. Nothing without permission. Submit to the designated authority and conform to the mandate.

centralized, third party (1)

gmuslera (3436) | 1 year,26 days | (#44109119)

Easy to explain what it is, and the same explanation also say why it is wrong. Anyway, this goes with the current agenda of taking control of internet [businessinsider.com] .

ICANN cares not about users (4, Insightful)

damn_registrars (1103043) | 1 year,26 days | (#44109163)

This action is not with your best interests in heart. This proposal comes with the intent of ICANN maximizing their own profits. They will blow smoke about privacy and other such utter bullshit to try to get people to support this but make no mistake, this will make the internet a less pleasant experience for users and a better hiding place for spammers.

How so, you might ask? Right now the current WHOIS gives vague lipservice to requiring domain registrations (and only under a very specific list of TLDs at that) to be registered with valid information. As it is, a not-insignificant portion of all new registrations at any given time are completed with missing or completely bogus information. And yet when this happens ICANN - who is tasked with making WHOIS data legible - almost always does nothing.

Now, they are just looking to openly embrace obfuscated, missing, and utterly bogus data in WHOIS records. The only people who benefit form this are the registrars that sell domains that benefit from that kind of lax registration requirement - spammers, scammers, and the like. If you don't think this matters to you, just wait until someone you know has their identity stolen after they mistype the web page for their bank, click on a fake ebay email, or do anything of that nature. The scum that will make money off of this will get to someone close to you, and this action will make it even less likely that those types will ever see any kind of punishment for their actions.

In other words, fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks.

Re:ICANN cares not about users (2)

BonThomme (239873) | 1 year,26 days | (#44109215)

"In other words, fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks."

odd, I was thinking exactly the same thing

Re:ICANN cares not about users (2)

fustakrakich (1673220) | 1 year,26 days | (#44109307)

...fuck you ICANN. I hope you profiteering fucks get fucked in the ass. And then when someone tries to fuck me because of your fucking stupid actions I will do everything I can to direct them to fuck you instead, you stupid fucking fucks.

Mmm, smells like teen spirit...

Ok, spill it, what's the goal? (1)

Opportunist (166417) | 1 year,26 days | (#44109185)

Is it to milk money from me whenever I want to know who keeps trying to hack me or is it to keep me from finding out who it is because such "sensitive information" will only be available to governments and the content industry?

Re:Ok, spill it, what's the goal? (1)

gl4ss (559668) | 1 year,26 days | (#44109519)

the goal is to give a right for a company to do this, for the company to charge and the company to kickback some cash to ICANN.

ICANNOT.

Monopoly (1)

Tyr07 (2300912) | 1 year,26 days | (#44109277)

Because, you know, we've never seen people trying to wrestle control into a single entity that is free to start with, and once total and absolute control is established, begin to start charging for the service. 'Maintenance' and other profitable excuses.

begged questions: (1)

Anonymous Coward | 1 year,26 days | (#44109353)

1. Is WHOIS actually broken?
2. Does this proposal actually fix it?
3. Is this proposal just a way for the proposers to privatize a free and common resource so they can make money out of it?

4. Can we identify these jackasses by name and make sure they never have anything to do with ICANN again?

Re:begged questions: (0)

Anonymous Coward | 1 year,26 days | (#44110469)

No, those are raised questions.

Follow the money (0)

Anonymous Coward | 1 year,26 days | (#44109373)

Where ever you have a gate, you end up with a gatekeeper and you must pay a toll to pass through. If not this year, then next.

But don't worry, it will just be a reasonable amount to cover expenses, plus a little extra if you want your information in less than a month.

Re:Follow the money (1)

Anne Thwacks (531696) | 1 year,26 days | (#44109631)

I'm a troll, fol-de-rol ...

What about non-domain name related data? (1)

MavEtJu (241979) | 1 year,26 days | (#44109941)

Like AS numbers, network blocks etc?

Oh wait, they don't make money out of that will be thrown out?

A third party? (0)

Anonymous Coward | 1 year,26 days | (#44110029)

Presumably a trusted third party like the US, or even better the NSA?

really (2)

crutchy (1949900) | 1 year,26 days | (#44110077)

time to replace icann with.... fuck, just about anything would be better... even microsoft, and that's saying a lot

Centralisation is stupid (0)

Anonymous Coward | 1 year,26 days | (#44110149)

Why the fuck would you centralise whois? Just put the whole internet on one place and be done with it since we're at it (oh, wait, it's happening already - facebook, googleplus!).
Not to mention much easier access for american agencies to the addresses of anyone who owns a domain. Whois information should be private by default.
STUPID idea.

It's for the domain squatters (1)

Antique Geekmeister (740220) | 1 year,26 days | (#44110715)

The proposal is aimed at charging the domain squatters for the thousands or millions of daily hits they make, which do burden the whois system profoundly. I'm aware of entire companies that were founded to do this during the "dotcom" bubble, most of which thankfully died out during the "dotbomb" burst. But the business remains intact, and is even more populated by fraudsters than it was then. And this proposal is clearly aimed at limiting the large scale data mining to a much more select clientele.

It might help the system. The fraudulent registrations and registrars unresponsive to abuse complaints are a constant drain on network administrator resources. But there's no reason to think that this centralized data will be used to actually monitor for or prevent abuse. Like when Verisign declared "*.com" to point to automatically point to their web pages and email systems, it's likely to cause a lot of chaos and serve only a small group in a place to profit from it.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...