ICANN Working Group Seeks To Kill WHOIS 155
angry tapir writes "An Internet Corporation for Assigned Names and Numbers working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralized data store maintained by a third party that would be responsible for authorizing 'requestors' who want to obtain domain information."
Re:Horrible for network security... (Score:4, Interesting)
The tinfoil-hat enthusiast in me would say that this may be one of the intentions behind it.
Re:not having read TFA (Score:3, Interesting)
Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?
This is going to make it difficult for visitors to a site, to let the site owners know, personally, that they've been hacked. Ive stopped two websites so far, from spreading viruses after they've got hacked due to using old joomla 1.2. Blackhole exploit redirects, i beleive the term is.
Re:not having read TFA (Score:5, Interesting)
I'm fine with whois, even though it has been steadily degraded by private registrations recently.
I'm not convinced there is any realistic reason this information needs to be private, although I might feel differently if i lived somewhere else in the world where angry armed mods drag you from your home for expressing a view point. On the flip side of that, simply knowing that your information is available tends to induce better behavior on the Web.
But by and large, I think people should be able to know who owns a site, or who is fronting for the owner. It helps a great deal when trying to track down and report abuse.
I rather suspect mine is not a popular view.
Re:Having read TFA and the propsal (Score:5, Interesting)
What constitutes an authorized user?
I have a honeypot on my home server to collect phony/random/orchestrated login/breakin attempts. A log entry has time, IP, username, pw. Eventually, I'd like to do further automated scripting. Namely, take the IP address, do a whois on it, look for the abuse contact email at the ISP, and email them the relevant log entries, with a polite request to investigate.
If they're legit, they may want to take action against one of their users who is doing massive attempts at system breakins. That is, such attempted login/breakin activity is against the law in certain countries. It's also [probably] a violation of the ISP's TOS. I've read that many ISPs don't even know that their customers are doing such things and welcome being told because the customer activity can expose the ISP to a degree of legal liability [safe harbor notwithstanding].
Currently, in whois data, there is no [universally used] standard for the abuse mailbox. It can be: ... ... ... ...
abuse-mailbox:
Remarks: Send abuse email to
% Remarks
# Send abuse reports to
So, standardization would be nice.
However, an interesting wrinkle. Although I get attempts from all over the world, most of the breakin attempts I get come from .cn hosts [just sayin ...]. The whois data from these is _always_ 100% complete and well organized. I guess they're compelled to do this by the gov't there. If, as proposed, the information goes to a central repository in [presumably] another country, there would be no way to compel an ISP to provide accurate/complete information cross-border.
So, how does this shape up under the new proposal? Which country's laws would govern this? Per-country top level domains like .cn and .uk present fewer problems. But, what about the more generic .com, .org, etc.?
Re:Having read TFA and the propsal (Score:4, Interesting)
Eventually, I'd like to do further automated scripting. Namely, take the IP address, do a whois on it, look for the abuse contact email at the ISP, and email them the relevant log entries, with a polite request to investigate.
I'm sure you will be careful with this, but I just want to post a friendly reminder. Depending on how you organize your script and how often the same person hits your network, there's a chance you'll end up flooding the abuse contact with email. Not only will they not appreciate that, but there is a chance of amplification and bogging down their abuse handling process.
In addition to the abuse-mailbox field you mention, it would be nice to standardize on an abuse report format, too. That way we could be confident that abuse reports can be properly fed into a system without depending on a human reading them directly.
There are both required and recommended contacts (Score:5, Interesting)
This doesn't answer all your questions. Sorry.
There are standardized addresses. Unfortunately, people who don't understand basic systems engineering (or who do, but are extremely greedy and amoral) refuse to use them.
Anyone providing Internet mail services is required by the SMTP protocol definition to have a human being receiving mail at the postmaster@domain.tld address. This has been true in every single revision of the protocol starting with RFC822 and continuing to the present day in RFC2821.
If you aren't manning the postmaster address, what you're doing is simply not SMTP, so it isn't Internet email. It is something else - metaphorically a bicycle wobbling down the center of the freeway, perhaps, or in the case of the big government-owning vendors like Verizon a steamroller in a pedestrian tunnel, crewed by laughing psychopaths.
The abuse@domain.tld address is slightly different - it is required by RFC2142, just like the hostmaster@domain.tld address is, but that RFC is not a protocol definition or a requirement for Internet connection.
However, the following statement is objectively true: If a domain does not staff the abuse, hostmaster and postmaster accounts, they will fall in at least one of two categories: technically incompetent or ethically corrupt.
The technically incompetent cannot handle the mail filtering required to deal with the spamload on these addresses. AOL claims that they are part of this group.
The ethically corrupt understand that the Internet is fundamentally a system of agreements - that wires and computers cannot function as a whole unless they use agreed-upon, mutually respected protocols, just as people cannot communicate efficiently unless they share some kind of common language. However, they also know the Internet's protocols are robust enough that only the majority of users must scrupulously comply with them, and extremely wealthy and powerful players can gain commerical advantage by breaking the rules they insist everyone else respect. Verizon and Microsoft fall in this category.
Because people continue to buy services from the technically incompetent and the ethically corrupt, they continue to prosper. This is something the free market is supposed to magically correct, but amazingly enough the same people trumpeting the power and the glory of free markets seem to be working very hard to support regional monopolies and strengthen barriers to entry in communications markets.