fixing insecure email infrastructure (was: Re: [eweek article] Window of "anonym

Eric Brunner-Williams in Portland Maine brunner at nic-naa.net
Fri Jan 14 07:59:18 UTC 2005


> Because there is no data protection on many databases (such as ".com"
> registrars who are forced to sell the data if requested), people lie
> when registering, because it is the only tool they have to protect
> their privacy.

Yup. Our ICANN contracts both require us to sell bulk registrant data,
and require us to maintain :42 and :80 (FORM+POST) whois servers, both
unconditionally, to satisfy the trademarks interest group.

The "perfect open whois to fight spam" claim exchanges 40,000,000 valid
(or not dysfunctional in this particular context) for two or more orders
of magintude smaller invalid and dysfunctional (in this partuclar context)
addresses.

Because registrar-registrar predation via whois data mining is a reality,
registrars rate limit or otherwise attempt an ACL on both :43 and :80 whois
service, and data format variation is a form of defense. It prevents the
marginals who can't write a simple parser from theft via slamming the
registrants.

And since no one who wants whois data who isn't stealing registrants is
paying us, grand unifying schemes aren't a registrar insterest. Again,
look to the marks people, now accompanied by the new "total information"
law enforcement people for the primary actors. As I've previously pointed
out, neither of those two interest groups is fundamentally interested in
SMTP.

> Fix the data protection problem and you'll have a better case to force
> people to register proper information.

Bingo!



More information about the NANOG mailing list