[At-Large] Issue Report on Thick Whois

Karl Auerbach karl at cavebear.com
Tue Nov 22 22:58:21 UTC 2011 

On 11/22/2011 02:22 PM, Evan Leibovitch wrote:
> On 22 November 2011 13:39, Karl Auerbach <karl at cavebear.com> wrote:

>> A domain name is a sequence of keys into a distributed database of
>> records or several types ranging from text to addresses to crypto keys
>> to lat/long coordinates.  For instance I have the text of the Magna
>> Carta stored in DNS records.
>>
> 
> That's nice... but most people neither know this can be done nor care. If
> the DNS was a suitable or effective way for people to transmit the Magna
> Carta, people would use it. But they don't. So this example demonstrates
> nothing.

You said "Internet domains are, by their nature, public instruments to
be used to help people find Internet content."  That is a
misrepresentation of the technology of DNS.

You can pretend that a rock is a duck but that does not make it a duck.

Most people don't know the difference between a URL/URI and a domain
name either, but that does not make them the same thing.

If one wants to be engaged in a real and meaningful discussion of
governance of the internet it is useful if one has a solid, and
accurate, sense of what the technology of the internet is rather than
what one wants it to be.


> I would gently remind tha this discussion was generically about WHOIS.

Yes, but I was responding to your blunt assertion that "Internet domains
are .. public instruments", an assertion with which I strongly disagree.
 And it is an assertion that is outside of the topic of Whois.


> And by using the phrase "find internet content" you are conflating
>> the internet, to which the DNS pertains, with the much smaller thing
>> called the World Wide Web.
>>
> 
> That's your own bias overlaid on what I said and not at all what was
> intended.

Then, please, next time please make it clear that you intend to discuss
the use of domain names solely in the context of the world-wide-web, and
more particularly, the world-wide-web as used by humans using web
browsers rather than the mass of HTTP/HTTPS based access used by
machine-to-machine communications without human intervention.

On the internet domain names are used much many things beyond human
browsing of the world wide web.  Yet the assertions that are being made
are based on an implicit, and incorrect, assertion that the world wide
web and the internet are the same.


>> What people are doing on the net today is as if they grabbed a
>> telephone book, looked up a physician, dialed the number, and then without
>> any
>> validation that they are actually talking to the physician they blurt out
>> their deep secrets.

> Of course, what we have on the Internet is a willful manipulation of phone
> books so that the physician's phone listing -- may divert you to an
> off-shore data center charged with sounding like your doctor's office in
> order to extract your health insurance information. The phone book maker
> disclaims any wrongdoing and has no resources to validate its own listings.

And if one is silly enough to presume that the number one dials will
inexorably and infallibly gets one to a doctor with a duty of
confidentiality, then that person is naive.

Most people in the real world understand through experience that the
telephone system - and telephone books - are flawed.  And we as humans
tend to identify and authenticate, even if only implicitly through our
sense of voice recognition, that we have reached the correct opposite party.

That has not become a habit on the net for two reasons - First was that
the technology wasn't there for most people when we started the web in
1995 (but it could be now) and secondly that many domain name people and
ICANN have spread the false word that the domain name system is
"authoritative" when it is in fact not authoritative at all but is
merely a hint.

Some have been mislead by the fact that in the DNS protocol there is an
"authoritative answer" bit.  The "authoritative answer" bit in DNS
responses merely means that the answer came from a server which directly
knows the data rather than having obtained it by what amounts to DNS
hearsay.  The "authoritative answer" bit has nothing do with the actual
usability of the resource record content that is returned.

> Enforcing an accurate and thick WHOIS allows you to have some clue that the
> entity that created that directory entry is legit, either before or after
> the fact.

Sonme of us believe that there ought not to be a domain name whois at
all; that if one wants to penetrate into the business records of a
domain registration that one ought to:

  - Demonstrate, in writing and into a permanent log visible to the
registrant, the requester's identity and credentials.

  - Make a written claim, that is also recorded in a permanent log
visible to the registrant, that a legally cognizable harm to the
requester has been committed by the registrant.

  - Provide, again into the permanent log, some degree of evidence
(beyond mere assertions) to back up that claim.

  - Deposit some money to compensate the registrant for his/her troubles
if that claim proves to false and made with reckless disregard of the facts.

  - Pay for the cost of the access and record-keeping.

  - Be denied from making contradictory or inconsistent claims at a
later time or against another accused party.

		--karl--

More information about the At-Large mailing list