[At-Large] Wikileaks.org

Eric Brunner-Williams ebw at abenaki.wabanaki.net
Mon Dec 20 22:48:31 UTC 2010


The registrar dynadot, IANA #472, on December 17th, associated the 
address with the  A record for wikileaks.org

At some point prior to December 17th, the A record had a different value.

Who authorized or performed the update of 17-Dec-2010 01:57:59 UTC is 
a reasonable question to ask, by ICANN Compliance, of the registrar of 
record, IANA #472.

This morning (EST) a GET / HTTP/1.1 sent to returns a 302 
(redirect) to http://mirror.wikileaks.info/. This afternoon (EST) the 
same query returns a 400 (bad request).

IANA #472 should be able to document each change to the A record, and 
NS records, and demonstrate that only the registrant caused the series 
of changes to the RRset in December, or, an act for which no liability 
is incurred by the registrar, due to any one of a number of specific, 
enumerated circumstances.

What a reasonable inquiry should not find is a denial of service to a 
registrant by an accredited registrar under any but that very 
specific, enumerated set of circumstances.

It is not infrequent for an address block to be recovered and 
reallocated by an RIR, without third-party coordination. Therefore the 
association by Spamhaus to the address at which wikileaks.info was 
associated could have been an artifact of prior, not present, practice 
that resulted in Spamhaus' characterization of the address as 
problematic. However, it is more likely that the characterization is 
"current", not an artifact of recovery & reallocation by the RIR and 
lack of notice to third-parties such as Spamhaus or a lack of prompt 
reaction by Spamhaus upon timely notice by the RIR.

If, in addition, the effect of redirection, initiated by parties as 
yet unknown, was to cause browsers to connect to an address, for which 
other resources are associated, other questions reasonably arise.

While synchronous behavior by statistically significant numbers of 
informed and consenting adults manifests similar to synchronous 
behavior by distributed systems, including those constructed from 
assets acquired through latent defects in operating system products or 
applications, aka "botnets", just as rapid changes to NS records (aka 
"fast flux hosting") may be implemented to avoid suppression of 
content by political censors or to avoid suppression by anti-fraud law 
enforcement, the wisdom of reducing the ability of Spamhaus to conduct 
its daily operations as an email quality enabler is open to criticism.

I look forward to comments from PIR, and from IANA #472, and ICANN 
Compliance on the issues around wikileaks.org in mid-December.


More information about the At-Large mailing list