[At-Large] Issue Report on Thick Whois

Karl Auerbach karl at cavebear.com
Tue Nov 22 18:39:11 UTC 2011

On 11/22/2011 07:38 AM, Evan Leibovitch wrote:

> Internet domains are, by their nature, public instruments to be used to
> help people find Internet content.

I strongly disagree.

A domain name is a sequence of keys into a distributed database of
records or several types ranging from text to addresses to crypto keys
to lat/long coordinates.  For instance I have the text of the Magna
Carta stored in DNS records.

Those records may be, and often are, opaque and meaningful only to a few
people, for example address records that contain addresses in private IP
address spaces.

And by using the phrase "find internet content" you are conflating the
internet, to which the DNS pertains, with the much smaller thing called
the World Wide Web.

The real technical problem is that on the internet there is not a
uniform scheme of identification and authentication of identity.  Thus
on the world wide web (and on the net in general) connections are made
on the presumption that a domain name mapping is somehow more than a hint.

What people are doing on the net today is as if they grabbed a telephone
book, looked up a physician, dialed the number, and then without any
validation that they are actually talking to the physician they blurt
out their deep secrets.

In real life real people have long since learned that when a telephone
call is made that one of the first steps performed is a degree of
validation that the other party is who he/she is believed to be.

We don't do that on the internet - it is a flaw in the architecture of
the net.  We do have IPsec, but we don't use it.  And TLS is often one
way or not validated back to a trusted certificate authority.

Instead the burden has been lain onto the domain name system; and it is
a job that the DNS was never intended to perform and which it does poorly.

 This is one area in which privacy, by
> and large is the realm of people hiding from (what I believe to be)
> legitimate investigation. I do not believe that, in this case, the public
> should be denied information available to law enforcement.

That would be a terrible idea.  Law enforcement people are bound, or at
least in theory are bound by rules, laws, constitutional limitations
that do no apply to private individuals.

> I would remind that At-Large is charged with protecting the interests of
> Internet end users, not registrants. Registrants have an interest in being
> able to hide. End users have an interest in domain owner accountability and
> transparency.

Registrants are end-users too.  I suspect that most domain name
registrants don't appreciate condemnation without a trial adducing
specific facts and acts that prove that they are guilty of specific
unlawful acts.

So I do not accept the notion that because name registrants are, in your
opinion, possibly able to commit ill acts that they should lose rights
accorded to others.


More information about the At-Large mailing list