[At-Large] Issue Report on Thick Whois
evan at telly.org
Tue Nov 22 22:22:44 UTC 2011
On 22 November 2011 13:39, Karl Auerbach <karl at cavebear.com> wrote:
> A domain name is a sequence of keys into a distributed database of
> records or several types ranging from text to addresses to crypto keys
> to lat/long coordinates. For instance I have the text of the Magna
> Carta stored in DNS records.
That's nice... but most people neither know this can be done nor care. If
the DNS was a suitable or effective way for people to transmit the Magna
Carta, people would use it. But they don't. So this example demonstrates
> Those records may be, and often are, opaque and meaningful only to a
> few people, for example address records that contain addresses in private IP
> address spaces.
I would gently remind tha this discussion was generically about WHOIS. If
you want to jump onto a single point of mine to score points over an
obscure discussion of how many things you can legally jam into a DNS
record, go ahead. But that's not what this debate is about, which is the
use of WHOIS to help identify points of contact for internet content
And by using the phrase "find internet content" you are conflating
> the internet, to which the DNS pertains, with the much smaller thing
> called the World Wide Web.
That's your own bias overlaid on what I said and not at all what was
The real technical problem
This is not a technical problem. It's a public policy problem.
> What people are doing on the net today is as if they grabbed a
> telephone book, looked up a physician, dialed the number, and then without
> validation that they are actually talking to the physician they blurt out
> their deep secrets.
Of course, what we have on the Internet is a willful manipulation of phone
books so that the physician's phone listing -- may divert you to an
off-shore data center charged with sounding like your doctor's office in
order to extract your health insurance information. The phone book maker
disclaims any wrongdoing and has no resources to validate its own listings.
Enforcing an accurate and thick WHOIS allows you to have some clue that the
entity that created that directory entry is legit, either before or after
> In real life real people have long since learned that when a
> telephone call is made that one of the first steps performed is a degree
> of validation that the other party is who he/she is believed to be.
Yes, and because of that we eradicated any problems from phone scams
decades ago. :-P
There are problems with phone directories, but the directory publisher can
be held accountable for accuracy. There are far more problems with the
ICANN-administered namespace, in which an entire industry has been created
to sell as many directory entries as possible regardless of the number of
I would be quite happy if ICANN were held liable for allowing WHOIS entries
to be knowingly incomplete or incorrect. It might change the relationship
ICANN has with its contracted parties.
Instead the burden has been lain onto the domain name system; and it is a
> job that the DNS was never intended to perform and which it does poorly.
And yet... we work with the toolkit we have, and thick WHOIS already
exists. It would serve its purpose fine if kept accurate. Flawed but
> > I would remind that At-Large is charged with protecting the interests of
> > Internet end users, not registrants. Registrants have an interest in
> > able to hide. End users have an interest in domain owner accountability
> > transparency.
> Registrants are end-users too.
Yes, just like people who work for -- or own shares in -- registries and
registrars are end-users too. But, like them, registrants already have
their voice within ICANN elsewhere. Just because industry employees and
shareholders and domainers are end-users too doesn't mean that their
interests are the same as that of the much greater public that has no
interest in buying or selling domain names. At-Large seeks to represent
those who don't have a voice elsewhere.
This is one issue in which the interests of end users don't match with the
interests of registrants, so it is in the interests of registrants to blur
the distinction, game the debate, and then plead innocent when ICANN is
accused with being out of touch with the rest of society.
> I suspect that most domain name registrants don't appreciate condemnation
> without a trial adducing specific facts and acts that prove that they are
> guilty of specific unlawful acts.
Requiring accurate identity info elsewhere -- whether related to passports,
drivers licenses, newspaper mastheads, union memberships, credit cards or
elsewhere -- does not presume guilt. Nor does a requirement for accurate
More information about the At-Large