Re: [gnso-dow123] Security/stability questions

["Milton Mueller" <Mueller@xxxxxxx>]

>>> Bret Fausett <fausett@xxxxxxxxxxx> 3/24/2005 2:25:09 PM >>>
>Please keep in mind that the Security and Stability Advisory Committee

>already issued a major report on Whois in December, 2002. It strikes
me 
>that many of the questions we are considering were previously
answered.

Bret:

This is a good reference but also an indication of why we need
additional dialogue. SSAC made the following statement: "There are two
principal reasons to maintain accurate contact information in Whois
records: technical and legal."

Their discussion of technical aspects is sparse. All they say is this:
"The technical rationale is that if there are problems with or abuse
originating from a resource (e.g., a domain name, route, or IP address)
the Whois entry for the resource is the only source for finding the
responsible party."

That's it. There is no discussion of how often this information is
used, no discussion of gradations in access that could be required while
still permitting one to find the responsible party, no discussion of
what data elements are needed, no distinctions made between domain names
and IP addresses. 

The "legal" reason involves the relative rights of registrants and the
balance between law enforcement and privacy, and SSAC is in no position
to make authoritative pronouncements about that. Indeed, they should be
consulting with us on those questions before issuing any reports. To its
credit, the SSAC report recognizes a relationship between the incentives
to maintain accurate data and the privacy of the data, although here
again they have no special claim to expertise on this matter.