WHOIS Review: "Cart before the horse?" and other ramblings
- To: whois-rt@xxxxxxxxx
- Subject: WHOIS Review: "Cart before the horse?" and other ramblings
- From: "Ronald F. Guilmette" <rfg@xxxxxxxxxxxxxxxxx>
- Date: Sun, 17 Apr 2011 17:00:01 -0700
Personally, I am approaching this discussion as a tabla rasa.
I am ignorant of most of what has come before, and not ashamed
to admit it. I've tried, admittedly without either much effort
or much success, to seek out documents, available on the web,
that would give me some more context to start from on what would
seem to be the topics at hand, but from where I am sitting there
does appear to be dearth of such. Nontheless, I'd like to offer
the following modest observations, which may perhaps be worth what
you paid for them.
It appears to me that the Review Team, as well as the Internet
community as whole, is grappling with two overriding questions/
issues, to wit:
1) What are the intended uses of domain name WHOIS service?
2) What are the best means by which domain name WHOIS service
can be made to fulfill its intended uses?
Although, as I have said, I am ignorant of much of what has either
discussed or decided already, it does appear to to me that there
are, at present, a number of open questions with repect to (1)
above. Certainly, that can be inferred from the mere fact that one
of the questions that has been put to the community by the review
team is one concerning the proper defintion of "law enforcement".
Such a definition can only, and will only be useful if it has been
decided (pre-decided?) that the domain name WHOIS service will have
(or does have) some special and particular intended uses which are
unique to "law enforcement".
Having myself been unable to find, after an altogether and admittedly
minimal and modest search, any document(s) wherein such a decision
either was or might have been codified, I have been left wondering
about a larger and more all-encompassing question: Where is the
_charter_ for the domain name WHOIS service? Where is the single
document that codifies, for the benefit of all users and producers
of domain name WHOIS information, its formally anticipated and for-
mally accepted uses?
If anyone can point me to such a document, I would greatly appreciate
it, becaues as I say, I have been unable to find it.
Obviously, and as we all know, WHOIS service dates from the very early
days of the Internet, back when things were far smaller, often far less
formal, and back when the things that were considered as most important
to commit to writing were descriptions of how things were supposed to
work, technically (e.g. protocols), as opposed to precise descriptions
of what things were intended to be used for. (Nobody, I suspect, ever
felt that it was either necessary or useful to elaborate at length about
what, e.g., e-mail was useful for. Most folks who ever got a taste of
it were able to figure out that part on their own.)
I've briefly reviewed various RFCs relating to WHOIS services, i.e.
812, 954, 1834, and 3912, and although some of these provide some not
terribly specific hints as to the orginally intended uses of domain
name WHOIS service, these documents spend far more of their bulk on
technical specification of the protocol. In the early days of the
Internet, this was undoubtedly what was needed, but we are not there
anymore, and it appears to me that it is now high time that someone,
perhaps the WRT, should being drafting a formal charter for domain
name WHOIS services.
I suppose that by raising such questions as "What is `law enforcement'?"
outside observers such as myself might conclude that the WRT is in fact
wending its way, however circuitously, towards a kind of a formal charter
for domain name WHOIS service, but my simple suggestion would be to for-
mally and explicitly assert and acknowledge that the development of a
formal charter for domain name WHOIS service is in fact a goal and in-
tended work product of the WRT. I would argue that it is only within
the framework of exactly such a formal goal do questions such as "What
is law enforcement?" even make any sense. The definition, even if one
can be agreed, is utterly superfluous in the absence of context.
Historically, domain name WHOIS service has served the following purposes:
1) As a source of information for "good samaritans" and/or tangentially
affected parties which could be used to make contact with other network,
system, or domain administrators, e.g. to inform them of technical
issues such as unanticipated outtages. (This was, as I understand it,
the one and only ``original intent'' of all WHOIS services.)
2) As a source of information for affected and/or other interested parties
which could be used to make contact with network, system, or domain
administrators, e.g. to inform them of security and/or network abuse
3) As a source of information for affected parties which could be used as
either ordinary contact information or legal Service Of Process infor-
mation, specifically by intellectual property rights holders, either
to request assistance in enforcing intellectual property rights or,
in other cases, to actually begin legal proceedings necessary (e.g.
via SoP) to legally enforce intellectual property rights.
4) As a source of information for law enforcement which could be used as
either ordinary contact information, e.g. during an investigation,
to request additional information about specific end-customers, or
directly, as perpetrator identifying information.
5) As a source of information for network abuse researchers seeking after
simple correlations and/or patterns of network abuse that might be
evident from clues contained in domain name WHOIS records that are
either know or suspected of being involved with various acts of network
(If I have missed any other common uses of domain name WHOIS data, by all
means, please do let me know.)
Clearly, each of the five historical uses of domain name WHOIS data lised
above has its own separate constituency and thus its own separate advocates.
I personally happen to represent constituency (5) from the list above, as
do some of the other persons and organizations that have already submitted
comments to the WRT relating to the current review process.
Although all five constituencies share a common interest in the completness,
timeliness, and accuracy of domain name WHOIS information, the views of
these groups of WHOIS client/customers may, I sense, begin to diverge when
it comes to the issue of (universal?) availability. Based upon my own
admittedly limited knowledge of typical law enforcement entities, I do
spscet that they, in particular, would be perfectly happy to have utterly
exclusive access to any & all WHOIS information, while shutting everyone
else out and leaving the rest of us fumbling around in the dark. While
an argument could perhaps be mustered in support of the view that LE
should henceforth be the sole authorized consumers of WHOIS information,
both my personal beliefs and my personal biases lead me to the entirely
In any case, one man's personal opinions are neither here nor there, and
the real issue, I believe, is whether or not item (5) from the list above
is or is not, currently (or shall or shall not be in future) an accepted,
formally authorized, and fully ``intended'' use of domain WHOIS data. I
believe that it is, and should be, going forward, and further, that such
uses of WHOIS data, along with the others listed above, should all now
be formally enshrined into a single unifying and defining document, a for-
mal charter for WHOIS. What I personally am most definitely NOT in favor
of is a whole lot of nibbling around the edges without ever getting to the
heart of the matter. I have no opinion of the best or most proper defi-
nition of the term ``law enforcement'' until I am presented with at least
a draft of the over-arching document into which said definition is intended
to fit. (And if that over-arching document asserts that henceforth only
``law enforcement'' shall be granted access to certain types of WHOIS
information, then everyone may be assured that any definition of ``law
enforcement'' that _I_ would likely espouse would most assuredly be drafted
so broadly as to include myself.)
The second question that, it seems to me, is being raised within these
present discussions is the question of how best to make domain name WHOIS
service as useful as possible, i.e. for all of its ``intended'' (and as
yet to be formally defined?) uses. On this point, I have a few modest
The completness and accuracy of domain name WHOIS data is unambiguously
of value to all of the separate WHOIS client/customer constituencies listed
above. Unfortuantely, at the present time, and as most close observers
already know, the accurancy of the current WHOIS data base is nothing
short of abysmal. Anyone who has studied my work, or that of KnujOn,
or even much of the material on th Spamhaus web site knows that already.
What is even more troubling is that ICANN, at present, has neither the
means nor even, apparently, the interest in doing anything about it.
(I myself offered a list of over 50,000 gTLD second-level domain names,
all with utterly bogus WHOIS information, to an official @ ICANN recently,
and was turned down cold. The officuial in question would not even
take the data from me! This sort of information, i.e. the names of
domains having bogus WHOIS information is, quite obviously, considered
only an unwelcomed technical and administrative burden within ICANN.
That is both a cultural and a technical problem, both of which need
fixing, and desperately.)
(I am running out of UTC time before the end of the 2011-04-17 cuttoff
for comments, so the rest of this message will be hurried.)
How to fix the accurance problems of teh WHOIS data base, going forward,
presented -NO- insurmountable technical challenges. This is NOT a moon
shot. Solving the problem is either prohibitively complex nor prohibitively
costly, even though any such hidebound, self-serving and profit maximizing
entities such as ICANN and its constituent registrars always can (and
always will) attempt to make it appear so. (For further information,
consult Sir Humphrey Appleby.)
Recently, in preparation for sale, I registered one of my domain names
with Sedo's domain name marketplace. This company knows what it is
doing and has a _positive_ financial interest in insuring that they
can verify the true ownership of any given domain name, unlike ICANN
and its registrars, all of which have a clear _negative_ incentive to
look to closely at anything that some paying customer ants to put into
his or her WHOIS record(s).
Anyway, Sedo has a system that actually calls the phone number listed
n the domain name WHOIS record. The owner is then read a magic five
digit code that must be entered at a particular URL to complete the
Simple and obvious question: Why can Sedo do this for registering domains
into its "marketplace", but no other registrars can do it for original
Lots of fully-automated various on this general scheme are possible.
and also for e-mail addresses. This could be done. There is no will or
willingness to do it.
And THAT is the REAL problem with the WHOIS data base.