[funsec] WHOIS Privacy Stalemate... Again
nick at virus-l.demon.co.uk
Thu Aug 23 22:06:36 CDT 2007
Andy Sutton wrote:
> On Thu, 2007-08-23 at 14:54 +1200, Nick FitzGerald wrote:
> > You've clearly never worked real, susttained abuse rporting...
> The problem isn't with the Whois information, which is a poor way to
> identify a domain owner - and always will be for obvious reasons. The
> issue is that netblock owners and domain registrars don't have adequate
> processes (or any real incentives) to handle abuse complaints. This
> isn't about pinning down a website to Susy Brown, but about cleaning up
> the 'net.
> Identity has little to do with it unless you are actually LE. However,
> they have additional tools in their toolbox to deal with this issue.
> Sub-LE is a do what you can, and forward to LE what you can't do,
> proposition for very good reasons.
> I get the privacy aspects, and I do think they are a real concern in
> today's era of tracking everything under the sun. (If that makes me
> part of the tin-foil club, so be it.) However there are alternatives
> that do not require expensive, time consuming, and ultimately futile
> Identity verification and re-certification processes to be put in place.
> Relying on some unattainable method of ensuring 100% positive identity
> is a total distraction from abuse handling.
You entirely missed my point...
The fact that currently, accurate WHOIS information is (kinda) required
_and the bad guys want to provide anything BUT accurate Whois
information_, means that you can leverage the bad guys use of bad WHOIS
information against them.
Yes, it's far from perfect and gradually getting less useful, but
deliberately hamstringing even this weak form of attack against the bad
guys, and thus NOT being able to use it either as a lever to eventually
clue-up the hopeless registrars, or prove the complicity of the truly
wretched registrars, means we'd have VERY, VERY LITTLE of any use left.
_THAT_ would be a truly bad result.
I'm NOT concerned about using WHOIS data to reliably ID bad guys -- LE
has to ID them if/when they actually get involved and get to a point
where they may try to act against the bad guys, and as you say often
have other, better tools for doing that, BUT a lot of useful anti-abuse
work occurs "below" the level where LE will ever get involved and
weakening the few already pathetically weak "requirements" the name
system currently has will significantly reduce the possibility and
usefulness of that sub-LE anti-abuse work.
Now, if and when better domain registration _and_ "responsibility
tracking" methods are put in place _and seriously enforced_, we can
happily throw away the wretched mess that is WHOIS. BUT, I strongly
recommend you NOT hold your breath until this happens, and in the
meantime, please leave us the seriously weak WHOIS "requirements" that
actually DO provide a deal of anti-abuse assistance...
More information about the funsec