funsec mailing list archives
RE: WHOIS Privacy Stalemate... Again
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 24 Aug 2007 15:06:36 +1200
Andy Sutton wrote:
On Thu, 2007-08-23 at 14:54 +1200, Nick FitzGerald wrote:You've clearly never worked real, susttained abuse rporting...The problem isn't with the Whois information, which is a poor way to identify a domain owner - and always will be for obvious reasons. The issue is that netblock owners and domain registrars don't have adequate processes (or any real incentives) to handle abuse complaints. This isn't about pinning down a website to Susy Brown, but about cleaning up the 'net. Identity has little to do with it unless you are actually LE. However, they have additional tools in their toolbox to deal with this issue. Sub-LE is a do what you can, and forward to LE what you can't do, proposition for very good reasons. I get the privacy aspects, and I do think they are a real concern in today's era of tracking everything under the sun. (If that makes me part of the tin-foil club, so be it.) However there are alternatives that do not require expensive, time consuming, and ultimately futile Identity verification and re-certification processes to be put in place. Relying on some unattainable method of ensuring 100% positive identity is a total distraction from abuse handling.
You entirely missed my point... The fact that currently, accurate WHOIS information is (kinda) required _and the bad guys want to provide anything BUT accurate Whois information_, means that you can leverage the bad guys use of bad WHOIS information against them. Yes, it's far from perfect and gradually getting less useful, but deliberately hamstringing even this weak form of attack against the bad guys, and thus NOT being able to use it either as a lever to eventually clue-up the hopeless registrars, or prove the complicity of the truly wretched registrars, means we'd have VERY, VERY LITTLE of any use left. _THAT_ would be a truly bad result. I'm NOT concerned about using WHOIS data to reliably ID bad guys -- LE has to ID them if/when they actually get involved and get to a point where they may try to act against the bad guys, and as you say often have other, better tools for doing that, BUT a lot of useful anti-abuse work occurs "below" the level where LE will ever get involved and weakening the few already pathetically weak "requirements" the name system currently has will significantly reduce the possibility and usefulness of that sub-LE anti-abuse work. Now, if and when better domain registration _and_ "responsibility tracking" methods are put in place _and seriously enforced_, we can happily throw away the wretched mess that is WHOIS. BUT, I strongly recommend you NOT hold your breath until this happens, and in the meantime, please leave us the seriously weak WHOIS "requirements" that actually DO provide a deal of anti-abuse assistance... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: WHOIS Privacy Stalemate... Again, (continued)
- RE: WHOIS Privacy Stalemate... Again Larry Seltzer (Aug 22)
- RE: WHOIS Privacy Stalemate... Again Nick FitzGerald (Aug 22)
- Re: WHOIS Privacy Stalemate... Again der Mouse (Aug 22)
- Re: WHOIS Privacy Stalemate... Again Dude VanWinkle (Aug 23)
- RE: WHOIS Privacy Stalemate... Again Larry Seltzer (Aug 22)
- RE: WHOIS Privacy Stalemate... Again Paul Ferguson (Aug 22)
- Re: WHOIS Privacy Stalemate... Again der Mouse (Aug 22)
- Re: WHOIS Privacy Stalemate... Again Dude VanWinkle (Aug 23)
- RE: WHOIS Privacy Stalemate... Again Larry Seltzer (Aug 22)
- RE: WHOIS Privacy Stalemate... Again Nick FitzGerald (Aug 22)
- RE: WHOIS Privacy Stalemate... Again Andy Sutton (Aug 23)
- RE: WHOIS Privacy Stalemate... Again Nick FitzGerald (Aug 23)
- RE: WHOIS Privacy Stalemate... Again Andy Sutton (Aug 24)
- RE: WHOIS Privacy Stalemate... Again Larry Seltzer (Aug 24)
- Re: WHOIS Privacy Stalemate... Again Brian Loe (Aug 24)
- RE: WHOIS Privacy Stalemate... Again Larry Seltzer (Aug 24)
- Re: WHOIS Privacy Stalemate... Again Brian Loe (Aug 24)
- Re: WHOIS Privacy Stalemate... Again der Mouse (Aug 22)
- RE: WHOIS Privacy Stalemate... Again Nick FitzGerald (Aug 26)