Transcript Interim Whois Solutions - gNSO

Interim Whois Solutions
ICANN Workshop
October 29, 2003
Issue
The Whois database contains full contact details for
registrants and their administrative and technical
contacts.
This contradicts certain privacy laws.
Consumers complain about breaches of privacy and
spam.
The Whois database is used to harvest addresses for
spam, credit card fraud, and other fraudulent
purposes.
Interim Solutions
While long term technical solutions, such as
CRISP, are encouraged, interim industrywide solutions are also available.
• Web-based Whois – password protection
• Port 43 Whois
– Limited list of IP addresses
– Tiered access
Web-based Whois
• Registrar uses a mechanism to make the Whois output non
computer readable.
• Examples:
– eNom (output email and other information is a gif)
– GoDaddy / NSI (enter a number displayed as gif before
getting access to the Whois information).
• Impact on registries
– In case of “fat registries,” also use mechanism to make
the output information not computer readable, or
display only thin registries’ output.
– In case of “thin registries,” no change.
Port 43 – Alternatives to Prevent Data Mining
1. Limited List of IP addresses.
•
•
For registrars, registries, approved IP and law
enforcement users, and other limited list of
licensees, based on agreed rules.
Approved list maintained by registrars – not
ICANN. List based on central list of criteria.
2. Tiered access – data output tiered
according to the type of user requesting
access.
•
E.g., registrar gets full data, vetted IP user
gets full data, non-vetted requestor does not
get email addresses.
Port 43 – ad hoc approach today
Registrars can any of these:
• Block specific IP addresses associated with
– Spikes in usage; or
– Known mining of data,
• Return truncated responses in such cases, or
• Slow down response time in such cases.
• Return text-based responses that are more
difficult to mine.