At 3:43 PM -0500 12/28/00, Ross Wm. Rader wrote:
>The information that I think that you are referring to is already being
>shared with the world via whois, zone files etc.
Question:
Will they find out that information before or after it becomes committed to
the public sources of information (e.g., the whois db).
If YES, then that's an issue. If NOT, then their service is mildly useless
as it is no different than someone polling the whois server regularly.
> On the other hand, if you
>are under the impression that SnapNames is somehow going to find out how
>many domain names Derek Balling Inc. has sold in the last 24 hours via this
>system, or our cooperation, then you are mistaken - it simply isn't
>transmitted *anywhere* because the RRP doesn't support it as part of it's
>documented payload. We could modify the payload, but as I understand it,
>Snapnames only requires the RRP payload for their purposes (and quite
>frankly, we've got better things to do than muck about with new protocol
>design and implementations).
How about how many domain names Derek's Customer Inc. has purchased?
And again, do they get this information in a manner that is on equal
footing with others and at the same time as others (e.g., at the same time
as the registry whois db is updated, etc.)
>The privacy issues already exist. It basically boils down to the reality
>that if you don't want people to know anything about your registration
>activities, then don't register a domain name.
No, it boils down to "I don't want people to know about my domain name
registration activities until after my activities are completed." After I
register a domain name, when it is listed in the public information
sources, then you have a "right" (loosely defined) to know that I have
registered a domain. When my domain ceases to be listed in the whois
servers, that's when you have a "right" to know it is gone. The same as any
other schmoe on the net, and with the same chances of success for
registering it.
Further, if they are getting notified about non-zonefile changes (e.g.,
changes to contacts, organization names, etc.) that makes what was once
very public but very hard to abuse data (e.g., its hard to scan every
domain's whois record daily looking for contact changes) into basically
"whois diff's", which is easily abused with very little gain to the
domain-holder.
> All of the theoretical
>privacy violations I have seen raised about this issue already hold true for
>zone file publications and whois data. Bar none.
There are two issues:
1.) Timeliness of data: SnapNames has no right to receive the data about
changes/additions/deletions before anyone else does.
2.) Obscurity of whois data: Previously the data in WHOIS was difficult to
parse daily for changes across the entire namespace. If SnapNames is given
daily update information about organization/contact changes, that's a
radical change in the level of annoyance from what we've grown to accept in
WHOIS abuse. Near as I can tell, nothing grants them under the ICANN
agreements any rights to request what amount to diff's on the WHOIS
database.
D
--
+---------------------+-----------------------------------------+
| [EMAIL PROTECTED] | "Conan! What is best in life?" |
| Derek J. Balling | "To crush your enemies, see them |
| | driven before you, and to hear the |
| | lamentation of their women!" |
+---------------------+-----------------------------------------+
