Sign in / up

back to article The internet's Middle East problem: Who is going to do something about Whois?

The issue of what to do about Whois – the registration data for domain names – has reared its ugly head yet again, as it has over and over for the past 15 years. In the latest twist, the Electronic Frontier Foundation (EFF) has sent a terse note to domain overseer ICANN over its latest effort to review the Whois service and …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Ken Moorhouse Silver badge

    IMHO

    If every time we received an email or visited a link on a website we had the ability (if we wanted to) to easily look up Whois information for that link then the quantity of malware infections arising from such activity would plummet.

    If people choose to hide behind a proxy, that's fine, but don't expect me to go clicking on a link that is supposed to be from e.g., Paypal when it's owner chooses to hide their identity.

    4 0 Reply
    1. Allan George Dyer
      Reply Icon
      Joke

      Re: IMHO

      If I'm trusting a site with money then I expect it to have a valid TLS certificate, issued by an organisation I trust, like... Oh bugger!

      As we have two completely different systems, Whois and TLS, that both attempt to address aspects of the same problem: identity on the net and fail spectacularly then I predict the only possible way forwards is to develop a third solution that neatly combines the flaws of both while addressing an entirely different aspect and failing.

      Icon? I wish I were.

      10 0 Reply
      1. Anonymous Blowhard
        Reply Icon

        Re: IMHO

        I would never trust the "WHOIS" to identify the "owner", and therefore the trustworthiness, of a site; so this aspect is clearly a red herring, there's no money riding on this, other than for lawyers, but as other commentards have pointed out there may be people's lives on the line.

        One option could be the concept of a "trusted domain" where the owner pays more for the registry to validate credentials; if you want to be anonymous then you won't be able to apply for a "trusted domain", and this would be reflected in the WHOIS data?

        5 0 Reply
        1. ElReg!comments!Pierre
          Reply Icon

          Re: IMHO

          Actually there IS money on the line, but lives? I doubt it. Certainly not those of bloggers or isolated whistleblowers, who would be EXTREMELY unlikely to buy their own domain for such mundane activities. Real-world examples show that they use established blogging or micro-blogging structures and other foreign-based services, which often retain a LOT more information than whois, going as far as requesting scanned ID, proof of residence and/or bank statements, especially when they think your name sounds funny.

          On the other hand, setting up a domain is quite similar to setting up a brick-and-mortar business, and to do business you usually need to be registered, and the registration details are made available to the public; on the internet that's whois's role, that's basic customer protection, and it's not perfect but it kinda works. I don't think there should be a legal duty on the registrar to check that all this info is accurate, but contact info at a bare minimum, should be. There's no additional work in that: it's the info that the registrar uses for domain renewal etc, so they already know it to be accurate.

          It helps a great deal to alert domain owners of the ungodly ammount of spam gushing out of their backhole for example.

          0 0 Reply
    2. Doctor_Wibble
      Reply Icon

      Re: IMHO

      I don't think that's particularly unreasonable - handing over money needs a lot of trust though you'd need to be sure that the whois information has been properly checked and has not been blatantly hacked/overwritten.

      The main choice is to take payments directly or to be anonymous and use an agreed third party, assuming any customers not just blindly prodding the fondleslab are OK with that but it's not just about money - if someone is sending/receiving documents that have value or importance then you want to be sure that someone somewhere can be the starting point for finding out what happened to all that soon-to-be-seafront land I bought for when they build Otisburg.

      One prompted by a recent request - if the whois data states e.g. "Visit whois.aeda.ae for Web based WhoIs" then I expect that to work without having to trust that '.net.ae' is somehow the right guess and even then the domain information is more than just a bit short, having no dates on it at all. Was this never standardised, and should they not sort this out first?

      0 0 Reply
    3. NotWorkAdmin
      Reply Icon

      Re: IMHO

      IMHO this is more complicated than that. What if you're a secular blogger in Saudi Arabia where such activity carries the death penalty.

      5 0 Reply
  2. Eugene Crosser

    Failure?!

    I think ICANN chaps are doing their job marvellously. They are keeping layers and politicians (and journalists) debating with them, and getting angry at them, and demanding change, while the Internet chugs quietly behind, unscathed.

    4 0 Reply
  3. Warm Braw

    I can't help feeling this is a problem of ICANN's making

    With geographically-based domain names, there really isn't an issue: the country that owns the top-level domain name also has the legal jurisdiction to decide on the rules for registration therein.

    If they'd just stuck to that, they'd have been off the hook.

    2 0 Reply
  4. jake Silver badge

    15 years?

    About 30, actually.

    0 1 Reply
  5. TeeCee Gold badge
    Stop

    Really?

    ...next to the Middle East problem, this has got to be the longest problem on the planet.

    Oh I dunno. They've just come up with evidence of religious upheaval and iconoclasm around Stonehenge. As people are still vandalising other people's monuments 'cos the Sky Fairy told them to to this day, that's the thick end of 5000 years of that arsehattery and counting.

    Makes the Middle East look like a johnny-come-lately issue....

    4 0 Reply
  6. J.G.Harston Silver badge

    Schleswig-Holstein Question

    What exactly *IS* the WhoIs Problem?

    0 0 Reply
  7. Alan Brown Silver badge

    History

    WHOIS, IPv4 and DNS exist because someone got sick of the status quo and "just did it".

    ICANN is a shining example of why focus groups don't work (or come up with the wrong answers).

    If someone makes a better mousetrap, the world _will_ beat a path to his door. We should be concentrating on making ICANN irrelevant, not arguing about who holds the keys to the kingdom.

    6 0 Reply
  8. Crazy Operations Guy

    Verification at the registrar level

    My solution for this would be to require the registrars to verify the identity of the person registering the domain (this would also stop people from using stolen credit cards to register malware domains). For privacy, the WHOIS data could either contain the name of the person that verified the registrant or the registrant itself, if they wish to remain anonymous.

    They should also standardize the protocol so that it can be easily digested by browsers and the like. With this, I also propose that an additional field be added to WHOIS: a section on who is responsible for the certificates the website uses, and the Root authority of where that certificate is supposed to come from. If verification of ID is required anytime the WHOIS data is changed, it would help prevent spoofing a website since the cert wouldn't match the info in WHOIS.

    1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like