ICANN Working Group Seeks To Kill WHOIS

← Back to Stories (view on slashdot.org)

ICANN Working Group Seeks To Kill WHOIS

Posted by Soulskill on Tuesday June 25, 2013 @04:08PM from the your-computer-is-broadcasting-an-ip-address dept.

angry tapir writes "An Internet Corporation for Assigned Names and Numbers working group is seeking public input on a successor to the current WHOIS system used to retrieve domain name information. The Expert Working Group on gTLD Directory Services has issued a report that recommends a radical change from WHOIS, replacing the current system with a centralized data store maintained by a third party that would be responsible for authorizing 'requestors' who want to obtain domain information."

14 of 155 comments (clear)

Min score:

Reason:

Sort:

not having read TFA by Tastecicles · 2013-06-25 16:12 · Score: 5, Informative

Is the submitter trying to tell us that this third party is potentially a commercial venture intended to collect fees on $whois$ queries, which would also be dependent on giving a damn good reason for wanting to know who owns $domain?
BTW, I think the headline is a: alarmist and b: misleading. It would be better written as "ICANN Working Group seeks to replace WHOIS."

--
Operation Guillotine is in effect.
1. Re:not having read TFA by Samantha+Wright · 2013-06-25 16:20 · Score: 5, Informative
  
  Here's your answer:
  
  "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.
  Basically, they'd be extracting a licensing fee from the current people you go to for WHOIS lookups. Arguably this could be called "killing" WHOIS since it means taking away its... free spirit.
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
2. Re:not having read TFA by black3d · 2013-06-25 16:24 · Score: 5, Informative
  
  No specific word from the article on charges per se, however I don't think "seeks to kill WHOIS" is alarmist. The plan is to basically remove the WHOIS system, and instead have all the data managed by a "third party", to whom you have to apply to if you want any information on a particular domains ownership, rather than they automated system we have now.
  
  FTA:
  Access to the 'live' domain records maintained by gTLD registries would also be possible via the ARDS "upon request and subject to controls to deter overuse or abuse of this option". "Requestors" – people who want to query the data maintained by ARDS – would have to apply for the right to access domain information.
  
  --
  "The true measure of a person is how they act when they know they won't get caught." - DSRilk
3. Re:not having read TFA by icebike · 2013-06-25 17:04 · Score: 5, Interesting
  
  I'm fine with whois, even though it has been steadily degraded by private registrations recently.
  I'm not convinced there is any realistic reason this information needs to be private, although I might feel differently if i lived somewhere else in the world where angry armed mods drag you from your home for expressing a view point. On the flip side of that, simply knowing that your information is available tends to induce better behavior on the Web.
  But by and large, I think people should be able to know who owns a site, or who is fronting for the owner. It helps a great deal when trying to track down and report abuse.
  I rather suspect mine is not a popular view.
  
  --
  Sig Battery depleted. Reverting to safe mode.
Single point of failure. by Anonymous Coward · 2013-06-25 16:15 · Score: 5, Insightful

A corporation is a single point of failure. As ICANN repeatedly demonstrates.
Horrible for network security... by marciot · 2013-06-25 16:25 · Score: 5, Informative

As a system admin, I tend to use WHOIS to figure out who is hitting my firewall, or to investigate if traffic is flowing to suspicious domains. Would really suck if WHOIS became a pay service, making it easier for the bad guys to hide.
1. Re:Horrible for network security... by icebike · 2013-06-25 17:32 · Score: 5, Insightful
  
  If i was getting paid each time you wanted to find out who was attacking you, I might be tempted to make sure you were attacked more often... Just sayin...
  
  --
  Sig Battery depleted. Reverting to safe mode.
How monetize "whois"... by Macdude · 2013-06-25 16:26 · Score: 5, Insightful

This is all about setting up a system to charge for access to 'whois' information. Phrases like "authorizing 'requestors'" is code for charging users.

--
"Grab them by the pussy" -- President of the United States of America
I don't like the sound of this by Sean · 2013-06-25 16:27 · Score: 5, Insightful

What we need is a standard format for WHOIS responses. What we don't need is some monopoly gatekeeper.
1. Re:I don't like the sound of this by Sean · 2013-06-25 17:56 · Score: 5, Insightful
  
  You don't have to answer all of them. You don't have to directly answer their questions either. You could just say things like:
  - I don't want this. This system is not in my best interest.
  - I don't want to register with anyone to query this data.
  - Abuse mitigation should be handled by each registrar, this is a good way for them to differentiate themselves.
  - I don't want to pay for this system at all
  - Law enforcement should be given no special access at all. Nobody should accredit them.
  You could also contact your registrar if you own a lot of domains and let them know you don't support this move at all. Ask them to oppose it.
Stupid Idea by Etherwalk · 2013-06-25 16:28 · Score: 5, Insightful

There should be a way for any person to contact any domain owner or domain-owning company. Putting a service in to vet requests will make it harder.
This is bad. And less transparent. And less distributed. And more expensive.
Re:Did i just read... by gandhi_2 · 2013-06-25 16:35 · Score: 5, Informative

Once upon a time the US Government was THE Consortion for assigned names and numbers. They were THE registrar.
They gave it up.

--
THL phish sticks
Re:Did i just read... by Opportunist · 2013-06-25 16:56 · Score: 5, Insightful

Good ol' times. Back when we were the free world. Remember those times? Life was good. The older ones might even remember it.
Be honest. Do you think this would happen now?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Having read TFA and the propsal by Frobnicator · 2013-06-25 17:58 · Score: 5, Informative

They are not talking about blocking all access to the data.
They propose keeping a good portion of the existing data available through anonymous public requests, exactly the way current WHOIS system works today. The big difference is that there will be a single source; you won't need to do the two-step process currently in place.
They are also proposing adding additional contact fields that have been frequently requested for WHOIS data.
They are also proposing limiting access to some data, in particular limiting the data traditionally used to scam people with fake DNS renewals. In particular it does not talk about refusing access, simply limiting the requests to authenticated users to prevent thinks like bulk-searches that scammers frequently use. The report recommends only limited fields require authenticated access, not those used commonly by individuals or by website administrators for abuse mitigation.
Finally, they are proposing adding new advanced search capabilities that are useful for ISPs (and also private and government surveillance) that are not currently available, but will be very useful for domain abusers spanning many TLDs.

--
//TODO: Think of witty sig statement