[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access
Rob Golding
rob.golding at astutium.com
Wed May 31 00:06:23 UTC 2017
Allison asked ...
> define abuse because i am not sure how to abuse thin data
It's difficult to describe how thin data is abused currently without
knowing exactly which items will be in the "thin data list", but 2 items
which are constantly and continuously used to abuse are
* expiry date
* status
With fake renewal notices, seo solicitations, dodgy transfer attempts,
social engineering on hosts and many other scams
Some registrar WHOIS excludes status, I imagine for that reason.
Rob wrote ...
> All I need is the domain name to start with, dig the nameservers for
> the domain, and then dig the SOA.
> Importantly, I DO NOT NEED "whois" or anything else similar to get to
> these data records
Which is exactly why including them in whois/rds is just going to add
bloat and errors.
If "thin data" was restricted to
* domain name
* registrar
Then I'd have no problem with unauthenticated queries (subject to
sensible rate limiting etc) - beyond that I think people need to say who
they are and why they want the information
Rob
More information about the gnso-rds-pdp-wg
mailing list