[gnso-rds-pdp-wg] Fwd: Equifax hack worse than previously thought: Biz kissed goodbye to card expiry dates, tax IDs etc

Andrew Sullivan ajs at anvilwalrusden.com
Wed Feb 14 00:35:27 UTC 2018 

On Tue, Feb 13, 2018 at 06:56:24PM +0100, Theo Geurts wrote:

> I think some of us are still mystified that there are no "huge" issues in
> 147 million ccTLDs while there seems to be "huge" issues with 181 million
> gTLDs ,25% of them using privacy proxy services.

Nobody said that there are going to be _huge_ issues with any of this.
Mostly, Internet protocols work, and work properly, and one rarely
needs to contact people out of band.

The _problem_ is when you _do_ need to contact people.  Those cases,
which represent a tiny minority of cases, can nevertheless be very
bad.  And I am sorry to note that the number of Internet-scale domains
that appear in a single ccTLD is small, with a couple exceptions among
the ccTLDs.

And, as I've now said so often that I can barely care enough to say it
again, the Internet is a distributed-operation system that does not
depend on all the parties being in any contractual relationship with
each other.  The cost of having a network built that way -- one that
has turned out to take over every other kind of network it has touched
-- is that people who don't already know each other need to be able to
get in touch.  And to do that, the data has to be available
_somewhere_ such that someone who happens to need it can get to it.

I am pretty sceptical that this includes mailing and street addresses.
I am pretty confident that phone numbers might well be in the list of
stuff that is critical.

> Personally I am more mystified why we keep on relying on WHOIS to combat
> such issues while the abuse rate goes up in the gTLD space each year.
> Perhaps time to come up with something better?

Given that the IETF has now produced _four_ differnet better answers,
for various meanings of "better", than whois, it is even more
mystifying to those of us who did some of that work.  IRIS, indeed,
was done explicitly at the behest of ICANN (when the IETF was still
the protocol supporting organization), and was deployed by very close
to nobody.

Best regards,

A

-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list