[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Paul Keating
Paul at law.es
Tue Feb 20 11:55:55 UTC 2018
Chuck,
Am I to understand that the issue of what Registrars actually make available
is NOT a subject of this WG? I thought that much of the previous threads
were about the issue of GDPR restrictions vs restrictions that are
self-imposed by Registrars.
I am not trying to beat up upon GD here. I have been clear in making my
concerns known that many members who largely are registrar reps have taken a
very broad approach to what is and is not prohibited by the GDPR and I have
continuously tried to counterbalance those comments.
Respectfully,
Paul
From: <consult at cgomes.com> on behalf of <consult at cgomes.com>
Date: Tuesday, February 20, 2018 at 12:34 PM
To: Paul Keating <paul at law.es>, <pkngrds at klos.net>
Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead at icann.org>,
<gnso-rds-pdp-wg at icann.org>
Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
> All,
>
> This is an issue involving a third party and its customers. It is NOT a topic
> that should be discussed on this WG list, so please end this thread.
>
> Chuck
>
>
> From: Paul Keating [mailto:Paul at law.es]
> Sent: Tuesday, February 20, 2018 3:29 AM
> To: Sara Bockey <sbockey at godaddy.com>; pkngrds at klos.net; consult at cgomes.com
> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>;
> gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>
>
> Sara,
>
>
>
> You say:
>
>
>
> " This is impossible in an environment where Port 43 access is unregulated,
> and we can¹t distinguish legitimate users from bad guys. Therefore, we
> encourage folks to contact us about getting their IPs added to our whitelist."
>
>
>
>
>
> I find this difficult to swallow. With a white list program you can easily
> see the source of the traffic.
>
>
>
> As for the white list project the nature of the continued limitations show
> that there is no real intent to allow even the good guys to have access.
>
>
>
> Why are the Whitelist limitations so low?
>
>
>
> You are very clearly detracting from the ability of the security industry to
> do its work. I see no real reason for GD doing so other than (a) spite, or
> (b) wanting to create scarcity for economic reasons.
>
>
>
> Paul
>
>
>
> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Sara
> Bockey <sbockey at godaddy.com>
> Date: Monday, February 19, 2018 at 9:03 PM
> To: "pkngrds at klos.net" <pkngrds at klos.net>, "consult at cgomes.com"
> <consult at cgomes.com>
> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>,
> "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>
>
>>
>> Patrick and WG members:
>>
>> It is indeed true that our Port43 service is being attacked and our customer
>> data is being harvested and abused. This is corroborated by numerous
>> industry news reports and stories shared by our customers. Our first
>> responsibility is to our customers, and to safeguard their personal
>> information. This is impossible in an environment where Port 43 access is
>> unregulated, and we can¹t distinguish legitimate users from bad guys.
>> Therefore, we encourage folks to contact us about getting their IPs added to
>> our whitelist.
>>
>> Our position on this has been clear and consistent. This will be my last
>> communication on this topic since it does not further our work in this PDP.
>>
>> Sara
>>
>>
>> sara bockey
>> sr. policy manager | GoDaddy
>> sbockey at godaddy.com <mailto:sbockey at godaddy.com> 480-366-3616
>> skype: sbockey
>>
>> This email message and any attachments hereto is intended for use only by the
>> addressee(s) named herein and may contain confidential information. If you
>> have received this email in error, please immediately notify the sender and
>> permanently delete the original and any copy of this message and its
>> attachments.
>>
>>
>>
>> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
>> "pkngrds at klos.net" <pkngrds at klos.net>
>> Date: Sunday, February 18, 2018 at 8:09 AM
>> To: "consult at cgomes.com" <consult at cgomes.com>, "pkngrds at klos.net"
>> <pkngrds at klos.net>
>> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>,
>> "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>
>>
>>
>> On 2/18/2018 9:14 AM, consult at cgomes.com <mailto:consult at cgomes.com> wrote:
>>>
>>> Patrick,
>>>
>>> Let me first call attention to the fact that I cc¹d the leadership team so
>>> that they can judge whether my suggestion was ridiculous or not.
>>
>> Let me call attention to the fact that I cc'd the entire list so the
>> community can be involved in the conversation as well. (as you say "we all
>> have to work collaboratively in this WG")
>>
>>
>>
>>>
>>> I am not in a position to determine what the truth is in this situation,
>>
>> Well, I AM in such a position because IT HAPPENED TO ME.
>>
>>
>>
>>>
>>> but, even if you are correct in your assessment, giving Sara a chance to
>>> respond to your strong accusation privately
>>
>> Big companies like GoDaddy will not respond privately - it's beneath them.
>> Believe me, I've tried.
>>
>> If Sara was interested in responding to my claims, she has had every
>> opportunity to do so, either privately or publicly. I have not heard a peep
>> from her.
>>
>>
>>
>>>
>>> would be much more respectful than making your accusation publicly.
>>
>> It's not an accusation - it's a statement of facts. I welcome Sara and/or
>> GoDaddy to present any evidence to the contrary.
>>
>>
>>
>>>
>>> Email communications are very easily misunderstood and/or poorly expressed.
>>> I do not know whether that is the case here or not; I am sure you do not
>>> believe that is the case, but giving her the benefit of the doubt and asking
>>> her to explain further privately would have been a much better approach in
>>> my opinion.
>>
>> As I said, I have no reason to believe she would respond to a private
>> discussion of this matter. I have tried several time to discuss GoDaddy's
>> port 43 restrictions with them and they would not respond to me. GoDaddy is
>> too big to care about the opinions of a single anti-phishing anti-spam
>> anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on
>> port 43 WHOIS.
>>
>>
>>
>>>
>>> The fact is that we all have to work collaboratively in this WG.
>>
>> Which is why this should be discussed on the list as well. I know I'm not
>> the only person on the list that feels this way.
>>
>> Patrick Klos
>> Phishcop Admin
>>
>>
>>
>>>
>>> Chuck
>>>
>>>
>>>
>>> From:pkngrds at klos.net <mailto:pkngrds at klos.net> [mailto:pkngrds at klos.net
>>> <mailto:pkngrds at klos.net> ]
>>> Sent: Saturday, February 17, 2018 1:20 PM
>>> To: consult at cgomes.com <mailto:consult at cgomes.com>
>>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>>
>>>
>>> On 2/17/2018 2:11 PM, consult at cgomes.com <mailto:consult at cgomes.com> wrote:
>>>> Patrick,
>>>>
>>>> If you are going to specifically criticize a company by name, please do
>>>> that directly with that company and not on this list.
>>>>
>>>> Chuck
>>>
>>> That's ridiculous.
>>>
>>> Sara Bockey, representing GoDaddy, made statements on the list that do not
>>> reflect the truth. It is my obligation to refute her claims publicly on the
>>> same forum her original statements were made.
>>>
>>> Patrick Klos
>>> Klos Technologies, Inc. and Phishcop Admin
>>>
>>>
>>>
>>>
>>>>
>>>>
>>>>
>>>> From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org> ] On Behalf Of pkngrds at klos.net
>>>> <mailto:pkngrds at klos.net>
>>>> Sent: Friday, February 16, 2018 3:35 PM
>>>> To: gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>>>
>>>>
>>>> On 2/16/2018 5:22 PM, Sara Bockey wrote:
>>>>> Not only is our decision to mask customer information in Port43 completely
>>>>> unrelated to GDPR, but it results directly from attacks by third parties
>>>>> who harvest and sell our customers¹ personal information.
>>>>
>>>> I don't know what precipitated this conversation, but I will jump in here
>>>> based on my actual experience.
>>>>
>>>> To say "it results directly from attacks by third parties who harvest and
>>>> sell our customers¹ personal information" is a complete lie!
>>>>
>>>> GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS
>>>> on with absolutely no due process! And I can say with absolute certainty
>>>> that I and my IP addresses were not involved in any form of "attack(s) by
>>>> third parties".
>>>>
>>>> But if I wanted to continue fighting phishing, spammers and other abuses
>>>> without being forced to use GoDaddy's cumbersome web interface (with their
>>>> stupid "I'm not a robot" and "Choose all the pictures that have a goldfish
>>>> in them" games) to process each WHOIS request, I would have to give in to
>>>> GoDaddy's illegal blocking (restricted WHOIS output) and sign their
>>>> "whitelist request" to get myself back to business!!!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> Given the onslaught of spam and robo-calls our customers have been
>>>>> receiving often within minutes of registering a domain namewe felt that
>>>>> action was required, if not overdue.
>>>>
>>>> I'm not sure I can see how port 43 WHOIS requests can be used to determine
>>>> new domain registrations in the way you imply? Maybe you can share how
>>>> that works??
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> WHOIS information is still very much available for any & all domain names
>>>>> via our web-based WHOIS tool,
>>>>
>>>> It may be available, but it's quite cumbersome and a waste of good peoples'
>>>> time!!
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> However, bulk access by anonymous users is no longer supported.
>>>>
>>>> I didn't know "bulk access by anonymous users" was ever a thing?!? If you
>>>> were intent on blocking "bulk access", why should that have impacted port
>>>> 43 WHOIS requests for single domains???
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> I also note that during this entire process, we have kept ICANN informed
>>>>> of both the attacks on our Port43 systems
>>>>
>>>> Please provide the evidence of my "attacks" that you've provided to ICANN
>>>> to justify your restricting WHOIS data to any of my IP addresses.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> as well as our efforts to mitigate them. Our actions are justified and to
>>>>> imply otherwise is not only inaccurate but does nothing to move this PDP
>>>>> forward.
>>>>
>>>> Your actions were unilateral and (in my opinion) violated your registrar
>>>> agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you
>>>> blocked many many requests with absolutely no evidence of abuse! How can
>>>> you justify that???
>>>>
>>>> Patrick Klos
>>>> Phishcop Admin
>>>
>>
>>
>>
>>
>> _______________________________________________ gnso-rds-pdp-wg mailing list
>> gnso-rds-pdp-wg at icann.org
>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180220/57503e46/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list