[tech-whois] A follow up session in San Francisco?
Michael Young
michael at mwyoung.ca
Tue Mar 8 19:20:58 UTC 2011
"- access control, which most WHOIS providers have implemented at the TCP/IP
level
Without source address validation, IP level access control is not
sufficient. Even with IP level access control, the granularity of access
control is arguably less than one might want in a future incarnation of a
Whois service. For example, an IP level access control does not accommodate
a future policy that might block a user of group X from accessing to a
subset of registration data elements {b} while allowing a user of group Y
access to those elements. A robust directory service protocol ought to
accommodate this."
First of all I agree with this point but let me reinforce/add that the
current rate limiting methodologies based on traffic from source IPs becomes
much trickier with IPv6. I don't see any practical reason why every user of
a whois service shouldn't have to authenticate to get a response. Just
because its a free public service doesn't mean someone seeking the data
can't sign up for a user ID. Sign up systems can be automated and protected
from machine based registration, subsequent whois lookups would always be
tied to User ID and usage policy enforcement can be made against individuals
instead of IP addresses. You can also create classes of users with different
traffic policy expectations (provided you were still in compliance with any
contractual obligations).
I know this is a fundamental change from today, but the more I think about
it, the more I see the practicality and operational sensibility in going
that route.
Best Regards,
Michael Young
M:+1-647-289-1220
-----Original Message-----
From: tech-whois-bounces at icann.org [mailto:tech-whois-bounces at icann.org] On
Behalf Of Smith, Bill
Sent: March-08-11 1:22 PM
To: Dave Piscitello
Cc: tech-whois at icann.org
Subject: Re: [tech-whois] A follow up session in San Francisco?
On Mar 7, 2011, at 12:13 PM, Dave Piscitello wrote:
On 3/7/11 2:45 PM, "Jay Daley" <jay at nzrs.net.nz<mailto:jay at nzrs.net.nz>>
wrote:
[snipped]
The only two that cannot be addressed this way are:
- authentication, which is the feature where I think we are talking about a
very different protocol from WHOIS
Agree.
Why would we consider requiring authentication when accurate WHOIS
information is available to the public?
- access control, which most WHOIS providers have implemented at the TCP/IP
level
Without source address validation, IP level access control is not
sufficient. Even with IP level access control, the granularity of access
control is arguably less than one might want in a future incarnation of a
Whois service. For example, an IP level access control does not accommodate
a future policy that might block a user of group X from accessing to a
subset of registration data elements {b} while allowing a user of group Y
access to those elements. A robust directory service protocol ought to
accommodate this.
With respect, I trust we aren't talking about a directory service for the
Internet public.
_______________________________________________
tech-whois mailing list
tech-whois at icann.org<mailto:tech-whois at icann.org>
https://mm.icann.org/mailman/listinfo/tech-whois
_______________________________________________
tech-whois mailing list
tech-whois at icann.org
https://mm.icann.org/mailman/listinfo/tech-whois
More information about the tech-whois
mailing list