[gnso-rds-pdp-wg] [For Background] APWG report on phishers use of Domain Name System

allison nixon elsakoo at gmail.com
Thu Jun 29 20:04:18 UTC 2017 

I access WHOIS data and derivatives through various portals and I do not
assume that my queries are truly anonymous, but I trust the companies I do
business with far more than the companies I query against.

If we accept gated access as a solution, we need convincing proof, not
empty promises.

-The gated access cannot have an inferior user interface compared to
current tools
-The gated access cannot have an inferior dataset
-The gated access cannot cost more money
-The gated access cannot expose defenders to risk from the same
registrants/registrars attacking them
-The gated access cannot be designed such that corrupt registrars or
jurisdictions can obstruct
-The gated access cannot block us from secondary processing necessary to
defend our networks

The gated system is supposed to replicate in a closed system what the open
system has accomplished naturally. This is an exceedingly difficult task,
and the price of failure is high.

If we close the WHOIS system, and start collecting personal data from
people with the new understanding that it is closed, and if the gated
system utterly fails, we may not have the option of ever re-opening it.

-----------------------------------------------------------------

also +1 for using WHOIS data to differentiate between abused infrastructure
and criminal infrastructure. Does anyone remember in 2014 when the
legitimate DNS provider No-IP lost all its domains due to a court order?
That is exactly what happens when someone can't differentiate. It probably
isn't a coincidence that before the incident, noip.com was behind WHOIS
privacy, and after the incident, the company's address and contact info is
in the WHOIS. These are significant risks for an unreachable property
owner- they can lose their property.

Users need to be educated about all the risks so they can weigh them in a
manner that makes the most sense for their situation. It's not just junk
mail.

What happened to No-IP is more rare nowadays because investigators can
differentiate. Some here have argued that court orders should be required
to obtain WHOIS data. While I appreciate your faith in our government, I
can say from a realistic standpoint that once someone has sunk the massive
time and money to get a court order, they aren't going to ask for WHOIS
data. They're going to raid the datacenter and get all customers' data, and
kitchen sink. There are many historical examples of this, all stem from
inability to differentiate a criminal from their neighbors in the early
stages. This is less of a problem than it used to be. Making infrastructure
opaque brings us back to those days.

People attempting to engage in privacy activism need to understand these
histories because there is a serious risk of unintended consequences.
Privacy isn't a zero sum game, but it can be if the rulemakers don't
understand how the game works.



On Thu, Jun 29, 2017 at 11:00 AM, Paul Keating <paul at law.es> wrote:

> The biggest issues i have with gating are centered around inconsistency
> and the loss of anonymity on the part of the requesting party.   I can see
> a compromise in which gating is acceptable with the requirement that the
> conditions/standards applied for gating are neutral as to the requesting
> party and are laid out in concrete so as to not change.
>
> Sent from my iPad
>
> > On 28 Jun 2017, at 12:31, "benny at nordreg.se" <benny at nordreg.se> wrote:
> >
> > I don’t want to start a long discussion on this topic, but only point
> out that a gated access designed right will not stop any of you from doing
> the same work as I see it.
> > --
> > Med vänliga hälsningar / Kind Regards / Med vennlig hilsen
> >
> > Benny Samuelsen
> > Registry Manager - Domainexpert
> >
> > Nordreg AB - ICANN accredited registrar
> > IANA-ID: 638
> > Phone: +46.42197080
> > Direct: +47.32260201
> > Mobile: +47.40410200
> >
> >> On 28 Jun 2017, at 13:26, gnso-rds-pdp-wg at icann.org wrote:
> >>
> >> Thanks for chiming in and largely that was my point. I understand that
> several people have concerns about the privacy of registrants in whois.
> What I don't feel gets sufficient appreciation is that having access to
> whois data helps investigate and PREVENT large security and privacy risks.
> For instance, the recent malware outbreak that started in Ukraine
> (Petya/NotPetya). I can be more explicit on that when its over.
> >>
> >> --
> >> John Bambenek
> >>
> >>> On Jun 28, 2017, at 06:18, Rod Rasmussen <rod at rodrasmussen.com> wrote:
> >>>
> >>> Thanks John - and let me point out that the authors are here at the
> meeting in JNB. :-)
> >>>
> >>> Feel free to ping Greg or I on particular aspects of the report -
> especially if you’re here at the meeting and have some questions.  One
> thing I can assure you having done the lions’ share of the data “crunching”
> is that whois was an invaluable part of being able to deliver various
> stats, classify fraudulent domains vs. compromised ones, and determine
> providers of subdomain reselling services to name a few.  It was necessary
> to really make sense out of a lot of this data to deliver value to the
> community around how these activities are affecting various parties in the
> ecosystem.
> >>>
> >>> Greg did a short post in CircleID on this as well:
> http://www.circleid.com/posts/20170627_phishing_the_worst_
> of_times_in_the_dns/
> >>>
> >>> Cheers,
> >>>
> >>> Rod
> >>>
> >>>> On Jun 27, 2017, at 9:42 AM, John Bambenek via gnso-rds-pdp-wg <
> gnso-rds-pdp-wg at icann.org> wrote:
> >>>>
> >>>> http://docs.apwg.org/reports/APWG_Global_Phishing_Report_
> 2015-2016.pdf
> >>>>
> >>>> Relevant to our discussions.
> >>>>
> >>>> --
> >>>> --
> >>>>
> >>>> John Bambenek
> >>>>
> >>>> _______________________________________________
> >>>> gnso-rds-pdp-wg mailing list
> >>>> gnso-rds-pdp-wg at icann.org
> >>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >>>
> >>
> >> _______________________________________________
> >> gnso-rds-pdp-wg mailing list
> >> gnso-rds-pdp-wg at icann.org
> >> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> >
> > _______________________________________________
> > gnso-rds-pdp-wg mailing list
> > gnso-rds-pdp-wg at icann.org
> > https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
>



-- 
_________________________________
Note to self: Pillage BEFORE burning.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20170629/200293d2/attachment.html>

More information about the gnso-rds-pdp-wg mailing list