[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
pkngrds at klos.net
pkngrds at klos.net
Sun Feb 18 15:09:18 UTC 2018
On 2/18/2018 9:14 AM, consult at cgomes.com wrote:
>
> Patrick,
>
> Let me first call attention to the fact that I cc’d the leadership
> team so that they can judge whether my suggestion was ridiculous or not.
>
Let me call attention to the fact that I cc'd the entire list so the
community can be involved in the conversation as well. (as you say "we
all have to work collaboratively in this WG")
> I am not in a position to determine what the truth is in this situation,
>
Well, I AM in such a position because IT HAPPENED TO ME.
> but, even if you are correct in your assessment, giving Sara a chance
> to respond to your strong accusation privately
>
Big companies like GoDaddy will not respond privately - it's beneath
them. Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every
opportunity to do so, either privately or publicly. I have not heard a
peep from her.
> would be much more respectful than making your accusation publicly.
>
It's not an accusation - it's a statement of facts. I welcome Sara
and/or GoDaddy to present any evidence to the contrary.
> Email communications are very easily misunderstood and/or poorly
> expressed. I do not know whether that is the case here or not; I am
> sure you do not believe that is the case, but giving her the benefit
> of the doubt and asking her to explain further privately would have
> been a much better approach in my opinion.
>
As I said, I have no reason to believe she would respond to a private
discussion of this matter. I have tried several time to discuss
GoDaddy's port 43 restrictions with them and they would not respond to
me. GoDaddy is too big to care about the opinions of a single
anti-phishing anti-spam anti-abuse advocate that disagrees with
GoDaddy's illegal restrictions on port 43 WHOIS.
> The fact is that we all have to work collaboratively in this WG.
>
Which is why this should be discussed on the list as well. I know I'm
not the only person on the list that feels this way.
Patrick Klos
Phishcop Admin
> Chuck
>
> *From:*pkngrds at klos.net [mailto:pkngrds at klos.net]
> *Sent:* Saturday, February 17, 2018 1:20 PM
> *To:* consult at cgomes.com
> *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois
> and GDRP
>
> On 2/17/2018 2:11 PM, consult at cgomes.com <mailto:consult at cgomes.com>
> wrote:
>
> Patrick,
>
> If you are going to specifically criticize a company by name,
> please do that directly with that company and not on this list.
>
> Chuck
>
>
> That's ridiculous.
>
> Sara Bockey, representing GoDaddy, made statements on the list that do
> not reflect the truth. It is my obligation to refute her claims
> publicly on the same forum her original statements were made.
>
> Patrick Klos
> Klos Technologies, Inc. and Phishcop Admin
>
>
> *From:*gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org]
> *On Behalf Of *pkngrds at klos.net <mailto:pkngrds at klos.net>
> *Sent:* Friday, February 16, 2018 3:35 PM
> *To:* gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
> *Subject:* Re: [gnso-rds-pdp-wg] Krebs On Security article RE
> whois and GDRP
>
> On 2/16/2018 5:22 PM, Sara Bockey wrote:
>
> Not only is our decision to mask customer information in
> Port43 completely unrelated to GDPR, but it results
> directly from attacks by third parties who harvest and
> sell our customers’ personal information.
>
>
> I don't know what precipitated this conversation, but I will jump
> in here based on my actual experience.
>
> To say "it results directly from attacks by third parties
> who harvest and sell our customers’ personal information" is a
> complete lie!
>
> GoDaddy has blocked MANY IP addresses I've attempted to use port
> 43 WHOIS on with absolutely no due process! And I can say with
> absolute certainty that I and my IP addresses were not involved in
> any form of "attack(s) by third parties".
>
> But if I wanted to continue fighting phishing, spammers and other
> abuses without being forced to use GoDaddy's cumbersome web
> interface (with their stupid "I'm not a robot" and "Choose all the
> pictures that have a goldfish in them" games) to process each
> WHOIS request, I would have to give in to GoDaddy's illegal
> blocking (restricted WHOIS output) and sign their "whitelist
> request" to get myself back to business!!!
>
>
>
> Given the onslaught of spam and robo-calls our customers have
> been receiving – often within minutes of registering a domain
> name—we felt that action was required, if not overdue.
>
>
> I'm not sure I can see how port 43 WHOIS requests can be used to
> determine new domain registrations in the way you imply? Maybe
> you can share how that works??
>
>
>
> WHOIS information is still very much available for any & all
> domain names via our web-based WHOIS tool,
>
>
> It may be available, but it's quite cumbersome and a waste of good
> peoples' time!!
>
>
>
> However, bulk access by anonymous users is no longer supported.
>
>
> I didn't know "bulk access by anonymous users" was ever a
> thing?!? If you were intent on blocking "bulk access", why should
> that have impacted port 43 WHOIS requests for single domains???
>
>
>
> I also note that during this entire process, we have kept
> ICANN informed of both the attacks on our Port43 systems
>
>
> Please provide the evidence of my "attacks" that you've provided
> to ICANN to justify your restricting WHOIS data to any of my IP
> addresses.
>
>
>
> as well as our efforts to mitigate them. Our actions
> are justified and to imply otherwise is not only inaccurate
> but does nothing to move this PDP forward.
>
>
> Your actions were unilateral and (in my opinion) violated your
> registrar agreement(s) with ICANN. You're allowed to block
> ABUSIVE behavior, but you blocked many many requests with
> absolutely no evidence of abuse! How can you justify that???
>
> Patrick Klos
> Phishcop Admin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180218/25f4e61b/attachment.html>
More information about the gnso-rds-pdp-wg
mailing list