[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
consult at cgomes.com
consult at cgomes.com
Tue Feb 20 12:06:56 UTC 2018
No Paul. What registrars as a whole make available as RDS policy is
definitely a subject for this WG. But registrar practices that individual
registrars implement are not subjects for this WG; they are either ICANN
compliance issues or matters between the applicable registrar and its
customers.
I appreciate and recognize that you have been very constructive and thank
you for that.
Chuck
From: Paul Keating [mailto:Paul at law.es]
Sent: Tuesday, February 20, 2018 3:56 AM
To: consult at cgomes.com; pkngrds at klos.net
Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead at icann.org>;
gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Chuck,
Am I to understand that the issue of what Registrars actually make available
is NOT a subject of this WG? I thought that much of the previous threads
were about the issue of GDPR restrictions vs restrictions that are
self-imposed by Registrars.
I am not trying to beat up upon GD here. I have been clear in making my
concerns known that many members who largely are registrar reps have taken a
very broad approach to what is and is not prohibited by the GDPR and I have
continuously tried to counterbalance those comments.
Respectfully,
Paul
From: <consult at cgomes.com <mailto:consult at cgomes.com> > on behalf of
<consult at cgomes.com <mailto:consult at cgomes.com> >
Date: Tuesday, February 20, 2018 at 12:34 PM
To: Paul Keating <paul at law.es <mailto:paul at law.es> >, <pkngrds at klos.net
<mailto:pkngrds at klos.net> >
Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead at icann.org
<mailto:gnso-next-gen-rds-lead at icann.org> >, <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> >
Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
All,
This is an issue involving a third party and its customers. It is NOT a
topic that should be discussed on this WG list, so please end this thread.
Chuck
From: Paul Keating [mailto:Paul at law.es]
Sent: Tuesday, February 20, 2018 3:29 AM
To: Sara Bockey <sbockey at godaddy.com <mailto:sbockey at godaddy.com> >;
pkngrds at klos.net <mailto:pkngrds at klos.net> ; consult at cgomes.com
<mailto:consult at cgomes.com>
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org
<mailto:gnso-next-gen-rds-lead at icann.org> >; gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org>
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Sara,
You say:
" This is impossible in an environment where Port 43 access is unregulated,
and we can't distinguish legitimate users from bad guys. Therefore, we
encourage folks to contact us about getting their IPs added to our
whitelist."
I find this difficult to swallow. With a white list program you can easily
see the source of the traffic.
As for the white list project - the nature of the continued limitations show
that there is no real intent to allow even the good guys to have access.
Why are the Whitelist limitations so low?
You are very clearly detracting from the ability of the security industry to
do its work. I see no real reason for GD doing so other than (a) spite, or
(b) wanting to create scarcity for economic reasons.
Paul
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org
<mailto:gnso-rds-pdp-wg-bounces at icann.org> > on behalf of Sara Bockey
<sbockey at godaddy.com <mailto:sbockey at godaddy.com> >
Date: Monday, February 19, 2018 at 9:03 PM
To: "pkngrds at klos.net <mailto:pkngrds at klos.net> " <pkngrds at klos.net
<mailto:pkngrds at klos.net> >, "consult at cgomes.com <mailto:consult at cgomes.com>
" <consult at cgomes.com <mailto:consult at cgomes.com> >
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org
<mailto:gnso-next-gen-rds-lead at icann.org> >, "gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> " <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> >
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Patrick and WG members:
It is indeed true that our Port43 service is being attacked and our customer
data is being harvested and abused. This is corroborated by numerous
industry news reports and stories shared by our customers. Our first
responsibility is to our customers, and to safeguard their personal
information. This is impossible in an environment where Port 43 access is
unregulated, and we can't distinguish legitimate users from bad guys.
Therefore, we encourage folks to contact us about getting their IPs added to
our whitelist.
Our position on this has been clear and consistent. This will be my last
communication on this topic since it does not further our work in this PDP.
Sara
sara bockey
sr. policy manager | GoDaddyT
<mailto:sbockey at godaddy.com> sbockey at godaddy.com 480-366-3616
skype: sbockey
This email message and any attachments hereto is intended for use only by
the addressee(s) named herein and may contain confidential information. If
you have received this email in error, please immediately notify the sender
and permanently delete the original and any copy of this message and its
attachments.
From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org
<mailto:gnso-rds-pdp-wg-bounces at icann.org> > on behalf of "pkngrds at klos.net
<mailto:pkngrds at klos.net> " <pkngrds at klos.net <mailto:pkngrds at klos.net> >
Date: Sunday, February 18, 2018 at 8:09 AM
To: "consult at cgomes.com <mailto:consult at cgomes.com> " <consult at cgomes.com
<mailto:consult at cgomes.com> >, "pkngrds at klos.net <mailto:pkngrds at klos.net> "
<pkngrds at klos.net <mailto:pkngrds at klos.net> >
Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org
<mailto:gnso-next-gen-rds-lead at icann.org> >, "gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> " <gnso-rds-pdp-wg at icann.org
<mailto:gnso-rds-pdp-wg at icann.org> >
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/18/2018 9:14 AM, <mailto:consult at cgomes.com> consult at cgomes.com wrote:
Patrick,
Let me first call attention to the fact that I cc'd the leadership team so
that they can judge whether my suggestion was ridiculous or not.
Let me call attention to the fact that I cc'd the entire list so the
community can be involved in the conversation as well. (as you say "we all
have to work collaboratively in this WG")
I am not in a position to determine what the truth is in this situation,
Well, I AM in such a position because IT HAPPENED TO ME.
but, even if you are correct in your assessment, giving Sara a chance to
respond to your strong accusation privately
Big companies like GoDaddy will not respond privately - it's beneath them.
Believe me, I've tried.
If Sara was interested in responding to my claims, she has had every
opportunity to do so, either privately or publicly. I have not heard a peep
from her.
would be much more respectful than making your accusation publicly.
It's not an accusation - it's a statement of facts. I welcome Sara and/or
GoDaddy to present any evidence to the contrary.
Email communications are very easily misunderstood and/or poorly expressed.
I do not know whether that is the case here or not; I am sure you do not
believe that is the case, but giving her the benefit of the doubt and asking
her to explain further privately would have been a much better approach in
my opinion.
As I said, I have no reason to believe she would respond to a private
discussion of this matter. I have tried several time to discuss GoDaddy's
port 43 restrictions with them and they would not respond to me. GoDaddy is
too big to care about the opinions of a single anti-phishing anti-spam
anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on
port 43 WHOIS.
The fact is that we all have to work collaboratively in this WG.
Which is why this should be discussed on the list as well. I know I'm not
the only person on the list that feels this way.
Patrick Klos
Phishcop Admin
Chuck
From: <mailto:pkngrds at klos.net> pkngrds at klos.net [ <mailto:pkngrds at klos.net>
mailto:pkngrds at klos.net]
Sent: Saturday, February 17, 2018 1:20 PM
To: <mailto:consult at cgomes.com> consult at cgomes.com
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/17/2018 2:11 PM, <mailto:consult at cgomes.com> consult at cgomes.com wrote:
Patrick,
If you are going to specifically criticize a company by name, please do that
directly with that company and not on this list.
Chuck
That's ridiculous.
Sara Bockey, representing GoDaddy, made statements on the list that do not
reflect the truth. It is my obligation to refute her claims publicly on the
same forum her original statements were made.
Patrick Klos
Klos Technologies, Inc. and Phishcop Admin
From: gnso-rds-pdp-wg [ <mailto:gnso-rds-pdp-wg-bounces at icann.org>
mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf Of
<mailto:pkngrds at klos.net> pkngrds at klos.net
Sent: Friday, February 16, 2018 3:35 PM
To: <mailto:gnso-rds-pdp-wg at icann.org> gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
On 2/16/2018 5:22 PM, Sara Bockey wrote:
Not only is our decision to mask customer information in Port43 completely
unrelated to GDPR, but it results directly from attacks by third parties who
harvest and sell our customers' personal information.
I don't know what precipitated this conversation, but I will jump in here
based on my actual experience.
To say "it results directly from attacks by third parties who harvest and
sell our customers' personal information" is a complete lie!
GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS on
with absolutely no due process! And I can say with absolute certainty that
I and my IP addresses were not involved in any form of "attack(s) by third
parties".
But if I wanted to continue fighting phishing, spammers and other abuses
without being forced to use GoDaddy's cumbersome web interface (with their
stupid "I'm not a robot" and "Choose all the pictures that have a goldfish
in them" games) to process each WHOIS request, I would have to give in to
GoDaddy's illegal blocking (restricted WHOIS output) and sign their
"whitelist request" to get myself back to business!!!
Given the onslaught of spam and robo-calls our customers have been receiving
- often within minutes of registering a domain name-we felt that action was
required, if not overdue.
I'm not sure I can see how port 43 WHOIS requests can be used to determine
new domain registrations in the way you imply? Maybe you can share how that
works??
WHOIS information is still very much available for any & all domain names
via our web-based WHOIS tool,
It may be available, but it's quite cumbersome and a waste of good peoples'
time!!
However, bulk access by anonymous users is no longer supported.
I didn't know "bulk access by anonymous users" was ever a thing?!? If you
were intent on blocking "bulk access", why should that have impacted port 43
WHOIS requests for single domains???
I also note that during this entire process, we have kept ICANN informed of
both the attacks on our Port43 systems
Please provide the evidence of my "attacks" that you've provided to ICANN to
justify your restricting WHOIS data to any of my IP addresses.
as well as our efforts to mitigate them. Our actions are justified and to
imply otherwise is not only inaccurate but does nothing to move this PDP
forward.
Your actions were unilateral and (in my opinion) violated your registrar
agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but you
blocked many many requests with absolutely no evidence of abuse! How can
you justify that???
Patrick Klos
Phishcop Admin
_______________________________________________ gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180220/a2c9bf25/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list