[gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
Paul Keating
Paul at law.es
Tue Feb 20 12:36:22 UTC 2018
Ok, thanks.
From: <consult at cgomes.com> on behalf of <consult at cgomes.com>
Date: Tuesday, February 20, 2018 at 1:06 PM
To: Paul Keating <paul at law.es>, <pkngrds at klos.net>
Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead at icann.org>,
<gnso-rds-pdp-wg at icann.org>
Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
> No Paul. What registrars as a whole make available as RDS policy is
> definitely a subject for this WG. But registrar practices that individual
> registrars implement are not subjects for this WG; they are either ICANN
> compliance issues or matters between the applicable registrar and its
> customers.
>
> I appreciate and recognize that you have been very constructive and thank you
> for that.
>
> Chuck
>
>
>
>
> From: Paul Keating [mailto:Paul at law.es]
> Sent: Tuesday, February 20, 2018 3:56 AM
> To: consult at cgomes.com; pkngrds at klos.net
> Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead at icann.org>;
> gnso-rds-pdp-wg at icann.org
> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>
>
> Chuck,
>
>
>
> Am I to understand that the issue of what Registrars actually make available
> is NOT a subject of this WG? I thought that much of the previous threads were
> about the issue of GDPR restrictions vs restrictions that are self-imposed by
> Registrars.
>
>
>
> I am not trying to beat up upon GD here. I have been clear in making my
> concerns known that many members who largely are registrar reps have taken a
> very broad approach to what is and is not prohibited by the GDPR and I have
> continuously tried to counterbalance those comments.
>
>
>
> Respectfully,
>
>
>
> Paul
>
>
>
> From: <consult at cgomes.com> on behalf of <consult at cgomes.com>
> Date: Tuesday, February 20, 2018 at 12:34 PM
> To: Paul Keating <paul at law.es>, <pkngrds at klos.net>
> Cc: 'RDS-Leaders-List' <gnso-next-gen-rds-lead at icann.org>,
> <gnso-rds-pdp-wg at icann.org>
> Subject: RE: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>
>
>>
>> All,
>>
>> This is an issue involving a third party and its customers. It is NOT a
>> topic that should be discussed on this WG list, so please end this thread.
>>
>> Chuck
>>
>>
>> From: Paul Keating [mailto:Paul at law.es]
>> Sent: Tuesday, February 20, 2018 3:29 AM
>> To: Sara Bockey <sbockey at godaddy.com>; pkngrds at klos.net; consult at cgomes.com
>> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>;
>> gnso-rds-pdp-wg at icann.org
>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>
>>
>> Sara,
>>
>>
>>
>> You say:
>>
>>
>>
>> " This is impossible in an environment where Port 43 access is unregulated,
>> and we can¹t distinguish legitimate users from bad guys. Therefore, we
>> encourage folks to contact us about getting their IPs added to our
>> whitelist."
>>
>>
>>
>>
>>
>> I find this difficult to swallow. With a white list program you can easily
>> see the source of the traffic.
>>
>>
>>
>> As for the white list project the nature of the continued limitations show
>> that there is no real intent to allow even the good guys to have access.
>>
>>
>>
>> Why are the Whitelist limitations so low?
>>
>>
>>
>> You are very clearly detracting from the ability of the security industry to
>> do its work. I see no real reason for GD doing so other than (a) spite, or
>> (b) wanting to create scarcity for economic reasons.
>>
>>
>>
>> Paul
>>
>>
>>
>> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of Sara
>> Bockey <sbockey at godaddy.com>
>> Date: Monday, February 19, 2018 at 9:03 PM
>> To: "pkngrds at klos.net" <pkngrds at klos.net>, "consult at cgomes.com"
>> <consult at cgomes.com>
>> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>,
>> "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>
>>
>>>
>>> Patrick and WG members:
>>>
>>> It is indeed true that our Port43 service is being attacked and our customer
>>> data is being harvested and abused. This is corroborated by numerous
>>> industry news reports and stories shared by our customers. Our first
>>> responsibility is to our customers, and to safeguard their personal
>>> information. This is impossible in an environment where Port 43 access is
>>> unregulated, and we can¹t distinguish legitimate users from bad guys.
>>> Therefore, we encourage folks to contact us about getting their IPs added to
>>> our whitelist.
>>>
>>> Our position on this has been clear and consistent. This will be my last
>>> communication on this topic since it does not further our work in this PDP.
>>>
>>> Sara
>>>
>>>
>>> sara bockey
>>> sr. policy manager | GoDaddy
>>> sbockey at godaddy.com <mailto:sbockey at godaddy.com> 480-366-3616
>>> skype: sbockey
>>>
>>> This email message and any attachments hereto is intended for use only by
>>> the addressee(s) named herein and may contain confidential information. If
>>> you have received this email in error, please immediately notify the sender
>>> and permanently delete the original and any copy of this message and its
>>> attachments.
>>>
>>>
>>>
>>> From: gnso-rds-pdp-wg <gnso-rds-pdp-wg-bounces at icann.org> on behalf of
>>> "pkngrds at klos.net" <pkngrds at klos.net>
>>> Date: Sunday, February 18, 2018 at 8:09 AM
>>> To: "consult at cgomes.com" <consult at cgomes.com>, "pkngrds at klos.net"
>>> <pkngrds at klos.net>
>>> Cc: RDS-Leaders-List <gnso-next-gen-rds-lead at icann.org>,
>>> "gnso-rds-pdp-wg at icann.org" <gnso-rds-pdp-wg at icann.org>
>>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>>
>>>
>>>
>>> On 2/18/2018 9:14 AM, consult at cgomes.com <mailto:consult at cgomes.com> wrote:
>>>>
>>>> Patrick,
>>>>
>>>> Let me first call attention to the fact that I cc¹d the leadership team so
>>>> that they can judge whether my suggestion was ridiculous or not.
>>>
>>> Let me call attention to the fact that I cc'd the entire list so the
>>> community can be involved in the conversation as well. (as you say "we all
>>> have to work collaboratively in this WG")
>>>
>>>
>>>
>>>
>>>>
>>>> I am not in a position to determine what the truth is in this situation,
>>>
>>> Well, I AM in such a position because IT HAPPENED TO ME.
>>>
>>>
>>>
>>>
>>>>
>>>> but, even if you are correct in your assessment, giving Sara a chance to
>>>> respond to your strong accusation privately
>>>
>>> Big companies like GoDaddy will not respond privately - it's beneath them.
>>> Believe me, I've tried.
>>>
>>> If Sara was interested in responding to my claims, she has had every
>>> opportunity to do so, either privately or publicly. I have not heard a peep
>>> from her.
>>>
>>>
>>>
>>>
>>>>
>>>> would be much more respectful than making your accusation publicly.
>>>
>>> It's not an accusation - it's a statement of facts. I welcome Sara and/or
>>> GoDaddy to present any evidence to the contrary.
>>>
>>>
>>>
>>>
>>>>
>>>> Email communications are very easily misunderstood and/or poorly expressed.
>>>> I do not know whether that is the case here or not; I am sure you do not
>>>> believe that is the case, but giving her the benefit of the doubt and
>>>> asking her to explain further privately would have been a much better
>>>> approach in my opinion.
>>>
>>> As I said, I have no reason to believe she would respond to a private
>>> discussion of this matter. I have tried several time to discuss GoDaddy's
>>> port 43 restrictions with them and they would not respond to me. GoDaddy is
>>> too big to care about the opinions of a single anti-phishing anti-spam
>>> anti-abuse advocate that disagrees with GoDaddy's illegal restrictions on
>>> port 43 WHOIS.
>>>
>>>
>>>
>>>
>>>>
>>>> The fact is that we all have to work collaboratively in this WG.
>>>
>>> Which is why this should be discussed on the list as well. I know I'm not
>>> the only person on the list that feels this way.
>>>
>>> Patrick Klos
>>> Phishcop Admin
>>>
>>>
>>>
>>>
>>>>
>>>> Chuck
>>>>
>>>>
>>>>
>>>> From:pkngrds at klos.net <mailto:pkngrds at klos.net> [mailto:pkngrds at klos.net
>>>> <mailto:pkngrds at klos.net> ]
>>>> Sent: Saturday, February 17, 2018 1:20 PM
>>>> To: consult at cgomes.com <mailto:consult at cgomes.com>
>>>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>>>
>>>>
>>>> On 2/17/2018 2:11 PM, consult at cgomes.com <mailto:consult at cgomes.com>
>>>> wrote:
>>>>> Patrick,
>>>>>
>>>>> If you are going to specifically criticize a company by name, please do
>>>>> that directly with that company and not on this list.
>>>>>
>>>>> Chuck
>>>>
>>>> That's ridiculous.
>>>>
>>>> Sara Bockey, representing GoDaddy, made statements on the list that do not
>>>> reflect the truth. It is my obligation to refute her claims publicly on
>>>> the same forum her original statements were made.
>>>>
>>>> Patrick Klos
>>>> Klos Technologies, Inc. and Phishcop Admin
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>>
>>>>>
>>>>> From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org
>>>>> <mailto:gnso-rds-pdp-wg-bounces at icann.org> ] On Behalf Of pkngrds at klos.net
>>>>> <mailto:pkngrds at klos.net>
>>>>> Sent: Friday, February 16, 2018 3:35 PM
>>>>> To: gnso-rds-pdp-wg at icann.org <mailto:gnso-rds-pdp-wg at icann.org>
>>>>> Subject: Re: [gnso-rds-pdp-wg] Krebs On Security article RE whois and GDRP
>>>>>
>>>>>
>>>>> On 2/16/2018 5:22 PM, Sara Bockey wrote:
>>>>>> Not only is our decision to mask customer information in Port43
>>>>>> completely unrelated to GDPR, but it results directly from attacks by
>>>>>> third parties who harvest and sell our customers¹ personal information.
>>>>>
>>>>> I don't know what precipitated this conversation, but I will jump in here
>>>>> based on my actual experience.
>>>>>
>>>>> To say "it results directly from attacks by third parties who harvest and
>>>>> sell our customers¹ personal information" is a complete lie!
>>>>>
>>>>> GoDaddy has blocked MANY IP addresses I've attempted to use port 43 WHOIS
>>>>> on with absolutely no due process! And I can say with absolute certainty
>>>>> that I and my IP addresses were not involved in any form of "attack(s) by
>>>>> third parties".
>>>>>
>>>>> But if I wanted to continue fighting phishing, spammers and other abuses
>>>>> without being forced to use GoDaddy's cumbersome web interface (with their
>>>>> stupid "I'm not a robot" and "Choose all the pictures that have a goldfish
>>>>> in them" games) to process each WHOIS request, I would have to give in to
>>>>> GoDaddy's illegal blocking (restricted WHOIS output) and sign their
>>>>> "whitelist request" to get myself back to business!!!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> Given the onslaught of spam and robo-calls our customers have been
>>>>>> receiving often within minutes of registering a domain namewe felt
>>>>>> that action was required, if not overdue.
>>>>>
>>>>> I'm not sure I can see how port 43 WHOIS requests can be used to determine
>>>>> new domain registrations in the way you imply? Maybe you can share how
>>>>> that works??
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> WHOIS information is still very much available for any & all domain names
>>>>>> via our web-based WHOIS tool,
>>>>>
>>>>> It may be available, but it's quite cumbersome and a waste of good
>>>>> peoples' time!!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> However, bulk access by anonymous users is no longer supported.
>>>>>
>>>>> I didn't know "bulk access by anonymous users" was ever a thing?!? If you
>>>>> were intent on blocking "bulk access", why should that have impacted port
>>>>> 43 WHOIS requests for single domains???
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> I also note that during this entire process, we have kept ICANN informed
>>>>>> of both the attacks on our Port43 systems
>>>>>
>>>>> Please provide the evidence of my "attacks" that you've provided to ICANN
>>>>> to justify your restricting WHOIS data to any of my IP addresses.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>
>>>>>> as well as our efforts to mitigate them. Our actions are justified and to
>>>>>> imply otherwise is not only inaccurate but does nothing to move this PDP
>>>>>> forward.
>>>>>
>>>>> Your actions were unilateral and (in my opinion) violated your registrar
>>>>> agreement(s) with ICANN. You're allowed to block ABUSIVE behavior, but
>>>>> you blocked many many requests with absolutely no evidence of abuse! How
>>>>> can you justify that???
>>>>>
>>>>> Patrick Klos
>>>>> Phishcop Admin
>>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ gnso-rds-pdp-wg mailing list
>>> gnso-rds-pdp-wg at icann.org
>>> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/gnso-rds-pdp-wg/attachments/20180220/16a241d7/attachment-0001.html>
More information about the gnso-rds-pdp-wg
mailing list