[Rt4-whois] Two issues on Whois usage

[Lutz Donnerhacke]

Hi,

I'd like to point you to two documents which implicitly refer to WHOIS.



http://www.isc.org/files/imce/ghostdomain_camera.pdf

Problem description:
  An attacker registers a domain, set up out large TTL values, starts the
  phishing attack and removes the domain. The caching effect of the large
  TTL values results in real world usage of the domain name, while the
  registry does not have any data in the WHOIS.

  Other kinds of this attack involves domain transfers or rapid contact data
  changes.

Obvious solutions (might be wrong):
  - Hold historic data in the WHOIS servers, allow browsing the histroy.
    This requires a subtantial protocol change as well as various contact
    and policy changes.
  - Limit the change rate. This was sucessfully tried to prevent domain
    tasting. And - of course - it will not solve the problem ;-)



http://www.online-und-recht.de/urteile/Kein-urheberrechtlicher-Internet-Auskunftsanspruch-bei-statischen-IP-Adressen-21-O-9065-11-Landgericht-Muenchen-20110524.html

Problem description (an a rough translation):
  Fighting against online intellectual property misuse typically involve
  requests to the access provider to map (IP address, timestamp) pairs to
  subscriber contract details. In the cited case the court denied the right
  to obtain this information, because the IP address was statically
  assigned. So the IP address is not longer part of the call/traffic data
  record (access allowed), but part of the master data record (access denied).
  
  In order to have "easy access" to the master data record, WHOIS came into
  the discussion in various law blogs.

Obvious solutions (might be wrong):
  - IP WHOIS is considered to be a valid ressouce for law enforement as well
    as private and civil law activities. ICANN needs to be liable for all
    those kinds of law.
  - IP WHOIS is shut down in order to prevent the bypass of lawful access
    restrictions.


Thank you for reading.