ICANN requirement for "information refreshing"?
I just received an email from Verisign customer service requesting I "refresh my information:" on an active domain that doesn't expire until 2004. My concern is that the request specifically stated ICANN required them to do this. On searching the ICANN-Verisign contract at the ICANN site, I could find no requirement for refreshing. I'm concerned this may be a covert marketing activity, since the web page for "refreshing" very easily could have led me into buying services from Verisign. This seems to be of operational interest to service providers hosting domains, if Verisign/Netsol can confuse people into shifting their service to them. Am I completely off base here? Is there some ICANN requirement I've missed?
At 07:09 PM 6/18/2002 -0400, Howard C. Berkowitz wrote:
On searching the ICANN-Verisign contract at the ICANN site, I could find no requirement for refreshing. I'm concerned this may be a covert marketing activity, since the web page for "refreshing" very easily could have led me into buying services from Verisign. This seems to be of operational interest to service providers hosting domains, if Verisign/Netsol can confuse people into shifting their service to them.
(from ICANN Registrar Accreditation Agreement - http://www.icann.org/registrars/ra-agreement-17may01.htm): 3.4.1 During the Term of this Agreement, Registrar shall maintain its own electronic database, as updated from time to time, containing data for each active Registered Name sponsored by it within each TLD for which it is accredited. The data for each such registration shall include the elements listed in Subsections 3.3.1.1 through 3.3.1.8; the name and (where available) postal address, e-mail address, voice telephone number, and fax number of the billing contact; and any other Registry Data that Registrar has submitted to the Registry Operator or placed in the Registry Database under Subsection 3.2. I guess you could consider that email as an attempt to "maintain" their database. That being said, the email I received contains a link which sends me to their homepage. Not very helpful if you're clueless about such matters. -- jb
On Tue, 18 Jun 2002, Jake Baillie wrote:
At 07:09 PM 6/18/2002 -0400, Howard C. Berkowitz wrote:
On searching the ICANN-Verisign contract at the ICANN site, I could find no requirement for refreshing. I'm concerned this may be a covert marketing activity, since the web page for "refreshing" very easily could have led me into buying services from Verisign. This seems to be of operational interest to service providers hosting domains, if Verisign/Netsol can confuse people into shifting their service to them.
(from ICANN Registrar Accreditation Agreement - http://www.icann.org/registrars/ra-agreement-17may01.htm):
3.4.1 During the Term of this Agreement, Registrar shall maintain its own electronic database, as updated from time to time, containing data for each active Registered Name sponsored by it within each TLD for which it is accredited. The data for each such registration shall include the elements listed in Subsections 3.3.1.1 through 3.3.1.8; the name and (where available) postal address, e-mail address, voice telephone number, and fax number of the billing contact; and any other Registry Data that Registrar has submitted to the Registry Operator or placed in the Registry Database under Subsection 3.2.
I guess you could consider that email as an attempt to "maintain" their database. That being said, the email I received contains a link which sends me to their homepage. Not very helpful if you're clueless about such matters.
I too got one. Define "refresh". as far as I'm read it, if my data is accurate, I'm all set. Bah. Spammers.
Is funny that both ICANN and law enforcement are trying to clean up whois information to facilitate investigative capabilities. What a crock. On paper, and in theory, having 'clean' whois data is nice, and helpful for tech problems, which is the reason I think why it's there in the first place. As if nobody thought about having a 'front man' doing a registration, or even that the Registrars will be able to truly implement such data-integrity protocols, among any other ways to muck with this info. I mean, garbage in, garbage out. Are they going to go door-to-door like censustakers to verify this info? The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name.....a power-user computer criminal shouldn't have problems remembering a few IP addys. If they can't, they're stupid and deserve to be caught. rick infowarrior.org
From: Martin Hannigan <hannigan@fugawi.net> Date: Tue, 18 Jun 2002 23:51:14 -0400 (EDT) To: Jake Baillie <jake@priva.com> Cc: "Howard C. Berkowitz" <hcb@gettcomm.com>, <nanog@merit.org> Subject: Re: ICANN requirement for "information refreshing"?
On Tue, 18 Jun 2002, Jake Baillie wrote:
At 07:09 PM 6/18/2002 -0400, Howard C. Berkowitz wrote:
On searching the ICANN-Verisign contract at the ICANN site, I could find no requirement for refreshing. I'm concerned this may be a covert marketing activity, since the web page for "refreshing" very easily could have led me into buying services from Verisign. This seems to be of operational interest to service providers hosting domains, if Verisign/Netsol can confuse people into shifting their service to them.
(from ICANN Registrar Accreditation Agreement - http://www.icann.org/registrars/ra-agreement-17may01.htm):
3.4.1 During the Term of this Agreement, Registrar shall maintain its own electronic database, as updated from time to time, containing data for each active Registered Name sponsored by it within each TLD for which it is accredited. The data for each such registration shall include the elements listed in Subsections 3.3.1.1 through 3.3.1.8; the name and (where available) postal address, e-mail address, voice telephone number, and fax number of the billing contact; and any other Registry Data that Registrar has submitted to the Registry Operator or placed in the Registry Database under Subsection 3.2.
I guess you could consider that email as an attempt to "maintain" their database. That being said, the email I received contains a link which sends me to their homepage. Not very helpful if you're clueless about such matters.
I too got one. Define "refresh". as far as I'm read it, if my data is accurate, I'm all set.
Bah. Spammers.
On Wed, Jun 19, 2002 at 08:32:58AM -0400, Richard Forno wrote:
The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name.....a power-user computer criminal shouldn't have problems remembering a few IP addys. If they can't, they're stupid and deserve to be caught.
the smartest criminals are never caught. however, the courts/jails are full of not-so-smart criminals. -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ I want to live forever, or die trying. ]
Richard Forno wrote:
Is funny that both ICANN and law enforcement are trying to clean up whois information to facilitate investigative capabilities. What a crock.
On paper, and in theory, having 'clean' whois data is nice, and helpful for tech problems, which is the reason I think why it's there in the first place.
As if nobody thought about having a 'front man' doing a registration, or even that the Registrars will be able to truly implement such data-integrity protocols, among any other ways to muck with this info.
I mean, garbage in, garbage out. Are they going to go door-to-door like censustakers to verify this info?
The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name.....a power-user computer criminal shouldn't have problems remembering a few IP addys. If they can't, they're stupid and deserve to be caught.
Well, rfc-ignorant.org have a different view: http://www.rfc-ignorant.org/policy-whois.html -- amar
Amar- ----- Original Message ----- From: "amar" <amar@telia.net> To: "Richard Forno" <rforno@infowarrior.org> Cc: "Martin Hannigan" <hannigan@fugawi.net>; "Jake Baillie" <jake@priva.com>; "Howard C. Berkowitz" <hcb@gettcomm.com>; <nanog@merit.org> Sent: Wednesday, June 19, 2002 5:54 AM Subject: Re: ICANN requirement for "information refreshing"?
Richard Forno wrote:
Is funny that both ICANN and law enforcement are trying to clean up
whois
information to facilitate investigative capabilities.
Well yes and no. It actually has administrative value in the prosecuting of the real bad guys... So its not such a bad idea.
What a crock.
No what you mean is "damn, this is real work and we as a carrier or ISP have never had to deal with this before. Wah Wah Wah" - but you guys are the smoking gun... Personally I suggest that its time to acknowledge that we need to change this global concept of a single Internet into a collection of National or Jurisdictionally-defined Internets. We of course would need to build a bridging system between the networks and that would potentially be the UN's problem per se. Personally I refer to this new structure as Internet-II.
On paper, and in theory, having 'clean' whois data is nice, and helpful
for
tech problems,
yes it would be but what it is missing is the "need to do anything about the bad information and adding the ability to react to Domain Evilness in moments rather than hours, days, or months" - which BTW, is why ATLAS - the new DNS Service Infrastructure from Verisign is so freakin' cool. It can unpublish an Address in six seconds supposedly...
which is the reason I think why it's there in the first place.
Sort of. But that was before the public transition of the Internet from the previous Government Sponsored networking models.
As if nobody thought about having a 'front man' doing a registration, or even that the Registrars will be able to truly implement such
data-integrity
protocols, among any other ways to muck with this info.
Agreed - Front men are expendible but at some point there will be a link back to the bad-guys and they will get caught.
I mean, garbage in, garbage out.
yes and no - this is one of the strongest arguments for compartmentalizing the Internet there is, that the ISP's and Registrars have refused any responsibiliy with what is done with their offereings (BW in the ISP's case and Name Service in the Registrars Case.)
Are they going to go door-to-door like censustakers to verify this info?
No just Department of Justice investigators in the US...
The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name...
So how many smart criminals are there???
..a power-user computer criminal shouldn't have problems remembering a few IP addys.
Most of that is becuase Sendmail is the Industry Standard and it has no pre-authentication process for what it accepts of delivers.
If they can't, they're stupid and deserve to be caught.
Yes, well what was that line "Pris" utters in Blade Runner - "Then we are stupid and deserve to die"...
Well, rfc-ignorant.org have a different view:
http://www.rfc-ignorant.org/policy-whois.html
-- amar
On Wed, 19 Jun 2002, todd glassey wrote:
Amar- ----- Original Message ----- From: "amar" <amar@telia.net> To: "Richard Forno" <rforno@infowarrior.org> Cc: "Martin Hannigan" <hannigan@fugawi.net>; "Jake Baillie" <jake@priva.com>; "Howard C. Berkowitz" <hcb@gettcomm.com>; <nanog@merit.org> Sent: Wednesday, June 19, 2002 5:54 AM Subject: Re: ICANN requirement for "information refreshing"?
[ SNIP ]
Well yes and no. It actually has administrative value in the prosecuting of the real bad guys... So its not such a bad idea.
I have to tell you, the value is minimal. It's easy access since it doesn't require a subpoena. And there are still ways around it even if you do validate your entry as "clean". It probably would not stand up as "evidence" of anything, and the better evidence starts at transactional records of the carrier/hoster/provider.
What a crock.
No what you mean is "damn, this is real work and we as a carrier or ISP have never had to deal with this before. Wah Wah Wah" - but you guys are the smoking gun... Personally I suggest that its time to acknowledge that we need to change this global concept of a single Internet into a collection of National or Jurisdictionally-defined Internets. We of course would need to build a bridging system between the networks and that would potentially be the UN's problem per se.
Speaking from my current experience as Title III/CALEA Engineering at a carrier, I'll tell you that I personally don't believe that LEA's are making ICANN/Registrars do anything. It's a ploy to spam. Sounds too easy, sounds like they are going through a lot of trouble, but that's what I believe.
Personally I refer to this new structure as Internet-II.
Already taken.
On paper, and in theory, having 'clean' whois data is nice, and helpful
for
tech problems,
yes it would be but what it is missing is the "need to do anything about the bad information and adding the ability to react to Domain Evilness in moments rather than hours, days, or months" - which BTW, is why ATLAS - the new DNS Service Infrastructure from Verisign is so freakin' cool. It can unpublish an Address in six seconds supposedly...
Uh yeah. And their NetDiscovery CALEA service bureau is cool too except that it probably doesn't exist in fact, only on paper. [ SNIP ]
Agreed - Front men are expendible but at some point there will be a link back to the bad-guys and they will get caught.
Yes, it's called a transactional record.
I mean, garbage in, garbage out.
yes and no - this is one of the strongest arguments for compartmentalizing the Internet there is, that the ISP's and Registrars have refused any responsibiliy with what is done with their offereings (BW in the ISP's case and Name Service in the Registrars Case.)
But isn't GIGO and the non-centralization of the net the beauty of it?
Are they going to go door-to-door like censustakers to verify this info?
No just Department of Justice investigators in the US...
Does anyone have a reference that coroborates LEA's involvement in this topic?
The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name...
So how many smart criminals are there???
None on the internet or PSTN. -M
On Wed, 19 Jun 2002, Richard Forno wrote:
Is funny that both ICANN and law enforcement are trying to clean up whois information to facilitate investigative capabilities. What a crock.
I'm not really sure why law enforcement is trying to clean it up as they don't really need it. Transactional records are easily subpoena'd and carriers/hosters/providers are duty bound to provide the information. A WHOIS record is junk for the most part.
On paper, and in theory, having 'clean' whois data is nice, and helpful for tech problems, which is the reason I think why it's there in the first place.
I think they want it clean as a list so they can sell, spam, snail mail, all the crap they want to.
As if nobody thought about having a 'front man' doing a registration, or even that the Registrars will be able to truly implement such data-integrity protocols, among any other ways to muck with this info.
With some registrars charging 15 bucks a pop? Forget about competition.
I mean, garbage in, garbage out. Are they going to go door-to-door like censustakers to verify this info?
The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name.....a power-user computer criminal shouldn't have problems remembering a few IP addys. If they can't, they're stupid and deserve to be caught.
A smart criminal would never use the internet or a telephone. With the advent of enhanced features, Title III's child "CALEA" and the technology behind it, only a fool would use "a wire" to commit crimes. The process to get a surveillance order would never rely on anything substantive from registration data. That may be a pointer to who's providing services to it though.
I'm not really sure why law enforcement is trying to clean it up as they don't really need it. Transactional records are easily subpoena'd and carriers/hosters/providers are duty bound to provide the information. A WHOIS record is junk for the most part.
In the US maybe, but whois records are visible in other jurisdictions, where law enforcement may not have easy access to these records. Peter
Is funny that both ICANN and law enforcement are trying to clean up whois information to facilitate investigative capabilities. What a crock. I'm not really sure why law enforcement is trying to clean it up as they don't really need it.
I think that about 15% (hundreds over several years) of our Internet subpoenas could have been avoided if the LEA had known how to check and evaluate ARIN or NetSol records. (The other 85% of the Internet subpoenas were for dialup records, no easy way to avoid those).
any smart criminal will simply use another domain name
I only recall two subpoenas for _just_ domain names. The rest always had more info, like email headers or IP addresses.
The reality is it will never work, and besides - any smart criminal will simply use another domain name, or not even USE a domain name.....
For the non-dialups, I can count on one hand the number of requests where the "circuit holder" and the "suspect" were the same person. Almost always all that we responded with was the name of the ISP or business that the entire IP block was assigned to, which is exactly the type of info you or I would check ARIN or Network Solutions for, and exactly the information the "criminal" wouldn't have a chance to fake. None of these companies were trying to hide from the legal system.
Transactional records are easily subpoena'd and carriers/hosters/providers are duty bound to provide the information.
I think the real issue is time and efficiency. If you were law enforcement, would you want to waste two to four weeks sending a subpoena to a backbone provider, just to hear back "contact Acme Inc" and "our information for Acme is the same as their web page's 'Contact Us' link"? Reasonable public records (and some training and industry awareness) would let law enforcement quickly send the "easy subpoena" directly to the correct information holders.
A WHOIS record is junk for the most part.
I bet most of the people on this list have used them to run down problems, and they know how to evaluate them on the "junk" to "good" scale. I would hate to see them disappear or become totally useless. (Yes - I admit, law enforcement's lack of training and industry awareness is more significant, no need to argue it).
I only recall two subpoenas for _just_ domain names. The rest always had more info, like email headers or IP addresses.
Here's a good example of why it's a waste of LEA/LEO's time to be looking at WHOIS data: Below is the data for my personal domain. I am the only one who uses it. The only one who is responsible for it. My friend, who doubles as a registrar, "registers" it for me. Looks perfectly accurate to me and this is how it will be "updated", but in order to find out it's me, LEA has to send a subpoena to get the information i.e. who are the account holders, where are they, where do they pay their bills from, etc. etc. Registrant: Where The Fugawi (FUGAWI2-DOM) 3300 Irvine Ave, #385 Newport Beach, CA 92660 US Domain Name: FUGAWI.NET Administrative Contact, Technical Contact: Barrow, Michael (MB144) michael@MLBARROW.COM mlbarrow.com 1415A Harbor View Drive Santa Barbara, CA 93103 US 949-885-1802 781-240-5836 Record expires on 24-Aug-2002. Record created on 23-Aug-1997. Database last updated on 19-Jun-2002 13:48:52 EDT. Domain servers in listed order: NS1.IJDOMAINS.COM 12.44.117.72 NS2.IJDOMAINS.COM 65.107.235.169 As far as my statement about a whois record being "junk", I mean it's junk to LEAs. Honestly? Is this more accurate than a dig on ns, mx, soa and a traceroute to find out what REALLY is going on here? -M
On Wed, Jun 19, 2002 at 08:25:12AM -0700, Randy Bush wrote:
Is funny that both ICANN and law enforcement are trying to clean up whois information to facilitate investigative capabilities.
actually, american law enforcement is seeking to make it a crime to submit false whois data.
You got a reference on that?
randy
Mike -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
On Wed, 19 Jun 2002, Michael H. Warfield wrote:
On Wed, Jun 19, 2002 at 08:25:12AM -0700, Randy Bush wrote:
Is funny that both ICANN and law enforcement are trying to clean up whois information to facilitate investigative capabilities.
actually, american law enforcement is seeking to make it a crime to submit false whois data.
You got a reference on that?
This seems most relevant and accurate: http://www.pcworld.com/news/article/0,aid,70764,00.asp What I'm trying to point out here is that IMHO while accurate whois data is desirable for technical troubleshooting, it's not necessary for law enforcement. Too bad ICANN didn't use the technical argument over the LEA argument as it may have received a much warmer welcome, and may have garnered more cooperation. But that shows you who's ass ICANN is kissing. *SHRUG*
In the referenced message, Richard Forno said:
I mean, garbage in, garbage out. Are they going to go door-to-door like censustakers to verify this info?
Are you saying that because the data won't be 100% correct, it is not worthwhile to try to make/keep it 98% correct? Or are you just commenting on using whois for criminal investigations?
participants (13)
-
amar
-
Howard C. Berkowitz
-
Jake Baillie
-
Jim Mercer
-
Martin Hannigan
-
Michael H. Warfield
-
Peter Galbavy
-
Randy Bush
-
Richard Forno
-
sjj@pobox.com
-
Stephen Griffin
-
todd glassey
-
Valdis.Kletnieks@vt.edu