Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Solving the WHOIS and Privacy Problem: A Draft of Implementing WHOIS in DNS

Recently, due to GDPR, WHOIS records for domains have been redacted in many places and access to the information that has been relied on by investigators and abuse fighters is either much harder to get or simply unavailable. In theory, ICANN should be setting up a gated system that will give tiered access to various classes of people, but having participated in those discussions, it does not seem such a system would allow for access to the data we need to investigate, correlate, and respond to abuse and cybercrime.

To help solve this problem, fellow handler Richard Porter and myself have created an Internet-Draft to put information formerly available in WHOIS into DNS TXT records so the information can be voluntarily made available by domain owners. This will allow for programmatic access that can be used in automation to make policy decisions quickly (for instance, should I accept email from this domain). The gist of the proposal is to use a _whois subdomain record and have a variety of TXT records for adminstrative, technical, network, and security/abuse contacts (name, phone number, email, address). As the system relies on self-disclosure, it bypasses some of the sticker issues with privacy laws.

Take a look and chime in on your thoughts in comments or on the DNSOP mailing list where this is being discussed.

--
John Bambenek
bambenek \at\ gmail /dot/ com
ThreatSTOP

John

258 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!