• Home
  • Blogsspacer
    Latest Recently Discussed Most Discussed Most Viewed
  • Newsspacer
    Latest Recently Discussed Most Discussed Most Viewed
  • Industryspacer
    Latest Most Viewed Leaderboard Participants: .CO Internet .INFO .ORG, Public Internet Registry Afilias Architelos ARI Registry Services BlueCat Networks CentralNic Cloud Registry DotConnectAfrica dotMobi Dyn Inc. Hostway MarkMonitor Nominum Neustar Minds + Machines Nixu Software RegistryPro Sedari Verisign
  • Communityspacer
    Recently Featured Most Featured Most Active Most Read Recent Members Top 100 Leaderboard Alphabetical View Random View Recent Comments
  • Topicsspacer
    Access Providers Broadband Censorship Cloud Computing Cyberattack Cybercrime Cybersquatting Data Center DNS DNSSEC Domain Names Email Enum ICANN Internet Governance Internet Protocol IP Addressing IPTV IPv6 Law Malware Mobile Multilinguism Net Neutrality P2P Policy & Regulation Privacy Regional Registries Registry Services Security Spam Telecom Top-Level Domains VoIP Web White Space Whois Wireless
    Display Options:
    List by Popularity Chart by Popularity

Home / Blogs

A Confession About The ICANN WHOIS Data Reminder Policy

  • Jul 19, 2012 9:44 AM PDT
  • Comments: 0
  • Views: 386
Print Comment
By Thomas Roessler
spacer

With all the recent attention to WHOIS, it's time for a confession: I'm somewhat guilty for the infamous WHOIS Data Reminder Policy. With hindsight, it's a bad policy, and it needs to die.

The year was 2002. ICANN's DNSO (soon to be renamed as the GNSO) had a WHOIS Task Force, and was trying to extract policy choices from an ill-conceived and worse-executed survey of assorted self-selected stakeholders. As today, the topics at hand included privacy protections, compliance (and graduated sanctions for non-complying registrars), and accuracy of WHOIS records.

To get the discussion going, I threw a few of the proposals that had come up in the survey into a draft report as straw men; I probably made up a few more policy proposals out of whole cloth. Alas, there it was: The seemingly-innocuous concept that having an annual data reminder might be good customer service, and that it might somehow help to increase data accuracy. Next to graduated sanctions and other proposals on the table at the time, this idea had the attraction of saving face in the accuracy area, while not being an obviously bad idea by the standards of that particular task force. And so we inflicted it on the gTLD registrars and registrants of the world. And on ICANN's not-yet nascent compliance department.

The policy appears to be implemented by most registrars in the form of an e-mail notification to registrants (even though it doesn't have to be in email). By definition, these notifications include almost entirely public information. They're therefore a first-rate phishing vector: For example, send a notification with slightly (but embarrassingly) wrong WHOIS data, give a link to fix the data, and hope that people will click that link and hand over the credentials that they're using to manage their registration.

More generally, this policy exhibits a few flaws that are symptomatic for the broken policy process of the time: It micro-managed a particular piece of registrars' interactions with their customers. It didn't have a sunset date. It had no clear success metrics (e.g., number of corrections traceable to notices) that would have permitted ICANN to phase it out if unnecessary. It had no proper review for its security impact on registrants.

Even the WHOIS Review Team acknowledges that the policy is probably ineffective.

It's time for the GNSO to propose to the Board to repeal this policy. Should be a slam dunk of a task force.

Originally posted on my personal blog.

By Thomas Roessler, Mathematician. Visit the blog maintained by Thomas Roessler here.

Related topics: ICANN, Whois

Tweet
  • Twitter/circleid
  • Facebook/circleid
  • Master Feed (more)
  • Mobile Edition
 WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
 spacer
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

ICANN Shows Safe Decisions Aren't Always the Right Decisions

  • Jul 10, 2012
  • Comments: 1

The GAC Strikes Back

  • Jul 03, 2012
  • Comments: 7

ICANN's New TLDs: Of Course There Will Be an Auction - Part 2

  • Jul 03, 2012
  • Comments: 0

Towards a More Fully Accountable and Transparent ICANN

  • Jul 02, 2012
  • Comments: 2

ICANN's New TLDs: Of Course There Will Be an Auction - Part 1

  • Jul 02, 2012
  • Comments: 0
View More

Related News

NTIA Awards IANA Functions Contract to ICANN

  • Jul 03, 2012
  • Comments: 1

Fadi Chehadé Named as ICANN's New President and CEO

  • Jun 22, 2012
  • Comments: 0

ICANN Receives 67 Unique Applications for Chinese gTLDs

  • Jun 13, 2012
  • Comments: 0

Dot App, Dot Art Among Most Applied-for TLDs According to List Revealed by ICANN

  • Jun 13, 2012
  • Comments: 0

ICANN All Set for the gTLD "Reveal Day" in London

  • Jun 12, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNS SecurityRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

DotConnectAfrica Reports Successful ICANN 44 at Prague, Czech Republic

  • By DotConnectAfrica
  • Views: 941

SPECIAL: Updates from the ICANN Meetings in Prague

  • By Dyn
  • Views: 3,183

ICANN Board Approves Renewal of .COM Registry Agreement

  • By Verisign
  • Views: 2,341

Afilias Launches Managed Registry Services

  • By Afilias
  • Views: 2,043

Afilias Selected As Registry Operator for .Post

  • By Afilias
  • Views: 1,938

Unaudited Interim Results for the Period Ended 30 April 2012

  • By Minds + Machines
  • Views: 1,556

ARI Completes TAS Latency Report

  • By ARI Registry Services
  • Views: 990

DCA Trust and UniForum SA Have Both Applied for the Same 'Africa' Geographic Name String

  • By DotConnectAfrica
  • Views: 1,067

MarkMonitor Offers New gTLD Application Database

  • By MarkMonitor
  • Views: 2,857

Sedari Calls for Synergy As Domain Name Applicants Are Revealed

  • By Sedari
  • Views: 1,043

Reveal Day and Why New Top-Level Domains Are Irrelevant

  • By Dyn
  • Views: 2,435

DCA Announces the Establishment of a World-Class Registry System Infrastructure in Nairobi, Kenya

  • By DotConnectAfrica
  • Views: 1,672

Afilias Bringing Hundreds of New Top-Level Domains to the Internet

  • By Afilias
  • Views: 1,501

Neustar Selected as Registry Services Provider for 358 Top-Level Domain Applications

  • By Neustar
  • Views: 1,338

ARI Registry Asks ICANN to Delay Digital Archery and Batching Processes

  • By ARI Registry Services
  • Views: 1,346

PIR Files Applications to Create and Manage .NGO and .ONG Domains

  • By PIR
  • Views: 1,190

PIR Aims to Broaden International Reach With Creation of Cyrillic, Chinese and Devanagari TLDs

  • By PIR
  • Views: 988

Sedari Partners With Digital Archery Experts to Deliver a Batch One Bullseye

  • By Sedari
  • Views: 1,141

gTLD Application Update: TLDH Has Submitted 92 Applications

  • By Minds + Machines
  • Views: 1,730

New Top-Level Domain Applications Close Today - ARI Registry Services to Support 161 TLDs

  • By ARI Registry Services
  • Views: 1,129
View More

Hot Topics

spacer

Top-Level Domains

Sponsored by
Minds + Machines
spacer

IPv6

Sponsored by
Nominum
spacer

DNS Security

Sponsored by
Afilias
spacer

Mobile

Sponsored by
dotMobi
spacer

DNS

Sponsored by
Neustar UltraDNS
spacer

Security

Sponsored by
Verisign
View More
Related searches:
registry policy circleid sponsored internet
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.