Code :: A New Proposal for Whois

Main Page

Previous:	Tucows position on the ICANN/Verisign settlement proposal
Next:	The fallacy of the certainty of presumptive renewals

by Ross at 01:23AM (EST) on November 29, 2005 | Permanent Link

The problem with the Whois service that ICANN requires its gTLD registry and registrars to provide is that too much data is floating around the system. Too much in the sense that the service provides waayy to much disclosure in the way of personal and exploitable data. The system wasn’t intended to provide everyone with the home telephone numbers of individual registrants and fodder to support domain renewal scams. Very simply, the whois system was only ever intended to act as a public record of registrations, and the contact information associated with those registrations sufficient to help solve any gnarly problems that might crop up.

A_contact Over time, secondary uses of this data were discovered – some good, some bad, but all were outside of the original intended purpose of the system. Much like the home handyman that makes a butter knife substitute for a screw driver, internet users were finding all sorts of ways to use the Whois service for more than what it was originally intended.

The time has come to rethink this approach. There’s simply too much in the way of personal data and exploitable data inside the whois system to allow this to continue any further. With this in mind, a group of like-minded registrars got together in Mar del Plata to discuss possible approaches to solving the various problems. The result of this discussion is a proposal called “Implementing oPOC” – which I’ve attached as an RSS enclosure to this post.

oPOC stands for Operational Point of Contact. The proposal outlines some very simple and immediate steps that the community can take to remove most of the problematic data from the Whois system and create a few additional rules that ensure that the basic requirements of contactibility to help sort out gnarly problems are preserved. The simple beauty of this proposal is that it doesn’t require the creation of any additional technical protocols or systems – in fact, implementation throughout all gTLD registries and registrars could likely be measured in terms of days or weeks, and not months or years.

This document is an independent proposal. It isn’t an official position of the registrary constituency or ICANN in any way – maybe someday, but quite yet. This document is just a proposal from a small group of like-minded people that got together with the goal of trying to help sort out a problem.

As I mentioned, the entire proposal is attached to this post. Comments, as always, are welcomed and appreciated.