Alternative solution for a problem created by implementing the proposed proposal. What's the merit then for such a proposal?
Regards ________________________________________________________ Anupam Agrawal | India Internet Foundation - Chair | 91 905 170 3611 On Thu, Feb 20, 2025 at 7:06 AM Vivek Nigam <[email protected]> wrote: > Hi Liam, > > > > We offer a Registry API service that supports single-object retrieval and > updates. However, this service is currently available exclusively to APNIC > Members. We would need to develop an alternative solution for others. > > > > Thanks > > Vivek > > > > *From: *Stephens, Liam <[email protected]> > *Date: *Wednesday, 19 February 2025 at 9:39 pm > *To: *Vivek Nigam <[email protected]>, Christopher Hawker < > [email protected]>, Tsurumaki, Satoru <[email protected]>, > [email protected] <[email protected]>, Jonathan Brewer < > [email protected]> > *Subject: *RE: [sig-policy] Re: New version : prop-162: WHOIS Privacy v002 > > Thanks Vivek, > > > > On reading v002 of the policy it seems that the scope has broadened from > the 400 users of the **bulk** Whois service to include all queries using > unauthenticated access to whois.apnic.net from a Whois client. > > > > @Jonathan Brewer <[email protected]>, can you please confirm if this is > the case? > > > > If you are now including unauthenticated access in your scope, this could > have significant impact on providers who use the Contact Information > (primarily email address) in automated approval systems of customer routing > requests. Implementation of this policy will require these providers to > migrate to an authenticated access method, which could take more than three > months to establish. Many more months in some cases, such as large ISP’s > where the wheels turn ever-so-slightly slower! Significant resources may > also be required. > > > > Are you (or APNIC/@Vivek Nigam <[email protected]>) able to provide more > information about the authenticated access request process (if it exists), > such as how it is requested, will an AUP apply, can larger entities request > access for multiple users and are there limits, whether source IP’s need to > be whitelisted, details on how it is used, etc. > > > > Thanks. > > Regards, > > Liam > > > > > > > > General > > *From:* Vivek Nigam <[email protected]> > *Sent:* Wednesday, 19 February 2025 2:39 PM > *To:* Stephens, Liam <[email protected]>; Christopher > Hawker <[email protected]>; Tsurumaki, Satoru <[email protected]>; > [email protected] > *Subject:* Re: [sig-policy] Re: New version : prop-162: WHOIS Privacy v002 > > > > Hi Liam, > > > > We will contact these entities to inform them of the proposal and request > their input on any potential impacts it may have. > > > > Thanks > > Vivek > > > > *From: *Stephens, Liam via SIG-policy <[email protected]> > *Date: *Wednesday, 19 February 2025 at 11:28 am > *To: *Christopher Hawker <[email protected]>, Tsurumaki, Satoru < > [email protected]>, [email protected] <[email protected] > > > *Subject: *[sig-policy] Re: New version : prop-162: WHOIS Privacy v002 > > Hi All, > > > > I agree with Chris’s statement about a fundamental misunderstanding, and I > believe it may be due to the lack of awareness of the **bulk** Whois > service offered by APNIC. This bulk service offering is an option (akin to > being given a hardcopy of a Whitepages telephone directory), whereby the > user has the entire Whois database in their possession. This bulk Whois > offering is separate to the Whois query services that, I imagine, most of > us use, namely whois.apnic.net (via a Whois client) and the web version > at https://whois.apnic.net. > > > > Would it be worthwhile adding more clarity on the existing Whois > offerings, and which ones are impacted, into the proposal? > > > > I do agree with Satoru-san that some law enforcement agencies may be > impacted by the change, as they may use the bulk data in their own systems > for their non-networking teams to consume. It would be great if APNIC, as > the provider of the service, could contact the 400 entities to advise them > that changes may be coming, and confirm whether it would impact them. > > > > Regards, > > Liam Stephens > > > > > > General > > *From:* Christopher Hawker <[email protected]> > *Sent:* Wednesday, 19 February 2025 11:53 AM > *To:* Tsurumaki, Satoru <[email protected]>; [email protected] > *Subject:* [sig-policy] Re: New version : prop-162: WHOIS Privacy v002 > > > > [External Email] This email was sent from outside the organisation – be > cautious, particularly with links and attachments. > > Hello Satoru, > > > > [Speaking for myself and based on my own observations, and not that of the > proposal author.] > > > > I believe there has been a fundamental misunderstanding of the proposal. > The proposal does not discuss the complete removal of all contact > information from the Whois system, rather *it only discusses the removal > of contact information from bulk Whois data*. People will still be able > to go to https://whois.apnic.net and lookup contact information for INRs > where required, if there's a need to contact the network operator. > Therefore, the examples you've provided will still be able to access the > contact information that they may require, they just won't be able to > download it in bulk. I agree with this, as the primary purpose for contact > information is for network operators to be able to contact each other > should there be a need. There's no technical requirement for bulk data to > contain contact information. > > > > If there's a legitimate business case for bulk contact info I'm happy to > hear about it. > > > > Regards, > > Christopher Hawker > ------------------------------ > > *From:* Tsurumaki, Satoru <[email protected]> > *Sent:* Wednesday, February 19, 2025 11:09 AM > *To:* [email protected] <[email protected]> > *Subject:* [sig-policy] Re: New version : prop-162: WHOIS Privacy v002 > > > > Dear Colleagues, > > I am Satoru Tsurumaki from the Japan Open Policy Forum Steering Team. > > On February 12, we held a meeting to discuss prop-162. Based on this > discussion, I would like to share key feedback from our community. > While this feedback is sent on my behalf, it summarizes the opinions > of the 14 Japanese community members who attended the meeting. > > Many participants expressed serious concerns and strong opposition to > removing contact information from public whois access. > > There is an opinion that the discussion of which information to > disclose to the user with what qualification have long been done in > ICANN for gTLD policy hence it may need a substantial community-wide > discussion to carefully design that. > > (comment details) > - There is a major concern that whois will no longer serve its > original purpose of helping internet operations by providing contact > information. > > - Police, lawyers, and other professionals use whois for criminal > investigations and other purposes. However, it is unrealistic to > expect all such organizations worldwide to sign individual contracts > to access this information. > > - The removal of contact information from whois should be discussed > with all potentially affected stakeholders. > > > Regards, > > Satoru Tsurumaki > JPOPF Steeling Team > > 2025年2月10日(月) 9:17 Bertrand Cherrier via SIG-policy > <[email protected]>: > > > > Dear SIG members, > > > > A new version of the proposal "prop-162: WHOIS Privacy" has been sent to > > the Policy SIG for review. > > > > It will be presented at the Open Policy Meeting (OPM) at APNIC 59 on > > Wednesday, 26 February 2025. > > > > https://conference.apnic.net/59/programme/programme/index.html#/day/8/ > > > > We invite you to review and comment on the proposal on the mailing list > > before the OPM. > > > > The comment period on the mailing list before the OPM is an important > > part of the Policy Development Process (PDP). We encourage you to > > express your views on the proposal: > > > > - Do you support or oppose this proposal? > > - Does this proposal solve a problem you are experiencing? If so, > > tell the community about your situation. > > - Do you see any disadvantages in this proposal? > > - Is there anything in the proposal that is not clear? > > - What changes could be made to this proposal to make it more > effective? > > > > Information about this proposal is appended below as well as available > at: > > > > http://www.apnic.net/policy/proposals/prop-162 > > > > Regards, > > Bertrand, Shaila, and Ching-Heng > > APNIC Policy SIG Chairs > > > > > > > ----------------------------------------------------------------------------------- > > > > prop-162-v002: WHOIS Privacy > > > > > ----------------------------------------------------------------------------------- > > > > Proposer: > > Jonathan Brewer ([email protected]) > > > > > > 1. Problem statement > > ------------------------- > > More than 400 organisations around the world have bulk access to APNIC's > > WHOIS data and may download the complete data set as required. > > Cybersecurity companies, ISPs, universities, researchers, and law > > enforcement agencies are amongst those with access. > > > > Several organisations including Hurricane Electric and RecordedFuture > > republish this data as part of their applications and online systems, > > including physical addresses, email addresses, and telephone numbers of > > APNIC members. > > > > These contact details are freely available on the web and available for > > mass harvesting through the use of screen scraping technology. It is > > apparent that some third parties have used this data in a manner > > contrary to the APNIC whois data acceptable use agreement. > > > > In the past three years organisations including the Number Resource > > Society (Casablanca, Morocco), Unique IP Solutions (Faisalabad, > > Pakistan), Aileron IT (Wisconsin, USA), Cogent Communications > > (Washington DC, USA) and EarnheardData (details suppressed) have > > contacted APNIC members via details published exclusively in APNIC > > WHOIS. None of these contacts have been to do with legitimate networking > > issues. > > > > > > 2. Objective of policy change > > ---------------------------------- > > This policy will eliminate the unnecessary distribution and retention of > > APNIC member organisation contact information by third parties. APNIC > > systems will become the only source of obtaining address, phone, fax-no, > > e-mail, and notify data for APNIC members. > > > > This policy change will not prevent APNIC members or other authorised > > users of APNIC WHOIS from obtaining contact information for network > > resources in either ad-hoc or automated queries. > > > > > > 3. Situation in other regions > > -------------------------------- > > I have not found evidence that other RIRs limit access to contact > > details. Multiple ccTLDs have implemented WHOIS privacy for domain > > names, including Australia [1] and Germany [2]. > > > > > > 4. Proposed policy solution > > -------------------------------- > > APNIC should remove address, phone, fax-no, e-mail, and notify fields > > (the Contact Information) from Org, IRT, abuse-c and role objects from > > public access WHOIS. > > > > Responses to unauthenticated API queries should no longer display the > > Contact Information. > > > > The Contact Information should be removed from the dataset distributed > > to bulk consumers. > > > > APNIC should cause any existing bulk users of APNIC WHOIS data to remove > > the Contact Information from their own systems and from the Internet. > > > > MyAPNIC and authenticated API access should be the only way of obtaining > > the Contact Information of APNIC users. > > > > APNIC should publish a list of all authenticated API users with access > > to the Contact Information. APNIC should publish statistics on requests > > for the Contact Information by requestor. > > > > > > 5. Advantages / Disadvantages > > ------------------------------------ > > Advantages: > > This should enhance privacy and data sovereignty, while reducing > > nuisance contacts. > > > > Disadvantages: > > None. The information will still be available via APNIC-controlled WHOIS > > services which presumably are protected against illegitimate data > > harvesting. > > > > 6. Impact on resource holders > > ----------------------------------- > > No impact on resource holders. > > > > 7. References > > ---------------- > > [1] > > > https://www.domainregistration.com.au/infocentre/info-private-registration.php > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.domainregistration.com.au%2Finfocentre%2Finfo-private-registration.php&data=05%7C02%7C%7C4405fe8aec3d4491f1cb08dd50da0c39%7C127d8d0d7ccf473dab096e44ad752ded%7C0%7C0%7C638755619640274688%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=vSrEJUhG2%2FPzMpXRAGAMP9Ud%2Bb6cjsHz5SfjWeyflCs%3D&reserved=0> > > [2] > > > https://www.denic.de/en/whats-new/press-releases/article/extensive-innovations-planned-for-denic-whois-domain-query-proactive-approach-for-data-economy-and/ > <https://aus01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.denic.de%2Fen%2Fwhats-new%2Fpress-releases%2Farticle%2Fextensive-innovations-planned-for-denic-whois-domain-query-proactive-approach-for-data-economy-and%2F&data=05%7C02%7C%7C4405fe8aec3d4491f1cb08dd50da0c39%7C127d8d0d7ccf473dab096e44ad752ded%7C0%7C0%7C638755619640292214%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=XLW2nNvn8%2BwiWT%2Fp1CaB1vEvAGs7niNr8SGCRoTOcjk%3D&reserved=0> > > _______________________________________________ > > SIG-policy - https://mailman.apnic.net/[email protected]/ > > To unsubscribe send an email to [email protected] > > > > -- > -- > Satoru Tsurumaki > BBIX, Inc > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] >
_______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
