The greatest difficulty I see in this is establishing authenticity for
everyone. Those with existing authenticity (CRYPT-PW or PGP) could
be done. The rest would be a problem, and could invite people trying
to assign their own passwords to other people's contact records, and
that would end up being a big mess.
Perhaps this is dumb, but how about authentication by ensuring the
TCP connection from the whois comes from the server in question. IE
you can whois FOO-HST to see which domains are served by FOO-HST
only from FOO-HST. Mildly inconvenient, but stops random people pulling
off everyones lists. I can't currently think of an OS that supports
DNS servers but not whois.
The problem with this, is if there is some sort of network problem or you
are trying to determine what domains are still looking at an old nameserver
you took down.
I don't see why authentication is such a necessity-- why is it a secret
what domains a given nameserver serves? It would be easy enough to pull
the information down by exhaustive search.
Mike
I don't see why authentication is such a necessity-- why is it a secret
what domains a given nameserver serves? It would be easy enough to pull
the information down by exhaustive search.
The whole issue isn't so much authentication but logging.
This way, the abusers can be isolated from the database.
How many spams from the Internic domain scrapers have YOU
gotten the last couple of weeks?
As of at least today, if not earlier, the problem with
"whois server <handle>" is working again.