[ARIN-consult] Fwd: [ARIN-Suggestions] NEW ACSP 2018.3: Automatically Redirect Whois Queries to Secure URL

Dave Lawrence arin at reg.dd.org
Tue Mar 20 13:23:26 EDT 2018


On Fri, 16 Mar 2018 at 18:38, Owen DeLong <owen at delong.com> wrote:
>> There is no reason to add SSL overhead to all queries just because.

I disagree that it is "just because".  There is a non-trivial movement
to secure all network traffic, in no small part because of the issues
that Job identified:

Job Snijders writes:
> TLS designed to help against eavesdropping, tampering, and message
> forgery. All of which are desirable qualities in context of querying
> a service.

... but specifically on eavesdropping, also as a general privacy
principal of the IETF, particularly in the wake of the Snowden
revelations when it adopted the posture that pervasive monitoring is
an attack (RFC 7258).

You might well not think that looking up WHOIS data is all that
sensitive, and the vast majority of the time you're almost certainly
right.  But you can't tell a priori when all of a sudden it will be an
issue.

This is something that librarians confronted well before the Internet,
and took the professional position that what you choose to look up is
private and should be only your business, not that of anyone who comes
asking about it.

When we already well know that we can't rely on users to make properly
informed choices about their own privacy and security posture, why not
do what we can to make the Internet more safe and secure for them?



More information about the ARIN-consult mailing list