Site Map  |  Site Index  |  Quick Links 

Select a link below: About ICANN Accountability and Transparency Address Supporting Organization (ASO) Affirmation of Commitments Affirmation of Commitments-Reviews Announcements Annual Report Articles of Incorporation At-Large Advisory Committee (ALAC) Blog Board Meeting Minutes and Resolutions Board of Directors Budget (see Financial Information) Bylaws Calendar of Events Careers Certificate Authority Code of Conduct Committees - Other Committees - Advisory Committees - Board Committees - Past Contact Information Continuity Contracts Contractual Compliance Newsletter Contractual Compliance Program Corporate Documents Correspondence Country Code TLD Managers - Information for Country-Code Names Supporting Organization (ccNSO) Country-Code Top-Level Domain Agreements Country-Code Top-Level Domain Board Materials Country-Code Top-Level Domain Listings DNSSEC Dashboard Dispute Resolution Options Documentary Information Disclosure Policy Documents Domain Name Dispute Resolution Policies E-Learning EPP Status Codes Expedited Registry Security Request Process Factsheets Fellowship Program Financial Information First-Time Visitors Former Directors Frequently Asked Questions GNSO Improvements General Documents Generic Names Supporting Organization (GNSO) Generic Top-Level Domain (gTLD) Program Generic Top-Level Domain (gTLDs) Life Cycle Generic Top-Level Domain Information (gTLDs) Global Partnerships Glossary Governance Documents Governmental Advisory Committee IANA Agreement IANA ccTLD Reports IANA ICANN Info ICANN Organizational Reviews IDN Glossary IDN ccTLD Fast Track Process IPv6 Policy In Focus Independent Review Proceeding Documents InterNIC Internal Procedure for Conflicts with Privacy Law Internationalized Domain Names Links Litigation Documents Major Agreements Meetings for the Next Decade Consultation Meetings Mission Monthly Registry Reports News Newsletters & News Alerts Newsletters Archive Nominating Committee Ombudsman Operating Plan (see Strategic and Operating Plan) Organizational Chart PGP Keys Participate in ICANN Partnership Memorandums of Understanding Payments to ICANN Photos Planning Process Policy Area Policy Issue Briefs Policy Update Presentations President and CEO President's Strategy Committee Press Resources Public Comment Publications RSS Feeds Reconsideration Requests Reconsideration and Independent Review Registrants Information Registrar Accreditation Agreement Amendments Registrar Accreditation Overview Registrar Advisories Registrar Agreements Registrar Complaints Registrar Data Escrow Program Registrar Information Registrar Problem - Get Help Registrars - Accredited Registry Agreements Registry Information Registry Listings Registry Monthly Reports Registry Services Evaluation Process Report Inaccurate Whois Information Requests for Proposals Resources Root Server System Advisory Committee (RSSAC) Security Team Security and Stability Advisory Committee (SSAC) Speeches Sponsored Top-Level Domains Staff Strategic and Operating Plan Supporting Organizations Transfers Travel Support Universal Acceptance of All Top-Level Domains Video Vint Cerf's Legacy Letter to ICANN Community Website Enhancement Whois Information Whois Search Wiki - Resolutions Project

        Search 

• Documents
•  

To the ICANN Board:

The ICANN Security and Stability Committee has developed a recommendation regarding the Whois protocol and I wanted to take this opportunity to call your attention to it.

Whois has traditionally been used by the Internet community to identify and provide information for contacting the person or organization responsible for administering an Internet resource (identified by an IP address or domain name). This has been successfully used in a cooperative manner for situations such as informing the person or organization of inappropriate use of the resource (security), or misconfiguration of the resource (stability). Whois information is thus important for the security and stability of the Internet, as the administration and control of Internet resources is widely distributed and Whois is used to contact the administrators of Internet resources of security and stability issues.

Whois is also used for other purposes, including

• by registrars to authenticate transfers
• by the intellectual property community
• by individual Internet users to complain to an administrator of a resource upon receipt of SPAM mail
• by business users for marketing

The Whois task force within the GNSO is reviewing Whois issues from the perspective of all its uses. The Security and Stability Committee has reviewed WHOIS purely for its use to contact the administrators of Internet resources with regard to security and stability issues.

I have attached below the Executive Summary of the recommendation for your convenience. You will find the complete text here:

In HTML: http://www.icann.org/committees/security/whois-recommendation-01dec02.htm.

In PDF: http://www.icann.org/committees/security/whois-recommendation-01dec02.pdf.

We welcome any comments or questions you may have.

Steve Crocker <steve@stevecrocker.com>
Chair, Security and Stability Committee <dnssac-comment@icann.org>

---

EXECUTIVE SUMMARY
of the Whois Recommendation

The port 43 Whois protocol has traditionally been used by the Internet community to identify and provide contact information for the person or organization responsible for many Internet resources, for example, a domain name or an IP address. It has been successfully used in a cooperative manner for situations such as informing a person or organization of inappropriate use of their resource (security), or incorrect configuration of their resource (stability). Whois data is thus important for the security and stability of the Internet as the administration and control of Internet resources is widely distributed.

It is essential that Whois data used to provide contact information for the party responsible for an Internet resource is validated at the time of a registrant's initial registration and on a regular basis thereafter. When records can not be validated they must be frozen or held until they are updated or removed.

In order for Whois data to be readily available it must be both accessible and usable by automatic tools. To be accessible the Whois protocol must be updated to support the recent shift in the architecture to separate the functions of the registry and the registrar. This shift has made it impractical to support searching and frequently makes it difficult to find Whois services. To be usable the data returned by Whois services must in be a common format.

However, being accessible and usable must also protect a registrant's privacy. Many countries require that personal information is protected but in addition registrants may wish to discourage the unintended, undesirable, and otherwise unwanted uses of their Whois data. In particular, it is widely believed that Whois data is a source of email addresses for the distribution of spam. Methods must be developed to discourage the harvesting or mining of Whois information.