ICANNWatch
 
  Inside ICANNWatch  
Submit Story
Home
Lost Password
Preferences
Site Messages
Top 10 Lists
Latest Comments
Search by topic

Our Mission
ICANN for Beginners
About Us
How To Use This Site
ICANNWatch FAQ
Slash Tech Info
Link to Us
Write to Us

  Useful ICANN sites  
  • ICANN itself
  • Bret Fausett's ICANN Blog
  • Internet Governance Project
  • UN Working Group on Internet Governance
  • Karl Auerbach web site
  • Müller-Maguhn home
  • UDRPinfo.com;
  • UDRPlaw.net;
  • CircleID;
  • LatinoamerICANN Project
  • ICB Tollfree News

  •   At Large Membership and Civil Society Participation in ICANN  
  • icannatlarge.com;
  • Noncommercial Users Constituency of ICANN
  • NAIS Project
  • ICANN At Large Study Committee Final Report
  • ICANN (non)Members page
  • ICANN Membership Election site

  • ICANN-Related Reading
    Browse ICANNWatch by Subject

    Ted Byfied
    - ICANN: Defending Our Precious Bodily Fluids
    - Ushering in Banality
    - ICANN! No U CANN't!
    - roving_reporter
    - DNS: A Short History and a Short Future

    David Farber
    - Overcoming ICANN (PFIR statement)

    A. Michael Froomkin
    - When We Say US™, We Mean It!
    - ICANN 2.0: Meet The New Boss
    - Habermas@ discourse.net: Toward a Critical Theory of Cyberspace
    - ICANN and Anti-Trust (with Mark Lemley)
    - Wrong Turn in Cyberspace: Using ICANN to Route Around the APA & the Constitution (html)
    - Form and Substance in Cyberspace
    - ICANN's "Uniform Dispute Resolution Policy"-- Causes and (Partial) Cures

    Milton Mueller
    - Ruling the Root
    - Success by Default: A New Profile of Domain Name Trademark Disputes under ICANN's UDRP
    - Dancing the Quango: ICANN as International Regulatory Regime
    - Goverments and Country Names: ICANN's Transformation into an Intergovernmental Regime
    - Competing DNS Roots: Creative Destruction or Just Plain Destruction?
    - Rough Justice: A Statistical Assessment of the UDRP
    - ICANN and Internet Governance

    David Post
    - Governing Cyberspace, or Where is James Madison When We Need Him?
    - The 'Unsettled Paradox': The Internet, the State, and the Consent of the Governed

    Jonathan Weinberg
    - Sitefinder and Internet Governance
    - ICANN, Internet Stability, and New Top Level Domains
    - Geeks and Greeks
    - ICANN and the Problem of Legitimacy

    Highlights of the ICANNWatch Archive
    (June 1999 - March 2001)


     
    Laugh (or Cry) "Whois there?" "No one."
    posted by tbyfield on Saturday July 19 2003, @09:03AM

    On 18 July, the New York Times's John Markoff sparked a storm in a cup with an article describing how recent changes to the White House's email setup forced constituents to navigate up to nine pages in order to send mail to POTUS -- because he was no longer accepting email sent via, well, email. However, ever-responsive to the second superpower, public opinion, the White House climbed down: another article in today's NYT, by Matt Richtel, notes that the dubious design had been fixx0red. Well, sort of...



    To find the webmail form now, you need only go to http://www.whitehouse.gov/ and click "CONTACT" in the navbar at the top of the page, which -- reasonably -- sends you to http://www.whitehouse.gov/contact/ . But on that page, there's a link to "White House Web Mail" which sends you off to https://sawho14.eop.gov/PERSdata/intro.htm -- a page on a different, inscrutably named secure whose certificate "was signed by an unknown certifying authority" (Safari), "has an identity that cannot be verified" (Mozilla), whose "identity certificate issuer is unknown" (MSIE), and whose "certificate chain could not [be] verified" (OmniWeb). The latter excellent piece of software provides much more detail:
    • C=US
    • ST=District of Columbia
    • L=Washington
    • O=Executive Office of the President
    • OU=Information Systems and Technology Group
    • OU=Terms of use at www.verisign.com/rpa (c)00
    • CN=sawho14.eop.gov
    • Validity period: not before Sat Mar 08 00:00:00 UTC 2003 and not after Sun Mar 07 23:59:59 UTC 2004
    • MD5 Fingerprint: 0819 EE9A F749 18F1 1ACB 8BA8 01FE 55F8
    • SHA1 Fingerprint: 87CE 0004 0DEF B694 B9EB A77F 7BA1 1CBB 7F1E 188E
    • Issuer:
      • O=VeriSign Trust Network
      • OU=VeriSign, Inc.
      • OU=VeriSign International Server CA - Class 3
      • OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
    Now, any sensible U.S. citizens will of course speculate that the "EOP" in eop.gov probably stands for something like "Executive Office of the President"; but, being sensible, s/he will doublecheck by, say looking at the site. Unfortunately, https://sawho14.eop.gov/ will refer the citizen back to the White House's site. And there aren't any webservers running under http://eop.gov or http://www.eop.gov. But said citizen, being diligent as well, will then turn to http://www.nic.gov for the straight dope, only to be confronted with a clickwrappian offer that can't be refused (because there's only an "agree" button):
    Warning! Use of this site is restricted!

    This computer system is for the use of the United States Government. Unauthorized access, or access which exceeds authorized access is punishable under 18 USC 1030.

    After agreeing and a few clicks on this nicely designed site, the citizen will learn that the domain eop.gov is "not available for registration" and that it's status is "active." But what s/he won't learn is who the registrant actually is. Now, like our president, I am absolutely certain that someone could gad about all over the net to find out what EOP is. But who knows what kind of misinformation one might find on random web pages put up by those kooks who use the net...like the ones at ComputerWire who reported in September 2002 that VeriSign had restricted whois info for the .gov TLD. For security reasons, of course.

    So one just has to trust -- without verifying.

    But who, or what, are we to trust? The government? I dunno... officials say the darndest things. VeriSign? But they're the ones who issued sawho14.eop.gov's certificate, which didn't pass muster to begin with. Our browsers? That doesn't sound like a prudent policy outcome.

    The point, of course, points at the paradox of whois: the need, on the one hand, to maintain it as an openly accessible resource for legitimate use, while restricting it, on the other hand, to prevent illegitimate uses. I won't pretend to know the answer; nor would I suppose that one policy fits all TLDs. But I do know that closing off whois for government sites is shortsighted. The ability to verify that a purportedly governmental site really is what it appears to be (and to be able to contact its maintainers, if necessary) is a Good Thing. For example, what if rather than haxx0ring the front page of a government site, someone were merely to change a single contact link buried nine pages down -- say, so that it pointed at a non-existent military site or a bogus government site (problems that erupted, respectively, four and five months after the battening-down of whois for .gov)? With a functional whois, a diligent citizen might be able to help our officials in a few minutes; but with whois hidden by the veil of "national security," good luck.

     
      ICANNWatch Login  
    Nickname:

    Password:

    [ Don't have an account yet? Please create one. It's not required, but as a registered user you can customize the site, post comments with your name, and accumulate reputation points ("karma") that will make your comments more visible. ]

     
      Related Links  
  • VeriSign/NSI
  • ICANNWatch.org
  • New York Times
  • http://www.whitehouse.gov/
  • http://www.whitehouse.gov/cont act/
  • https://sawho14.eop.gov/PERSda ta/intro.htm
  • Safari
  • Mozilla
  • MSIE
  • OmniWeb
  • https://sawho14.eop.gov/
  • http://eop.gov
  • http://www.nic.gov
  • gad about all over the net
  • what EOP is
  • reported
  • darndest things.
  • non-existent military site
  • bogus government site
  • our officials
  • article
  • second superpower
  • article
  • More on Laugh (or Cry)
  • Also by tbyfield
  •  
    This discussion has been archived. No new comments can be posted.
    "Whois there?" "No one." | Log in/Create an Account | Top | 5 comments | Search Discussion
    Click this button to post a comment to this story
    The options below will change how the comments display
    Threshold:
    Check box to change your default comment view
    The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
    Long article, but well worth it
    by dmehus on Saturday July 19 2003, @11:51AM (#11986)
    User #3626 Info | http://doug.mehus.info/
    Yes, this was probably one of the longest ICANNWatch articles but it was a good one. It was eye opening to know the U.S. government, which claims to be "open and transparent," shuts down its public whois service in the interests of "national security." Mr. Byfield is correct, if there is ever a time for a public whois database, it is with government domain names -- be they .GOV or gov.ccTLD. :)

    Best,
    Doug
    Doug Mehus http://doug.mehus.info/ [mehus.info]
    [ Reply to This | Parent ]


    Search ICANNWatch.org:


    Privacy Policy: We will not knowingly give out your personal data -- other than identifying your postings in the way you direct by setting your configuration options -- without a court order. All logos and trademarks in this site are property of their respective owner. The comments are property of their posters, all the rest © 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 by ICANNWatch.Org. This web site was made with Slashcode, a web portal system written in perl. Slashcode is Free Software released under the GNU/GPL license.
    You can syndicate our headlines in .rdf, .rss, or .xml. Domain registration services donated by DomainRegistry.com