Re: Privacy and security issues
- Date: Thu, 16 Oct 2003 05:02:42 +0200
On 16 okt 2003, at 02.24, Amelia Effendi wrote:
in regards to ENUM implementation, issues like privacy and security
cannot be avoided. the concern arise on what should be contained in
the WHOIS and Tier 2 NAPTR record. With WHOIS, MAYBE to only allow a
certain eligible people to access the record by having PIN number and
As John said, passwords doesn't go into the RFC 954 protocol, but in a
potential new Whois _service_.
You can also (which is already done in many ccTLDs in the world) decide
what data you have in Whois to make sure you don't disclose too much
about the registrant. For example, you might have only technical
information there and no information about the registrant at all.
Remember, whois is not needed at all (in general) for any protocol on
the Internet. It is a help for operations.
Regarding the NAPTR records, the only thing which should be disclosed
is information which the holder of the phone number accept having
there. This is why ENUM is an opt-in system.
For more information, see draft-ietf-enum-privacy-security-01.txt
on top of that there is a risk of spamming as well. some spamming
prevention method such as filtering, diital certificate could and have
proven to be failed with recently in Telstra Australia Bigpond
Internet is down because of the spam attack.
from your point of view, what are other possible privacy and security
issues and the possible prevention method of those issues? i believe
that this cannot be left to the last minute when transisioning from
trial to commercialise.