<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Privacy and security issues

  • To: "Amelia Effendi" < >
  • From: Patrik Fltstrm < >
  • Date: Thu, 16 Oct 2003 05:02:42 +0200

On 16 okt 2003, at 02.24, Amelia Effendi wrote:

in regards to ENUM implementation, issues like privacy and security cannot be avoided. the concern arise on what should be contained in the WHOIS and Tier 2 NAPTR record. With WHOIS, MAYBE to only allow a certain eligible people to access the record by having PIN number and password?
As John said, passwords doesn't go into the RFC 954 protocol, but in a potential new Whois _service_.

You can also (which is already done in many ccTLDs in the world) decide what data you have in Whois to make sure you don't disclose too much about the registrant. For example, you might have only technical information there and no information about the registrant at all. Remember, whois is not needed at all (in general) for any protocol on the Internet. It is a help for operations.

Regarding the NAPTR records, the only thing which should be disclosed is information which the holder of the phone number accept having there. This is why ENUM is an opt-in system.

For more information, see draft-ietf-enum-privacy-security-01.txt

regard, patrik


on top of that there is a risk of spamming as well. some spamming prevention method such as filtering, diital certificate could and have proven to be failed with recently in Telstra Australia Bigpond Internet is down because of the spam attack.

from your point of view, what are other possible privacy and security issues and the possible prevention method of those issues? i believe that this cannot be left to the last minute when transisioning from trial to commercialise.

Thank you,
Amelia




  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>