RE: ENUM privacy and security
- Date: Tue, 30 Sep 2003 09:05:01 +0200
Hi Amelia,
In principle a WHOIS or WHOIS-like data base is absolutely necessary for
ENUM Tier 1
operations, the question is only the data it contains.
Option1: It contains only the absolutely necessary data for operation,
e.g. nameserver provider
and registrar handle, but no data related to the domain name holder.
This data may be retrieved
on request by law-enforcement from the registrar (thin registry)
Option2: The complete information as usual is contained at Tier 1 level
(thick registry)
This has some advantages
The options are also depending on who is doing the validation. If it is
done by the Tier 1
via a centralized database, the data need to be there anyway.
If the data is available at the Tier 1 (Option2), there is still the
question who may access
the data. IMHO the most flexible solution is to provide the data at the
Tier 1, but provide
access only to selected entities in general. The subscriber may also
decide by hinself
(again opt-in), if his data is accessible by the public (similar to the
phone directory).
Richard
> -----Original Message-----
> From: Amelia Effendi [
]
> Sent: Tuesday, September 30, 2003 5:15 AM
> Subject: ENUM privacy and security
>
>
> Hi all,
>
> it came up to my attention about ENUM privacy and security.
> according to the ENUM USA forum, the focus is on Tier 2 NAPTR
> where collection of information from consumer is happening,
> as well as the WHOIS database where people can look up for
> other's information.
>
> there is a debate in australian ENUM whether we should
> involve WHOIS or not for privacy reason.
>
> in my opinion, there should be a dedicated entity to handle
> the record collection and maintenance and another entity to
> ensure that the dedicated entity is doing the job properly
> according to the regulation.
>
> i would like to know from your point of view on the
> management of information flow in Tier 2 NAPTR and the WHOIS
> database?
> i think it is a good idea to keep the WHOIS database, yet
> only the privileged people that is allowed to access the
> database (e.g having PIN number)
>
> thank you,
> amelia effendi
>
>