Re: Privacy and security issues

[Patrik F�ltstr�m <]

On 16 okt 2003, at 02.24, Amelia Effendi wrote:

> in regards to ENUM implementation, issues like privacy and security 
> cannot be avoided. the concern arise on what should be contained in 
> the WHOIS and Tier 2 NAPTR record. With WHOIS, MAYBE to only allow a 
> certain eligible people to access the record by having PIN number and 
> password?
As John said, passwords doesn't go into the RFC 954 protocol, but in a 
potential new Whois _service_.

You can also (which is already done in many ccTLDs in the world) decide 
what data you have in Whois to make sure you don't disclose too much 
about the registrant. For example, you might have only technical 
information there and no information about the registrant at all. 
Remember, whois is not needed at all (in general) for any protocol on 
the Internet. It is a help for operations.

Regarding the NAPTR records, the only thing which should be disclosed 
is information which the holder of the phone number accept having 
there. This is why ENUM is an opt-in system.

For more information, see draft-ietf-enum-privacy-security-01.txt

    regard, patrik


> on top of that there is a risk of spamming as well. some spamming 
> prevention method such as filtering, diital certificate could and have 
> proven to be failed with recently in Telstra Australia Bigpond 
> Internet is down because of the spam attack.
>
> from your point of view, what are other possible privacy and security 
> issues and the possible prevention method of those issues? i believe 
> that this cannot be left to the last minute when transisioning from 
> trial to commercialise.
>
> Thank you,
> Amelia