Michael Fincham Port 43 WHOIS Submission

Received: 26 January 2018

I am a regular and frequent user of the port 43 WHOIS service and have been for over ten years, both in a personal capacity and as part of my job.

While a web based WHOIS service would allow for additional anti-harvesting features (such as CAPTCHAs), the existing plain text port 43 service must also be retained. I do believe there is scope however to improve the port 43 service to address the "harvesting problem".

While my most frequent use of the port 43 service is to simply examine and manually verify the output (to verify a domain name's registration period, canonical nameserver delegation, registrar and contact information etc) I also regularly process the output through standard text processing tools.

Moving this information in to a web page would entirely remove the ability to easily further process the supplied information with standard text processing tools. Given that the WHOIS service is targeted at primarily technical users, those users are guaranteed to need to engage in further processing of the output. This type of data processing is, after all, what computers are for.

I acknowledge that there is a concern around bulk harvesting of information from the database, and that IP address rate limits have not historically been very effective.

During the consultation on what information should actually be collected for the WHOIS database I supported the collection of much less information, as I find it to be mostly superfluous and that the risks associated with storing and publishing personally identifable information are large.

Therefore, while I am adamant that a port 43 WHOIS service should be retained, I would be quite happy to see it modified such that it only returned this information:

- Domain registration period
- Details of the the registrar responsible
- Canonical nameserver and DNSSEC information
- A contact e-mail address
- A web link to any proposed "more detailed" output, with stronger anti-harvesting protection

Hopefully this would address the harvesting issue while not damaging the usefulness of the service too greatly.

I have these additional concerns: whatever anti-automation measure is selected for a hypothetical web WHOIS service, great care must be given to the accessibility of such a service. The existing service being plain text presents a very low barrier to accessible access, and any replacement or addition needs to retain this. This should be considered not only in the design of the pages themselves but also of, for instance, CAPTCHAs used in the page.

I would also love if InternetNZ was interested in sponsoring the development of a WHOIS-over-TLS specification to improve the privacy of the service. This would be of benefit to everyone, not just the .nz community.

Thank you,
Michael Fincham