This is a discussion on Re: dictionary attack on nameservers - DNS ; * Roy Badami: >>>>>> "Florian" == Florian Weimer writes: > > Florian> If the data were privacy-sensitive, it couldn't be shared > Florian> at all without explicit consent from the domain name > Florian> owner (at least according to most ...
* Roy Badami:
>>>>>> "Florian" == Florian Weimer
> Florian> If the data were privacy-sensitive, it couldn't be shared
> Florian> at all without explicit consent from the domain name
> Florian> owner (at least according to most EU law).
> That's an oversimplistic view of data protection legislation. One of
> the principles in the UK implementation is that personal data can only
> be used for the purposes for which it was collected.
Yes, of course. This means that if NS RRs (or other TLD zone
contents) were personal data, .COM/.NET registrars would have to
disclose what happens with this data (that is, VeriSign republishes it
in bulk, without any privacy safeguards). However, hardly any
registrar does this right now.
For TLD owners, there might be other contractual obligations not to
publish the zone contents in bulk. In this case, these obligations
should be named. I've got a huch that privacy is not the real issue.
And if it's not privacy but simply the business interest of a few
(certainly not all) TLD operators, it might make sense to refrain from
adding baroque features to DNSSEC just to please them.
In the meantime, the discussion whether domain names are comparable to
phone numbers and deserve equal protection has resurfaced in Germany.
If something goes wrong, domain names might be considered personal
data rather soonish. 8-(
to unsubscribe send a message to email@example.com with
the word 'unsubscribe' in a single line as the message text body.