Bill Stewart (bill.stewart@pobox.com)
Sun, 28 Feb 1999 22:43:38 -0800
I'd look at several pieces of the problem -
- what things need to be known
- who needs to know them, under what conditions
- what needs to be hidden from whom, under what conditions.
Crypto may or may not help.
Let's consider one possible non-crypto solution, and then
see if crypto can help hide stuff, or if it can't be hidden.
1) There is only one registrar for the interesting set of domains
(e.g. .com, .net, .org, but you don't care about .tw or .za)
2) The registrar keeps a database of all registrant contact info,
attempting to have only one record per registrant,
indexed by ContactIDNumber
3) The whois database lists the ContactIDNumber, and if there's a subpoena
the registrar can reveal the contact info for that number.
4) There's some mechanism provided by the registrar to send email
to the contacts, e.g. TechContact1234567890@registrar.iana.org
If there's more than one registrar, then crypto might be useful
for registrars to detect people who register in both their databases.
I suspect that detecting duplicates is only possible through human effort -
if you can't tell from plaintext that two records are the same,
the encrypted or database-index-hidden comparison is impossible.
You can get some correlation from street addresses, some from cities,
some from technical and billing contact info.
How do you tell one customer with multiple registrations from
multiple customers using the same middlemen, e.g. same web hosters
(thus same tech/billing contacts), same lawyers handling registrations, etc.?
My experience with tracking spammers has been that there are often
multiple business names with identical or similar addresses -
"Success Through Spamming, 1234 Main Street Suite 100, NYC, NY 10001"
"MegaSpammer Success Club, 1234 Main Street Suite 200, NYC, NY 10001"
are probably the same people - but are Suite 100 and Suite 200
different offices with different people in a big building, or
different file folders in one spammer's single-family home, or
different file folders in one consultant's office that provides
business services for multiple clients who really are different?
Crypto _can_ help with
- keeping the registrar's database from being stolen/subpoenaed en masse,
rather than a record at a time. (But can you trust governments
not to insist on it anyway?)
- providing separate keyed hashes for pieces such as phone numbers,
street addresses, etc. which lets you tell if two records
have any parts in common. Note that a plain vanilla hash
isn't good enough - it's easy to try hashing all the US phone numbers,
and not too tough to try all the phone numbers in the world.
But a keyed hash, where you don't give out the key, should do.
At 11:02 PM 2/26/99 -0500, Michael Froomkin - U.Miami School of Law wrote:
>As some of you may know, I'm involved in a little brawl about domain
>names (details at http://www.law.miami.edu/~amf).
>
>It would be really useful to have a cryptographic solution to a part of
>the problem.
>
>Suppose we move to a system of Domain Name registrations in which people
>can be anonymous, or pseudonymous, but at the same time wish to have some
>way of identifying the people engaged in large-scale domain name
>speculation. Are these ends compatible? In a world without distinguished
>names, is there a way to design a system that has these properties (#3 is
>the hard one):
>
>1) every registrant can be anonymous or pseudonymous but must provide
>contact details that could be accessed in the event of a subpoena. They
>would not show up on whois to the whole world. (data is entered into a
>computerized form with no human verification) The best version has the
>data put in some form whichthe registrant can decrypt when the subpoena
>comes or else lose the domain name.
>
>2) registrants who provide false contact details can be detected upon a
>challenge by a third party, but the third party does not get to know
>accurate contact details.
>
>3) it is possible for a third party who wishes to challenge the
>registration of Domain DN1 to find out how many other domains have been
>registered by the owner of DN1, and what they are, without necessarily
>finding out the identity of the registrant.
>
>
>I'm willing to hypothesize the existence of an honest broker if I
>have to, in which case #s 1 & 2 are trivial, but I would rather not.
>
>We must assume that some registrants are malicious and will lie like a rug.
>
>Best I can do is to publish a hash (or public-key encryption if the hash
>is too easy to break on a small range of numbers like telephone numbers)
>of their phone numbers, on theory that people usually only have a small
>number of lines. But that's not very good. Certainly names and/or
>addresses won't do it given the possibilities for creative data entry....
>
>Like I always say, I'm not a cryptographer, I just know several.
>
>
>A. Michael Froomkin | Professor of Law | froomkin@law.tm
>U. Miami School of Law, P.O. Box 248087, Coral Gables, FL 33124 USA
>+1 (305) 284-4285 | +1 (305) 284-6506 (fax) | http://www.law.tm
> --> It's warm here. <--
>
>
>
>
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28