Expiration dates allow registrants to see when their names are expiring; a domain management task.
Domain management is done by Registrants at their Registrar, who will know the dates (and indeed should be the authoritive source for those dates) - the domain can't be "managed" anywhere else or (in most circumstances) by anyone else Dates are not necessarily "correct" on a whois (so for 1/12th of the year tend to confuse more than they help) due to registrar auto renewal and so on And in my experience very few registrants understand whois, and the majority of those that do at least "get it" incorrectly use 3rd party sites, cached database copies, random google links, clickbaits etc and not the registry/registrar version anyway - so the potential for mistakes and misunderstandings grows exponentially Let's remember most of the WG are not "ordinary internet users" or even "common registrants" we all "get it" but we're an infinitesimally small minority.
Expiration dates make the domain name secondary market possible.
Yes, I agree. Unfortunately we're into playing the "risk vs reward" game I'd rather not see the WG go with the UK Gov't view - that the potential to maybe catch 1 criminal is worth taking away the civil liberties of 65 million law abiding individuals :(
Create dates are important for assigning reputation to domain names and protecting consumers and Internet users.
I must have missed the RFC for the Internet Nanny protocol, thus am not sure how reputation of domains works ;) Presumably these are 3rd party "services" which are making money out of the registries', registrars' and registrants' data they are harvesting for free from whois ?
Domains are often hijacked when the attacker gains control of the registrant account.
Yes, and that would be massively more difficult if the Registrar data wasn't public, but I do agree that is a small enough %age to warrant the inclusion of registrar details if we have any RDS output, benefits outweighing risks, but they're specific and targetted attacks
So the status does not even matter.
It certainly does. Is a car more likely to get stolen because it's left unlocked, or because it exactly matches a specific item on a "shopping list" ? It's functionally equivalent to the difference between broadcasting the state of your front door lock at all times, and having a locked door kicked-in during your absence If there was a global+accurate list of which homes were "open", who do you think benefits from that ? People that break into homes, people that market security systems, people who want to illegally squat, a family member who has forgotten their keys - the list is practically endless - and again it's the risk vs reward The only time items have ever been stolen from my garage was the one time I got distracted to sign for a parcel delivery as I was wheeling out my bike, and rode off without putting the padlock back on Simply put more data = better targetting (for good or ill)
Domain names enable lots of crime.
Do they ? Really ? Of course I agree that *some* crimes may involve domain names in some way. Everything can be, will be and is used in a crime at some point. Lots of crimes involve a vehicle, but the ownership details, dealership details, manufacturer details and so on of every vehicle in existence isn't "public" for people to do what they like with - I'd suggest that if it were it would increase crime not reduce it. Can "those that *need* to know" get some of that data - yes, probably rightly, although the amount of data and the list of accessors is severely limited
Is the response to that problem to make domain names very difficult and expensive to register? Or is making registration information available one proportional and reasonable response to the problem?
If they are the only 2 answers available to choose from , I clearly haven't understood the question. What we need is sadly not do-able. All data about my-domain.ext should be locked away in an impenetrable opaque bubble, and legitimate requests for select information can be allowed temporary view-only access, all external copies of it blow up at a specific time, it can't be further shared, the view is logged, the data can be remote detonated, further / repeat access recalled at any point etc In fact what we need is that for all data about anything with appropriate interconnectors for it all Sadly 40 million years ago a caveman realised that you could paint on a wall and permanent data records, sharing, public viewing etc have existed ever since :( Rob