Hi, I'd like to point you to two documents which implicitly refer to WHOIS. http://www.isc.org/files/imce/ghostdomain_camera.pdf Problem description: An attacker registers a domain, set up out large TTL values, starts the phishing attack and removes the domain. The caching effect of the large TTL values results in real world usage of the domain name, while the registry does not have any data in the WHOIS. Other kinds of this attack involves domain transfers or rapid contact data changes. Obvious solutions (might be wrong): - Hold historic data in the WHOIS servers, allow browsing the histroy. This requires a subtantial protocol change as well as various contact and policy changes. - Limit the change rate. This was sucessfully tried to prevent domain tasting. And - of course - it will not solve the problem ;-) http://www.online-und-recht.de/urteile/Kein-urheberrechtlicher-Internet-Ausk... Problem description (an a rough translation): Fighting against online intellectual property misuse typically involve requests to the access provider to map (IP address, timestamp) pairs to subscriber contract details. In the cited case the court denied the right to obtain this information, because the IP address was statically assigned. So the IP address is not longer part of the call/traffic data record (access allowed), but part of the master data record (access denied). In order to have "easy access" to the master data record, WHOIS came into the discussion in various law blogs. Obvious solutions (might be wrong): - IP WHOIS is considered to be a valid ressouce for law enforement as well as private and civil law activities. ICANN needs to be liable for all those kinds of law. - IP WHOIS is shut down in order to prevent the bypass of lawful access restrictions. Thank you for reading.