|
NUM looks to me like a great improvement over the defacto 'status quo' of DNS, Search Engines, and 'Site Sifting' for useful info. I do have some concerns about the plan to make the owners of various domains that much easier to locate and/or name in lawsuits, as at least here in the US, I could see that info being rather easily abused, along with the initial focus on 'contacts' (see my further comments/concerns below). That said, given you asked for feedback/suggestions, and what looks to me the focus and high level of usefulness of NUM, especially on streamlining the overall process for 'inter-entity transactions' (whether personal, commercial, or whatever) I believe that a rather useful 'module' (and likely better yet, some number of modules), I would see as Services, Products, and/or Solutions. Each of those can be seen as either Standard or Custom or perhaps even involve both (ie, a standard Solution for xyz market typically includes abc standard products as well as def custom services or whatever) This could easily include info about various products, as well as entire 'product lines', along with direct connect to marketing/sales materials and/or contacts, list/actual pricing, specific support resources, whether contacts and/or documentation (manuals) and/or even ways or sites that their organization prefers for handling certain interactions (phone calls, texts, chat, or even say direct (and perhaps non-disclosed) 'click to connect' methods, whereby entering a 'client id' (or having some security certificate) that then perhaps creates a direct connection, or maybe provides a custom 'menu' of options directly available, or whatever, might become possible Also, given that many companies, groups, governments could also likely use something like this Internally as well, perhaps create the ability to 'federate' the NUM info (both up and down). Taking that to the next logical step, there could be NUM data/records flagged for different 'audiences' These 'audience' entries then could be used to auto-magically publish 'internal', 'external', 'vendor', 'client', 'employee', or whatever type records in appropriate places and ways, in NUM, thus helping to maintain appropriate access, security, permissions, etc. I do really like the option to include public keys as well, as that opens up avenues to directly and easily establish programmatic methods for fully encrypted communications, transactions, file transfers, and whatever else. In fact, using an organizational public key, along with an employee-designated key (plus whatever other factors) could then be used to instantly create say a Wireguard connection to whichever resources (perhaps including additional NUM/DNS records, data, etc) that that individual has been provided with access to, thus creating a fairly easy way to establish 'Zero Trust', yet fully functional [net]work environments, allowing equal access, no matter where one might happen to be located That could simultaneously allow for a reduced, if not single, set of security protocols/parameters per organization, and given that simplification effectively tends to increase overall organizational security, similar to how Wireguard is seen as so revolutionary, due to it's simplicity when compared to legacy VPN technologies That said, I do believe that, additionally, especially for personal contacts/sites/details, and/or organizational units, there really ought to be methods (put) in place to allow for some level of anonymous yet authenticated access, such that NUM doesn't inadvertantly disclose info that ends-up creating yet more 'attack surface' for 'bad actors' A simple example might be what happens by 'scraping' sites, winnowing down that info, and then publishing it (in clear text). That would of course be done in an effort to 'help', though I could see that rather easily causing inadvertent complexities, or even outright disasters, especially given how much 'less than skilled' disclosure of info, whether at the individual/family level or at various organizational entities/levels, I have seen happening time and again on Many web-sites world-wide. Those bits of info Currently tend to be obscured by exactly the nature of how the web has developed (and that NUM seems to be well positioned to address and effectively resolve moving forward) and Yet, at the same time, taking all those juicy bits of info, boiling them all down, and 'canning' them, such that Any script kiddie could then (far more easily And programmatically) utilize all that 'condensed goodness' to then target Anyone or Any group just about Anywhere, simply using NUM's (assuming publicly accessable) data, could well cause some unintended back-lash, if not handled with care. I do realize that this last one could be an area where there is no simple answer, at least not yet, and I believe I would be remiss if I didn't mention my concerns here as well |
I don't think site ownership data is something to be concerned about since we'll only publish that if we find it on the website. So if a company doesn't have a website or has no company details on their website then we won't populate a record for it. So it's unlikely NUM would make it any easier to name a domain registrant in a law suit than the website would.
I think a module that lists a company's products or services could have some really interesting applications.
NUM is of course compatible with all DNS implementations, so a local DNS zone mycompany.local could hold it's NUM records in _num.mycompany.local – I think this has got a lot of potential for large companies and public sector organisations.
You're right that great care needs to be taken when scraping website data and publishing it to the DNS to prevent inadvertent publishing data that was intended to be private or was published to the web before spam was such an issue, also for GDPR reasons. It's unavoidable that making machine-readable data open and freely available will result in it being consumed through automated means and it's likely that some of this data will be used in ways which are undesirable.