[gnso-rds-pdp-wg] Message from Chuck in Advance of 16 Feb RDS PDP WG Meeting

Andrew Sullivan ajs at anvilwalrusden.com
Mon Feb 15 23:46:38 UTC 2016 

Hi,

I appreciate the outline of the approach to be taken to the work.  I'd
like to make two suggestions, however.

On Mon, Feb 15, 2016 at 10:41:50PM +0000, Gomes, Chuck wrote:

> ·         As I understand the charter, Phase 1 has the following primary tasks:
> 
> §  Define requirements for registration data services, regardless of the system used to deliver them

I do not believe those two questions are quite the right ones to ask,
and I think some slightly different ones can be understood to be
consistent with the charter.

On the first question, I do not believe we need to discuss
requirements for registration data services regardless of system for
delivery, because as a practical matter there are only a few options
for delivery:

    • Whois
    • EPP <info> commands
    • IRIS
    • RDAP

Of these, EPP makes no allowance at all for unauthenticated access and
probably would need to be modified to permit the kinds of use to which
people are accustomed, and IRIS is an undeployed protocol despite
having existed for quite a few years.  So, we're really stuck with
"RDS, regardless of whether it is retrieved via Whois or RDAP."

Now, there is more than one scenario under which people try to get
registration data, and the requirements in the different cases may as
a result differ.  In software development, we often capture this with
user stories.  "As a random user of the Internet, I want to…."  "As an
operator of a network with traffic involving some name, I want to…."
"As a law enforcement officer, I want to…."  And so on.  I have no
idea how many such profiles there are, but I bet there are lots.  I
think that any defining of requirements we do ought to be with respect
to some user profile.

The practical limitations of the Whois protocol, historically, has
coloured discussions about the requirements in the past.  It will help
us not at all if we do not recognise the existence of different roles
from the beginning, acknowledge that they'll have different needs, and
acknowledge that such different needs can at least in principle be
accommodated by different technologies.

> § Decide whether a new RDS is needed and, if so, why; or if not, how
> would existing Whois need to be modified.

The only possible way a new RDS is not needed is if we conclude that
every type of user needs the same data every time.  If we conclude
that, I suggest, we will richly deserve the derision that will surely
rain upon us.

Moreover, there is a ready and waiting replacement for Whois, it is
easy to develop and deploy, and it is already being used by RIRs for
their purposes.  So, I think it would be better here to ask what kinds
of data (now available in Whois) ought to be used for different
use-cases as determined in step 1, and then determine whether such
data is expressible in RDAP and how.

Best regards,

A


-- 
Andrew Sullivan
ajs at anvilwalrusden.com

More information about the gnso-rds-pdp-wg mailing list