[gnso-rds-pdp-wg] Possible Requirements from RFC 3912: WHOIS Protocol Specification

[Hollenbeck, Scott]

RFC 3912: WHOIS Protocol Specification

https://tools.ietf.org/html/rfc3912

>From Section 4 (Internationalisation):

"The WHOIS protocol has not been internationalised.  The WHOIS protocol has no mechanism for indicating the character set in use. Originally, the predominant text encoding in use was US-ASCII.  In practice, some WHOIS servers, particularly those outside the USA, might be using some other character set either for requests, replies, or both.  This inability to predict or express text encoding has adversely impacted the interoperability (and, therefore, usefulness) of the WHOIS protocol."

Associated charter question(s):

System Model: What system requirements must be satisfied by any next-generation RDS implementation?

This text implies that there is an RDDS requirement for internationalization support.

>From Section 5: (Security Considerations):

"The WHOIS protocol has no provisions for strong security. WHOIS lacks mechanisms for access control, integrity, and confidentiality. Accordingly, WHOIS-based services should only be used for information which is non-sensitive and intended to be accessible to everyone."

Associated charter question(s):

Users/Purposes: Who should have access to gTLD registration data and why?

Gated Access: What steps should be taken to control data access for each user/purpose?

Privacy: What steps are needed to protect data and privacy?

This text implies that there should be a requirement to provide services for access control, integrity, and confidentiality. It also suggests that WHOIS should not be used to access sensitive information.

Scott