[gnso-rds-pdp-wg] We should not build atop whois (was Re: Domain Name Certification )

Chuck consult at cgomes.com
Tue Jan 9 23:58:04 UTC 2018 

Holly,

I will let Andrew respond as he can best do, but I do want to point that
this WG does not need to focus on the protocol, old or new.  It is a
established fact that we will be using the RDAP protocol in whatever the WG
recommends, i.e., a modification of the existing registration data system or
a new one.

Chuck

-----Original Message-----
From: gnso-rds-pdp-wg [mailto:gnso-rds-pdp-wg-bounces at icann.org] On Behalf
Of Holly Raiche
Sent: Tuesday, January 9, 2018 3:49 PM
To: Andrew Sullivan <ajs at anvilwalrusden.com>
Cc: gnso-rds-pdp-wg at icann.org
Subject: Re: [gnso-rds-pdp-wg] We should not build atop whois (was Re:
Domain Name Certification )

Andrew

I am always grateful for your very clear explanations - thank you.

My question now - this discussion is about the Whois protocol.  We now have
protocols for RDAP.  To what extent should we stop using references to
Whois, and start talking specifically about the RADP protocols that have
been designed for the 21st century internet, and to what extent if any do
they address the problems with registration data bases that you have
identified - 

Thank you

Holly


On 10 Jan 2018, at 10:29 am, Andrew Sullivan <ajs at anvilwalrusden.com> wrote:

> On Tue, Jan 09, 2018 at 10:40:19PM +0000, benny at nordreg.se wrote:
> 
>> My point is that the purpose for collecting data to RDS should not be 
>> build upon the needs for other systems build on top the present Whois
> 
> If that's what you think, then I believe we disagree very strongly.
> Many of the problems with respect to the registration databases and 
> with respect to regisration data directory services can be traced 
> directly to the problems with whois.  It seems to me that this litany 
> has been recited before (more than once by me), so those who remember 
> it can stop reading; but to remind people what I'm talking about with 
> respect to these data and policy problems, here are a few:
> 
>    1.  WHOIS was designed in an era when the entire names registry
>    was completely centralised, in the NIC.  So, it did not need to
>    become a distributed system, and it wasn't designed for
>    distributed operation.  (To be clear: the NICNAME specfication is
>    in RFC 812, which is dated March 1982.  The first DNS
>    specification is in RFC 882, from November of 1983.  NICNAME
>    didn't have to deal with a distributed database _at all_: it was
>    about the HOSTS.TXT file and the related metadata.  Obviously,
>    people knew DNS was coming, but it wasn't a thing yet.)
> 
>    2.  Adding references to whois in order to make a distributed
>    protocol -- rwhois, whois++, and some other flavours -- never
>    really worked.  This meant that it was unreliable which
>    (registrar) database you'd get some whois information from, which
>    meant you often got stale data from the wrong registrar.  This,
>    more than anything else, was the incentive behind "thick"
>    registries, which is why registries ended up having information
>    about registrants, with whom they do not strictly speaking have a
>    direct contractual relationship.  (I observe that now we seem to
>    be treating an awful lot of data that is collected by registrars
>    and transmitted to registries as just "data that is collected",
>    which was why I was trying to figure out the delimitation of the
>    RDS some months ago.)
> 
>    3.  WHOIS was designed as a simple-minded human-consumable
>    call-and-response protocol when internationalisation didn't work
>    reliably on a single computer, never mind on the network.  So it
>    knows nothing about different types of data and therefore cannot
>    handle the data in different ways according to context.
>    Therefore, the ICANN whois policies have all kinds of extraneous
>    rules about formatting, how "fields" need to be handled, and so
>    on.  None of this belongs in a policy, but it's there because the
>    protocol was wrong.
> 
>    4.  WHOIS was designed and deployed for a network in which
>    practically all the users were also developers of the network, and
>    where the scope of the users of the network was controlled because
>    of contractual arrangements permitting connection in the first
>    place.  Therefore, it has no notion of "context" and cannot do
>    anything to determine who is asking a query or to determine
>    authorization.  Many of the debates about privacy turn out to be
>    debates abount access, not whether the data should be collected in
>    the first place.  We keep tripping over this now, even though
>    we're supposed to be alert to it.
> 
>    5.  The fact of unfettered access has meant that people who want a
>    domain name -- but who, quite reasonably, do not want to pay extra
>    to prevent their cell phone number and home address from being
>    published to 2 billion of their closest friends -- simply lie
>    about their information in an effort to obscure it.  Others who
>    are lying, of course, are hiding because they're doing something
>    untoward.  There is today literally no way to distinguish these
>    cases because the first class of people are sympathetic victims of
>    WHOIS, a protocol created two years before the founder of Facebook
>    was born.
> 
> We have got to get over the idea that the existing whois is _any_ kind 
> of model for what we ought to be trying to do.  Anyone with the 
> faintest technical background can look at the early specification of 
> WHOIS/NICNAME and recognise a protocol that was designed to be exactly 
> good enough for the purpose at hand.  Indeed, RFC 3912 (which 
> obsoleted the previous WHOIS protocol specifications in 2004) is quite 
> explicit that whois has some fundamental inadequacies that need to be 
> fixed.  Please stop claiming that "whois" -- either the protocol or 
> all the collections of policies that have been built on top of that 
> miserable hangover of a protocol -- is any guide for what we should 
> do.  It is not.
> 
> Best regards,
> 
> A
> 
> --
> Andrew Sullivan
> ajs at anvilwalrusden.com
> _______________________________________________
> gnso-rds-pdp-wg mailing list
> gnso-rds-pdp-wg at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

_______________________________________________
gnso-rds-pdp-wg mailing list
gnso-rds-pdp-wg at icann.org
https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list