[gnso-rds-pdp-wg] We should not build atop whois (was Re: Domain Name Certification )

Paul Keating Paul at law.es
Wed Jan 10 12:42:03 UTC 2018 

Andrew,

As I see it, your comments are addressing the technical underpinnings of
WHOIS and not the DATA.  I believe that the others are addressing the data
and the continuing need of other systems to continue to access the data.

Paul


On 1/10/18, 12:29 AM, "gnso-rds-pdp-wg on behalf of Andrew Sullivan"
<gnso-rds-pdp-wg-bounces at icann.org on behalf of ajs at anvilwalrusden.com>
wrote:

>On Tue, Jan 09, 2018 at 10:40:19PM +0000, benny at nordreg.se wrote:
>
>> My point is that the purpose for collecting data to RDS should not be
>>build upon the needs for other systems build on top the present Whois
>
>If that's what you think, then I believe we disagree very strongly.
>Many of the problems with respect to the registration databases and
>with respect to regisration data directory services can be traced
>directly to the problems with whois.  It seems to me that this litany
>has been recited before (more than once by me), so those who remember
>it can stop reading; but to remind people what I'm talking about with
>respect to these data and policy problems, here are a few:
>
>    1.  WHOIS was designed in an era when the entire names registry
>    was completely centralised, in the NIC.  So, it did not need to
>    become a distributed system, and it wasn't designed for
>    distributed operation.  (To be clear: the NICNAME specfication is
>    in RFC 812, which is dated March 1982.  The first DNS
>    specification is in RFC 882, from November of 1983.  NICNAME
>    didn't have to deal with a distributed database _at all_: it was
>    about the HOSTS.TXT file and the related metadata.  Obviously,
>    people knew DNS was coming, but it wasn't a thing yet.)
>
>    2.  Adding references to whois in order to make a distributed
>    protocol -- rwhois, whois++, and some other flavours -- never
>    really worked.  This meant that it was unreliable which
>    (registrar) database you'd get some whois information from, which
>    meant you often got stale data from the wrong registrar.  This,
>    more than anything else, was the incentive behind "thick"
>    registries, which is why registries ended up having information
>    about registrants, with whom they do not strictly speaking have a
>    direct contractual relationship.  (I observe that now we seem to
>    be treating an awful lot of data that is collected by registrars
>    and transmitted to registries as just "data that is collected",
>    which was why I was trying to figure out the delimitation of the
>    RDS some months ago.)
>
>    3.  WHOIS was designed as a simple-minded human-consumable
>    call-and-response protocol when internationalisation didn't work
>    reliably on a single computer, never mind on the network.  So it
>    knows nothing about different types of data and therefore cannot
>    handle the data in different ways according to context.
>    Therefore, the ICANN whois policies have all kinds of extraneous
>    rules about formatting, how "fields" need to be handled, and so
>    on.  None of this belongs in a policy, but it's there because the
>    protocol was wrong.
>
>    4.  WHOIS was designed and deployed for a network in which
>    practically all the users were also developers of the network, and
>    where the scope of the users of the network was controlled because
>    of contractual arrangements permitting connection in the first
>    place.  Therefore, it has no notion of "context" and cannot do
>    anything to determine who is asking a query or to determine
>    authorization.  Many of the debates about privacy turn out to be
>    debates abount access, not whether the data should be collected in
>    the first place.  We keep tripping over this now, even though
>    we're supposed to be alert to it.
>
>    5.  The fact of unfettered access has meant that people who want a
>    domain name -- but who, quite reasonably, do not want to pay extra
>    to prevent their cell phone number and home address from being
>    published to 2 billion of their closest friends -- simply lie
>    about their information in an effort to obscure it.  Others who
>    are lying, of course, are hiding because they're doing something
>    untoward.  There is today literally no way to distinguish these
>    cases because the first class of people are sympathetic victims of
>    WHOIS, a protocol created two years before the founder of Facebook
>    was born.
>
>We have got to get over the idea that the existing whois is _any_ kind
>of model for what we ought to be trying to do.  Anyone with the
>faintest technical background can look at the early specification of
>WHOIS/NICNAME and recognise a protocol that was designed to be exactly
>good enough for the purpose at hand.  Indeed, RFC 3912 (which
>obsoleted the previous WHOIS protocol specifications in 2004) is quite
>explicit that whois has some fundamental inadequacies that need to be
>fixed.  Please stop claiming that "whois" -- either the protocol or
>all the collections of policies that have been built on top of that
>miserable hangover of a protocol -- is any guide for what we should
>do.  It is not.
>
>Best regards,
>
>A
>
>-- 
>Andrew Sullivan
>ajs at anvilwalrusden.com
>_______________________________________________
>gnso-rds-pdp-wg mailing list
>gnso-rds-pdp-wg at icann.org
>https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg

More information about the gnso-rds-pdp-wg mailing list