[tech-whois] A follow up session in San Francisco?

[Dave Piscitello]

On 3/7/11 2:45 PM, "Jay Daley" <jay at nzrs.net.nz> wrote:

> Hi Dave
> 
> On 8/03/2011, at 1:34 AM, Dave Piscitello wrote:
> 
>> [snipped]
>> Specifically,
>> 
>>>> - no change to WHOIS
>>>> - new directory service while existing WHOIS remains
>>>> - WHOIS changes significantly
>> 
>> I don't see a case for item (3). I think items (2) is the correct
>> interpretation of the activity (think IPv4 transition to IPv6). I don't see
>> a need for (1) WHOIS protocol to change if (2) occurs.
> 
> Wonderful, that conforms exactly with my view.
> 
> The one addendum I would make is that almost all of the requirements that
> people have raised can be addresses by minor amendments to WHOIS that are
> backward compatible and do not require a flag day.

I think this is worth discussion, since it's not the conclusion that I and
others have drawn. I suspect this is a matter of terminology, what
constitutes "amendment", whether there is a desire to have uniform
"amendments" based on a revised RFC, impact on client/server
implementations, legacy considerations. It would be very good if we could
all sit at a white board and consider these carefully.

> The only two that cannot be addressed this way are:
> 
> - authentication, which is the feature where I think we are talking about a
> very different protocol from WHOIS

Agree.

> - access control, which most WHOIS providers have implemented at the TCP/IP
> level

Without source address validation, IP level access control is not
sufficient. Even with IP level access control, the granularity of access
control is arguably less than one might want in a future incarnation of a
Whois service. For example, an IP level access control does not accommodate
a future policy that might block a user of group X from accessing to a
subset of registration data elements {b} while allowing a user of group Y
access to those elements. A robust directory service protocol ought to
accommodate this.