[TSG-Access-RD] Bulk Data, Bulk Query, WhoWas and Charter scope

Thu Dec 20 12:52:12 UTC 2018

+1 as well.

I'd like to clarify what I said on Tuesday's call about "bulk" access. I
was referring to the common practice of obtaining registration data in
bulk by performing large quantities of whois/RDAP queries using a list
of domains (obtained from the CZDS, passive DNS or elsewhere) as an
index. Such activity is annoying from an operator point of view but can
have legitimate uses (abuse analysis and research) as as well as
malicious (spam, ID theft, phishing, slamming, etc) uses.

Perhaps "high volume access" would be a better term to describe this
than "bulk access"?

A third party with a legitimate need for "high volume" access would need
to be able to obtain pre-authorisation for a large number of queries for
non-public data, rather than have each query separately authorised.

Or do we feel that "high volume" access is out of scope and should be
dealt with via some out-of-band solution?

G.

On 18/12/2018 19:34, Hollenbeck, Scott via TSG-Access-RD wrote:
>> -----Original Message-----
>> From: TSG-Access-RD <tsg-access-rd-bounces at icann.org> On Behalf Of
>> Andrew Newton
>> Sent: Tuesday, December 18, 2018 2:29 PM
>> To: tsg-access-rd at icann.org
>> Subject: [EXTERNAL] [TSG-Access-RD] Bulk Data, Bulk Query, WhoWas and
>> Charter scope
>>
>> As part of today's charter discussion, a couple of concepts were brought
>> forward with respect to RDAP as practiced with Whois.
>>
>> o Bulk Data (Bulk Whois) - the ability to obtain a large number of
>> registrations, if not all registrations. For example, several RIRs make available
>> their entire registration set and this is often referred to as Bulk Whois,
>> though in general it does not use the Whois protocol.
>>
>> o Bulk Query - the ability to submit many queries at one time, and obtain the
>> answers to those queries. In practice, this is accomplished today with clients
>> issuing single queries to obtain the desired data set.
>>
>> o WhoWas - a service which provides historical registration data. The term
>> "WhoWas" is a play on the "Whois" name. Today, some of the RIRs provide
>> this service though not using the Whois protocol.
>>
>> In my opinion, providing Bulk Data using RDAP is possible with an extension
>> that falls within the bounds of RFC 7480 (some of us in the numbers
>> community have discussed it informally). That said, I do not think bulk data or
>> bulk whois should fall within the scope of this group.
>>
>> It is also my opinion that supporting bulk queries in a means other than the
>> current practice would require an extension to RDAP that would be
>> "unnatural". I do not believe bulk queries should fall within the scope of this
>> group.
>>
>> Finally, WhoWas can be accomplished with an RDAP extension (APNIC has
>> such a prototype available and it if very neat). But again, I do not believe
>> WhoWas should fall within the scope of this group.
> 
> +1 to everything above.
> 
> Scott
> 

-- 
Gavin Brown
Chief Technology Officer
CentralNic Group plc (LSE:CNIC)
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/
+44.7548243029

CentralNic Group plc is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London,
EC2R 6AR.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/tsg-access-rd/attachments/20181220/bcb2d480/signature.asc>