RDAP for Registration Data Service Upgrade?
This offers the possibility of implementing a new paradigm for management and processing of registration data. Our EWG colleague Scott Hallenbeck knows a few things about this. http://www.circleid.com/posts/20160524_industry_collaboration_to_improve_reg... -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
It is a nice little article, and we should definitely add RDAP related protocols to the list. As for the various authentication systems possible....That may be controversial, but I think we need to have the authentication requirements spec'ed out. (and costed out, but I guess that comes later) I am concerned that some folks are demanding that WHOIS, such as it is, act as some kind of low grade cert authority at the moment, for various purposes. There is no affordable way of fixing WHOIS to do that, but we do need ID authentication and various trust levels to do the tiered access we recommended in the EWG report. But I am not the techie here.... Stephanie Perrin On 2016-05-24 18:26, Carlton Samuels wrote:
This offers the possibility of implementing a new paradigm for management and processing of registration data.
Our EWG colleague Scott Hallenbeck knows a few things about this.
http://www.circleid.com/posts/20160524_industry_collaboration_to_improve_reg...
-Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 /Strategy, Planning, Governance, Assessment & Turnaround/ =============================
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Hi Stephanie. I do not believe anyone has “demanded" that WHOIS become a “low grade cert authority”, so there isn’t any need (or request) to “fix WHOIS to do that”. Note however that the current WHOIS system does support this use case today. I’m sure there are those who may feel it shouldn’t but it is what it is. Anyway I’d be more than happy to fill you in on the high level technical and businessl details here, but wanted to push back just a tiny little bit on your mis-characterization of the use case expressed in an earlier thread. Alex (wearing my well worn “spent 18 years in the certificate authority business” hat) On May 24, 2016, at 4:46 PM, Stephanie Perrin <stephanie.perrin@mail.utoronto.ca<mailto:stephanie.perrin@mail.utoronto.ca>> wrote: It is a nice little article, and we should definitely add RDAP related protocols to the list. As for the various authentication systems possible....That may be controversial, but I think we need to have the authentication requirements spec'ed out. (and costed out, but I guess that comes later) I am concerned that some folks are demanding that WHOIS, such as it is, act as some kind of low grade cert authority at the moment, for various purposes. There is no affordable way of fixing WHOIS to do that, but we do need ID authentication and various trust levels to do the tiered access we recommended in the EWG report. But I am not the techie here.... Stephanie Perrin On 2016-05-24 18:26, Carlton Samuels wrote: This offers the possibility of implementing a new paradigm for management and processing of registration data. Our EWG colleague Scott Hallenbeck knows a few things about this. http://www.circleid.com/posts/20160524_industry_collaboration_to_improve_reg... -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org<mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
As I said Alex, might be controversial:-) I actually think there are demands on the table for a level of accuracy/authenticity in WHOIS that don't match the original purpose. I would be delighted to hear your views/high level technical and business details on this. Perhaps at Helsinki, rather than bore the list with my questions.... cheers Stephanie On 2016-05-24 20:07, Deacon, Alex wrote:
Hi Stephanie.
I do not believe anyone has “demanded" that WHOIS become a “low grade cert authority”, so there isn’t any need (or request) to “fix WHOIS to do that”. Note however that the current WHOIS system does support this use case today. I’m sure there are those who may feel it shouldn’t but it is what it is.
Anyway I’d be more than happy to fill you in on the high level technical and businessl details here, but wanted to push back just a tiny little bit on your mis-characterization of the use case expressed in an earlier thread.
Alex (wearing my well worn “spent 18 years in the certificate authority business” hat)
On May 24, 2016, at 4:46 PM, Stephanie Perrin <stephanie.perrin@mail.utoronto.ca <mailto:stephanie.perrin@mail.utoronto.ca>> wrote:
It is a nice little article, and we should definitely add RDAP related protocols to the list. As for the various authentication systems possible....That may be controversial, but I think we need to have the authentication requirements spec'ed out. (and costed out, but I guess that comes later) I am concerned that some folks are demanding that WHOIS, such as it is, act as some kind of low grade cert authority at the moment, for various purposes. There is no affordable way of fixing WHOIS to do that, but we do need ID authentication and various trust levels to do the tiered access we recommended in the EWG report.
But I am not the techie here....
Stephanie Perrin
On 2016-05-24 18:26, Carlton Samuels wrote:
This offers the possibility of implementing a new paradigm for management and processing of registration data.
Our EWG colleague Scott Hallenbeck knows a few things about this.
http://www.circleid.com/posts/20160524_industry_collaboration_to_improve_reg...
-Carlton
============================== Carlton A Samuels Mobile: 876-818-1799 /Strategy, Planning, Governance, Assessment & Turnaround/ =============================
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
_______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org <mailto:gnso-rds-pdp-wg@icann.org> https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Thanks for the plug, Carlton. If I could add a few things: Work on the RDAP protocol is much farther along than work on the policy to use it. I’m continuing to work on a protocol extension that I think is needed to support differentiated access based on the work of the EWG and I fully expect my work (and the work of others) to evolve as policy development proceeds. Having said that, it’s important for people understand that there will be no other WHOIS replacement protocols coming out of the IETF. If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option. Scott From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Carlton Samuels Sent: Tuesday, May 24, 2016 6:26 PM To: RDS WG; registration-issues-wg@icann.org Subject: [gnso-rds-pdp-wg] RDAP for Registration Data Service Upgrade? This offers the possibility of implementing a new paradigm for management and processing of registration data. Our EWG colleague Scott Hallenbeck knows a few things about this. http://www.circleid.com/posts/20160524_industry_collaboration_to_improve_reg... -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround =============================
On Wed, May 25, 2016 at 6:15 AM, Hollenbeck, Scott <shollenbeck@verisign.com
wrote:
If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option.
+1. Confession. My interest in these matters always cleave to the end game. So I have spent a lot of time digging and was lucky enough to be tutored some. [Largely by Scott in an EWG subteam.] On the balance of the evidence and given the endgame, I am unanimous that for a functional RDDS with a certain form to it, RDAP and its evolution seems our best bet to address all the known registration data issues and to project a globally-acceptable framework here forward. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* =============================
Could we have a brief explanation of why RDAP is the better protocol of them all? (A really short summary would do) Nathalie Coupet On Wednesday, May 25, 2016 10:03 AM, Carlton Samuels <carlton.samuels@gmail.com> wrote: On Wed, May 25, 2016 at 6:15 AM, Hollenbeck, Scott <shollenbeck@verisign.com> wrote: If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option. +1. Confession. My interest in these matters always cleave to the end game. So I have spent a lot of time digging and was lucky enough to be tutored some. [Largely by Scott in an EWG subteam.] On the balance of the evidence and given the endgame, I am unanimous that for a functional RDDS with a certain form to it, RDAP and its evolution seems our best bet to address all the known registration data issues and to project a globally-acceptable framework here forward. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Planning, Governance, Assessment & Turnaround ============================= _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
On Wed, May 25, 2016 at 02:15:38PM +0000, nathalie coupet via gnso-rds-pdp-wg wrote:
Could we have a brief explanation of why RDAP is the better protocol of them all?
Sure. See below.
If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option.
Whois barely qualifies as a protocol. It listens on port 43 for input, and returns something. It is not clear whether it can do internationalization at all, and it was certainly created in a period when ASCII was the norm on the network. The output is intended to be consumed by humans. There is no authentication in the system, so only anonymous query sources are possible. Whois++ and rwhois were two different attempts to fix up whois to support the multi-registrar system. I could go into detail on this, but you said "short" and it would take a long mail. A sort of blend of these two is what we use today. The output is still intended to be consumed by humans and there's still no authentication. Rwhois is how we ended up with breakage about where to start looking for the right server -- the information had to be coded into the clients, and clients hang around for years, so it became very easy to ask the wrong server for information. IRIS is a protocol from the early 2000s that the IETF developed in response to a request by ICANN; it was basically intended to be the "directory service" side of the then-new Extensible Provisioning Protocol for registrations. It is a failure: I know of exactly one registry that ever implemented any part of it, and no registry that did the whole thing. It's complicated to implement because a programmer of it needs to implement the low-level transport parts; this is probably why it failed to get much traction. RDAP is the most recent re-do of this effort. It is JSON based so it is parsable by computers as well as displayable to humans. You get authentication for free, because it's a RESTful system so it uses HTTP(S) as its underlying protocol. The RIRs are already deploying it. The only one of these that is even a candidate is RDAP. The whois variants can't authenticate the source of the query, which means they have no way to provide different responses to different people (and therefore they can't provide richer data to those who actually need it, and a default minimal data set for anonymous queries). IRIS is a failed protocol. The idea that we need to analyse this or consider it or anything of the kind is mind-boggling. A -- Andrew Sullivan ajs@anvilwalrusden.com
Dear Nathalie: One of the capabilities of RDAP is that it can handle internationalization needs. (IDN domain names, and having international character sets appear in registration data fields.) WHOIS can't do that. According to our RDS WG charter, we must take internationalization requirements into consideration, specifically "Translation and Transliteration recommendations" from GNSO PDPs, if/when adopted by the GNSO Council and ICANN Board. All best, --Greg -----Original Message----- From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Andrew Sullivan Sent: Wednesday, May 25, 2016 10:39 AM To: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] RDAP for Registration Data Service Upgrade? On Wed, May 25, 2016 at 02:15:38PM +0000, nathalie coupet via gnso-rds-pdp-wg wrote:
Could we have a brief explanation of why RDAP is the better protocol of them all?
Sure. See below.
If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option.
Whois barely qualifies as a protocol. It listens on port 43 for input, and returns something. It is not clear whether it can do internationalization at all, and it was certainly created in a period when ASCII was the norm on the network. The output is intended to be consumed by humans. There is no authentication in the system, so only anonymous query sources are possible. Whois++ and rwhois were two different attempts to fix up whois to support the multi-registrar system. I could go into detail on this, but you said "short" and it would take a long mail. A sort of blend of these two is what we use today. The output is still intended to be consumed by humans and there's still no authentication. Rwhois is how we ended up with breakage about where to start looking for the right server -- the information had to be coded into the clients, and clients hang around for years, so it became very easy to ask the wrong server for information. IRIS is a protocol from the early 2000s that the IETF developed in response to a request by ICANN; it was basically intended to be the "directory service" side of the then-new Extensible Provisioning Protocol for registrations. It is a failure: I know of exactly one registry that ever implemented any part of it, and no registry that did the whole thing. It's complicated to implement because a programmer of it needs to implement the low-level transport parts; this is probably why it failed to get much traction. RDAP is the most recent re-do of this effort. It is JSON based so it is parsable by computers as well as displayable to humans. You get authentication for free, because it's a RESTful system so it uses HTTP(S) as its underlying protocol. The RIRs are already deploying it. The only one of these that is even a candidate is RDAP. The whois variants can't authenticate the source of the query, which means they have no way to provide different responses to different people (and therefore they can't provide richer data to those who actually need it, and a default minimal data set for anonymous queries). IRIS is a failed protocol. The idea that we need to analyse this or consider it or anything of the kind is mind-boggling. A -- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Thank you All. Nathalie On Wednesday, May 25, 2016 11:16 AM, Greg Aaron <gca@icginc.com> wrote: Dear Nathalie: One of the capabilities of RDAP is that it can handle internationalization needs. (IDN domain names, and having international character sets appear in registration data fields.) WHOIS can't do that. According to our RDS WG charter, we must take internationalization requirements into consideration, specifically "Translation and Transliteration recommendations" from GNSO PDPs, if/when adopted by the GNSO Council and ICANN Board. All best, --Greg -----Original Message----- From: gnso-rds-pdp-wg-bounces@icann.org [mailto:gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Andrew Sullivan Sent: Wednesday, May 25, 2016 10:39 AM To: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] RDAP for Registration Data Service Upgrade? On Wed, May 25, 2016 at 02:15:38PM +0000, nathalie coupet via gnso-rds-pdp-wg wrote:
Could we have a brief explanation of why RDAP is the better protocol of them all?
Sure. See below.
If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option.
Whois barely qualifies as a protocol. It listens on port 43 for input, and returns something. It is not clear whether it can do internationalization at all, and it was certainly created in a period when ASCII was the norm on the network. The output is intended to be consumed by humans. There is no authentication in the system, so only anonymous query sources are possible. Whois++ and rwhois were two different attempts to fix up whois to support the multi-registrar system. I could go into detail on this, but you said "short" and it would take a long mail. A sort of blend of these two is what we use today. The output is still intended to be consumed by humans and there's still no authentication. Rwhois is how we ended up with breakage about where to start looking for the right server -- the information had to be coded into the clients, and clients hang around for years, so it became very easy to ask the wrong server for information. IRIS is a protocol from the early 2000s that the IETF developed in response to a request by ICANN; it was basically intended to be the "directory service" side of the then-new Extensible Provisioning Protocol for registrations. It is a failure: I know of exactly one registry that ever implemented any part of it, and no registry that did the whole thing. It's complicated to implement because a programmer of it needs to implement the low-level transport parts; this is probably why it failed to get much traction. RDAP is the most recent re-do of this effort. It is JSON based so it is parsable by computers as well as displayable to humans. You get authentication for free, because it's a RESTful system so it uses HTTP(S) as its underlying protocol. The RIRs are already deploying it. The only one of these that is even a candidate is RDAP. The whois variants can't authenticate the source of the query, which means they have no way to provide different responses to different people (and therefore they can't provide richer data to those who actually need it, and a default minimal data set for anonymous queries). IRIS is a failed protocol. The idea that we need to analyse this or consider it or anything of the kind is mind-boggling. A -- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
Yessir. Should have read the entire thread before responding above. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Wed, May 25, 2016 at 9:58 AM, Greg Aaron <gca@icginc.com> wrote:
Dear Nathalie:
One of the capabilities of RDAP is that it can handle internationalization needs. (IDN domain names, and having international character sets appear in registration data fields.) WHOIS can't do that. According to our RDS WG charter, we must take internationalization requirements into consideration, specifically "Translation and Transliteration recommendations" from GNSO PDPs, if/when adopted by the GNSO Council and ICANN Board.
All best, --Greg
-----Original Message----- From: gnso-rds-pdp-wg-bounces@icann.org [mailto: gnso-rds-pdp-wg-bounces@icann.org] On Behalf Of Andrew Sullivan Sent: Wednesday, May 25, 2016 10:39 AM To: gnso-rds-pdp-wg@icann.org Subject: Re: [gnso-rds-pdp-wg] RDAP for Registration Data Service Upgrade?
On Wed, May 25, 2016 at 02:15:38PM +0000, nathalie coupet via gnso-rds-pdp-wg wrote:
Could we have a brief explanation of why RDAP is the better protocol of them all?
Sure. See below.
If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option.
Whois barely qualifies as a protocol. It listens on port 43 for input, and returns something. It is not clear whether it can do internationalization at all, and it was certainly created in a period when ASCII was the norm on the network. The output is intended to be consumed by humans. There is no authentication in the system, so only anonymous query sources are possible.
Whois++ and rwhois were two different attempts to fix up whois to support the multi-registrar system. I could go into detail on this, but you said "short" and it would take a long mail. A sort of blend of these two is what we use today. The output is still intended to be consumed by humans and there's still no authentication. Rwhois is how we ended up with breakage about where to start looking for the right server -- the information had to be coded into the clients, and clients hang around for years, so it became very easy to ask the wrong server for information.
IRIS is a protocol from the early 2000s that the IETF developed in response to a request by ICANN; it was basically intended to be the "directory service" side of the then-new Extensible Provisioning Protocol for registrations. It is a failure: I know of exactly one registry that ever implemented any part of it, and no registry that did the whole thing. It's complicated to implement because a programmer of it needs to implement the low-level transport parts; this is probably why it failed to get much traction.
RDAP is the most recent re-do of this effort. It is JSON based so it is parsable by computers as well as displayable to humans. You get authentication for free, because it's a RESTful system so it uses HTTP(S) as its underlying protocol. The RIRs are already deploying it.
The only one of these that is even a candidate is RDAP. The whois variants can't authenticate the source of the query, which means they have no way to provide different responses to different people (and therefore they can't provide richer data to those who actually need it, and a default minimal data set for anonymous queries). IRIS is a failed protocol. The idea that we need to analyse this or consider it or anything of the kind is mind-boggling.
A
-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
On Wed, May 25, 2016 at 02:58:11PM +0000, Greg Aaron wrote:
One of the capabilities of RDAP is that it can handle internationalization needs. (IDN domain names, and having international character sets appear in registration data fields.) WHOIS can't do that.
Permit me to indulge my inner pedant: this isn't _quite_ true. The behaviour of whois with i18n data is almost completely undefined. So, it is possible to put internationalized text in it, but there's no way to negotiate the encoding, so it can't be done reliably across the world. (If we could be sure that everyone was using Unicode all the time, and in the same encoding with the same normalization, we might be able to "just do it"; but since different systems store Unicode in different ways, even that is not reliable.) So, the conclusion is still right: whois doesn't meet this need, but in a way that is almost worse than "doesn't support internationalization", because its support is at best heuristic and full of assumptions about what might arrive at the server -- a fragile thing to deploy. A -- Andrew Sullivan ajs@anvilwalrusden.com
Excellent! Couldn't have done better meself. That last paragraph says it succinctly, especially when the term 'richer data' embraces the reality of IDNs. -Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 *Strategy, Planning, Governance, Assessment & Turnaround* ============================= On Wed, May 25, 2016 at 9:39 AM, Andrew Sullivan <ajs@anvilwalrusden.com> wrote:
On Wed, May 25, 2016 at 02:15:38PM +0000, nathalie coupet via gnso-rds-pdp-wg wrote:
Could we have a brief explanation of why RDAP is the better protocol of them all?
Sure. See below.
If we decide that an RDDS is needed, we’re going to have to find a way to provide that service using one of the options (WHOIS, WHOIS++, RWHOIS, IRIS, or RDAP) that are already available. RDAP is our best option.
Whois barely qualifies as a protocol. It listens on port 43 for input, and returns something. It is not clear whether it can do internationalization at all, and it was certainly created in a period when ASCII was the norm on the network. The output is intended to be consumed by humans. There is no authentication in the system, so only anonymous query sources are possible.
Whois++ and rwhois were two different attempts to fix up whois to support the multi-registrar system. I could go into detail on this, but you said "short" and it would take a long mail. A sort of blend of these two is what we use today. The output is still intended to be consumed by humans and there's still no authentication. Rwhois is how we ended up with breakage about where to start looking for the right server -- the information had to be coded into the clients, and clients hang around for years, so it became very easy to ask the wrong server for information.
IRIS is a protocol from the early 2000s that the IETF developed in response to a request by ICANN; it was basically intended to be the "directory service" side of the then-new Extensible Provisioning Protocol for registrations. It is a failure: I know of exactly one registry that ever implemented any part of it, and no registry that did the whole thing. It's complicated to implement because a programmer of it needs to implement the low-level transport parts; this is probably why it failed to get much traction.
RDAP is the most recent re-do of this effort. It is JSON based so it is parsable by computers as well as displayable to humans. You get authentication for free, because it's a RESTful system so it uses HTTP(S) as its underlying protocol. The RIRs are already deploying it.
The only one of these that is even a candidate is RDAP. The whois variants can't authenticate the source of the query, which means they have no way to provide different responses to different people (and therefore they can't provide richer data to those who actually need it, and a default minimal data set for anonymous queries). IRIS is a failed protocol. The idea that we need to analyse this or consider it or anything of the kind is mind-boggling.
A
-- Andrew Sullivan ajs@anvilwalrusden.com _______________________________________________ gnso-rds-pdp-wg mailing list gnso-rds-pdp-wg@icann.org https://mm.icann.org/mailman/listinfo/gnso-rds-pdp-wg
participants (7)
-
Andrew Sullivan -
Carlton Samuels -
Deacon, Alex -
Greg Aaron -
Hollenbeck, Scott -
nathalie coupet -
Stephanie Perrin