NordVPN Promotion

Home / Blogs

Rebooting Whois

BLACK FRIDAY DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]

As some readers probably know, I spend quite a bit of my time working on Internet policy related matters.

Some of it may appear incredibly boring, but it matters. (If you really want me to explain why it matters I’d be happy to do so!)

Since earlier this year I’ve been part of a small team of people drawn from the four corners of the globe and asked to re-examine “whois”.

What is whois?

The “whois” system is what’s used today for the collection, storage and display of domain name registration data. So, for example, if you want to find out more about ‘blacknight.com’ you can do a query and get back information about who the domain is registered to, who the registrar is, when the domain was registered, its nameservers and a few other things.

Unfortunately, however, the whois system is quite broken. If you wanted to be diplomatic you might describe it as “no longer fit for purpose”. It’s not anyone’s fault that it’s ended up this way. It’s just a matter of how things evolved over time.

When it was first conceived back in the mists of time (speaking in relation to internet time obviously) it was meant to serve a relatively simple technical purpose. If you ran into issues connecting to someone else’s server, for example, it was useful to know how to contact them.

20 to 30 years later, however, a whole range of different people use (and abuse) the whois system on a daily basis. The overall quality of the data is probably best described as “unreliable” and there’s all sorts of issues around consistency, display, privacy, security and a whole load of other concerns.

ICANN has been trying to rectify the problems for years. There have been working groups, review teams, taskforces and ad-hoc attempts to deal with various aspects of the system. However they have all failed.

And since it’s a relatively “obvious” issue it’s one that governments, law enforcement, consumer groups, privacy advocates and others are able to single out as a weak point in the entire system.

ICANN needed to address it, so that’s why the ICANN board and their new CEO, Fadi Chehadé, decided towards the end of last year to fix it once and for all. And so the Expert Working Group on gTLD Directory Services (EWG) came into existence and by some odd chance of fate I was selected to serve on it.

We’re a very diverse group of people. We come from very different backgrounds and have very different experiences and expectations of the domain name system.

What we do share, however, is a common spirit. We want to find solutions. We do not want to fail. We do not want to fall into the traps that our predecessors fell into.

And to date, we haven’t. Sure, our proposals might not be welcome by all parties, but personally I think that we as a group have not failed. We haven’t wasted our time and energy squabbling!

So what have we proposed?

We’ve published a draft report that covers our proposals in depth.

What are they?

We didn’t try to “fix” whois. We accepted as a premise that the current system was too far gone to be repaired and rather than get bogged down in trying to (metaphorically) apply a band aid when major heart surgery was required we concluded that the current whois system was b0rked and we would have to replace it.

So what we’ve done is go back to basics and examine how people use (and abuse) domain name registration data.

How did we do that?

By looking at purpose and usage.

Based on what people are using the data for, their requirements are very different.

If, for example, you’re trying to diagnose a technical issue your main concern is going to be with the technical elements of the domain name. However if you’re conducting due diligence on a company you’ve just acquired your needs will be very different.

We also recognised that data privacy had to be addressed comprehensively. The internet is global and both legislation and cultural expectations vary. Country code operators have been dealing with these issues for years, but gTLDs (com, net, org, info, biz etc.,) haven’t. (Only two gTLDs currently offer a good level of privacy protection in whois for personal registrations)

Of course data accuracy and reliability has been an issue with domain registrations for a long time. I’ve always felt, personally, that you’d get better quality data from people if you weren’t publishing it all over the internet without any safeguards.

And that’s as true for domain registrations from big companies, as it is from private individuals.

Under the current system there is complete unfettered access to whois. While some people love that concept, it’s one of the reasons why the system is broken.

Under our proposals that would change.

We aren’t saying “kill off public whois”, but what we are saying is that if you want access to more than X amount of data then you’re going to have to share some data with us. So, for example, if you want to find out which nameservers a domain uses then you’ll be able to get that data. But if you want to get a registrant’s phone number then you might need to be a registered user of the new system.

What’s this new system?

No ICANN project is really an ICANN project unless you get to invent a couple of new acronyms :)

In our case we’ve got the solution to domain registration data under the newly coined Aggregated Registration Data Service (ARDS). Personally I quite like Scott Pinzon‘s suggestion to rename the system to The Aggregated Registration Data Implementation Service, which, of course, gives you TARDIS (though I suspect BBC might not be too happy about that one!)

The idea behind this new system is two-fold. It’ll be responsible for displaying the data in a consistent and reliable fashion (i.e. always up, and no funky formatting ...) and the system can also look into the validation and verification of the registration data.

It’s all in the report, but to make it easier for people to digest a few of our group have done an intro video (see below) and we’re also doing a webinar next week (as well as a number of sessions in Durban). And if you can’t make any of those sessions you can submit your feedback easily—we’ve tried to make it as easy as possible.

Here are some of my colleagues giving intros to some aspects of our proposal:

What do you think?

Are we on the right track?

Do you like our proposals?

What concerns you about them?

By Michele Neylon, MD of Blacknight Solutions

Filed Under

Comments

Some of it may appear incredibly boring, jeroen  –  Jul 3, 2013 4:40 PM

Some of it may appear incredibly boring, but it matters. (If you really want me to explain why it matters I’d be happy to do so!)

Presents a big pint of Guinness, so why does it matter? :)

As for the core of the article: instead of a Flash video (I thought Flash died off.. can’t see it on an idevice either) can you give a bullet point summary on how this problem will be tackled? (The introduction of this article was great, but the actual meat is not there to be found unfortunately…)

Having it in text will make it easier to discuss too and that is what circle id is about right?

JeroenHave a read over the executive summary Michele Neylon  –  Jul 3, 2013 4:45 PM

Jeroen Have a read over the executive summary of the report linked to above :) Michele

http://www.youtube.com/watch?v=YcXMhwF4EtQ jeroen  –  Jul 9, 2013 11:08 AM

Ah that is useful: https://www.icann.org/en/groups/other/gtld-directory-services/initial-report-executive-summary-24jun13-en.pdf Scrolling over the intro-blurb is easy enough there. I am puzzled about the following three points: - "Requestors (users who wish to obtain gTLD registration data from the system) apply for access credentials to the ARDS" - "Registrars/Registries are relieved of obligations to provide Port 43 access or other public access requirements" - "ARDS manages licensing arrangements for access to data" Sounds really like somebody smelled another way to make money out of free bits produced by the DNS.... It also sounds like somebody is going to restrict the access. I do hope that access to the abuse contact details comes for free and without limitations, making money over that would just mean defending the problemmakers. Currently one can blame the TLDs who operate the WHOIS system for not having proper details or allowing privacy/proxy registrations, but with ARDS guess where the blame can go, especially when it is supposed to be verified. The data quality really will have to be close to perfect for that system to work out. As mentioned earlier in the report there are multiple reasons why somebody would like to get their hands on that information, it likely will be a good thing to include into the model multiple access paths, eg, that getting the abuse email address is easy for a domain, but actually getting the address is something that is more restricted. It also sounds that this ARDS system will limit the 'freeness' of the gTLD owner a lot. Something that they will likely not be too happy about and will just invite 'privacy' or 'proxy' kind of records being shot into your new system. Why not just cancel the registries and let ICANN do everything instead? One system to rule it all....

JeroenWe have never made any statements about Michele Neylon  –  Jul 9, 2013 11:56 AM

Jeroen We have never made any statements about using registration data as a revenue generator. As you may know there are already several companies that monetise the data. Licensing may be the term that's causing you issues. Licensing does not mean that there is a license fee. It refers that access to data is governed by terms and conditions. If you breach them then you can lose access. Yes - access will be restricted. No, you won't have any issue with getting access to abuse contact points. This is already covered in both the new 2013 RAA and the new registry agreements. Regards Michele

The video is now available in other Michele Neylon  –  Jul 7, 2013 6:56 PM

The video is now available in other formats - I've embeded it here: http://www.internetnews.me/2013/07/07/video-icann-proposing-replacement-for-whois/

Re: Rebooting Whois Fergie  –  Jul 3, 2013 7:46 PM

I’d like to see ARDS implemented *in addition* to the rWHOIS system we have in place today. I don’t like the idea of a centralized WHOIS database—as an engineer, I don’t like the idea of a “centralized” anything—*replacing* the rWHOIS framework we have in place today.

FergieWhile I can appreciate your concerns, how Michele Neylon  –  Jul 3, 2013 7:50 PM

Fergie While I can appreciate your concerns, how do you suggest addressing the "gating" and other concepts we've introduced in a non-centralised system? Or would you be happy with say the DNS and other purely technical / operational information being available from registries and the underlying contact information and more sensitive data living in ARDS (or whatever acronym it ends up with) Thanks for your comment Michele

BIG assumption Alan Levin  –  Jul 9, 2013 9:17 AM

Thanks Michele for your time and efforts, I’ve read your post and the associated report. What strikes me is a massive assumption that the current system is ‘broken’. I sense that this has not yet been established properly, I’m sure this is not a difficult area to improve upon.

The primary point where the current whois jeroen  –  Jul 9, 2013 11:14 AM

The primary point where the current whois system is broken is that the majority of data in there are now 'privacy' or 'proxy' and not actually useful for contacting the people who run that domain (eg abuse or 'this and that there is broken you might want to fix it' kind of communications). And then there are a lot of other things that people would like to do with it. It would be less broken if ICANN could enforce that there is: - a standard way for stating "this domain is privacy protected, we have details but we won't tell them" - a standard way for stating "for abuse contact X" - a standard way for stating "for tech contact Y" Then at least you know "another domain that the owner does not care about and that I should not care about either" when those fields are not available. Currently you'll get a myriad of POBoxes/Proxy-services and other kind of setups where nobody is home anyway, and thus for contact info, the WHOIS is mostly useless.

Adding rules Alan Levin  –  Jul 9, 2013 1:37 PM

From my understanding of this comment it states a different problem to a broken system. Broken system means the system does not work. If you're looking to 'police' the system, or put in better data quality controls this is a policy issue rather than a system issue. IMHO the system works, maybe the data is poor and - again IMHO - this is best managed organically.

It is indeed broken policy wise, the jeroen  –  Jul 9, 2013 3:04 PM

It is indeed broken policy wise, the technology (WHOIS) is nothing really wrong with when one take RPSL as a format, and that is a big problem as though most RIRs do use RPSL as a format, none of the DNS-related whois servers have a standardised format, and most contain more copyright/licensing details than actual useful data.... From what I understand the main thing for 'rebooting whois' is to avoid having to clean up the mess of WHOIS, hence the reboot; come up with something new and thus avoid people from re-using it (thus creating jobs, money, new products to do so etc...)

JeroenWe're talking about gTLD domain names. Nothing Michele Neylon  –  Jul 9, 2013 3:12 PM

Jeroen We're talking about gTLD domain names. Nothing more. Nothing less. Previous attempts to fix the system have failed. Regards Michele

WHOIS + RPSL + NRTM jeroen  –  Jul 10, 2013 8:18 AM

> We're talking about gTLD domain names. Nothing more. Nothing less. Then enforce a fixed data format: RPSL > Previous attempts to fix the system have failed. WHOIS itself is not the problem; the problem is the data format and what is contained in it. - Force them to use RPSL as a format - Let each (g)TLD set up a WHOIS server with full access to data (optionally restricted) - if full-whois is not restricted: an additional WHOIS server that only serves "domain created", "domain-expiration", "tech-c" (email+phone), "abuse-email" "abuse-phone", thus strip anything else (address etc) from the whois handle, ala the '-B' option for RPSL servers - Have one well-known NIC handle as a "Privacy" record, thus that one can easily determine it is bogus data for that domain and nobody cares about it. - Require them to allow NRTM by ICANN, and let ICANN then analyze the data - If data is found to be invalid, fine them incrementally, the more records are invalid, the bigger the fine People who are looking up contact data to report abuse/problems have their details. One can see the freshness/throw-away of the domain easily based on the dates (though, there are fortunately full history sites which contain those details and how many owners etc they had). People who want to do deeper research will either contact ICANN to get access to that data and/or the registry directly. Domains who want to hide on the Internet can easily be ignored by anybody doing due diligence as no-contact, then no need to talk to them either, there will likely be a nice RPZ zone for that. As such there is no need to 'reboot whois', unless you mean using RPSL the primary problem solver and then doing datachecks upon that. No need to implement new software, new protocols or anything else that wastes money; keep it nicely in your pocket to pay for the data-verification, that will already cost enough (then again, with cash earned from virtual bits that pit is quite unlimited anyway...)

AlanHave a look at the myriad of Michele Neylon  –  Jul 9, 2013 11:58 AM

Alan Have a look at the myriad of reports, task forces and previous work groups, papers, reports etc., that highlight the issues with the current system. We have accepted that the current system is not fit for purpose and are proposing a complete replacement. Regards Michele

'Reports' - I am sure there are many Alan Levin  –  Jul 9, 2013 1:33 PM

Which ones are definitive? Why are they not referenced in your report? One cannot make assumptions like this IMHO.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

NordVPN Promotion