Internet and e-mail policy and practice
including Notes on Internet E-mail


2014
Months
Sep

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: ICANN


10 Sep 2014

The replacement for WHOIS is surprisingly close ICANN

About a year ago I blogged about the IETF WEIRDS working group which was working on a more modern replacement for the hoary WHOIS service. At the time I said it was making surprising progress. Perhaps less surprisingly, the progress has been quite slow, but WEIRDS seems to be close to finishing its work.

The goal of WEIRDS is to create a structured query scheme called Registration Data Access Protocol (RDAP) to look up the kinds of information that we currently find through WHOIS. RDAP queries are regular http queries, and the results are chunks of JSON in a specific structure. Most clients will probably be specialized programs, but the design makes it possible to build a client in Javascript that runs in a browser.

The query to look up information for the domain somename.sometld might be:

http://rdap.nic.sometld/rdap/domain/somename.sometld

and the result might include:

   {
     "objectClassName" : "domain",
     "handle" : "abcxyz",
     "ldhName" : "somename.sometld",
     ...
     "nameServers" :
     [
       ...
     ],
     ...
     "entities" :
     [
       ...
     ]
   }

RDAP is a technical protocol, not a policy statement, so the server returns whatever it returns, presumably following the same rules and the same data as for WHOIS. The advantages of RDAP are twofold.

One is that it automates redirection. For thin registries, which leave most of the information at the registrar, the response to the RDAP request is a normal http redirect code which tells the browser or other client to look at another server. This should be a lot more reliable than the ad-hoc redirection we use now. For IP address WHOIS, there is also a lot of redirection, when a chunk of address space has been moved from one registry to another, or a registrant uses RWHOIS to provide info on suballocations. Again, RDAP should make the redirections work better.

The other is that there is one common format for responses, rather than the current mess with a range of different formats, leading to painful hacks like a 3400 line perl script I've written that handles most, not all, of the WHOIS formats of TLD registrars. If you want to find, say, the abuse contact for a domain or IP address, with an RDAP query it's either there or it isn't.

The biggest delay in getting RDAP done turned out to be the bootstrap, figuring out where the server is for each top level domain, IP range, or ASN range. A lot of proposals that seemed reasonable, like a fixed name (http://rdap.domain) or a DNS approach like SRV records turned out either to have administrative issues, or to be hard to implement (you can't do SRV lookups from Javascript.) There were also issues that were arguably technical or political (depending which side you're on) about specifying the URL syntax of the queries.

After lengthy discussion, IANA agreed to host the bootstrap information in a registry, and publish it at a well-known location URL in JSON format. Clients download the blob of bootstrap, find the URL prefix for the particular domain or IP, and use it to construct the query. Since the IETF is specifically not in the policy business, it's left to IANA to decide how to collect information for the registry, although the clear assumption is that since they have existing relationships with the TLD registries and the RIRs (regional IP registries), it'll come through those existing paths.

While this is somewhat more complicated than I would have liked, it's entirely workable, and both domain and IP registries have working prototypes. The IETF work is currently in last call, which is what it sounds like, a chance for anyone who cares to comment on or object to the work. With any luck, it'll be published by the end of the year, and then we can see how fast ICANN, which has already sponsored an open source server prototype, gets their registries to adopt it.


posted at: 14:20 :: permanent link to this entry :: 1 comments
posted at: 14:20 :: permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)


Any idea whether RDAP queries will be required to use TLS?

(by Caleb Queern 26 Nov 2015 23:12)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
It turns out you don’t need a license to hunt for spam.
4 days ago

A keen grasp of the obvious
Italian Apple Cake
562 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.