Re: [gnso-whois-study] Documents for tomorrow's call
- To: Patrick Jones <patrick.jones@xxxxxxxxx>
- Subject: Re: [gnso-whois-study] Documents for tomorrow's call
- From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 13 May 2008 06:53:46 -0700
Some background. Dave Crocker (Steve Crocker's brother) and I put
together the whois-fix bof at IETF-51. I was at NeuStar/NeuLevel at the
time. There were a bunch of ideas floating around at the time, from
getting whois:43 to speak XML or something structured at one end of the
functional model, to declaring it dead, as domain names and the
associated email addresses were no longer free and limited to the
communities of military operational (MILNET) and military contractor and
military allied academic (ARPANET) institutional commands and authorized
Of course a vast issue at the time was the registry model -- thick or
thin. If thick, than the registry knows everything, independent of the
policy of data collection (manditory for MILNET and ARPANET use prior to
the NSF's and eventual DOC's NIC contract management periods) and
independent of the policy of data disclosure (unpolicied) and
independent of any retention or bulk copy or 3rd-party use policies
(forbidden), and the technical problem of a unified consistent data
model is pretty simple. If thin, and the registry just knows enough to
publish a zonefile entry, than the other data -- the "social data" -- is
held by two or more entities, and again, independent of all of the data
collection, data publication, and data retention, data copy, and data
repurposing policies, the technical problem of a unified consistent data
model is not pretty simple.
Andy Newton than, and still at Versign, had UWHO, Universal WHOis, but
with a wicked catchy title. The Verisign "consultations" of the period
were a lot of fun, with some junior woodchuck from the FBI detailed to
scowl and drone on about how whois:43 was wicked important to catching
terrorists, and someone from Marks doing the familiar Marks routine and
no one allowed to talk about how the Address Registries were solving the
same problem -- by separating the operational data from the contact
data, and actually policing the contact data with a policy of
non-disclosure as the default.
Andy recast UWHO as CRISP by IETF-53, and as a wise contributor once
told me when I tried to get a data collection disclosure mechanism for
the HTTP state management mechanism into the HTTP spec, the IETF exists
in part to limit the liability of employers for collusion, Verisign's
UWHO moved on in a new costume.
Kitchen Sink Resource Record
Periodically people desire to put proprietary, complex, and/or
obscure data into the Domain Name System (DNS). This draft defines a
kitchen sink Resource Record that will satisfy this desire for the
storage of miscellaneous structured information.
At its bottom, Leslie Daigle's and Andy Newton's SRV hack (RFC 3958)
isn't as ugly as putting the proverbial kitchen sink into the DNS (yes,
there really was such a thing, Don Eastlake wrote an Internet Draft for
a Kitchen Sink Resource Record that went to WG last call in the DNSIND
WG in 1997, see above), but it does the same thing. It creates a
technical mechanism to allow a unified lookup, retaining the central
property of a "thick registry", the means within the registry data model
of knowing everything. And that is what CRISP/ISIS is, the thick
registry model, through pointers in the DNS SRV resource record.
Steve Crocker and Dave Piscatello and whoever else is involved with
ssac027 are enamored with Verisign's unsurprisingly
core-business-preserving technology. Fine. But tech isn't our problem.
Policy is. The policy model we have is really a business model for two
very primitive (in the unflattering non-technical sense) types of string
uniqueness and nominal personal identification enterprises -- the
trademarks lobby and the cops-n-robbers lobby -- who have rejected every
offer of a "whois like" system that would meet their needs better than
954. The free ride they're getting is being paid for by everyone who
gets spam, whether they buy a domain name or not. Worse, the policy
logjam over this issue has wasted the professional collaborative
worktime of quite a few people for quite a few years.
So, if one wants to prolong the whois process, without altering the
policy, a technical distraction is a good idea and we can schedule work
through the end of the decade matching up chains of pointers to legacy
and new gTLDs and real registrars and shell registrars and registrars
who own registries and so on.
I on the other hand, would like to simply get the policy model changed
from sleep-walking as if DARPA still paid my bills, and affirm some
basic choice -- either give all the data unconditionally to the two
"legal" exploitive enterprises I mentioned above, and anyone else
looking to make money off of personally identifying data, or don't, and
be responsible for the outcome.
And I do appreciate that the subject matter is complex, and my writing
leaves a great deal to be desired.
Patrick Jones wrote:
Thanks for correcting me. I had jumped ahead by reading recommendation
#3 in the SSAC document as calling for looking at the IDN implications
of WHOIS. The section does state that “SSAC encourages the ICANN
community to study the standards developed by the IETF's Cross
Registry Information Service Protocol (CRISP) Working Group. In
particular, SSAC urges the GNSO to consider the
requirements for CRISP identified in RFC 3707 and the set of RFCs
associated with the Internet Registry Information Service (IRIS) (RFCs
3981 - 3983) which appear to provide sufficient features and services
to meet the needs of the domain registration community.”
I would be interested to know more about these developments and
support for IDNs.
For the benefit of the group, here is the link to the 18 Sept 2003
http://www.icann.org/announcements/announcement-18sep03.htm. I believe
this was a precursor to the work of the previous Whois Task Force
which came to an end in the LA meeting in October 2007. I am not aware
of the IDN issues identified in the Carthage Meeting Whois Workshop
being addressed in a subsequent ICANN document, but I might be wrong
On 5/12/08 10:49 PM, "Eric Brunner-Williams"
First, there is nothing in sac027 that relates to IDNs. Second, I've
been trying to fix-or-kill whois since ... IETF-49 and IETF-51, so
"earlier" is the correct answer. Third, the intersection between Steve
and Dave's memo and ASCII strings that begin in "xn--" is ... zero.
Turning to CRISP and ISIS, there's the ICANN announcement of September
18th, 2003 on the subject, so even if it were an "advance" (and we
call each other's protocols "advanced" or "retarded" in the IETF,
although "brain dead" is used with some relish), its been around long
enough to have been discussed at least once previously. Mercifully, at
some Verisign product event and not this study group.
Patrick Jones wrote:
> In reviewing the WHOIS Study priority tally, there is an area that
> this group is overlooking: IDN implications of the current WHOIS.
> is not a new issue. Recently, SSAC called attention to this in
> <http://www.icann.org/committees/security/sac027.pdf%29,> but
> others have been working on it going back to at least 2004, if not
> earlier. This group might want to discuss protocol advances such as
> CRISP and IRIS and how these advances provide a way for
> internationalization of registration data.
> Category #7 (WHOIS Accuracy) in its current form does not capture the
> issue. Internationalization of registration data might be its own
> study category.
> Patrick L. Jones
> Registry Liaison Manager &
> Coordinator, ICANN Nominating Committee
> Internet Corporation for Assigned Names & Numbers
> 4676 Admiralty Way, Suite 330
> Marina del Rey, CA 90292
> Tel: +1 310 301 3861
> Fax: +1 310 823 8649