ICANN ICANN Email List Archives

[gnso-whois-study]


<<< Chronological Index >>>    <<< Thread Index >>>

Re: [gnso-whois-study] Documents for tomorrow's call

  • To: Patrick Jones <patrick.jones@xxxxxxxxx>
  • Subject: Re: [gnso-whois-study] Documents for tomorrow's call
  • From: Eric Brunner-Williams <ebw@xxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 13 May 2008 06:53:46 -0700


Patrick,

Some background. Dave Crocker (Steve Crocker's brother) and I put together the whois-fix bof at IETF-51. I was at NeuStar/NeuLevel at the time. There were a bunch of ideas floating around at the time, from getting whois:43 to speak XML or something structured at one end of the functional model, to declaring it dead, as domain names and the associated email addresses were no longer free and limited to the communities of military operational (MILNET) and military contractor and military allied academic (ARPANET) institutional commands and authorized users.

Of course a vast issue at the time was the registry model -- thick or thin. If thick, than the registry knows everything, independent of the policy of data collection (manditory for MILNET and ARPANET use prior to the NSF's and eventual DOC's NIC contract management periods) and independent of the policy of data disclosure (unpolicied) and independent of any retention or bulk copy or 3rd-party use policies (forbidden), and the technical problem of a unified consistent data model is pretty simple. If thin, and the registry just knows enough to publish a zonefile entry, than the other data -- the "social data" -- is held by two or more entities, and again, independent of all of the data collection, data publication, and data retention, data copy, and data repurposing policies, the technical problem of a unified consistent data model is not pretty simple.

Andy Newton than, and still at Versign, had UWHO, Universal WHOis, but with a wicked catchy title. The Verisign "consultations" of the period were a lot of fun, with some junior woodchuck from the FBI detailed to scowl and drone on about how whois:43 was wicked important to catching terrorists, and someone from Marks doing the familiar Marks routine and no one allowed to talk about how the Address Registries were solving the same problem -- by separating the operational data from the contact data, and actually policing the contact data with a policy of non-disclosure as the default.

Andy recast UWHO as CRISP by IETF-53, and as a wise contributor once told me when I tried to get a data collection disclosure mechanism for the HTTP state management mechanism into the HTTP spec, the IETF exists in part to limit the liability of employers for collusion, Verisign's UWHO moved on in a new costume.

Kitchen Sink Resource Record
Abstract

  Periodically people desire to put proprietary, complex, and/or
  obscure data into the Domain Name System (DNS).  This draft defines a
  kitchen sink Resource Record that will satisfy this desire for the
  storage of miscellaneous structured information.



At its bottom, Leslie Daigle's and Andy Newton's SRV hack (RFC 3958) isn't as ugly as putting the proverbial kitchen sink into the DNS (yes, there really was such a thing, Don Eastlake wrote an Internet Draft for a Kitchen Sink Resource Record that went to WG last call in the DNSIND WG in 1997, see above), but it does the same thing. It creates a technical mechanism to allow a unified lookup, retaining the central property of a "thick registry", the means within the registry data model of knowing everything. And that is what CRISP/ISIS is, the thick registry model, through pointers in the DNS SRV resource record.

Steve Crocker and Dave Piscatello and whoever else is involved with ssac027 are enamored with Verisign's unsurprisingly core-business-preserving technology. Fine. But tech isn't our problem. Policy is. The policy model we have is really a business model for two very primitive (in the unflattering non-technical sense) types of string uniqueness and nominal personal identification enterprises -- the trademarks lobby and the cops-n-robbers lobby -- who have rejected every offer of a "whois like" system that would meet their needs better than 954. The free ride they're getting is being paid for by everyone who gets spam, whether they buy a domain name or not. Worse, the policy logjam over this issue has wasted the professional collaborative worktime of quite a few people for quite a few years.

So, if one wants to prolong the whois process, without altering the policy, a technical distraction is a good idea and we can schedule work through the end of the decade matching up chains of pointers to legacy and new gTLDs and real registrars and shell registrars and registrars who own registries and so on.

I on the other hand, would like to simply get the policy model changed from sleep-walking as if DARPA still paid my bills, and affirm some basic choice -- either give all the data unconditionally to the two "legal" exploitive enterprises I mentioned above, and anyone else looking to make money off of personally identifying data, or don't, and be responsible for the outcome.

And I do appreciate that the subject matter is complex, and my writing leaves a great deal to be desired.

Eric

Patrick Jones wrote:
Eric,

Thanks for correcting me. I had jumped ahead by reading recommendation #3 in the SSAC document as calling for looking at the IDN implications of WHOIS. The section does state that “SSAC encourages the ICANN community to study the standards developed by the IETF's Cross Registry Information Service Protocol (CRISP) Working Group. In particular, SSAC urges the GNSO to consider the requirements for CRISP identified in RFC 3707 and the set of RFCs associated with the Internet Registry Information Service (IRIS) (RFCs 3981 - 3983) which appear to provide sufficient features and services to meet the needs of the domain registration community.”

I would be interested to know more about these developments and support for IDNs.

For the benefit of the group, here is the link to the 18 Sept 2003 announcement: http://www.icann.org/announcements/announcement-18sep03.htm. I believe this was a precursor to the work of the previous Whois Task Force which came to an end in the LA meeting in October 2007. I am not aware of the IDN issues identified in the Carthage Meeting Whois Workshop being addressed in a subsequent ICANN document, but I might be wrong (see http://www.icann.org/carthage/whois-workshop-agenda.htm). <http://www.icann.org/carthage/whois-workshop-agenda.htm%29.>

Patrick

On 5/12/08 10:49 PM, "Eric Brunner-Williams" <ebw@xxxxxxxxxxxxxxxxxxxx> wrote:

    Patrick,

    First, there is nothing in sac027 that relates to IDNs. Second, I've
    been trying to fix-or-kill whois since ... IETF-49 and IETF-51, so
    "earlier" is the correct answer. Third, the intersection between Steve
    and Dave's memo and ASCII strings that begin in "xn--" is ... zero.

    Turning to CRISP and ISIS, there's the ICANN announcement of September
    18th, 2003 on the subject, so even if it were an "advance" (and we
    don't
    call each other's protocols "advanced" or "retarded" in the IETF,
    although "brain dead" is used with some relish), its been around long
    enough to have been discussed at least once previously. Mercifully, at
    some Verisign product event and not this study group.

    Cheers,
    Eric

    Patrick Jones wrote:
    > In reviewing the WHOIS Study priority tally, there is an area that
    > this group is overlooking: IDN implications of the current WHOIS.
    This
    > is not a new issue. Recently, SSAC called attention to this in
    SSAC 27
    > (http://www.icann.org/committees/security/sac027.pdf),
    <http://www.icann.org/committees/security/sac027.pdf%29,>
    > <http://www.icann.org/committees/security/sac027.pdf%29,> but
    IETF and
    > others have been working on it going back to at least 2004, if not
    > earlier. This group might want to discuss protocol advances such as
    > CRISP and IRIS and how these advances provide a way for
    > internationalization of registration data.
    >
    > Category #7 (WHOIS Accuracy) in its current form does not capture the
    > issue. Internationalization of registration data might be its own
    > study category.
    >
    > Patrick
    > --
    > Patrick L. Jones
    > Registry Liaison Manager &
    > Coordinator, ICANN Nominating Committee
    > Internet Corporation for Assigned Names & Numbers
    > 4676 Admiralty Way, Suite 330
    > Marina del Rey, CA 90292
    > Tel: +1 310 301 3861
    > Fax: +1 310 823 8649
    > patrick.jones@xxxxxxxxx








<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy