Draft Inventory of WHOIS Service Requirements Margie Milam, Steve - - PowerPoint PPT Presentation

draft inventory of whois service requirements
SMART_READER_LITE
LIVE PREVIEW

Draft Inventory of WHOIS Service Requirements Margie Milam, Steve - - PowerPoint PPT Presentation

Oct 03, 2022 38 likes •349 views

Draft Inventory of WHOIS Service Requirements Margie Milam, Steve Sheng ICANN Background The GNSO Council requests that Policy Staff, with the assistance of technical staff and GNSO Council members as required, collect and organize a

slide-1
SLIDE 1

Draft Inventory of WHOIS Service Requirements

Margie Milam, Steve Sheng ICANN

slide-2
SLIDE 2

2

Background

  • The GNSO Council requests that Policy Staff, with the assistance of technical

staff and GNSO Council members as required, collect and organize a

comprehensive set of requirements for the WHOIS service policy tools. These requirements should reflect not only the known

deficiencies in the current service but should include any possible requirements that may be needed to support various policy initiatives that have been suggested in the past.

  • The synthesis of requirements should be done in consultation with the SSAC,

ALAC, GAC, the ccNSO and the GNSO and a strawman proposal should

be prepared for these consultations. The Staff is asked to come back with

an estimate of when this would be possible.

slide-3
SLIDE 3

3

Goals

  • To collect and organize a set of requirements for

community consideration including

– Current features identified as needing improvement – features to support various, past policy proposals – features recommended by ICANN SOs, ACs, community

slide-4
SLIDE 4

4

Goals

  • “Requirements” means technical requirements

– NOT gathering policy requirements NOT recommending policy

  • Take “tiered-access” as an example

– Policy requirement: Law enforcement should have to access to XYZ data in WHOIS – Operational requirement: Who is law enforcement? How to certify law enforcement entities? – Technical requirement: What technology needs to be implemented to ensure tiered access?

slide-5
SLIDE 5

Terminology

5

WHOIS service:

  • WHOIS clients (port 43,

Web-based, legitimate automation clients)

  • WHOIS servers
  • WHOIS data
slide-6
SLIDE 6

Preliminary Compilation includes:

  • Mechanism to find

authoritative Whois servers

  • Structured queries
  • Standardized set of query

capabilities

  • Well-defined schema for replies
  • Standardized errors

6

slide-7
SLIDE 7

Preliminary Compilation cont’d

  • Quality of domain registration

data

  • Internationalization
  • Security
  • Thick vs. Thin WHOIS
  • Registrar abuse point of contact

7

slide-8
SLIDE 8

Mechanism to find authoritative WHOIS servers

8

Not easy to find out an updated list

  • f domain names and IP addresses of

authoritative WHOIS servers Clients use a combination of heuristics, hardwired tables, DNS SRV records, etc Problematic for new gTLDs, and legitimate automation clients

slide-9
SLIDE 9

9

Mechanism to find authoritative WHOIS servers

  • R1: Provide a publicly accessible and machine

parseable list of domain names or IP locations

  • f WHOIS servers operated by ICANN

accredited registrars, gTLD registry operators, ccTLDs operators, and regional internet registries (RIRs)

slide-10
SLIDE 10

10

Structured queries

  • Server applications vary with respect to

format of query data

e.g. To query AS number – ARIN: whois -h whois.arin.net a 6 – RIPE: whois -h whois.ripe.net -Taut-num as7

e.g. To control IDN responses:

– .DK: --charset=latin-1 – .JP : /e – .DE: -c UTF-8

slide-11
SLIDE 11

11

Structured queries

  • R2: Define a standard query structure that

clients can implement and that all gTLD registries and ICANN accredited registrars will support

slide-12
SLIDE 12

12

Standardized Set of query capabilities

  • Past GNSO and SSAC reports have called for

expanded query capacities beyond domain names

  • Some registries have expanded search

capabilities

  • R5: Permit users to submit not only domain

names as arguments to search functions but

  • ther registration data elements as well
slide-13
SLIDE 13

Structured responses

13

No standardized format for data that registrars and registries return in responses to WHOIS queries

slide-14
SLIDE 14

14

Structured responses

  • R3: Define a standard data structure for

WHOIS responses

  • R3: Contain and uniquely identify the data

elements that must be returned in a manner that assures there is no ambiguity across elements, correct syntax, and correct semantics

slide-15
SLIDE 15

Standardized errors

15

No standard set of error messages is defined for Whois servers, and Whois servers may handle errors differently Lack of standard error introduces ambiguity and confusion

slide-16
SLIDE 16

16

Standardized errors

  • R4: Define a set of standardized error messages

and standard handling of error conditions

  • Examples

– queries exceeding the limit – no records found – unable to process query

slide-17
SLIDE 17

Quality of domain registration data

17

Is the data accurate? Is the data useful or relevant? Are the collected data current?

slide-18
SLIDE 18

Barriers to WHOIS accuracy

18

  • Privacy Considerations
  • Stealth, intentional deception
  • Little or no corroboration of

submitted data

  • User error
slide-19
SLIDE 19

Relevant of WHOIS data

19

Certain registration data are not as useful today as they were 20 years ago A future Whois data model should accommodate extensibility and changeability

slide-20
SLIDE 20

20

Quality of domain registration data

  • R6: Adopt a structured data model for WHOIS

data that provides extensibility and changeability properties

slide-21
SLIDE 21

21

Internationalization

  • No standard exists today for handling the

submission and display of registration data from local languages and scripts

  • Some Whois applications or services

– May not support domain names in U-labels, – Cannot accept or display when characters from sets other than US-ASCII7 are used, and – Display in local encodings rather than Unicode, so terminals must be set to correct encodings beforehand

slide-22
SLIDE 22

22

Internationalization

  • Deferring to the IRD-WG on their

recommendations

slide-23
SLIDE 23

Security

23

Current WHOIS requiring no identity assertion, credentialing,

  • r authentication
slide-24
SLIDE 24

Need for security

24

  • Provide mechanisms to protect

the privacy of registrants

  • Discourage harvesting and

mining

  • Providing differentiated access
slide-25
SLIDE 25

Security frameworks

25

Authentication Access Control Auditing

slide-26
SLIDE 26

26

Security

  • Define an authentication framework for WHOIS that is

able to accommodate anonymous access as well as verification of identities using a range of authentication methods and credential services

  • Whois services should support an authorization

framework that is capable of implementing granular (per registration data object) permissions (access controls)

  • Define a framework and baseline set of metrics that

can accommodate future policy development for auditing of Whois access

slide-27
SLIDE 27

Registrar abuse point of contact

27

Registrars and registries should provide and publish abuse point

  • f contact information as an

element of a domain registration record

slide-28
SLIDE 28

Next steps

28

  • Released draft WHOIS

Requirements Report in March 2010

  • Conducting overview Webinars

(April, May 2010)

  • Are now consulting with SOs and

ACs on the draft report, will incorporate their input (April and May 2010)

  • Release final report by June 2010
slide-29
SLIDE 29

We value your feedback

29

Have we adequately identified the origins of each requirement? Did we miss any important requirements of or improvements to WHOIS that have been discussed to-date?

slide-30
SLIDE 30

Thank you

slide-31
SLIDE 31

Questions

31