[WHOIS-WG] Initial WHOIS Service Requirements Report for Council review and discussion

[Patrick Vande Walle]

Dear colleagues,

I am forwarding this document sent to SSAC last week. I guess we will have it receive for comments through other, more official, ways. Anyway, as always the clock is running fast, and even more in the At-Large context. So I thought an early notice would allow us to send a meaningful reply with reasonable deadlines.  In this case, comments are by close of business day on Monday, May 17.

Yet another WHOIS document from ICANN, you may say. This one is specially interesting in that it intends to set the requirements for a new WHOIS system. Would you believe it, it also contains words like "privacy" and "access control" .  

My personal comments are below, but I suggest you read the document before the comments . 

I will add that this document is really about defining the WHOIS *service* . It should be obvious that the current WHOIS protocol (RFC3912) is unable to deliver what is required in the appended document.   Hencer my question below to Steve Crocker if ICANN intends to go down the IETF standards process or do its own thing (which would be bad IMHO) . 

I am willing to hold the pen to summarize the comments.

Patrick 



-------------- next part --------------
A non-text attachment was scrubbed...
Name: Whois Service Requirements Initial Report to GNSO 26 Mar	2010.pdf
Type: application/pdf
Size: 722418 bytes
Desc: not available
URL: <http://atlarge-lists.icann.org/pipermail/whois-wg_atlarge-lists.icann.org/attachments/20100405/ac51abe7/attachment-0001.pdf>
-------------- next part --------------



> From: Patrick Vande Walle <patrick at vande-walle.eu>
> Date: 1 Apr 2010 08:17:52 GMT+02:00
> To: Steve Crocker <steve at shinkuro.com>
> Cc: ICANN SSAC <ssac at icann.org>
> Subject: Re: [ssac] Fwd: Initial WHOIS Service Requirements Report for Council review and discussion
> Reply-To: patrick at vande-walle.eu
> 
> Hello Steve,
> 
> I am starting a similar exercise on the ALAC side. By joining the SSAC group, I hope to be able pass on information between both ACs and sort of cross-pollinize.
> 
> I note that the requirements mention several recommendations the SSAC has done in the past regarding authentication and granual access to information, which has been a major request of the ALAC over the years.  It is also a technical necessity for some registrars and registries that need to comply with local privacy laws. For example, Telnic had quite some problems implementing a WHOIS service that would comply with the UK laws on privacy.
> 
> It is not clear if the intention is to update the WHOIS protocol to match the new requirements, in which case it should go through the IETF standards process or if ICANN intends to develop its own WHOIS protocol-like service. In any case, because the WHOIS protocol is being used outside the gTLD space by ccTLDs and RIRs, we need to avoid having different dialects of WHOIS, which would share a similar name, but different interfaces and output. I find it strange also that the ASO is not associated to this consultation, given that the WHOIS service is a central part of the work of RIRs.
> 
> The use of a structured data model would allow for easier localization of the client software. This would be most welcome by those who do not have English as one of their languages and do not understand what "tech-c" may mean.
> 
> The use of a machine-parseable output would certainly be beneficial for legitimate uses of the WHOIS information, allowing to automate processes. On the other hand, it will also make the life of those with malicious intents much easier, too. There should be mechanisms put in place to prevent large scale harvesting of data for malicious use.
> 
> Patrick
> 

-- 
Patrick Vande Walle
Blog: http://patrick.vande-walle.eu
Twitter: http://twitter.vande-walle.eu
Facebook: http://facebook.vande-walle.eu
LinkedIn: http://linkedin.vande-walle.eu