Scott Hollenbeck is a fellow of industry standards and technology in the chief technology officer organization, where he manages a team of engineers and researchers who focus on exploring innovation opportunities and emerging technologies. Scott has more than 30 years of expertise in the Domain Name System space, applications programming, systems architecture, network engineering, information security, financial analysis, and personnel management.
Prior to joining Verisign in 1998, Scott held management and engineering positions with Xerox Corporation. There, he chaired a cross-corporate group responsible for interoperability testing of all Xerox network and desktop software products. Before Xerox, Scott served as a first lieutenant officer in the U.S. Air Force.
Scott has authored many internet protocol standards, including: the Extensible Provisioning Protocol, a standard protocol for the registration and management of internet infrastructure data, including domain names; and the Verisign Registry-Registrar Protocol, a pre-cursor of EPP developed for use in the Verisign Shared Registration System; and most recently, he has co-authored the Registration Data Access Protocol, a standard protocol that was designed to replace the WHOIS protocol. He has been a contributor to several industry efforts related to domain names and internet security, such as internationalized domain names, public key cryptography, Secure/Multipurpose Internet Mail Extensions, the Extensible Markup Language, the Transport Layer Security protocol, and the ENUM protocol.
He has also served in various capacities on the Internet Corporation for Assigned Names and Numbers’ Expert Working Group on generic top-level domain directory services; the Internet Engineering Task Force’s Internet Engineering Steering Group; and the Web Extensible Internet Registration Data Service, Registration Protocols Extension, Extensible Provisioning Protocol Extensions, and Transport Layer Security working groups.
Scott holds a Master of Science in computer science and a graduate certificate in software engineering from George Mason University and a Bachelor of Science in computer science from the Pennsylvania State University.
Every day, there are tens of thousands of domain names registered across the globe – often as a key first step in creating a unique online presence. Making that experience possible for Verisign-operated top-level domains (TLDs) like .com and .net is a powerful and flexible technology platform first introduced 25 years ago.
Thanks to the Shared Registration System (SRS) – a hardware and software system conceptualized, designed, and launched by our teams 25 years ago – we’re able to successfully manage relationships with approximately 2,000 ICANN-accredited registrars who generally submit more than 100 million domain name transactions daily. Over the past quarter century, the SRS has thrived and grown with the global internet, in large part because we’ve continuously scaled and evolved the technology to meet exponentially increasing global demand, and a rapidly changing cyberthreat landscape.
In 1987, CompuServe introduced GIF images, Steve Wozniak left Apple and IBM introduced the PS/2 personal computer with improved graphics and a 3.5-inch diskette drive. Behind the scenes, one more critical piece of internet infrastructure was quietly taking form to help establish the internet we know today.
This article originally appeared in The Domain Name Industry Brief (Volume 18, Issue 3)
Earlier this year, the Internet Engineering Task Force’s (IETF’s) Internet Engineering Steering Group (IESG) announced that several Proposed Standards related to the Registration Data Access Protocol (RDAP), including three that I co-authored, were being promoted to the prestigious designation of Internet Standard. Initially accepted as proposed standards six years ago, RFC 7480, RFC 7481, RFC 9082 and RFC 9083 now comprise the new Standard 95. RDAP allows users to access domain registration data and could one day replace its predecessor the WHOIS protocol. RDAP is designed to address some widely recognized deficiencies in the WHOIS protocol and can help improve the registration data chain of custody.
In the discussion that follows, I’ll look back at the registry data model, given the evolution from WHOIS to the RDAP protocol, and examine how the RDAP protocol can help improve upon the more traditional, WHOIS-based registry models.
For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities.
Do you need to find out who has registered a particular domain name? Use WHOIS. Do you want to see who an Internet Protocol (IP) address has been allocated to? Use WHOIS.
In 1905, philosopher George Santayana famously noted, “Those who cannot remember the past are condemned to repeat it.” When past attempts to resolve a challenge have failed, it makes sense to consider different approaches even if they seem controversial or otherwise at odds with maintaining the status quo. Such is the case with the opportunity to make real progress in addressing the many functional issues associated with WHOIS. We need to think differently.
Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” As we consider how Internet domain and address registration data is managed and accessed in a post-WHOIS era, and given the long history of failure in addressing the shortcomings of WHOIS, it is extremely important to start preparing now for the eventual replacement of WHOIS. This is the fundamental purpose of the next Registration Operations Workshop (ROW) that is scheduled for Sunday, July 19, 2015, in Prague, Czech Republic.
ROW 2015-2 will take place at the Hilton Prague hotel, the same venue as the 93rd meeting of the Internet Engineering Task Force (IETF-93). The workshop will be dedicated to discussion and planning for development and testing deployments of the Registration Data Access Protocol (RDAP), a recent work product of the IETF that is documented in Request For Comments (RFC) documents 7480, 7481, 7482, 7483, and 7484. RDAP was designed from the beginning to address the many shortcomings of WHOIS, but we have very little experience with early-stage implementations that can be used to inform the policy decisions that need to be made. Additional information about WHOIS and RDAP can be found in my “Where Do Old Protocols Go To Die?” blog post published earlier this year. (more…)
Perceptions can be difficult to change. People see the world through the lens of their own experiences and desires, and new ideas can be difficult to assimilate. Such is the case with the registration ecosystem. Today’s operational models exist because of decisions made over time, but the assumptions that were used to support those decisions can (and should) be continuously challenged to ensure that they are addressing today’s realities. Are we ready to challenge assumptions? Can the operators of registration services do things differently?
The next Registration Operations Workshop will take place at the start of IETF-92 on Sunday, March 22, 2015, at The Fairmont Dallas Hotel. The workshop will start at 12:30 p.m. CDT and will finish at 4:30 p.m. CDT. We are seeking proposals for Extensible Provisioning Protocol (EPP) extensions to be featured as part of the workshop, including existing extensions that people wish to register with the Internet Assigned Numbers Authority (IANA) and new extensions that people wish to consider for further development.
Have you developed custom EPP extensions in your registry? Please submit a proposal to describe your extension. Facilities for remote participation will be provided.
In Ripley Scott’s classic 1982 science fiction film Blade Runner, replicant Roy Batty (portrayed by Rutger Hauer) delivers this soliloquy:
“I’ve…seen things you people wouldn’t believe…Attack ships on fire off the shoulder of Orion. I watched C-beams glitter in the dark near the Tannhäuser Gate. All those…moments…will be lost in time, like (cough) tears…in…rain. Time…to die.”
The WHOIS protocol was first published as RFC 812 in March 1982 – almost 33 years ago. It was designed for use in a simpler time when the community of Internet users was much smaller. WHOIS eventually became the default registration data directory for the Domain Name System (DNS). As interest in domain names and the DNS has grown over time, attempts have been made to add new features to WHOIS. None of these attempts have been successful, and to this day we struggle with trying to make WHOIS do things it was never designed to do.
The first Registration Operations Association Workshop took place on Thursday, October 16, 2014, at the Los Angeles Hyatt Regency Century Plaza Hotel. I’d like to thank the 64 people that took the time to attend and participate in the discussion, both in-person and remote.
I started the workshop with an introduction to some of the technical challenges being faced by the domain registration industry. Additional challenges were described by Thomas Stocking of Gandi.net, Tobias Sattler of United Domains and Peter Larsen of Larsen Data ApS, and James Gould of Verisign. After discussing the challenges, we had an opportunity to consider proposals for organization presented by John Levine of Standcore LLC, Thomas Rickert of eco, and Adam Newman of IEEE-ISTO. The remainder of the morning was spent discussing those proposals and other options for creating a forum in which all interested members of our community could meet for face-to-face discussions. I’m very happy to report that we reached consensus on an approach.
