Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.” As we consider how Internet domain and address registration data is managed and accessed in a post-WHOIS era, and given the long history of failure in addressing the shortcomings of WHOIS, it is extremely important to start preparing now for the eventual replacement of WHOIS. This is the fundamental purpose of the next Registration Operations Workshop (ROW) that is scheduled for Sunday, July 19, 2015, in Prague, Czech Republic.
ROW 2015-2 will take place at the Hilton Prague hotel, the same venue as the 93rd meeting of the Internet Engineering Task Force (IETF-93). The workshop will be dedicated to discussion and planning for development and testing deployments of the Registration Data Access Protocol (RDAP), a recent work product of the IETF that is documented in Request For Comments (RFC) documents 7480, 7481, 7482, 7483, and 7484. RDAP was designed from the beginning to address the many shortcomings of WHOIS, but we have very little experience with early-stage implementations that can be used to inform the policy decisions that need to be made. Additional information about WHOIS and RDAP can be found in my “Where Do Old Protocols Go To Die?” blog post published earlier this year.
RDAP includes a number of features that don’t exist in WHOIS. The new features include service discovery, HTTP transport, client identification and authentication, server redirection, structured queries and responses, internationalization, and access control. Experience gained in not having these features in WHOIS is helpful, but it doesn’t go very far in developing best practices based on operational experience with these new capabilities. We need to start thinking now about how to make the best use of these features to ensure that we can optimize and appropriately manage access to registration data. This workshop will help to start those discussions.
Within the next few weeks, the ROW Secretariat will announce a call for participation that will include a request for discussion topics. Here are some suggestions:
- Software availability: What kind of client and server software is either available now or planned for the near future?
- Test support: Are there any tools available to help me test my software?
- Service discovery and access: How should bootstrapping and redirection work in practice?
- Client identification and authentication: How can clients be identified and authenticated while maintaining personal privacy controls?
- Access control: How can we ensure that access is restricted to authorized clients?
- RDAP functionality: Are there any gaps in RDAP that need to be addressed by extending the protocol?
- Internationalization and localization: How can RDAP be used in a global environment of users and operators?
- Searching: How well does RDAP meet real-world search requirements?
Both in-person and remote participation options will be available. Please suggest a topic for discussion, and join us in Prague to start exploring this great opportunity. Let’s not prepare to fail!