Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
Text 
Deploying the IETF’s 
WHOIS Protocol 
Replacement 
#ICANN51 
16 October 2014 
Francisco Arias 
Director, Technical S...
Agenda 
Text 
• Introduction (10 min) 
• What is RDAP (10 min) 
• Status of RDAP (10 min) 
• Path to Adoption (15 min) 
• ...
History on Replacing the WHOIS Protocol 
Text 
• SSAC’s SAC 051 Advisory (19 Sep 2011) 
o The ICANN community should evalu...
Registration Data Access Protocol 
Text 
• Intended to replace the WHOIS (port-43) protocol 
• Provides flexibility to sup...
Text 
Status of RDAP Protocol 
Web-Extensible Internet Registration 
Data Service 
(WEIRDS) 
Murray Kucherawy 
IETF WEIRDS...
The Problem 
• WHOIS has not scaled well to the needs of the 
modern Internet: 
1. Unformatted 
2. Unauthenticated 
3. ASC...
The Problem: Unformatted 
• WHOIS defined no specific output format 
• Every WHOIS registry is free to return its results ...
The Problem: Unauthenticated 
• Impossible to distinguish one client from 
another, apart from source IP address 
• Can’t ...
The Problem: ASCII-only 
• There are no provisions for internationalized 
output 
• All participants are forced to use Eng...
The Problem: Not extensible 
• There are no provisions in the protocol for 
options, parameters, or extensions 
Text
The Problem: Insecure 
• Protocol is a trivial cleartext query/ 
response mechanism 
• Any interloper can see both the que...
Previous Solutions 
• WHOIS [RFC3912] has origins in the late 1970s 
• RWHOIS [RFC1714] in 1994 was an attempt to 
introdu...
WEIRDS and RDAP 
Text 
• In 2011, some ICANN staffers approached ARIN to talk 
about a new alternative involving the IETF ...
Fundamentals of RDAP 
• Transport used is HTTP 
• Widely deployed and developed infrastructure 
• Lots of open source opti...
Fundamentals of RDAP 
• Replies are JSON formatted, which supports 
UTF-8 
• Satisfies the standard format requirement 
• ...
Fundamentals of RDAP 
• IANA will maintain bootstrap registries for 
domains, AS numbers, and network blocks 
• Registries...
Fundamentals of RDAP 
• Bootstrap data includes the base query location 
for every registry 
• RDAP specification explains...
Fundamentals of RDAP 
• Basic search is supported in the protocol, but 
not mandatory to implement 
Text
Implementation Status 
Text 
• Any HTTP client can issue queries and receive replies 
• ICANN has partnered with CNNIC to ...
Specification Status 
Text 
• Six documents 
• Object inventory 
• RDAP over HTTP 
• Query format 
• Security Consideratio...
Specification Status 
• Currently in IETF Last Call 
• IESG review on October 30 
• Assuming no serious concerns, goes to ...
RDAP and ICANN 
• RDAP plays a prominent role in addressing the 
recommendations of the ICANN EWG on 
Directory Services 
...
Text 
Path to Adoption 
#ICANN51
Simplified Anatomy 
Text 
#ICANN51 
• Differentiated access 
• Searchability 
• … 
Policy 
Data 
• Domain name 
• Registra...
Focus of this Effort 
Text 
#ICANN51 
• Differentiated access 
• Searchability 
• … 
Policy 
Data 
• Domain name 
• Regist...
RDAP Provides/Enables 
Text 
• Standardized query, response, and error messages 
• Extensibility 
• Distributed sources – ...
High-Level Roadmap 
Text 
• RDAP attains IETF Proposed Standard status 
• RDAP Implementations available 
• RDAP operation...
Questions 
Text 
• Should RDAP deployment be synchronized with 
Thick Whois policy implementation? 
• Once all Registries ...
GDD + Related Sessions 
Text 
#ICANN51 
Thursday, 16 October 
o DNSSEC Key Rollover Workshop
Text Engage with ICANN on Web & Social Media 
twitter.com/icann 
facebook.com/icannorg 
linkedin.com/company/icann 
gplus....
Nächste SlideShare
Wird geladen in …5
×

ICANN 51: Deploying the IETF’s WHOIS Replacement

1.565 Aufrufe

Veröffentlicht am

What is the future of WHOIS? It’s the Registry Data Access Program, and it’s on its way. Find out more about what this means for you and the Internet community as a whole. We’ll also provide information on how you can take part in shaping the future of registry directory services by contributing to the RDAP roadmap.

Veröffentlicht in: Internet
  • Als Erste(r) kommentieren

ICANN 51: Deploying the IETF’s WHOIS Replacement

  1. 1. Text Deploying the IETF’s WHOIS Protocol Replacement #ICANN51 16 October 2014 Francisco Arias Director, Technical Services Global Domains Division Edward Lewis Technical Services Sr. Manager Global Domains Division
  2. 2. Agenda Text • Introduction (10 min) • What is RDAP (10 min) • Status of RDAP (10 min) • Path to Adoption (15 min) • Q&A (30 min) #ICANN51
  3. 3. History on Replacing the WHOIS Protocol Text • SSAC’s SAC 051 Advisory (19 Sep 2011) o The ICANN community should evaluate and adopt a replacement domain name registration data access protocol • Board resolution adopting SAC 051 (28 October 2011) • Roadmap to Implement SAC 051 (4 June 2012) • RDAP Community development within IETF WG since 2012 • Contractual provisions in .com, .name, .biz, .info, .org, 2012 RA, and 2013 RAA • RDAP RFCs expected in the next few months #ICANN51
  4. 4. Registration Data Access Protocol Text • Intended to replace the WHOIS (port-43) protocol • Provides flexibility to support various policies • Already operating at Regional Internet Registries • Provide benefits improving on weaknesses in the WHOIS protocol • Designed with the knowledge of a now mature industry #ICANN51
  5. 5. Text Status of RDAP Protocol Web-Extensible Internet Registration Data Service (WEIRDS) Murray Kucherawy IETF WEIRDS WG Co-Chair <superuser@gmail.com> #ICANN51
  6. 6. The Problem • WHOIS has not scaled well to the needs of the modern Internet: 1. Unformatted 2. Unauthenticated 3. ASCII-only 4. Insecure Text
  7. 7. The Problem: Unformatted • WHOIS defined no specific output format • Every WHOIS registry is free to return its results in any Text form it wishes • Difficult to request a reply and extract exactly the piece of information requested
  8. 8. The Problem: Unauthenticated • Impossible to distinguish one client from another, apart from source IP address • Can’t distinguish two clients from the same IP address Text at all (e.g., NATs or PATs) • Unable to give preferential service to, say, official ICANN queries or to law enforcement • “Preferential service” might mean higher rate limits, more detailed answers, etc., versus anonymous queries
  9. 9. The Problem: ASCII-only • There are no provisions for internationalized output • All participants are forced to use English or at least Text Anglicized names
  10. 10. The Problem: Not extensible • There are no provisions in the protocol for options, parameters, or extensions Text
  11. 11. The Problem: Insecure • Protocol is a trivial cleartext query/ response mechanism • Any interloper can see both the question and the Text response • Can also see which registry is being queried, though that’s probably less interesting
  12. 12. Previous Solutions • WHOIS [RFC3912] has origins in the late 1970s • RWHOIS [RFC1714] in 1994 was an attempt to introduce a hierarchical lookup structure, but uptake was weak • IRIS [RFC3981] attempted to do something more modern in 2005, but became highly complex and also saw little deployment Text
  13. 13. WEIRDS and RDAP Text • In 2011, some ICANN staffers approached ARIN to talk about a new alternative involving the IETF • Based on the requirements of IRIS [RFC3707], the IETF undertook a new, simpler effort • Formed the “Web Extensible Internet Registration Data Service” (WEIRDS) working group • BoF in spring 2012, WG formed summer 2012 • Broad participation from RIRs and registries • Developing the Registration Data Access Protocol (RDAP)
  14. 14. Fundamentals of RDAP • Transport used is HTTP • Widely deployed and developed infrastructure • Lots of open source options • Allows for use of HTTP authentication • Satisfies the differential service requirement • Allows for use of HTTPS • Satisfies the encryption requirement • Already has support for redirects Text
  15. 15. Fundamentals of RDAP • Replies are JSON formatted, which supports UTF-8 • Satisfies the standard format requirement • Internationalized domain names (IDN [RFC3409]) supported in both the question and the answer • Question is encoded in the URI • Combination satisfies the internationalization Text requirement
  16. 16. Fundamentals of RDAP • IANA will maintain bootstrap registries for domains, AS numbers, and network blocks • Registries will be published in JSON • Clients will periodically download the registry Text as a way of knowing where to send a query for a given AS range, network block, or TLD • A query that lands in the wrong place can be redirected using HTTP 303
  17. 17. Fundamentals of RDAP • Bootstrap data includes the base query location for every registry • RDAP specification explains how to form direct Text queries and basic search queries • Other interesting query formats can be defined later • Satisfies the extensibility requirement • Registry of known response fields also provides extensibility
  18. 18. Fundamentals of RDAP • Basic search is supported in the protocol, but not mandatory to implement Text
  19. 19. Implementation Status Text • Any HTTP client can issue queries and receive replies • ICANN has partnered with CNNIC to produce an open source implementation • https://github.com/cnnic/rdap • ARIN has had an implementation for network numbers since the beginning • APNIC has a prototype available • LACNIC appears to be in private beta • RIPE NCC has an open source implementation • https://github.com/RIPE-NCC/whois • VeriSign and Afilias are doing proof-of-concept implementations for domain names
  20. 20. Specification Status Text • Six documents • Object inventory • RDAP over HTTP • Query format • Security Considerations • JSON responses • Bootstrapping • https://datatracker.ietf.org/wg/weirds/documents/
  21. 21. Specification Status • Currently in IETF Last Call • IESG review on October 30 • Assuming no serious concerns, goes to the RFC Editor queue • RFC Editor lately takes about a month to publish as an RFC • Overall, very likely published by the end of 2014 Text
  22. 22. RDAP and ICANN • RDAP plays a prominent role in addressing the recommendations of the ICANN EWG on Directory Services Text
  23. 23. Text Path to Adoption #ICANN51
  24. 24. Simplified Anatomy Text #ICANN51 • Differentiated access • Searchability • … Policy Data • Domain name • Registrant • Contacts • … Protocol • RDAP • WHOIS
  25. 25. Focus of this Effort Text #ICANN51 • Differentiated access • Searchability • … Policy Data • Domain name • Registrant • Contacts • … Protocol • RDAP • WHOIS
  26. 26. RDAP Provides/Enables Text • Standardized query, response, and error messages • Extensibility • Distributed sources – Redirection (if needed) • Searchability (where applicable) • Differentiated access (where applicable) • Internationalization (pending T&T PDP) • An incremental step towards a potential policy outcome from the EWG report #ICANN51
  27. 27. High-Level Roadmap Text • RDAP attains IETF Proposed Standard status • RDAP Implementations available • RDAP operational profile defined • RDAP deployment • WHOIS (port-43) turn off #ICANN51
  28. 28. Questions Text • Should RDAP deployment be synchronized with Thick Whois policy implementation? • Once all Registries are Thick, is there a reason for registrars to offer RDAP/WHOIS/Web Whois? • How long after RDAP deployment to turn off WHOIS? #ICANN51
  29. 29. GDD + Related Sessions Text #ICANN51 Thursday, 16 October o DNSSEC Key Rollover Workshop
  30. 30. Text Engage with ICANN on Web & Social Media twitter.com/icann facebook.com/icannorg linkedin.com/company/icann gplus.to/icann weibo.com/icannorg flickr.com/photos/icann youtube.com/user/ICANNnews icann.org

×