services Whois is going to be replaced by RDAP relatively soon

[News]

Both companies have this week started piloting implementations of RDAP, the Registration Data Access Protocol, which is expected to usurp the decades-old Whois protocol before long.

The two new pilots only currently cover Verisign’s .com and .net registries and Afilias’ .info.

RDAP helps standardize access control, meaning certain data fields might be restricted to certain classes of user. Cops and IP enforcers could get access to more Whois data than the average blogger or domainer, in other words...

Read More

 

[Domainstore]

Big Brother is watching you, or definively a progress??

 

[offthehandle]

Tried the verisign version. The unformatted string of fields has names servers and registry, but this is missing ownership details. Not sure if they are going to charge or require a subscription for that? Anybody have ideas of the output specs and whats going on with this change?

 

[Mister Funsky]

The old phrase "if it ain't broke, don't fix it comes to mind".

The beta version reminds of the old days of message boards...a simpler and less porn filled time to exchange ideas from behind a screen.

Will this mean trouble for sites like dmaintools since some data, presumably, can not be be mined? If it weren't for reverse 'who is' I would be lost like a babesky in the woods...

Thanks for posting the article.

 

[Brandworthy]

Tried the verisign version.

Affilias is the same. Only registrar and NS details. See:

http://rdg.afilias.info/whois/domain/dog.info

Vs.

http://rdg.afilias.info/rdap/domain/dog.info

 

[offthehandle]

Affilias is the same. Only registrar and NS details. See:

http://rdg.afilias.info/whois/domain/dog.info

Vs.

http://rdg.afilias.info/rdap/domain/dog.info

Thanks. So-- >Whois is complete, RDAP has fields left blank, interesting.

1. I wonder if this EU privacy law compliance is going to be enforced for the entire world or simply only EU registrants?
2. Privacy seems to be a profitable thing for various registries, I bet they will squawk if it's all censored.
3. WHO WILL and WHO WON'T get all the WHOIS?

"RDAP helps standardize access control, meaning certain data fields might be restricted to certain classes of user. Cops and IP enforcers could get access to more Whois data than the average blogger or domainer, in other words."

Sadly, the spammers will get access somehow as they always do, since the 90's.

Hope we hear more info on this. I skim circleid but never saw RDAP name before.

 

[Shackleton]

Will the term "whois" be replaced by "RDAP"? Picked up RDAP.ca today. RDAP.com is in use.

 

[offthehandle]

User access and Authentication appears to be the main objective.

https://blog.verisign.com/domain-na...ns-to-rdap-how-do-we-avoid-the-same-mistakes/

Here is what Verisign says:

The group’s final report recommended that “a new approach be taken for registration data access, abandoning entirely anonymous access by everyone to everything in favor of a new paradigm that combines public access to some data with gated access to other data.”

https://datatracker.ietf.org/doc/draft-hollenbeck-regext-rdap-openid/?include_text=1

On page 16, I find some TBD spec items among restrictions to whois/rdap access, it appears verisign acknowledge and I assume will offer what appears to be domainer access, in addition to UDRP, Law enforcement, trademarks, etc.

-----BEGIN FORM-----
Value: businessDomainNamePurchaseOrSale
Description: Tasks within the scope of this purpose include making
purchase queries about a domain name, acquiring a domain name from a
registrant, and enabling due diligence research.
-----END FORM-----

 

[Brandworthy]

it appears verisign acknowledge and I assume will offer what appears to be domainer access, in addition to UDRP, Law enforcement, trademarks, etc.

Interesting, but I assume domain registrants will have to opt-in to enable this.

The real shame is that they do not appear to have considered domain transfers, and the use of WHOIS to establish current registration details post-transfer. This could have quite significant implications for escrow companies and how they arbitrate non-compliance.

An even bigger shame is that it only took since 2010 to get to this point, so the idea of registrant data moving onto something like blockchain technology isn't at all likely before 2025...

 

[offthehandle]

Interesting, but I assume domain registrants will have to opt-in to enable this.

The real shame is that they do not appear to have considered domain transfers, and the use of WHOIS to establish current registration details post-transfer. This could have quite significant implications for escrow companies and how they arbitrate non-compliance.

An even bigger shame is that it only took since 2010 to get to this point, so the idea of registrant data moving onto something like blockchain technology isn't at all likely before 2025...

This is as much digging as I have done. The decentralized blockchain concept is really interesting for upcoming future products and services. I have not read enough to discuss or understand it in depth, but the lack of centralized control sure has it’s benefits. But, Organizations and Govt’s are always hungry for control and it won’t be an easy change politically by decentralizing many facets of implementing its use. So often people believe their gov’t actually can protect them or *really* cares about them. Lol. Or feel private industry needs to be watched and regulated. The wheels on bus go round and round. Ha.

Tax it, regulate it, censor it, control it, charge for it, profit from it.... they all go hand in hand. It’s our world.

Not sure if you plowed through it all, but here are the predefined user access categories:

Hollenbeck Expires February 15, 2018 [Page 16]
Internet-Draft OpenID Connect for RDAP August 2017

-----BEGIN FORM-----
Value: domainNameControl
Description: Tasks within the scope of this purpose include creating
and managing and monitoring a registrant's own domain name, including
creating the domain name, updating information about the domain name,
transferring the domain name, renewing the domain name, deleting the
domain name, maintaining a domain name portfolio, and detecting
fraudulent use of the Registrant's own contact information.
-----END FORM-----

-----BEGIN FORM-----
Value: personalDataProtection
Description: Tasks within the scope of this purpose include
identifying the accredited privacy/proxy provider associated with a
domain name and reporting abuse, requesting reveal, or otherwise
contacting the provider.
-----END FORM-----

-----BEGIN FORM-----
Value: technicalIssueResolution
Description: Tasks within the scope of this purpose include (but are
not limited to) working to resolve technical issues, including email
delivery issues, DNS resolution failures, and web site functional
issues.
-----END FORM-----

-----BEGIN FORM-----
Value: domainNameCertification
Description: Tasks within the scope of this purpose include a
Certification Authority (CA) issuing an X.509 certificate to a
subject identified by a domain name.
-----END FORM-----

-----BEGIN FORM-----
Value: individualInternetUse
Description: Tasks within the scope of this purpose include
identifying the organization using a domain name to instill consumer
trust, or contacting that organization to raise a customer complaint
to them or file a complaint about them.
-----END FORM-----

-----BEGIN FORM-----
Value: businessDomainNamePurchaseOrSale
Description: Tasks within the scope of this purpose include making
purchase queries about a domain name, acquiring a domain name from a
registrant, and enabling due diligence research.
-----END FORM-----

Hollenbeck Expires February 15, 2018 [Page 17]
Internet-Draft OpenID Connect for RDAP August 2017

-----BEGIN FORM-----
Value: academicPublicInterestDNSRResearch
Description: Tasks within the scope of this purpose include academic
public interest research studies about domain names published in the
registration data service, including public information about the
registrant and designated contacts, the domain name's history and
status, and domain names registered by a given registrant (reverse
query).
-----END FORM-----

-----BEGIN FORM-----
Value: legalActions
Description: Tasks within the scope of this purpose include
investigating possible fraudulent use of a registrant's name or
address by other domain names, investigating possible trademark
infringement, contacting a registrant/licensee's legal representative
prior to taking legal action and then taking a legal action if the
concern is not satisfactorily addressed.
-----END FORM-----

-----BEGIN FORM-----
Value: regulatoryAndContractEnforcement
Description: Tasks within the scope of this purpose include tax
authority investigation of businesses with online presence, Uniform
Dispute Resolution Policy (UDRP) investigation, contractual
compliance investigation, and registration data escrow audits.
-----END FORM-----

-----BEGIN FORM-----
Value: criminalInvestigationAndDNSAbuseMitigation
Description: Tasks within the scope of this purpose include reporting
abuse to someone who can investigate and address that abuse, or
contacting entities associated with a domain name during an offline
criminal investigation.
-----END FORM-----

-----BEGIN FORM-----
Value: dnsTransparency
Description: Tasks within the scope of this purpose involve querying
the registration data made public by registrants to satisfy a wide
variety of use cases around informing the general public.
-----END FORM-----



You might send an email to the author:

Email: [email protected]
URI: http://www.verisignlabs.com/

 

[Name Trader]

There's bound to be a slew of level breakers so we will still be able to see everything the Cops see.

 

[offthehandle]

slew of level breakers

"Level breakers" as in special account access privileges? Seems to me they have the right to screen EU to comply but other countries- no way.

 

[offthehandle]

http://domainincite.com/22242-icann-chief-tells-industry-to-lawyer-up-as-privacy-law-looms

 

[xynames]

RDAP
https://www.bop.gov/inmates/custody_and_care/substance_abuse_treatment.jsp

 

[offthehandle]

http://domainincite.com/22358-open-whois-must-die-europe-privacy-chiefs-tell-icann

Open whois is against the law in europe, yeah? ok, So what? The EU does not dictate laws to the rest of the world.

Rather than change Whois, why don’t all the registrars and registries have a special EU 10.00 euro surcharge only to EU registrants to mask out their personal info only on registrants in Europe? A simple forced privacy on all EU member countries registrants at their expense. Great profitable idea and leave the rest of the world out of it?

This data privacy impacts the entire world and to change the system only for one segment?

 

[mr-x]

Same people restricting access to domain metadata crying about net neutrality. Weird.

 

[xynames]

This net neutrality thing used to get NFLX stock to jump up or down crazily every time the government made some kind of decision or comment about it.

 

[Kate]

What is the fuss all about, usually it's the rest of the world that has to abide by US-centric policies always, like whois that we know is broken and a huge violation of privacy. Or the 60-day lockdown that doesn't make any sense, and only exists to satisfy the peculiarities of the US market. Sorry guys, but there is a market outside the US, with different rules and customs.
Funny that Americans are outraged, because they didn't shape policy for a change.

But it's probably going to be implemented along geographical lines anyway.
I still can't understand why Americans are so much anti-privacy. Actually, plenty of Americans are paying for privacy but it shouldn't be a privilege... it should be a right. It would be good if it could be tuned according to personal preferences though.

 

[offthehandle]

I still can't understand why Americans are so much anti-privacy. Actually, plenty of Americans are paying for privacy but it shouldn't be a privilege... it should be a right. It would be good if it could be tuned according to personal preferences though.

Opposite for me, I am pro privacy and have most domains under privacy. I hate the spam, and not interested in being contacted unsolicited by most anybody.

It’s simply that with all this globalization, I get annoyed with inter country laws. The US and OECD imposing ridiculous banking regulations on the rest of the world also, which I disagree. I like the fact that google got fined by the EU, no issue there, and same goes for any other multinationals not playing by local rules.

Whois might be broken, but restricting access across the board for reference as a domainer is going to be a pain. And if registration prices for go up for everybody to cover privacy compliance for EU regulations, thats b.s.

In fact all .cctld whois should continue to be dealt by each country however they choose. .com, .net .org are all I care about, they started in the US, so the US should dictate the rules, not the rest of the world.

 

[Kate]

There is one thing to keep in mind: the policy was not made for domainers.
Domainers, law enforcement or IP lawyers have different needs. The average person is more interested in privacy and restrictions on data mining.
BTW the EU is not really a champion of privacy, quite the opposite as they eagerly import bad practices from the US but that is another story. Here this is more like a token gesture to pretend they care about your rights and freedoms (they don't). Nonetheless, there may be a slight albeit limited improvement. Wait and see.

 

[offthehandle]

Another opinion piece.

http://www.circleid.com/posts/20171208_whois_how_could_i_have_been_so_blind/

 

[Kate]

FWIW we never get spam when we register domains in some European extensions like .se or .be, because spammers cannot mine the whois DB at will. If you want to obtain registrant details you need to go to the registry website and you'll have to fill out a captcha, so it's not something that can be automated. The French registry automatically does whois privacy for individuals, but they still have the data if someone needs it for a good reason ie legal.
So we could easily make like more difficult for the spammers and the stalkers, it is just a question of will.
Besides, domain names are assets too, I think what you own is nobody's business, not even the government's unless it's taxable. I don't see why your wealth (or bad taste ) should be laid bare before the whole world unless you decide to...

 

[mr-x]

...they eagerly import bad practices from the US

EU or your own country didn't need examples from the US on how to violate someones privacy.

 

[Jasonn]

FWIW we never get spam when we register domains in some European extensions like .se or .be, because spammers cannot mine the whois DB at will. If you want to obtain registrant details you need to go to the registry website and you'll have to fill out a captcha, so it's not something that can be automated. .

that is reasonable but making it so the average person can not have any access to whois records is not, which seems to be the case with RDAP.

 

[offthehandle]

FWIW we never get spam when we register domains in some European extensions like .se or .be, because spammers cannot mine the whois DB at will. If you want to obtain registrant details you need to go to the registry website and you'll have to fill out a captcha, so it's not something that can be automated. The French registry automatically does whois privacy for individuals, but they still have the data if someone needs it for a good reason ie legal.
So we could easily make like more difficult for the spammers and the stalkers, it is just a question of will.
Besides, domain names are assets too, I think what you own is nobody's business, not even the government's unless it's taxable. I don't see why your wealth (or bad taste ) should be laid bare before the whole world unless you decide to...

I just received this past couple of weeks unsolicited offers from spammers selling all the whois database. You never receive such ridiculous offers? This sort of regulation and change will then move the spammers to profit even further from databases, I would imagine there will be unscrupulous people reselling RDAP data too, you simply can’t regulate these things. Scaping all the whois data is obviously should be controlled and is ridiculous, so the Captcha feature you mention is also used by various registries like GD on all queries.

Not sure about Europe, but in the states, assets such as your taxes based on home value are public information. Car ownership too, outstanding loans and credit reports too. LexisNexus allows you to look up entire lists of assets for specific people in their personal names. It used to be $30 a day to use, Attorneys use it all the time for asset location, attaching and liening properties, discovery motions, etc. The point is, anybody with basic skills and for a price can search all those assets.

I recall in the late 90’s german sellers on ebay had some of their information masked out, per a privacy law there. Not sure where that stands today.