As some readers probably know, I spend quite a bit of my time working on Internet policy related matters.
Some of it may appear incredibly boring, but it matters. (If you really want me to explain why it matters I'd be happy to do so!)
Since earlier this year I've been part of a small team of people drawn from the four corners of the globe and asked to re-examine "whois".
What is whois?
The "whois" system is what's used today for the collection, storage and display of domain name registration data. So, for example, if you want to find out more about 'blacknight.com' you can do a query and get back information about who the domain is registered to, who the registrar is, when the domain was registered, its nameservers and a few other things.
Unfortunately, however, the whois system is quite broken. If you wanted to be diplomatic you might describe it as "no longer fit for purpose". It's not anyone's fault that it's ended up this way. It's just a matter of how things evolved over time.
When it was first conceived back in the mists of time (speaking in relation to internet time obviously) it was meant to serve a relatively simple technical purpose. If you ran into issues connecting to someone else's server, for example, it was useful to know how to contact them.
20 to 30 years later, however, a whole range of different people use (and abuse) the whois system on a daily basis. The overall quality of the data is probably best described as "unreliable" and there's all sorts of issues around consistency, display, privacy, security and a whole load of other concerns.
ICANN has been trying to rectify the problems for years. There have been working groups, review teams, taskforces and ad-hoc attempts to deal with various aspects of the system. However they have all failed.
And since it's a relatively "obvious" issue it's one that governments, law enforcement, consumer groups, privacy advocates and others are able to single out as a weak point in the entire system.
ICANN needed to address it, so that's why the ICANN board and their new CEO, Fadi Chehadé, decided towards the end of last year to fix it once and for all. And so the Expert Working Group on gTLD Directory Services (EWG) came into existence and by some odd chance of fate I was selected to serve on it.
We're a very diverse group of people. We come from very different backgrounds and have very different experiences and expectations of the domain name system.
What we do share, however, is a common spirit. We want to find solutions. We do not want to fail. We do not want to fall into the traps that our predecessors fell into.
And to date, we haven't. Sure, our proposals might not be welcome by all parties, but personally I think that we as a group have not failed. We haven't wasted our time and energy squabbling!
So what have we proposed?
We've published a draft report that covers our proposals in depth.
What are they?
We didn't try to "fix" whois. We accepted as a premise that the current system was too far gone to be repaired and rather than get bogged down in trying to (metaphorically) apply a band aid when major heart surgery was required we concluded that the current whois system was b0rked and we would have to replace it.
So what we've done is go back to basics and examine how people use (and abuse) domain name registration data.
How did we do that?
By looking at purpose and usage.
Based on what people are using the data for, their requirements are very different.
If, for example, you're trying to diagnose a technical issue your main concern is going to be with the technical elements of the domain name. However if you're conducting due diligence on a company you've just acquired your needs will be very different.
We also recognised that data privacy had to be addressed comprehensively. The internet is global and both legislation and cultural expectations vary. Country code operators have been dealing with these issues for years, but gTLDs (com, net, org, info, biz etc.,) haven't. (Only two gTLDs currently offer a good level of privacy protection in whois for personal registrations)
Of course data accuracy and reliability has been an issue with domain registrations for a long time. I've always felt, personally, that you'd get better quality data from people if you weren't publishing it all over the internet without any safeguards.
And that's as true for domain registrations from big companies, as it is from private individuals.
Under the current system there is complete unfettered access to whois. While some people love that concept, it's one of the reasons why the system is broken.
Under our proposals that would change.
We aren't saying "kill off public whois", but what we are saying is that if you want access to more than X amount of data then you're going to have to share some data with us. So, for example, if you want to find out which nameservers a domain uses then you'll be able to get that data. But if you want to get a registrant's phone number then you might need to be a registered user of the new system.
What's this new system?
No ICANN project is really an ICANN project unless you get to invent a couple of new acronyms :)
In our case we've got the solution to domain registration data under the newly coined Aggregated Registration Data Service (ARDS). Personally I quite like Scott Pinzon's suggestion to rename the system to The Aggregated Registration Data Implementation Service, which, of course, gives you TARDIS (though I suspect BBC might not be too happy about that one!)
The idea behind this new system is two-fold. It'll be responsible for displaying the data in a consistent and reliable fashion (i.e. always up, and no funky formatting ...) and the system can also look into the validation and verification of the registration data.
It's all in the report, but to make it easier for people to digest a few of our group have done an intro video (see below) and we're also doing a webinar next week (as well as a number of sessions in Durban). And if you can't make any of those sessions you can submit your feedback easily — we've tried to make it as easy as possible.
Here are some of my colleagues giving intros to some aspects of our proposal:
What do you think?
Are we on the right track?
Do you like our proposals?
What concerns you about them?
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Neustar DNS Services
Minds + Machines
Neustar DDoS Protection