[ARIN-consult] NEW Consultation: Available Methods of Reporting Network Sub-Delegation Information

Andrew Dul andrew.dul at quark.net
Fri Oct 13 16:15:24 EDT 2017

On 10/13/2017 12:22 PM, Jason Schiller wrote:

> On Thu, Oct 12, 2017 at 4:33 PM, Andrew Dul <andrew.dul at quark.net
> <mailto:andrew.dul at quark.net>> wrote:
>     I'm writing to support the sunsetting of the rwhois protocol as a
>     method for ARIN members to document reallocation and reassignment
>     records. 
>     That doesn't mean this year or next year, but I believe we should
>     set a timeline for deprecating this protocol.  Perhaps a date of
>     2022 would be reasonable.  (Yes, some organizations will not do
>     the work despite the 4 years of time to do it, but a shorter time
>     frame would also be unacceptable to some)
>     I have seen those who have posted on this consultation noting that
>     "rwhois works and isn't broken so don't fix it."  While I will
>     agree that it is "technically" not broken, I believe that it is
>     operationally broken. 
>     These are some of the reasons why I believe we should move on to
>     something better.  Any by better, I mean moving to records stored
>     in the ARIN database (SWIP) or RDAP.
>     -Rwhois doesn't support encryption or data-integrity during transport
> As Owen points out, neither does WHOIS for records stored in the ARIN
> database (SWIP), 
> so why should ISPs face an increased burden here if you are not also
> planning to eliminate whois?

I'd be in support of sunsetting WHOIS support too at some point.   But,
I'm guessing that is an even less popular opinion. 

>     -As was noted in the most recent ARIN meeting, law enforcement
>     agencies use whois data as a source for their investigations and
>     other work, and having accurate records available on a timely
>     basis is very important to them.  I don't believe that rwhois data
>     is as accessible and available as data in the ARIN database.
> If this is a problem, then we should get support procedures for all
> who run an rwhois server, 
> publish them publicly, and see if that doesn't solve the problem.
> If that doesn't solve it, maybe go as far as naming and shaming, or
> even considering if the organization
> is in compliance the ARIN policy if the rwhois data is not generally
> reachable, and the data in SWIP is
> not sufficient for ARIN policy compliance on its own.  

While I'm certainly in support of improving the current situation, I
believe that as long as there are incentives for organizations to ignore
or deprioritize these requirements they will.  Perhaps naming & shaming
will help at the largest organizations which aren't in compliance.   I'm
guessing many organizations don't even know their rwhois servers are
broken.  Not all of the incentives change by moving to rdap, but with
referral being built in, the lookup failures become far more visible.

> John Sweeting, can ARIN staff reach out to the 372 orgs with an
> unresponsive rwhois server and ask them to fix it and run another test? 
>     -RDAP was designed with referral in mind from the ground up, so
>     that you get all the records no matter where they are located with
>     a single query. 
> That seems to just work for my whois client.  I don't see why it
> shouldn't work for all whois clients. 
>     -ARIN (in possible collaboration with other RIRS) should develop
>     an RDAP package for those who like to host their own,  distributed
>     database.  The new package should support bulk retrieval of
>     records to assist in data collection and analysis.  (Also it was
>     noted in the most recent ARIN meeting that there are differences
>     today in how the different RIRs are reporting fields/data via
>     RDAP.  It would be good for the RIRs in collaboration with each
>     other and other organizations that want to run RDAP servers for IP
>     number resources to work to create a standard met of fields which
>     are required for IP number resource records, along with other
>     optional fields for additional data)
>     It has been noted casually that there are many rwhois servers
>     which are down or aren't available.  I believe this also
>     contributes to this data set being operationally unavailable. 
> I do not believe the problem space is any different with running a
> local RDAP server (at least at my organization).
> I suspect it is not good for the community if I update whois data with
> the frequency I update my rwhois data whether that be RESTful,
> template, RESTful bulk, or template bulk.

Because you suspect that ARIN can't handle the transaction count on a
daily basis on their database?  Or because there are other features
which aren't available?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20171013/d903379c/attachment.html>

More information about the ARIN-consult mailing list