[ARIN-consult] NEW Consultation: Available Methods of Reporting Network Sub-Delegation Information
Owen DeLong
owen at delong.com
Mon Oct 16 12:53:13 EDT 2017
> On Oct 13, 2017, at 13:15 , Andrew Dul <andrew.dul at quark.net> wrote:
>
> On 10/13/2017 12:22 PM, Jason Schiller wrote:
>
> <snip>
>>
>>
>> On Thu, Oct 12, 2017 at 4:33 PM, Andrew Dul <andrew.dul at quark.net <mailto:andrew.dul at quark.net>> wrote:
>> I'm writing to support the sunsetting of the rwhois protocol as a method for ARIN members to document reallocation and reassignment records.
>>
>> That doesn't mean this year or next year, but I believe we should set a timeline for deprecating this protocol. Perhaps a date of 2022 would be reasonable. (Yes, some organizations will not do the work despite the 4 years of time to do it, but a shorter time frame would also be unacceptable to some)
>>
>> I have seen those who have posted on this consultation noting that "rwhois works and isn't broken so don't fix it." While I will agree that it is "technically" not broken, I believe that it is operationally broken.
>>
>> These are some of the reasons why I believe we should move on to something better. Any by better, I mean moving to records stored in the ARIN database (SWIP) or RDAP.
>>
>> -Rwhois doesn't support encryption or data-integrity during transport
>>
>> As Owen points out, neither does WHOIS for records stored in the ARIN database (SWIP),
>> so why should ISPs face an increased burden here if you are not also planning to eliminate whois?
>>
>
> I'd be in support of sunsetting WHOIS support too at some point. But, I'm guessing that is an even less popular opinion.
>
> <snip>
>>
>>
>>
>> -As was noted in the most recent ARIN meeting, law enforcement agencies use whois data as a source for their investigations and other work, and having accurate records available on a timely basis is very important to them. I don't believe that rwhois data is as accessible and available as data in the ARIN database.
>>
>> If this is a problem, then we should get support procedures for all who run an rwhois server,
>> publish them publicly, and see if that doesn't solve the problem.
>>
>> If that doesn't solve it, maybe go as far as naming and shaming, or even considering if the organization
>> is in compliance the ARIN policy if the rwhois data is not generally reachable, and the data in SWIP is
>> not sufficient for ARIN policy compliance on its own.
>>
>
> While I'm certainly in support of improving the current situation, I believe that as long as there are incentives for organizations to ignore or deprioritize these requirements they will. Perhaps naming & shaming will help at the largest organizations which aren't in compliance. I'm guessing many organizations don't even know their rwhois servers are broken. Not all of the incentives change by moving to rdap, but with referral being built in, the lookup failures become far more visible.
You say this as if the referral lookup was built into RDAP more than in RWHOIS. As I pointed out previously, this is not actually true.
If you use an RWHOIS client, referral is built in and automatic just as with an RDAP client.
The difference is that RWHOIS servers maintain backwards compatibility with WHOIS clients (which don’t process referrals) while RDAP servers do not.
Owen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.arin.net/pipermail/arin-consult/attachments/20171016/91f8a25e/attachment.html>
More information about the ARIN-consult
mailing list