<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 10/13/2017 12:22 PM, Jason Schiller
      wrote:<br>
    </div>
    <br>
    <snip><br>
    <blockquote type="cite"
cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com">
      <div dir="ltr">
        <div>
          <div><br>
          </div>
          <div>
            <div class="gmail_extra"><br>
              <div class="gmail_quote">On Thu, Oct 12, 2017 at 4:33 PM,
                Andrew Dul <span dir="ltr"><<a
                    href="mailto:andrew.dul@quark.net" target="_blank"
                    moz-do-not-send="true">andrew.dul@quark.net</a>></span>
                wrote:<br>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div bgcolor="#FFFFFF">
                    <div
                      class="gmail-m_-6268663168625075603moz-cite-prefix">I'm
                      writing to support the sunsetting of the rwhois
                      protocol as a method for ARIN members to document
                      reallocation and reassignment records.  <br>
                      <br>
                      That doesn't mean this year or next year, but I
                      believe we should set a timeline for deprecating
                      this protocol.  Perhaps a date of 2022 would be
                      reasonable.  (Yes, some organizations will not do
                      the work despite the 4 years of time to do it, but
                      a shorter time frame would also be unacceptable to
                      some)<br>
                      <br>
                      I have seen those who have posted on this
                      consultation noting that "rwhois works and isn't
                      broken so don't fix it."  While I will agree that
                      it is "technically" not broken, I believe that it
                      is operationally broken.  <br>
                      <br>
                      These are some of the reasons why I believe we
                      should move on to something better.  Any by
                      better, I mean moving to records stored in the
                      ARIN database (SWIP) or RDAP.<br>
                      <br>
                      -Rwhois doesn't support encryption or
                      data-integrity during transport<br>
                    </div>
                  </div>
                </blockquote>
                <div><br>
                </div>
                <div>
                  <div>As Owen points out, neither does WHOIS for
                    records stored in the ARIN database (SWIP), </div>
                  <div>so why should ISPs face an increased burden here
                    if you are not also planning to eliminate whois?</div>
                </div>
                <div><br>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    I'd be in support of sunsetting WHOIS support too at some point.  
    But, I'm guessing that is an even less popular opinion.  <br>
    <br>
    <snip><br>
    <blockquote type="cite"
cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com">
      <div dir="ltr">
        <div>
          <div>
            <div class="gmail_extra">
              <div class="gmail_quote">
                <div> </div>
                <br>
                <div> </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div bgcolor="#FFFFFF">
                    <div
                      class="gmail-m_-6268663168625075603moz-cite-prefix">
                      -As was noted in the most recent ARIN meeting, law
                      enforcement agencies use whois data as a source
                      for their investigations and other work, and
                      having accurate records available on a timely
                      basis is very important to them.  I don't believe
                      that rwhois data is as accessible and available as
                      data in the ARIN database.<br>
                    </div>
                  </div>
                </blockquote>
                <div><br>
                </div>
                <div>If this is a problem, then we should get support
                  procedures for all who run an rwhois server, </div>
                <div>publish them publicly, and see if that doesn't
                  solve the problem.</div>
                <div><br>
                </div>
                <div>If that doesn't solve it, maybe go as far as naming
                  and shaming, or even considering if the organization</div>
                <div>is in compliance the ARIN policy if the rwhois data
                  is not generally reachable, and the data in SWIP is</div>
                <div>not sufficient for ARIN policy compliance on its
                  own.  </div>
                <div><br>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    While I'm certainly in support of improving the current situation, I
    believe that as long as there are incentives for organizations to
    ignore or deprioritize these requirements they will.  Perhaps naming
    & shaming will help at the largest organizations which aren't in
    compliance.   I'm guessing many organizations don't even know their
    rwhois servers are broken.  Not all of the incentives change by
    moving to rdap, but with referral being built in, the lookup
    failures become far more visible.<br>
    <br>
    <blockquote type="cite"
cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com">
      <div dir="ltr">
        <div>
          <div>
            <div class="gmail_extra">
              <div class="gmail_quote">
                <div>John Sweeting, can ARIN staff reach out to the 372
                  orgs with an unresponsive rwhois server and ask them
                  to fix it and run another test? </div>
                <div> </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div bgcolor="#FFFFFF">
                    <div
                      class="gmail-m_-6268663168625075603moz-cite-prefix">
                      -RDAP was designed with referral in mind from the
                      ground up, so that you get all the records no
                      matter where they are located with a single
                      query. </div>
                  </div>
                </blockquote>
                <div>That seems to just work for my whois client.  I
                  don't see why it shouldn't work for all whois
                  clients. </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div bgcolor="#FFFFFF">
                    <div
                      class="gmail-m_-6268663168625075603moz-cite-prefix">
                      <br>
                      -ARIN (in possible collaboration with other RIRS)
                      should develop an RDAP package for those who like
                      to host their own,  distributed database.  The new
                      package should support bulk retrieval of records
                      to assist in data collection and analysis.  (Also
                      it was noted in the most recent ARIN meeting that
                      there are differences today in how the different
                      RIRs are reporting fields/data via RDAP.  It would
                      be good for the RIRs in collaboration with each
                      other and other organizations that want to run
                      RDAP servers for IP number resources to work to
                      create a standard met of fields which are required
                      for IP number resource records, along with other
                      optional fields for additional data) <br>
                      <br>
                      It has been noted casually that there are many
                      rwhois servers which are down or aren't
                      available.  I believe this also contributes to
                      this data set being operationally unavailable.  <br>
                    </div>
                  </div>
                </blockquote>
                <div><br>
                </div>
                <div>I do not believe the problem space is any different
                  with running a local RDAP server (at least at my
                  organization).</div>
                <div>I suspect it is not good for the community if I
                  update whois data with the frequency I update my
                  rwhois data whether that be RESTful, template, RESTful
                  bulk, or template bulk. <br>
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br>
    Because you suspect that ARIN can't handle the transaction count on
    a daily basis on their database?  Or because there are other
    features which aren't available?<br>
    <br>
    Andrew<br>
    <br>
    <br>
  </body>
</html>