<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 10/13/2017 12:22 PM, Jason Schiller
wrote:<br>
</div>
<br>
<snip><br>
<blockquote type="cite"
cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com">
<div dir="ltr">
<div>
<div><br>
</div>
<div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Thu, Oct 12, 2017 at 4:33 PM,
Andrew Dul <span dir="ltr"><<a
href="mailto:andrew.dul@quark.net" target="_blank"
moz-do-not-send="true">andrew.dul@quark.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div
class="gmail-m_-6268663168625075603moz-cite-prefix">I'm
writing to support the sunsetting of the rwhois
protocol as a method for ARIN members to document
reallocation and reassignment records. <br>
<br>
That doesn't mean this year or next year, but I
believe we should set a timeline for deprecating
this protocol. Perhaps a date of 2022 would be
reasonable. (Yes, some organizations will not do
the work despite the 4 years of time to do it, but
a shorter time frame would also be unacceptable to
some)<br>
<br>
I have seen those who have posted on this
consultation noting that "rwhois works and isn't
broken so don't fix it." While I will agree that
it is "technically" not broken, I believe that it
is operationally broken. <br>
<br>
These are some of the reasons why I believe we
should move on to something better. Any by
better, I mean moving to records stored in the
ARIN database (SWIP) or RDAP.<br>
<br>
-Rwhois doesn't support encryption or
data-integrity during transport<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>
<div>As Owen points out, neither does WHOIS for
records stored in the ARIN database (SWIP), </div>
<div>so why should ISPs face an increased burden here
if you are not also planning to eliminate whois?</div>
</div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
I'd be in support of sunsetting WHOIS support too at some point.
But, I'm guessing that is an even less popular opinion. <br>
<br>
<snip><br>
<blockquote type="cite"
cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com">
<div dir="ltr">
<div>
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div> </div>
<br>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div
class="gmail-m_-6268663168625075603moz-cite-prefix">
-As was noted in the most recent ARIN meeting, law
enforcement agencies use whois data as a source
for their investigations and other work, and
having accurate records available on a timely
basis is very important to them. I don't believe
that rwhois data is as accessible and available as
data in the ARIN database.<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>If this is a problem, then we should get support
procedures for all who run an rwhois server, </div>
<div>publish them publicly, and see if that doesn't
solve the problem.</div>
<div><br>
</div>
<div>If that doesn't solve it, maybe go as far as naming
and shaming, or even considering if the organization</div>
<div>is in compliance the ARIN policy if the rwhois data
is not generally reachable, and the data in SWIP is</div>
<div>not sufficient for ARIN policy compliance on its
own. </div>
<div><br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
While I'm certainly in support of improving the current situation, I
believe that as long as there are incentives for organizations to
ignore or deprioritize these requirements they will. Perhaps naming
& shaming will help at the largest organizations which aren't in
compliance. I'm guessing many organizations don't even know their
rwhois servers are broken. Not all of the incentives change by
moving to rdap, but with referral being built in, the lookup
failures become far more visible.<br>
<br>
<blockquote type="cite"
cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com">
<div dir="ltr">
<div>
<div>
<div class="gmail_extra">
<div class="gmail_quote">
<div>John Sweeting, can ARIN staff reach out to the 372
orgs with an unresponsive rwhois server and ask them
to fix it and run another test? </div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div
class="gmail-m_-6268663168625075603moz-cite-prefix">
-RDAP was designed with referral in mind from the
ground up, so that you get all the records no
matter where they are located with a single
query. </div>
</div>
</blockquote>
<div>That seems to just work for my whois client. I
don't see why it shouldn't work for all whois
clients. </div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div
class="gmail-m_-6268663168625075603moz-cite-prefix">
<br>
-ARIN (in possible collaboration with other RIRS)
should develop an RDAP package for those who like
to host their own, distributed database. The new
package should support bulk retrieval of records
to assist in data collection and analysis. (Also
it was noted in the most recent ARIN meeting that
there are differences today in how the different
RIRs are reporting fields/data via RDAP. It would
be good for the RIRs in collaboration with each
other and other organizations that want to run
RDAP servers for IP number resources to work to
create a standard met of fields which are required
for IP number resource records, along with other
optional fields for additional data) <br>
<br>
It has been noted casually that there are many
rwhois servers which are down or aren't
available. I believe this also contributes to
this data set being operationally unavailable. <br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>I do not believe the problem space is any different
with running a local RDAP server (at least at my
organization).</div>
<div>I suspect it is not good for the community if I
update whois data with the frequency I update my
rwhois data whether that be RESTful, template, RESTful
bulk, or template bulk. <br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
Because you suspect that ARIN can't handle the transaction count on
a daily basis on their database? Or because there are other
features which aren't available?<br>
<br>
Andrew<br>
<br>
<br>
</body>
</html>