<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Oct 13, 2017, at 13:15 , Andrew Dul <<a href="mailto:andrew.dul@quark.net" class="">andrew.dul@quark.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
  
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
  
  <div text="#000000" bgcolor="#FFFFFF" class="">
    <div class="moz-cite-prefix">On 10/13/2017 12:22 PM, Jason Schiller
      wrote:<br class="">
    </div>
    <br class="">
    <snip><br class="">
    <blockquote type="cite" cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com" class="">
      <div dir="ltr" class="">
        <div class="">
          <div class=""><br class="">
          </div>
          <div class="">
            <div class="gmail_extra"><br class="">
              <div class="gmail_quote">On Thu, Oct 12, 2017 at 4:33 PM,
                Andrew Dul <span dir="ltr" class=""><<a href="mailto:andrew.dul@quark.net" target="_blank" moz-do-not-send="true" class="">andrew.dul@quark.net</a>></span>
                wrote:<br class="">
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div bgcolor="#FFFFFF" class="">
                    <div class="gmail-m_-6268663168625075603moz-cite-prefix">I'm
                      writing to support the sunsetting of the rwhois
                      protocol as a method for ARIN members to document
                      reallocation and reassignment records.  <br class="">
                      <br class="">
                      That doesn't mean this year or next year, but I
                      believe we should set a timeline for deprecating
                      this protocol.  Perhaps a date of 2022 would be
                      reasonable.  (Yes, some organizations will not do
                      the work despite the 4 years of time to do it, but
                      a shorter time frame would also be unacceptable to
                      some)<br class="">
                      <br class="">
                      I have seen those who have posted on this
                      consultation noting that "rwhois works and isn't
                      broken so don't fix it."  While I will agree that
                      it is "technically" not broken, I believe that it
                      is operationally broken.  <br class="">
                      <br class="">
                      These are some of the reasons why I believe we
                      should move on to something better.  Any by
                      better, I mean moving to records stored in the
                      ARIN database (SWIP) or RDAP.<br class="">
                      <br class="">
                      -Rwhois doesn't support encryption or
                      data-integrity during transport<br class="">
                    </div>
                  </div>
                </blockquote>
                <div class=""><br class="">
                </div>
                <div class="">
                  <div class="">As Owen points out, neither does WHOIS for
                    records stored in the ARIN database (SWIP), </div>
                  <div class="">so why should ISPs face an increased burden here
                    if you are not also planning to eliminate whois?</div>
                </div>
                <div class=""><br class="">
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br class="">
    I'd be in support of sunsetting WHOIS support too at some point.  
    But, I'm guessing that is an even less popular opinion.  <br class="">
    <br class="">
    <snip><br class="">
    <blockquote type="cite" cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com" class="">
      <div dir="ltr" class="">
        <div class="">
          <div class="">
            <div class="gmail_extra">
              <div class="gmail_quote">
                <div class=""> </div>
                <br class="">
                <div class=""> </div>
                <blockquote class="gmail_quote" style="margin:0px 0px
                  0px 0.8ex;border-left:1px solid
                  rgb(204,204,204);padding-left:1ex">
                  <div bgcolor="#FFFFFF" class="">
                    <div class="gmail-m_-6268663168625075603moz-cite-prefix">
                      -As was noted in the most recent ARIN meeting, law
                      enforcement agencies use whois data as a source
                      for their investigations and other work, and
                      having accurate records available on a timely
                      basis is very important to them.  I don't believe
                      that rwhois data is as accessible and available as
                      data in the ARIN database.<br class="">
                    </div>
                  </div>
                </blockquote>
                <div class=""><br class="">
                </div>
                <div class="">If this is a problem, then we should get support
                  procedures for all who run an rwhois server, </div>
                <div class="">publish them publicly, and see if that doesn't
                  solve the problem.</div>
                <div class=""><br class="">
                </div>
                <div class="">If that doesn't solve it, maybe go as far as naming
                  and shaming, or even considering if the organization</div>
                <div class="">is in compliance the ARIN policy if the rwhois data
                  is not generally reachable, and the data in SWIP is</div>
                <div class="">not sufficient for ARIN policy compliance on its
                  own.  </div>
                <div class=""><br class="">
                </div>
              </div>
            </div>
          </div>
        </div>
      </div>
    </blockquote>
    <br class="">
    While I'm certainly in support of improving the current situation, I
    believe that as long as there are incentives for organizations to
    ignore or deprioritize these requirements they will.  Perhaps naming
    & shaming will help at the largest organizations which aren't in
    compliance.   I'm guessing many organizations don't even know their
    rwhois servers are broken.  Not all of the incentives change by
    moving to rdap, but with referral being built in, the lookup
    failures become far more visible.<br class=""></div></div></blockquote><div><br class=""></div>You say this as if the referral lookup was built into RDAP more than in RWHOIS. As I pointed out previously, this is not actually true.</div><div><br class=""></div><div>If you use an RWHOIS client, referral is built in and automatic just as with an RDAP client.</div><div><br class=""></div><div>The difference is that RWHOIS servers maintain backwards compatibility with WHOIS clients (which don’t process referrals) while RDAP servers do not.</div><div><br class=""></div><div>Owen</div><div><br class=""></div><br class=""></body></html>