<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Oct 13, 2017, at 13:15 , Andrew Dul <<a href="mailto:andrew.dul@quark.net" class="">andrew.dul@quark.net</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div text="#000000" bgcolor="#FFFFFF" class="">
<div class="moz-cite-prefix">On 10/13/2017 12:22 PM, Jason Schiller
wrote:<br class="">
</div>
<br class="">
<snip><br class="">
<blockquote type="cite" cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com" class="">
<div dir="ltr" class="">
<div class="">
<div class=""><br class="">
</div>
<div class="">
<div class="gmail_extra"><br class="">
<div class="gmail_quote">On Thu, Oct 12, 2017 at 4:33 PM,
Andrew Dul <span dir="ltr" class=""><<a href="mailto:andrew.dul@quark.net" target="_blank" moz-do-not-send="true" class="">andrew.dul@quark.net</a>></span>
wrote:<br class="">
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" class="">
<div class="gmail-m_-6268663168625075603moz-cite-prefix">I'm
writing to support the sunsetting of the rwhois
protocol as a method for ARIN members to document
reallocation and reassignment records. <br class="">
<br class="">
That doesn't mean this year or next year, but I
believe we should set a timeline for deprecating
this protocol. Perhaps a date of 2022 would be
reasonable. (Yes, some organizations will not do
the work despite the 4 years of time to do it, but
a shorter time frame would also be unacceptable to
some)<br class="">
<br class="">
I have seen those who have posted on this
consultation noting that "rwhois works and isn't
broken so don't fix it." While I will agree that
it is "technically" not broken, I believe that it
is operationally broken. <br class="">
<br class="">
These are some of the reasons why I believe we
should move on to something better. Any by
better, I mean moving to records stored in the
ARIN database (SWIP) or RDAP.<br class="">
<br class="">
-Rwhois doesn't support encryption or
data-integrity during transport<br class="">
</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">
<div class="">As Owen points out, neither does WHOIS for
records stored in the ARIN database (SWIP), </div>
<div class="">so why should ISPs face an increased burden here
if you are not also planning to eliminate whois?</div>
</div>
<div class=""><br class="">
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br class="">
I'd be in support of sunsetting WHOIS support too at some point.
But, I'm guessing that is an even less popular opinion. <br class="">
<br class="">
<snip><br class="">
<blockquote type="cite" cite="mid:CAC4yj2WZcxUSFGn_N-VOxEpZnOP6P2d_zzsN+HE9YKHpS7to5Q@mail.gmail.com" class="">
<div dir="ltr" class="">
<div class="">
<div class="">
<div class="gmail_extra">
<div class="gmail_quote">
<div class=""> </div>
<br class="">
<div class=""> </div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF" class="">
<div class="gmail-m_-6268663168625075603moz-cite-prefix">
-As was noted in the most recent ARIN meeting, law
enforcement agencies use whois data as a source
for their investigations and other work, and
having accurate records available on a timely
basis is very important to them. I don't believe
that rwhois data is as accessible and available as
data in the ARIN database.<br class="">
</div>
</div>
</blockquote>
<div class=""><br class="">
</div>
<div class="">If this is a problem, then we should get support
procedures for all who run an rwhois server, </div>
<div class="">publish them publicly, and see if that doesn't
solve the problem.</div>
<div class=""><br class="">
</div>
<div class="">If that doesn't solve it, maybe go as far as naming
and shaming, or even considering if the organization</div>
<div class="">is in compliance the ARIN policy if the rwhois data
is not generally reachable, and the data in SWIP is</div>
<div class="">not sufficient for ARIN policy compliance on its
own. </div>
<div class=""><br class="">
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br class="">
While I'm certainly in support of improving the current situation, I
believe that as long as there are incentives for organizations to
ignore or deprioritize these requirements they will. Perhaps naming
& shaming will help at the largest organizations which aren't in
compliance. I'm guessing many organizations don't even know their
rwhois servers are broken. Not all of the incentives change by
moving to rdap, but with referral being built in, the lookup
failures become far more visible.<br class=""></div></div></blockquote><div><br class=""></div>You say this as if the referral lookup was built into RDAP more than in RWHOIS. As I pointed out previously, this is not actually true.</div><div><br class=""></div><div>If you use an RWHOIS client, referral is built in and automatic just as with an RDAP client.</div><div><br class=""></div><div>The difference is that RWHOIS servers maintain backwards compatibility with WHOIS clients (which don’t process referrals) while RDAP servers do not.</div><div><br class=""></div><div>Owen</div><div><br class=""></div><br class=""></body></html>