1 / 12

Understanding the WHOIS Protocol: Privacy Concerns and Data Models

This overview presents the WHOIS protocol, detailing its function and how it interacts with various databases. It highlights privacy concerns regarding public data availability and discusses the thin and thick registry models. The document emphasizes the evolving landscape of WHOIS services, especially with the introduction of CRISP, a new Cross Registry Information Sharing Protocol. It explains the technical aspects, including TCP connections, authentication levels, and the challenges faced in data formatting and accessibility across different registrars.

sierra-king
Télécharger la présentation

Understanding the WHOIS Protocol: Privacy Concerns and Data Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Whois Services Jaap Akkerhuis jaap@nlnetlabs.nl

  2. Overview • The whois protocol • The whois function • Whois and databases • Privacy concerns • Thick and Thin registries • New: Crisp

  3. The Whois Protocol • Nicname/whois on port 43 • RFC 812 (Very Obsolete) • RFC 954 (Obsolete) • RFC 3912 • Protocol: • Client opens TCP connection at port 43, sends ASCII, ends with CRLF • Server sends reaction, ends with CRLF, close connection

  4. Protocol Characteristics • Now authentication • No authorization • 1 Question, 1 response • Like the finger protocol (RFC 1288)

  5. Whois Function • Contents of whois is undefined • Information about anything • people • addresses • conference room scheduling • In ccTLD world • publishing of social data • registrant, • registrar • billing contact

  6. Whois and database • Most RIRs: Whois information is the database information • Lots of ccTLD's: Whois information is alimitedview of database contents • only for interest of ''the public'' • details left out: • Why should the world know about the billing contact?

  7. Privacy concerns (1) • Some privacy laws forbid some data to be public • Motivate why you publish what • just ''because others do it'' won't work

  8. Privacy concerns (2) • Data mining prevention • is outside the protocol! • query rate limiting by IP # • No public whois service is an option • Just a web server with whois like info • Detailed info will be asked anyway • More work for the helpdesk • Define that process

  9. Thin and Thick Model • Thin • Registry: Minimum data • name server delegation info • Some registrar data • Registrar: All other data • registrant info (social data) • Runs the whois • Tick • Registry has all data and provides whois service • controls format and info • Registrar often still responsible for the data

  10. Thin model Problems • Multiple whois formats • Different info per registrar • Where is the whois server anyway? • Methods: • SRV records in DNS helps a bit • FreeBSD whois • based on silly DNS tricks

  11. New: CRISP • Cross Registry Information Sharing Protocol • Global entry point for a World Wide whois • Local policy for access • Work in process • RFC 3707 (requirements) • Levels of Authentication • users • ä lawyers • law enforcement • Regular expression look up

  12. Questions ???

More Related