[sig-db] Policy proposal prop-019-v001

[Edward Lewis <Ed.Lewis@neustar.biz>]

Starting with the minutes of the SIG meeting at APNIC 21...

At 22:59 +0800 3/13/06, Xing Li wrote:

> Four presentations were given and the discussion opened with what to do
> about status of a proposal for whois database query. The original
> proposer sent this to the list for discussion in Feb 2004 but was never
> presented in any OPM. Since it's pending what should we do with this -
> is there a need?

Referring to this proposal definition:

http://www.apnic.net/docs/policy/discussions/prop-019-v001.txt

(First comment, it would be nice is the APNIC home page had a link to 
the policy proposals besides having a link to the established 
policies.  A "nice to have" comment.)

As there has been no deep discussion on this topic in a while, I'll 
begin with some high-level observations.

The topic is very important to the operation of a registry.  This 
does not mean that the proposal is necessary, that depends on the 
context.

"WhoIs" is one of the three main outputs of an RIR.  Number 
allocations (IP addresses and AS numbers), and DNS are the two 
others.  After all, the job of a registry is to associate resources 
with an responsible party.  Discovering the responsible party with a 
resource is probably the most important component of a registry.

In ARIN, there was a policy proposal designed to overhaul the 
definition of this service.  After about 18 months to 24 months, the 
policy was abandoned as being too ambitious.  In the ARIN region, 
there are two forums for communication - a mailing list and meetings. 
The mailing list proved to be too restrictive for the necessary 
conversation.  The meetings do now provide sufficient time to develop 
the policy.  Perhaps this is not the case in APNIC because there is a 
time set aside for a SIG-DB, so what happened in ARIN may not be 
relevant to APNIC.

Speaking to the policy as written, I would encourage a look at using 
the IRIS protocol for what seems to need solving.  IRIS is being 
worked on in the CRISP WG of the IETF 
(http://www.ietf.org/html.charters/crisp-charter.html), at the bottom 
of the charter is a list of documents.

Given what I have seen, IRIS holds more promise for referring "whois" 
queries than the current WhoIs protocol or any other referral WhoIs 
(rwhois).  IRIS requires a better client, but the cost is more 
benefit.  However, before discussing solutions, the problem really 
ought to be defined.

It seems to me that the policy is concerned more about the freshness 
of the data than the contents of the data.  By freshness, I mean the 
speed and ease of updating the data.  By contents, I mean the fields 
of the entries.  Another consideration is data access - whether for 
privacy of individuals or the desire to hide customer lists.

To start, I think a discussion on what is needed to be covered by a 
policy is needed?  Is there a need to state that data in the whois 
service be fresh?  Is the need to levy requirements on whois servers 
at NIRs in particular, on LIRs?


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

Nothin' more exciting than going to the printer to watch the toner drain...