Momentum is building within the Internet's technical and policy circles for an overhaul of one of the most important information services on the 'Net: the WHOIS database that lists owners of domain names.
Used daily by network professionals, trademark attorneys and law enforcement officials, WHOIS is showing signs of disrepair. Since domain name registration became a competitive market two years ago, WHOIS has become harder to search because it no longer features a common data format. Once a tightly integrated database system, WHOIS is now a patchwork of information distributed among the 70 domain name registrars for .com, .net and .org, as well as 356 operators of country code top-level domains.
The decline in the quality of the WHOIS service makes it harder for companies to track cybersquatters. WHOIS searches now take twice as long as they used to, and businesses get charged if they want more than 50 hits on a search. Certain types of searches that help identify professional cybersquatters - those who may purchase hundreds of trademark-related domain names - are no longer supported.
The problems with WHOIS are coming to the forefront now that the Internet Corporation for Assigned Names and Numbers (ICANN) has selected seven new top-level domains, including .biz and .info. Internet industry insiders worry that WHOIS searches will become even more time-consuming and less accurate after the new registries come online next spring unless standards are established.
WHOIS standardization is being tackled on two fronts:
- ICANN last week released information about an industry advisory committee that was established to consider standard data formats for WHOIS.
- The Internet Engineering Task Force (IETF) will host a session on WHOIS protocols Thursday at a meeting in San Diego.
"We're very supportive of any changes to WHOIS that will make it more robust," says Sarah Deutsch, vice president and associate general counsel at Verizon Communications, which owns thousands of domain names for its Verizon, Bell Atlantic and GTE product lines.
Deutsch, who belongs to ICANN's business advisory group, says many member companies are having problems getting information out of WHOIS. "Because WHOIS has become this shared, distributed database, the information we need is often not available or it's not updated in real time," she says.
Marilyn Cade, director of Internet and e-commerce policy at AT&T, says ICANN needs to establish uniform WHOIS policies before signing contracts with the new top-level domain registries.
"From industry's point of view, ICANN should be setting the standards and requiring compliance with those standards so that when the new top-level domains are awarded, the WHOIS systems are built to the standards," says Cade, who also belongs to ICANN's business advisory group.
Cade says ICANN should ensure that the new top-level domain registries offer free WHOIS searches and that buying a copy of a registry's entire WHOIS database doesn't exceed the $10,000 fee charged for .com, .net and .org.
WHOIS is a distributed database system that provides contact information for the person or organization that owns a domain name. Users access the information through a two-step process. First, a user visits VeriSign Global Registry's Web site and performs a WHOIS search to find the name of the registrar that sold the domain name. Next, the user goes to the registrar's Web site and performs a WHOIS search to retrieve the name, address, telephone number and e-mail address of the domain name owner as well as administrative and technical contacts.
"Over the years, WHOIS has evolved into the authoritative source of data on the existence and nonexistence of domain names," says Ross Rader, director of research and innovation at Tucows, a Canadian domain name registrar. "But the data is now so dispersed and so distributed, and it varies so widely from registrar to registrar, that it's very difficult to get good information out of it."
What domain name registrars want is a set of standards for how WHOIS data is presented, including what fields of information are included and in what order, as well as a common protocol for sending information between a WHOIS server and a client making a WHOIS request. Without such standards, registrars cannot create automated applications on top of WHOIS data such as user authentication services.
"The WHOIS problems are going to be exacerbated now that all these new registries were selected and are going to come up with their own protocols," says Robert Gardos, chief technology officer at Register.com, a New York domain name registrar. "Now is the time to standardize the way this thing looks."
ICANN's eight-member WHOIS committee will propose standard formats for WHOIS responses and consider other data requirements for re-establishing WHOIS searching across .com, .net and .org. But the committee wasn't chartered to discuss WHOIS policies for the new top-level domain registries.
In a Dec. 1 letter to the WHOIS committee, ICANN Vice President and General Counsel Louis Touton admitted that most registrars are offering a domain name look-up capability rather than the full set of features offered by WHOIS when it was a single database run by Network Solutions [now a VeriSign company]. Efforts must be made, Touton said, to fix the "now-broken WHOIS."
ICANN's WHOIS committee is expected to complete its recommendations in a few months.
Meanwhile, the IETF is hosting a birds-of-a-feather session to consider the status of the WHOIS protocol and whether new features should be added. The WHOIS protocol uses Port 43 to send text-based information in response to a WHOIS query. Among the WHOIS protocol enhancements that will be discussed are having a fixed set of minimal data, tagging data and allowing data subsets.
"WHOIS is a centralized lookup mechanism. It doesn't really have any advanced controls such as access controls or user controls, nor does it have any sort of navigation capabilities," says Mark Kosters, vice president of research at VeriSign and a member of ICANN's WHOIS committee.
VeriSign has developed a WHOIS prototype using Lightweight Directory Access Protocol (LDAP) to provide these advanced features. Available since September, the LDAP WHOIS prototype will be demonstrated at the IETF session.
"With the access controls built into LDAP, you can authenticate various classes of users and allow more privileged classes of users to see things that others can't," Kosters says.
Having advanced features such as access control is becoming more important as countries such as Argentina and Ireland seek to limit WHOIS information access because of privacy concerns. U.S. companies, on the other hand, want WHOIS to remain a free and open system.
"Technically, providing a mechanism for searching every WHOIS data field is possible. But politically that may not be desirable and could be illegal," says Paul Kane, CEO of uwhois.com, a universal WHOIS searching capability available free on the Web. "If one is a registrar anywhere in the world holding information on a European subject, that person has a right to privacy and there are significant penalties associated with disclosure...Yet the ICANN accreditation agreement says you must disclose the information."
Kane says ICANN needs to "move with due caution" to address national privacy concerns in establishing WHOIS standards and possibly modifying its accreditation process.
The privacy concerns surrounding WHOIS may discourage ICANN and the IETF from being too aggressive about WHOIS standards, despite demands from domain name registrars and corporate users.
"WHOIS is fraught with politics," Kosters said.
Agenda for the WHOIS Protocol Birds of a Feather Session
at the IETF meeting.
A discussion of ICANN's WHOIS Advisory Board
from Harvard University's site.
Whois: a paradox of privacy vs. public need
Network World, 05/17/99.
Domain name registration
The Internet Engineering Task Force will host a session this week to discuss whether the international standards body should develop a generic protocol for communications between domain name registries and registrars. Network World, 12/11/00.