Aug 28, 2019 - by Matt Serlin
Muscle memory is a funny thing. We don’t even think about it really, but when we do the same thing over and over again, it just becomes second nature to us. This is how we’ve come to use WHOIS over the past two decades to get contact information for registered domain names.
If you wanted to see who owned a domain, you’d simply do a WHOIS search. I’ve probably done hundreds of thousands of them during my time in the industry. Well as of this week, a major step in the retirement of WHOIS officially took place.
The replacement for WHOIS is known as RDAP (Registration Data Access Protocol) and ICANN required its registrars and registries to be up and running with their RDAP servers no later than August 26. RDAP provides for more structured data in its responses and also will enable different levels of access based on authentication in the future, if needed.
While registries and registrars do have to continue to support the WHOIS utility for the time being, there will come a point in the future where they will only provide access to registration data via RDAP. The days of referring to WHOIS lookups will soon be over and instead we will need to refer to RDAP queries. It doesn’t roll off the tongue in the same manner but over time, that’s what we’ll all be saying.
Of course, happening in parallel to this change in the technology is the ongoing work at ICANN with the Expedited Policy Development Process (ePDP) on gTLD Registration Data. We are in Phase 2 of that work now with the Phase 1 recommendations moving into the implementation stages.
The Phase 2 of the ePDP is focusing on a standardized access model to non-public registration data (i.e. contact information previously readily available in WHOIS) by third parties. The work has been ongoing for several months and the team has put in countless hours already. Having said that though, it doesn’t feel like meaningful progress has been made yet.
The team just received the “zero draft” report which contains a number of building blocks which are planned to be used to create the actual policy. This early draft report will be discussed at length when the team gets together in person in Los Angeles in a few weeks. Without sound legal advice on many fundamental questions, it’s unclear how useful this early draft will prove to be. The current workplan has an initial draft report being issued before the end of 2019.
Understandably, these very impactful changes to the domain name system have some questioning why the previous WHOIS system with open and unfettered access to personal data was torn down; hoping we can get back to that paradigm one day.
While I understand that muscle memory is strong after all these years, it’s a simple fact things won’t go back to the way they were. The reality is the privacy landscape is vastly different today compared to when WHOIS was created, and that creates angst amongst its most active users.
Let’s hope that with RDAP moving forward and the ongoing ePDP work in process, that the system we create will be both grounded in sound legal reasoning and allow for legitimate third-party needs to be met.
With a focus on security, service and support, Matt Serlin joined Brandsight in 2017 to lead all domain operations, including client services and domain name provisioning. Matt has over 15 years of direct domain name experience most recently with MarkMonitor where he was instrumental in building the industry’s first dedicated client services team, which has become the de facto standard for all corporate registrars.