Registration Data Access Protocol

The Registration Data Access Protocol (RDAP) is a computer network communications protocol standardized by a working group at the Internet Engineering Task Force in 2015, after experimental developments and thorough discussions. It is a successor to the WHOIS protocol, used to look up relevant registration data from such Internet resources as domain names, IP addresses, and autonomous system numbers.

While WHOIS essentially retrieves free text, RDAP delivers data in a standard, machine-readable JSON format.[1] In order to accomplish this goal, the output of all operative WHOIS servers was analyzed, taking a census of the labels they used.[2] RDAP designers, many of whom are members of number or name registries, strove to keep the protocol as simple as possible, since complexity was considered one of the reasons why previous attempts, such as CRISP, failed. RDAP is based on RESTful web services, so that error codes, user identification, authentication, and access control can be delivered through HTTP.[3]

The biggest delay in getting RDAP done turned out to be the bootstrap, figuring out where the server is for each top-level domain, IP range, or ASN range. IANA agreed to host the bootstrap information in suitable registries, and publish it at a well-known location URLs in JSON format. Those registries started empty and will be gradually populated as registrants of domains and address spaces provide RDAP server information to IANA.[4][5] For number registries, ARIN set up a public RDAP service which also features a bootstrap URL, similar to what they do for WHOIS.[6] For name registries, ICANN requires RDAP compliance since 2013.[7][8]

Number resources

edit

RDAP databases for assigned IP numbers are maintained by five Regional Internet registries. ARIN maintains a bootstrap database.[9] Thanks to the standard document format, tasks such as, for example, getting the abuse team address of a given IP number can be accomplished in a fully automated manner.[10]

Name resources

edit

RDAP databases for registered names are maintained after ICANN agreement.[7] Name resources are much slower, as the number of registries under ICANN is huge. In addition, as the GDPR became enforceable, in May 2018, the problem of personal data divulged via WHOIS or RDAP slowed adoption further.[11] To solve the conflict between GDPR and ICANN policies ICANN published a temporary specification according to which all contact details need to be redacted for privacy reasons if they fall under the GDPR, unless the contact explicitly allows publication. This includes email addresses, however the registrar has to offer an anonymized email address or a web form to allow forwarding of information to contacts. The registry RDAP/WHOIS response has to contain a notice that these options to contact the contacts are only available in the registrar RDAP/WHOIS.[12]

To keep RDAP information accurate, registrars have to send a yearly Whois Data Reminder Policy (WDRP) notice to the registrant contact. This is commonly done via email containing all the RDAP information the registrar has and asking the registrant to update it immediately if it is incorrect, while at the same time reminding the registrant that incorrect RDAP information can lead to the deletion of the domain name.[13] Additionally each registrar has to offer an abuse contact and after being informed about incorrect RDAP information has to make sure that it is corrected quickly or suspend the domain.[7]

WHOIS replacement

edit

On January 19, 2023 ICANN opened voting on a global amendment to all its registry and registrar agreements. In it they defined a RDAP Ramp-Up Period of 180 days starting with the effectiveness of this amendment. 360 days after this period is defined as the WHOIS Services Sunset Date, after which it is not a requirement for registries and registrars to offer a WHOIS service and instead only a RDAP service is required. All voting thresholds were met within the 60 day voting period and the amendment will be submitted to the ICANN Board for approval and implementation.[14]

Extensions

edit

The RDAP protocol allows for extensions and IANA is maintaining a list of known RDAP extensions. Some of these extensions are RFCs like sorting and paging, others are just for specific TLDs.[15]

edit
  • STD 95
  • RFC 7480, HTTP Usage in the Registration Data Access Protocol (RDAP)
  • RFC 7481, Security Services for the Registration Data Access Protocol (RDAP)
  • RFC 8056, Extensible Provisioning Protocol (EPP) and Registration Data Access Protocol (RDAP) Status Mapping
  • RFC 9082, Registration Data Access Protocol (RDAP) Query Format
  • RFC 9083, JSON Responses for the Registration Data Access Protocol (RDAP)
  • RFC 9224, Finding the Authoritative Registration Data Access Protocol (RDAP) Service

Additionally ICANN has created 2 standards that need to be implemented by gTLD registries and registrars to have common output formats and require the implementation of some extensions.

Extensions

edit
  • RFC 8977, Registration Data Access Protocol (RDAP) Query Parameters for Result Sorting and Paging
  • RFC 8521, Registration Data Access Protocol (RDAP) Object Tagging
  • RFC 8982, Registration Data Access Protocol (RDAP) Partial Response
  • RFC 9537, Redacted Fields in the Registration Data Access Protocol (RDAP) Response

See also

edit

References

edit
  1. ^ Newton, Andrew; Hollenbeck, Scott (March 2015). JSON Responses for the Registration Data Access Protocol (RDAP). IETF. doi:10.17487/RFC7483. RFC 7483. Retrieved 2016-11-10.
  2. ^ Zhou, L.; Kong, N.; Shen, S.; Sheng, S.; Servin, A. (March 2015). Inventory and Analysis of WHOIS Registration Objects. IETF. doi:10.17487/RFC7485. RFC 7485. Retrieved 2016-11-10.
  3. ^ "Web Extensible Internet Registration Data Service (weirds)". IETF. 2015-03-25. Retrieved 2016-11-10.
  4. ^ John Levine (2014-09-10). "The replacement for WHOIS is surprisingly close". jl.ly. Retrieved 2016-11-10.
  5. ^ Blanchet, Marc (March 2015). Finding the Authoritative Registration Data (RDAP) Service. IETF. doi:10.17487/RFC7484. RFC 7484. Retrieved 2016-11-10.
  6. ^ "The Registration Data Access Protocol (RDAP)". ARIN. 2015-06-22. Retrieved 2016-11-10.
  7. ^ a b c "2013 Registrar Accreditation Agreement". ICANN. Archived from the original on 2017-06-07. Retrieved 2016-11-10. Following the publication by the IETF of a Proposed Standard, Draft Standard or Internet Standard and any revisions thereto (as specified in RFC 2026) relating to the web-based directory service as specified in the IETF Web Extensible Internet Registration Data Service working group, Registrar shall implement the directory service specified in any such standard (or any revision thereto) no later than 135 days after such implementation is requested by ICANN
  8. ^ New gTLD Program Committee (NGPC) (2013-07-02). "New gTLD Agreement" (PDF). ICANN. Retrieved 2016-11-10. Registry Operator shall implement a new standard supporting access to domain name registration data (SAC 051) no later than one hundred thirty-five (135) days after it is requested by ICANN if: 1) the IETF produces a standard (i.e., it is published, at least, as a Proposed Standard RFC as specified in RFC 2026); and 2) its implementation is commercially reasonable in the context of the overall operation of the registry
  9. ^ "RDAP at ARIN" (PDF). September 17, 2019.
  10. ^ "abuserdap".
  11. ^ Kieren McCarthy (October 23, 2019). "Haunted by Europe's GDPR, ICANN sharpens wooden stake to finally slay the Whois vampire". The Register.
  12. ^ "Temporary Specification for gTLD Registration Data - ICANN". www.icann.org. Retrieved 2023-04-08.
  13. ^ "Whois Data Reminder Policy - ICANN". www.icann.org. Retrieved 2023-04-08.
  14. ^ "2023 Global Amendments to the Base gTLD Registry Agreement (RA), Specification 13, and 2013 Registrar Accreditation Agreement (RAA) - ICANN". www.icann.org. Retrieved 2023-04-07.
  15. ^ "RDAP Extensions". www.iana.org. Retrieved 2023-04-08.
edit