ICANN Enters Final Negotiations On WHOIS Replacement After EU’s GDPR Rendered It Obsolete


It took the European Union 4 years of preparation and debate
to develop the General Data Protection Regulation (GDPR) and it was finally
approved by the EU Parliament in April 2016, then came into being in May 2018.
But it’s taken ICANN to this week to get to the stage to enter final negotiations
with its constituencies on the Registration Data Access Protocol
(RDAP), a replacement to WHOIS, that was in effect rendered obsolete and not
compliant when the GDPR came into being for those registrars selling gTLD
domain names and gTLD registries with operations within the EU.

In letters this week to the Registries Stakeholder Group [pdf] and Registrars Stakeholder Group [pdf], ICANN’s CEO and President Göran Marby said they were ready to enter negotiations regarding the form and substance of the proposed revisions for a period of at least 90 days in an “attempt to reach a mutually acceptable agreement to the proposed revisions.” Marby writes if agreement is reached, proposed revisions will be posted on the ICANN website for public comment for no less than 30 calendar days.

Marby goes on to write ICANN and the Working Group will then
consider the public comments and submit the proposed final version of the
amendments for Registry Operator approval and approval by the ICANN Board. If
these approvals are obtained, the amendment will become effective upon 60 days’
notice from ICANN to the Registry Operators. Going by these timeframes and the
consultation required, it is reasonable to expect WHOIS to be replaced by RDAP
in late 2020, or early 2021 at the latest.

Within the European Union, as Domain Pulse has previously reported, registrars such as the German EPAG were none too happy with ICANN’s proposals, a “Temporary Specification”, that applied to generic top-level domains (gTLDs). ICANN went to court at least 4 times, losing each time, as they sought to have EPAG, and all registrars, collect the registrant data that put registrars within the EU in contravention of the GDPR.

To be fair to ICANN, they had realised a replacement to WHOIS had to come eventually long before the GDPR was mooted. But discussion progressed at a snail’s pace. In a post Wednesday on the ICANN blog, Cyrus Namazi, Senior Vice President, ICANN Global Domains Division, outlined the background of the move to the replacement, called the Registration Data Access Protocol, known as RDAP. It doesn’t roll of the tongue like WHOIS does.

Outlining the change, Namazi writes “the WHOIS protocol, or
Port 43, has been the standard to access domain name registration data for more
than 35 years. For most of ICANN’s existence, the community has discussed
issues related to registration data (or in ICANN-speak, Registration Data
Directory Services, or RDDS) and over time identified limitations with the
existing technology. These limitations include:

  • No standardised format.
  • Lack of support for internationalisation.
  • Inability to authenticate users.
  • Lookup-only abilities and no search support.
  • Lack of standardised redirection or reference.
  • No standardised way of knowing what server to query.
  • Inability to authenticate the server or encrypt data between the server and client.”

“The Registration Data Access Protocol, known as RDAP, was
created by the technical community in the Internet Engineering Task Force
(IETF) as an eventual replacement for the WHOIS protocol. RDAP enables users to
access current registration data and was designed to help address the
limitations of the WHOIS protocol. As we shared in February 2019, the ICANN
organisation took another important step in a multi-phased approach to
transition WHOIS services to RDAP by mandating that all generic top-level
domain (gTLD) registries and ICANN-accredited registrars provide RDDS over RDAP
in addition to WHOIS by 26 August 2019. We are now well underway with the first
step of registrars and registry operators executing the technical
implementation of RDAP.

“The next step is to amend the current Registry Agreement
(RA) and Registrar Accreditation Agreement (RAA) to incorporate contractual
requirements comparable to the WHOIS services for RDAP, such as Service Level
Agreements, or SLAs. We have initiated negotiations with the gTLD Registries
Stakeholder Group and the Registrars Stakeholder Group to begin this process
and to define a coordinated transition from the WHOIS protocol to RDAP. ICANN
will continue to communicate progress on the amendments and the transition from
WHOIS to RDAP, including the plans to raise global awareness of what’s changing
with the introduction of RDAP, in the coming months.”

This latest Domain News has been posted from here: Source Link

Facebook Comments