Feeds

The .org whois saga and why EPP may save the Net

Click here for the future of domain names

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Far from committing Hari-Kiri as some over-zealous emailers suggested last week, we decided to find out exactly what the Public Interest Registry's plan for .org domains were and how come its whois information is currently so limited.

Rather fortuitously, we also learnt of the new EPP protocol which may soon, finally, mean an end to the Kafkaesque experience of transferring and updating domains - something that has infuriated hundreds of thousands of Web users over the past five years.

Last week, the failure of VeriSign's crsnic whois servers to provide information on .org domains meant that in many cases people were unable to pick up any information on who owned what .org domain, which servers the domain pointed at and other such information. VeriSign is not the main source of data for ,org domains however, having been forced to hand over running of the domain to the Public Interest Registry (PIR) on 1 January 2003.

PIR's authoritative whois for .org domains is not all that useful either though. It contains only the dates of when the domain was created, when it expires and what servers it points at. For any information of who actually owns the domains and what their contact details are, you are instead asked to visit the "sponsoring registrar". If this is, say, Register.com, running a second whois enquiry on Register.com's site will yield the owner's details.

Why is this case when nearly all other domains need only one whois query and you get all the information you need? Well, as Bruce Beckwith (VP of operations at PIR and the man who oversaw the move of ownership of .org from VeriSign to PIR) and Heather Carle (communications manager at Afilias, the company actually running the servers) explained, it's all to do with "thick" and "thin" data.

"VeriSign's original .org registry only contained "thin" details - meaning who the sponsoring registrar was, the date it was registered, and name server information, etc. - and referred the person querying the Whois system to the sponsoring registrar. Because this was all the data the Verisign registry contained (all the other info was stored at the registrars), they were only able to hand over that level of information to PIR," says Ms Carle.

PIR decided that to make the transition as smooth as possible it would first pull in only this information and then gradually introduce a new system that would offer "thick" details (i.e. everything else such as owner information) on its own servers.

"On 1 January, PIR assumed responsibility for the .org domain," says Bruce Beckwith, "and in late January we transferred two-and-a-half million domains over. We did it in a methodical phased approach and we did it with no outages." So the basic information was there. However, to enlarge the information to include "thick" data, PIR has to go through a second lengthy procedure where all the registrars that people have used to buy their .org domains move onto different software that allows for faster and fuller communication with PIR.

"Our second phase is converting all the registrars from RRP [Registry Registar Protocol - created by VeriSign in 1998/99 to relay all domain information] to EPP [Extensible Provisioning Protocol - again devised by VeriSign and the future of domain information sharing]," says Bruce Beckwith. "We have 110 to 115 registrars and we are migrating them group by group in six groups over the course of the year until by 31 December, they should all be running EPP."

The future of the Internet

While this will certainly make PIR's whois more practical, the existence and introduction of EPP across the world is set to revolutionise the purchase, transfer, update and sale of all Internet domains.

As we covered in great depth in January, the current system of exchange of domain information is a mish-mash of systems that frequently leaves domain owners frustrated at attempts to shift domains. Usually involving long waits and acres of paperwork, what could easily be a fully automated system is currently over-complex and anti-competitive.

It has also meant that people's domains have been wrongly handed over to others, that multiple registrations have seen people out of pocket and angry and that information in a per-second system is frequently hours out of date.

EPP may well be set to change all that in one fell swoop. It is, in short, the dream ubiquitous protocol for registrant-registrar-registry information that means fast, seamless and accurate exchange of information - the HTML of domains. Well, in fact, the XML of domains.

Created by Scott Hollenbeck at Verisign, EPP is not without its problems but has so far been enthusiastically greeted by registries and registrars - not only for global domain names but also country-code domains.

The fact that it was created by VeriSign is a good sign (although you may ask what took it so long) since without the Net behemoth, its introduction would prove difficult. And VeriSign has promised to introduce EPP on its systems soon after it is run by all the registrars. EPP is also passing through the stages at the IETF, meaning that it should be recognised as a global Internet standard.

Not everyone is entirely happy though. Although the two biggest country-code domains - Germany and the UK - have pledged support to EPP and others have already implemented versions of it in their system, several problems with EPP have meant that the IETF has held up the process until it considers problems that ccTLDs have with it.

These problems stem from the fundamental difference in gTLDs and ccTLDs. In generic top-level domains such as .com, .net etc, ownership of a domain is drawn in a contract between the registrant (owner) and the registrar (company you buy it from). The ccTLD model tends to assume that the contract is between the registrant and the company that runs the entire domain registry. This different approach has meant the EPP will need to be altered to encompass both models.

However, the potential advantages of an EPP system introduced across the world are huge. Domain problems and overlaps would be hugely reduced. The speed of updates on who owns a domain would be reduced from the current 12 hours on VeriSign's system to a remarkable five minutes and, in future, even faster.

Transfers of domains to different registrars could be completed quickly and efficiently since EPP attaches a password to the domain. This would mean Average Joe can decide to renew his domain with a cheaper company and then do so seamlessly with just a few clicks of his mouse. The implications on competition and hence price are obvious. The same can be done with domain details.

One registrar should also be able to link directly to different registries all over the world, making the system far more like the actual Internet. The automation in each case should also see domain charges fall. In short, EPP - if bodies continue to work together and someone doesn't cock it up - is a god-send that solves a fundamental flaw in the current Internet system.

Back to PIR

But back briefly to PIR. One of the more interesting aspect of PIR and the .org domain, as Bruce Beckwith was keen to stress to us, is how it intends to run the domain.

In a wonderful return to the origins of Internet philosophy, PIR intends to feed back all the money it makes in profit from the sale of .org domains into funding and educating non-profit organisations about the Internet and websites and what uses the Web can be put to.

Think charities, schools and such like being given expert advice or subsidised courses on how to make the Web work for them. Bruce Beckwith was short on real details, talking of "putting together frameworks" and "defining thought processes" and other such nonsense, but the will and the intention is there.

Which, like EPP, can only be a good thing. ®

Related story
Where the hell is my website?
.org registry vanishes into thin air

Choosing a cloud hosting partner with confidence

More from The Register

next story
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.