Feeds

The .org whois saga and why EPP may save the Net

Click here for the future of domain names

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Far from committing Hari-Kiri as some over-zealous emailers suggested last week, we decided to find out exactly what the Public Interest Registry's plan for .org domains were and how come its whois information is currently so limited.

Rather fortuitously, we also learnt of the new EPP protocol which may soon, finally, mean an end to the Kafkaesque experience of transferring and updating domains - something that has infuriated hundreds of thousands of Web users over the past five years.

Last week, the failure of VeriSign's crsnic whois servers to provide information on .org domains meant that in many cases people were unable to pick up any information on who owned what .org domain, which servers the domain pointed at and other such information. VeriSign is not the main source of data for ,org domains however, having been forced to hand over running of the domain to the Public Interest Registry (PIR) on 1 January 2003.

PIR's authoritative whois for .org domains is not all that useful either though. It contains only the dates of when the domain was created, when it expires and what servers it points at. For any information of who actually owns the domains and what their contact details are, you are instead asked to visit the "sponsoring registrar". If this is, say, Register.com, running a second whois enquiry on Register.com's site will yield the owner's details.

Why is this case when nearly all other domains need only one whois query and you get all the information you need? Well, as Bruce Beckwith (VP of operations at PIR and the man who oversaw the move of ownership of .org from VeriSign to PIR) and Heather Carle (communications manager at Afilias, the company actually running the servers) explained, it's all to do with "thick" and "thin" data.

"VeriSign's original .org registry only contained "thin" details - meaning who the sponsoring registrar was, the date it was registered, and name server information, etc. - and referred the person querying the Whois system to the sponsoring registrar. Because this was all the data the Verisign registry contained (all the other info was stored at the registrars), they were only able to hand over that level of information to PIR," says Ms Carle.

PIR decided that to make the transition as smooth as possible it would first pull in only this information and then gradually introduce a new system that would offer "thick" details (i.e. everything else such as owner information) on its own servers.

"On 1 January, PIR assumed responsibility for the .org domain," says Bruce Beckwith, "and in late January we transferred two-and-a-half million domains over. We did it in a methodical phased approach and we did it with no outages." So the basic information was there. However, to enlarge the information to include "thick" data, PIR has to go through a second lengthy procedure where all the registrars that people have used to buy their .org domains move onto different software that allows for faster and fuller communication with PIR.

"Our second phase is converting all the registrars from RRP [Registry Registar Protocol - created by VeriSign in 1998/99 to relay all domain information] to EPP [Extensible Provisioning Protocol - again devised by VeriSign and the future of domain information sharing]," says Bruce Beckwith. "We have 110 to 115 registrars and we are migrating them group by group in six groups over the course of the year until by 31 December, they should all be running EPP."

The future of the Internet

While this will certainly make PIR's whois more practical, the existence and introduction of EPP across the world is set to revolutionise the purchase, transfer, update and sale of all Internet domains.

As we covered in great depth in January, the current system of exchange of domain information is a mish-mash of systems that frequently leaves domain owners frustrated at attempts to shift domains. Usually involving long waits and acres of paperwork, what could easily be a fully automated system is currently over-complex and anti-competitive.

It has also meant that people's domains have been wrongly handed over to others, that multiple registrations have seen people out of pocket and angry and that information in a per-second system is frequently hours out of date.

EPP may well be set to change all that in one fell swoop. It is, in short, the dream ubiquitous protocol for registrant-registrar-registry information that means fast, seamless and accurate exchange of information - the HTML of domains. Well, in fact, the XML of domains.

Created by Scott Hollenbeck at Verisign, EPP is not without its problems but has so far been enthusiastically greeted by registries and registrars - not only for global domain names but also country-code domains.

The fact that it was created by VeriSign is a good sign (although you may ask what took it so long) since without the Net behemoth, its introduction would prove difficult. And VeriSign has promised to introduce EPP on its systems soon after it is run by all the registrars. EPP is also passing through the stages at the IETF, meaning that it should be recognised as a global Internet standard.

Not everyone is entirely happy though. Although the two biggest country-code domains - Germany and the UK - have pledged support to EPP and others have already implemented versions of it in their system, several problems with EPP have meant that the IETF has held up the process until it considers problems that ccTLDs have with it.

These problems stem from the fundamental difference in gTLDs and ccTLDs. In generic top-level domains such as .com, .net etc, ownership of a domain is drawn in a contract between the registrant (owner) and the registrar (company you buy it from). The ccTLD model tends to assume that the contract is between the registrant and the company that runs the entire domain registry. This different approach has meant the EPP will need to be altered to encompass both models.

However, the potential advantages of an EPP system introduced across the world are huge. Domain problems and overlaps would be hugely reduced. The speed of updates on who owns a domain would be reduced from the current 12 hours on VeriSign's system to a remarkable five minutes and, in future, even faster.

Transfers of domains to different registrars could be completed quickly and efficiently since EPP attaches a password to the domain. This would mean Average Joe can decide to renew his domain with a cheaper company and then do so seamlessly with just a few clicks of his mouse. The implications on competition and hence price are obvious. The same can be done with domain details.

One registrar should also be able to link directly to different registries all over the world, making the system far more like the actual Internet. The automation in each case should also see domain charges fall. In short, EPP - if bodies continue to work together and someone doesn't cock it up - is a god-send that solves a fundamental flaw in the current Internet system.

Back to PIR

But back briefly to PIR. One of the more interesting aspect of PIR and the .org domain, as Bruce Beckwith was keen to stress to us, is how it intends to run the domain.

In a wonderful return to the origins of Internet philosophy, PIR intends to feed back all the money it makes in profit from the sale of .org domains into funding and educating non-profit organisations about the Internet and websites and what uses the Web can be put to.

Think charities, schools and such like being given expert advice or subsidised courses on how to make the Web work for them. Bruce Beckwith was short on real details, talking of "putting together frameworks" and "defining thought processes" and other such nonsense, but the will and the intention is there.

Which, like EPP, can only be a good thing. ®

Related story
Where the hell is my website?
.org registry vanishes into thin air

Providing a secure and efficient Helpdesk

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.