We Need You: Industry Collaboration to Improve Registration Data Services

Scott Hollenbeck | May 20, 2016

For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities. 

  • Do you need to find out who has registered a particular domain name? Use WHOIS.
  • Do you want to see who an Internet Protocol (IP) address has been allocated to? Use WHOIS.

WHOIS security concerns

The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. Today it’s possible to use WHOIS to collect personally identifiable information (PII), such as physical residence addresses, telephone numbers, and email addresses associated with an individual’s domain name and IP address registration activity. This is a cause for concern in many places where people care about personal privacy, and unfortunately, there’s no easy way to address these concerns using WHOIS because it’s an “all data is available to everyone all the time” service. Thankfully we now have new tools available in the form of theRegistration Data Access Protocol (RDAP), which was designed to address the many deficiencies of WHOIS – including the lack of security services needed to provide data privacy.

How do we scale up?

Like WHOIS, RDAP is a client-server protocol. Clients send a command (such as a query for domain name registration information) to an RDAP server, the server receives and processes the command, and if all is well, the server returns the result of processing the client’s command. Unlike WHOIS, RDAP gives servers the ability to vary the amount of information returned in a response based on the client’s identity and the amount of information they are authorized to see. The core RDAP security service protocol specified in RFC 7481 requires server operators to provide basic client identification and authentication services based on usernames and passwords, but this form of client access is unwieldy when clients have to maintain credentials for thousands of servers and server operators have to maintain credentials for millions of clients. A more scalable solution is needed, and can be obtained in the form of a federated authentication service.For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities. 

  • Do you need to find out who has registered a particular domain name? Use WHOIS.
  • Do you want to see who an Internet Protocol (IP) address has been allocated to? Use WHOIS.

WHOIS security concerns

The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. Today it’s possible to use WHOIS to collect personally identifiable information (PII), such as physical residence addresses, telephone numbers, and email addresses associated with an individual’s domain name and IP address registration activity. This is a cause for concern in many places where people care about personal privacy, and unfortunately, there’s no easy way to address these concerns using WHOIS because it’s an “all data is available to everyone all the time” service. Thankfully we now have new tools available in the form of theRegistration Data Access Protocol (RDAP), which was designed to address the many deficiencies of WHOIS – including the lack of security services needed to provide data privacy.

How do we scale up?

Like WHOIS, RDAP is a client-server protocol. Clients send a command (such as a query for domain name registration information) to an RDAP server, the server receives and processes the command, and if all is well, the server returns the result of processing the client’s command. Unlike WHOIS, RDAP gives servers the ability to vary the amount of information returned in a response based on the client’s identity and the amount of information they are authorized to see. The core RDAP security service protocol specified in RFC 7481 requires server operators to provide basic client identification and authentication services based on usernames and passwords, but this form of client access is unwieldy when clients have to maintain credentials for thousands of servers and server operators have to maintain credentials for millions of clients. A more scalable solution is needed, and can be obtained in the form of a federated authentication service.

Read more

Your Personal Brand Starts Online

Blog Moderator | May 18, 2016
They say first impressions are the most lasting. Today, that first encounter – whether you’re looking for your dream job or starting your dream company – often happens online. If someone searched for you on the web, what would they find? 

Take control of your presence online and build a personal brand. Shape your professional story based on your expertise, skills and passions, and tell the world what you can offer. 

Need some inspiration? Take a look at how others have used the power of the internet to build their personal brands.

College Graduate




Read more

Verisign Launches New gTLDs for the Korean Market, .닷컴 and .닷넷

Blog Moderator | May 15, 2016

Guest post from June Seo, Director, Verisign Naming Services Korea

Verisign is pleased to announce the launch of our phased rollout of .닷컴 and .닷넷, the localized versions of the .com and .net top-level domains (TLDs) in Hangul script for the Korean market. The Sunrise Period is open from May 16, 2016 through June 19, 2016 for .닷컴, the .com you know, now in Korean, and .닷넷, the evolution of .net for Korea

Read more

Verisign Opens Landrush Program Period for .コム Domain Names

Blog Moderator | May 15, 2016

Guest Post from Manish Dalal, Vice President, Verisign Naming Services, Asia-Pacific

Today, the Landrush Program Period for .コム, the first IDN TLD from Verisign, opens for anyone to register .コム domain names on a first come, first served basis through June 12, 2016. The Landrush Program Period provides businesses and individuals with the opportunity toregister .コム domain names before they become generally available to the public on June 13, 2016.

Read more

Top 10 Trending Keywords in .Com & .Net Registrations in April

Blog Moderator | May 10, 2016

The top 10 trending keywords registered in .com and .net during the month of April 2016 are below. Any surprises?

Top 10 Keywords Registered in April 2016

Read more