Next Generation: Registration Data Access Protocol (RDAP)
All things must change, which is the way of technology and the internet. Seeking improvement in the integrity of domain records, the RDAP standard was developed as a successor to the WHOIS protocol and it is currently making its way through the adoption curve. The object was to create a standard for nimble, portable, and accurate data without the legacy issues of WHOIS. The emerging format features a standard, machine-readable JSON standard and a foundation build on RESTful web services. This systems is HTTP-compatible, so that error codes, user identification, authentication, and access control can be delivered through the universal HTTP web protocol.
RDAP-compliant records are registered through validated hosts and the features of RDAP services include:
- Standardized queries and responses
- Data object language capabilities that extend beyond English
- Redirection capabilities that allow seamless referrals to other registries
- Network address registrations for IPV4 and IPV6
- RFC 7480 – HTTP Usage in the Registration Data Access Protocol (RDAP)
- RFC 7481 – Security Services for the Registration Data Access Protocol (RDAP)
- RFC 7482 – Registration Data Access Protocol (RDAP) Query Format
- RFC 7483 – JSON Responses for the Registration Data Access Protocol (RDAP)
GDPR and WHOIS
General Data Protection Regulation (GDPR) became effective in early 2018 and although there haven’t been a lot of significant fines or legal cases to emerge just yet, news stories indicate that a wave is coming. This sweeping reformation of privacy laws affects European Union countries as well as any company that might retain the private information of any European individual. These regulations dictate not only the protection of data, but the retention, collection, and distribution of personal information.
The WHOIS system is at odds with GDPR, because it is public, because it has specific information, and because it retains that information for extended periods of time. The fate of WHOIS in light of GDPR is unclear. In the aftermath of GDPR, some registrars have declined to comply with ICANN WHOIS information requirements, to avoid potential GDPR fines.
Want to know more about WHOIS and Security?
This free white paper – “What you should know about WHOIS and Security” delivers a comprehensive report about how Whois data is used in cyber-security and threat investigation.