TECHNICAL REPORT
Grantee |
University of Malaya
Faculty of Computer Science & Information Technology, Jalan Universiti, 50603, Wilayah Persekutuan Kuala Lumpur, Malaysia
|
Project Title | Implementation and Utilities of RDAP for Wider Usability among Internet Stakeholders |
Amount Awarded | USD 20,000 |
Dates covered by this report: | 2019-11-01 to 2020-03-14 |
Report submission date | 2020-04-27 |
Economies where project was implemented | Malaysia |
Project leader name |
Prof. TS. Dr. Miss Laiha Binti Mat Kiah
|
Project Team |
Ali Hussain
Mahi Uddin
|
Project Summary
This project aimed to increase the adoption of the Registration Data Access Protocol (RDAP), which is the replacement/upgradation of WHOIS. It is used to retrieve registration data using Internet resources such as domain names, Internet Protocol (IP) addresses, and autonomous system numbers (ASN). RDAP solves several problems of WHOIS. It has many new features which include: standardized query/response formats, authoritative address of the Regional Internet Registries (RIR), authentication, and encryption. Internet operation researchers and users need to adopt RDAP as it will continue to play an increasingly important role in Internet resilience, safety, and investigations requiring the search and collection of registration data. This project contributed in increasing the utilization and adoption of the RDAP by implementing the RDAP client in Matlab (Data Simulation Tool), Browser extensions, and generic recommendations to establish RDAP clone in national Registries across Asia Pacific region. Matlab is a powerful tool to simulate, design, and analyze real-world systems. At the time of the project was proposed , there was no direct/native support of RDAP protocol in Matlab. Implementing such a client or toolbox will enable easy retrieval of data from RDAP with minimal development efforts as well as native support for RDAP in Matlab. Eventually, it will facilitate doing Internet operation research, data visualization, digital forensic, and other studies involving internet resources such as domain name, etc. The Browsers extension would assist end users in getting lookup information of the domain they are about to visit, this way it will potentially help in mitigating the risk of online spam and scams with the benefit of improved transparency of legitimate Internet resources. Moreover, this project also explored potential implementation strategies to set up RDAP clone for national Registries. This replication can potentially improve the availability of RDAP in unforeseen circumstances and could help to implement robust strategies for improved quality of service. The recommendations and guidelines are useful for RDAP adoption acceleration, identifying the current state of RDAP, identifying future strategies to deploy country level RDAP, and challenges faced by country level Registries.
Table of contents
- Project factsheet information
- Background and justification
- Project Implementation
- Project Evaluation
- Gender Equality and Inclusion
- Project Communication Strategy
- Recommendations and Use of Findings
- Bibliography
Background and Justification
This project aims to increase the adoption and usability of the Registration Data Access Protocol (RDAP). RDAP protocol is the replacement of WHOIS. It is used to retrieve registration data using Internet resources such as domain names, IP addresses, and autonomous system numbers (ASN). RDAP standardized data access and query response formats. The project evasion to increase the utilization and adoption of the Registration Data Access Protocol (RDAP) by implementing the RDAP and its query format into Matlab (Data Simulation Tool), Chrome extension and recommendations to setup RDAP clone in national registries in the Asia Pacific.
Matlab is a powerful tool to simulate, design and analyze real-world systems. Implementing RDAP as Matlab plugin will enable easy retrieval of data from RDAP with minimal knowledge of the RDAP standard format and as well as native support for RDAP protocol in Matlab. Matlab with RDAP client can help in research about malicious domain name which is an active research area, digital forensic and domain name data visualization and investigation. At present, there is no direct/native support of RDAP protocol in Matlab to retrieve and process RDAP data. The data can be used to track domain name ownership, handling registrations, renewals, availability checks, and anomaly detection.
RDAP introduces a number of new features related to access control, internationalization and standardized query / response definitions. It is important for Internet operation researchers to become familiar with RDAP as it will play an increasingly important role in Internet investigations requiring the search and collection of registration data as evidence. The Chrome extension will assist end users in getting lookup information of the domain they are about to visit and this way it will potentially help to reduce the risk of online spam and scams by easy and transparent Internet resource information lookup. Moreover, we will also formulate an implementation strategy to set up local RDAP instances for any national registry. This will serve as recommendations and to set up a backup and fast link to access RDAP. In case of any unfortunate disaster, this replication will make RDAP protocol accessible from the local server as well as accelerate its utilization and adoption.
Project implementation
WHOIS lookup allows Internet users to lookup the ownership and tenure of a domain name and other internet resources such as IPv4, IPv6, Autonomous system number (ASN) and name servers address. Similar to how all businesses are registered with governing authorities, all domain name Registries maintain record of information about every domain name and its history. The data from domain purchasing, owners details, domain transfer, lifecycle domain, and all related information. Traditionally, WHOIS database is used to store these details on behalf of Registries and Registrar. E.g, date of registration, expiry date, subscription plan, contact details, expiry information, associated nameserver details, the corresponding Registrar through which purchase was made, etc. An internet Protocol (IP) being unique address of a server on the internet. It enables identity to every entity going to connect to a specific server on the Internet. IP and Domain names are the fundamental building blocks of the entire World Wide Web (www). RDAP is targeting to handle the huge amount of Internet resource data that originated across the world. For instance, anyone can use the domain name or IP address to conduct a WHOIS or RDAP lookup. RDAP in turn will query the appropriate database and will return up-to-date record. RDAP is set to fully replace legacy WHOIS protocol and overcome some of the problems faced by WHOIS. RDAP introduces a number of new features related to access control, internationalization, and standardized query or response definitions. It is important for Internet operation researchers to become familiar with RDAP as it will play an increasingly important role in Internet investigations requiring the search and collection of registration data as evidence.
The prime target of RDAP is to address the shortcomings of WHOIS protocol. Four specific issues were listed in RFC-47821 that are addressed by RDAP:
1. Lack of standardized command structures
2. Lack of standardized output and error structures
3. Lack of support for internationalization and localization
4. Lack of support for user identification, authentication, and access control
RDAP extends existing HTTP(s) functionality in providing standard error response messages (HTTP-200, HTTP-404, etc.). The server can redirect the client to another potential server candidate (authoritative server) which requests data using redirection, by specifying HTTP response code 301, The redirected authorized server will be contacted by the client itself. RDAP over HTTP will make it easy to interface requests serving using firewalls using HTTP proxies. Another important feature of RDAP is its support for Internationalized Domain Names (IDNs), using PunnyCode algorithm, in its request. This means the domain name can contain local languages’ UNICODE string as a fully qualified domain name.
By design RDAP is made to extend itself for using customer tags etc, IANA is responsible for maintaining the catalogs of allocated extensions and JSON values. The data accuracy is not addressed by RDAP and Registries needs to take care of data submitted and stored in their databases. The accuracy of Registry data was an issue with WHOIS as well. Using and enforcing the secure HTTP deployment of RDAP, the RDAP data integrity can be made possible as the queries are traveling from an authoritative RDAP server to an RDAP client. However, the quality of the Registry data submitted by the original Registrant corresponds to data validation performed by all Registry involved. RDAP is being fully adopted by Registries worldwide. Five public regional Internet Registries (RIPE, APNIC, AFRINIC, ARIN, LACNIC) have also implemented the RDAP and in providing access to RDAP data by implementing servers application and an interface to access their data from RDAP server. However, its wider deployment lacks full implementation of its feature e.g., authentication and authorization of client and federated access is still not supported. Similarly, the Internationalized domain name (IDN) is partially supported by few Regional Internet Registries (RIRs). There is a need to ease the adoption by developing/upgrading the Internet libraries and tools to support modern RDAP protocol. This will facilitate the usage of and success of RDAP by bridging the gap of knowledge development efforts. Eventually adopting RDAP can support activities such as Internet operation research, data visualization, digital forensic, and investigations about malicious on internet resources such as domain name, which is also an active research area. At present, there is limited direct/native support of RDAP protocol in many potential utility applications such as Big data processing tools (Matlab, etc), Browsers, and so on.
Matlab is one of the powerful data analysis and visualization tools. It is also actively being used in Internet networking research. The researcher and community use it to perform data extraction, data visualization, and various research purposes. However, there is no native implementation or library of RDAP protocol in Matlab. Users intended to use RDAP in Matlab either need to implement RFCs from scratch or use any external RDAP client which doesn’t suit in many simulations.
The Matlab toolbox developed by this project will help researchers who aim to use the analytical features of Matlab over the RDAP data. The Registries may also use this tool to generate analytics and analyze the operation behavior of Registry records especially newly registered. the use of this Matlab toolbox will inherit the power of Matlab framework and, hence, it will be a powerful tool to play around with data of RDAP and generate meaningful results with minimal knowledge of RDAP protocol. Matlab plugin together with RDAP could help in creating a more comprehensive root operations audit report for Registries. Easy accessibility and consumption of RDAP output with minimal development efforts and Matlab can help in adding diversity of computational reports and analysis.
The main objective of this project is as follows:
- Matlab toolbox, which implements RDAP client for easy simulation and visualizes the data. Matlab RDAP toolbox will enable researchers to use its full potential to integrate with other tools and technologies. Thus, reducing the development time, ease adoption, and support the research on RDAP with the power of Matlab.
- The Browsers (Google Chrome, Firefox, and Opera) native extension to easily view RDAP data in real time. This ease of access will enable end user access to RDAP data about internet resources they are visiting.
- Investigate the potential of setting up the country level clone of RDAP as part of any national Registries, useing MYNIC Registry Malaysia as cases study.
These objectives will support the adoption of the RDAP globally among various stakeholders for its ease of use among internet stakeholders for improved Internet operational, management and lookup. This project also gathers useful feedback about the work idea of country level RDAP clone deployment and its need. In this regard, the project team approached MYNIC Registry as it was easy for us to communicate and engage an entity based in Malaysia. The generalized recommendations from MYNIC are part of this report so that they are extended to all Registries in the Asia Pacific region.
As per the project plan, this project developed Matlab RDAP toolbox (client) to support RDAP lookup services supporting as many features as possible. This Matlab RDAP client works as a native toolbox or library for the next-generation IP and domain name lookup research tool. This will assist in the lookup of IP and domain names with extensive native algorithms and graphical views. Among the improvements brought by RDAP, it is the support for internationalization and authentication and the standardization of the format of queries and responses. However, the easy integration and utilization of RDAP is a key challenge for its wider adoption and usefulness.
The developed prototype will keep in view the ICANN RDAP profile 2019. However, the implementations cater for the future RDAP profiles and necessary support to seamless upgrading the Matlab RDAP Client corresponding to specific RDAP profiles. Whereas, other available functions that can be used to retrieve different RDAP resources both the DNS and the IP address from Registries. The RDAP Client will accept RDAP profile as an initialing parameter. This way the tool aims to present different RDAP profiles data to its user. All this will assist in delivering insights on network IP, ASN ownership, Domain metadata, and the state of internet governance around the world.
The technical implementation of the Matlab toolbox: it fetches the base URL of the servers of Top Level domain(TLDs), RIRs, and country code level domain name (ccTLDs) which are serving the responses. They are statically defined in JSON format as Bootstrap files from IANA repository. Matlab client has the functions to fetch them periodically or at least once a day, a Bootstrap file update every 24hr. RDAP Bootstrap json values and RDAP extensions library from IANA website. The project implements the following Internet Standards for RDAP Matlab toolbox:
RFC7480 HTTP Usage in the Registration Data Access Protocol (RDAP).
RFC7481 Security Services for the Registration Data Access Protocol (RDAP).
RFC7482 Registration Data Access Protocol (RDAP) Query Format.
RFC7483 JSON Responses for the Registration Data Access Protocol (RDAP).
RFC7484 Finding the Authoritative Registration Data (RDAP) Service.
RFC7485 Inventory and Analysis of WHOIS Registration Objects.
However, these RFCs are implemented in Matlab keeping in view the supported features by RIRs our client doesn’t support authentication and authorization services. Table 1 shows the status of implementations of the RFCs in Matlab toolbox.
RFC | Status |
RFC7480 | Implemented RDAP client specific operations |
RFC7481 | Implement possible client access control and authentication features |
RFC7482 | Implemented RDAP client specific operations |
RFC7483 | Implemented RDAP client specific operations |
RFC7484 | Implemented RDAP client specific operations |
RFC7485 | Implemented RDAP client specific operations |
After finalizing the methodology, as shown in Figure 1, to implement the project objectives the team performed problem analysis and in-depth specification and use cases of these utilities. Multiple rounds of brainstorming, follow-ups, and meeting about the project proposal lead to finalizing the implementation strategy.
Following were the main point of the methodology:
- Investigated Matlab Plugins, Google Chrome Plugin, Firefox and opera plugin, and RDAP RFCs to formulate the software development architecture.
- Output format and use case and Sequence identification. The development module identification and implementation plan was finalized.
- Implementation of RDAP protocol in Matlab (as native Plugin). Implementing all RFCs and addressing all possible profiles of RDAP.
- Google Chrome extension, Firefox, and Opera plugin to easy and real-time access to RDAP records in browsers. This way the user doesn’t need to browse additional services as the Browser extension will bring results on the same page.
- Pilot Testing, validation of the prototypes.
- Implementation strategy to set up local RDAP instances for any national Registry is carried out by designing a questionnaire and approached MYNIC Registry to seek feedback from them.
- Documentation and report writing outreach activity of the findings in all possible forums.
A detailed system architecture diagram is shown in Figure 2.
The following section describes the design and development of Chrome extension.
Browser Extensions are small software programs that customize the browsing experience. They enable users to tailor Browser functionality and behavior to individual needs or preferences. An extension must fulfill a single purpose that is narrowly defined and easy to understand. A single extension can include multiple components and a range of functionality, as long as everything contributes towards a common purpose. Another portion of the project was the Google chrome application for end-users to query the RDAP data using a single web page. RDAP Lookup Utility Browser Extension will help the web user to get the registration information of a Domain, IPv4, IPv6, Nameserver, and Autonomous System Number (ASN) easily by using the RDAP. The chrome RDAP extension will also help the user in detecting potential fraudulent sites, by extracting data using RDAP and presenting features of the site (age, etc). The RDAP data will be easily accessible in the chrome browser and users can debug the information right within the chrome browser. This will make decision making easy for the end-user. NetBlocks has implemented the RDAP protocol as a JavaScript library called whois-rdap. It is based on the cached databases and distributed operation support from NetBlock. Its Databases cache the RDAP data and whois-rdap is an interface library to retrieve data. NetBlock backend database is caching RDAP records from ARIN , RIPE, etc.
Features of Chrome App:
- Retrieve the registration information of a Domain, Nameserver, ASN, IPv4, and IPv6.
- Fetch the domain name from the browser address bar automatically and show the result.
- It calculates and shows the age of the Domain, Nameserver, ASN, IPv4, and IPv6.
- It also gives warnings about the recently registered Domain, Nameserver, ASN, IPv4, and IPv6.
Functionality of Chrome App:
- Users can retrieve the registration information of a Domain, ASN, IPv4, IPv6, and Nameserver from this one extension. The live URL is chrome extensions is mentioned and following are the use cases and screenshot of chrome extension, Firefox and Opera extensions has similar interface and features.
- When a user installs this extension from the chrome web store at chrome browser.
- The browser will now show a full-color page action icon in the browser toolbar. When the icon is full-color, users can click it to view a popup of this extension.
- This extension needs Tabs and Background permission. These permissions are required to acquire the domain name from the address bar as shown in Figure 3.
- This extension works on background to retrieve the domain name and display the result and shows the age of the domain with icon.
- If the domain age is more than one year’s then the icon color becomes green and shows the age in the icon like in Figure 4.
And if the domain age is less than one year the icon color will be red like in Figure 5.
- When the user clicks on the icon, one popup will be open. The user will see Figure 6. If the Tab is empty, the search result will be empty, otherwise, the extension will show the registration information of that Tabs domain.
- There is one text field to enter domain, IPv4, IPv6, nameserver, or ASN. Another field is dropdown. This will be automatically changed if the user enters the domain, nameserver, IPv4, IPv6, or ASN.
- Standard validation is working in this field, to prevent input value by the user.
- When a user enters the domain name, the result will be like Figure 6. If the domain age is more than one year the background color of the domain age portion will be green otherwise red.
- When a user enters the ASN, the result will be like Figure 6. If the ASN age more than one year the background color of the domain age portion will be green otherwise red.
- When a user enters the IPv4, the result will be like Figure 6. If the IP age is more than one year the background color of the domain age portion will be green otherwise red.
- When a user enters the IPv6, the result will be like Figure 6.
- When a user enters the Nameserver, the result will be like Figure 7. If the IP age is more than one year the background color of domain age portion will be green otherwise red.
- The extension also shows the entities of Domain, ASN, IPv4, IPv6 and Nameserver like Figure 7. It displays the result of a JSON.
The University of Malaya is a one of Public Sector Universities in Malaysia, that cares about gender balance, equal opportunity to all, diversity, and inclusion. The project was executed under the leadership of Professor Miss Laiha Mat Kiah [15]. The gender was taken care of by having a Project leader female and two (2) male research assistants (RA). The project leader Professor Dr. Miss Laiha Mat Kiah is a Malaysian and the other two team members are non-Malaysians. One research assistant (RA) Mr. Ali Hussain is from Pakistan, while the other Research Assistant (RA) Mr. Mahi Uddin is from Bangladesh, making it a very strong diverse team and supporting equal opportunity for all.
RDAP, as defined by IETF, is based on a popular restful design pattern. However, our teams have tried to understand the need for wonder Internet operation benefits and resilience picture expected the project implementation activities to benefit the wider community. This led us to perform the capacity building of the team. It was a challenge to understand the current state of RDAP [16-31] and its RFCs from a wider perspective of multi-stakeholders. We overcome this by attending the technical conference as community reach out strategy to seek information and learn about ten subjects from experts. Our team, made up to the IETF 106 Singapore meeting and engaged with REGEXT working group. The team member received enough appreciation and support from the attendees of IETF and the members of REGEXT working group. It was a good capacity building exercise as well as an introduction to IETF tools, processes, and an overview of work carried out at IETF and IRTF. After getting sufficient knowledge boost from IETF meeting our team and better understand the implementation methodology and started with Matlab client implementation. We have come across challenges of data type mapping in Matlab and retrieve authoritative data center, finding suitable HTTP libraries in Matlab which support access control, PunyCode encoding and decoding, parsing of responses, and testing. internationalization support was added to the client by implementing a class that implements both encode and decode a PunyCode value in Matlab. Overall testing and functional validation is performed. The summary of Matlab toolbox activities and RDAP features implemented is shown in Table 1.
Table 2: Summary of Matlab toolbox activities and RDAP features implemented
Feature | Status | Justification | Future work |
GetDomainAuthoritativeURL | Completed | It returns Authoritative URL of registers using IPv4, IPv6, Domain name and ASN | Validation |
RefreshIANABootstrap | Completed | To periodically fetch Latest IANA Bootstrap | Validation |
RDAPClient class | Completed | To import a standalone class with related imported dependence and to perform common queries | Improve it to support IDN and http basic authentication |
ParseDNSResponse ParseIPNetworkResponse ParseNameserverResponse ParseASNEntityResponse | Completed | Can parse full response data structures including nested data structures and return in Matlab friendly data structure | Validation |
RDAPClientTestASN, RDAPClientTestDNS, RDAPClientTestIP, RDAPClientTestIPv6, RDAPClientTestNameserver, RDAPClientTestSearchDomain, | Completed | For the search and name, the server queries the base RDAP URL is retrieved only if at least one domain name of the targeted registry is provided as a parameter. We need to implement more functions for users to use. | Validation and enhancement |
IDNToASCIIConverter, Punycode Algorithm | Completed | Implementing this algorithm in Matlab to support IDN as a valid query parameter | The encoding and decoding for PunnyCode algorithm is completed and available as functions |
Incorporation of RDAP Feb 2019 Profile | Completed | Will allow users to retrieve results compliant with RDAP profiles | The PDAP Profile Feb 2019 is incorporated. |
The authentication and few queries such as search are not yet supported by major RIRs. The RDAP profiles release in Feb 2019 was followed and the Matlab client accepts a parameter to choose among different variants of RDAP.
The Matlab client has implemented classes that help to organize the RDAP request and process. The command-line version client can be used to call all queries except the search. The detailed description of Matlab toolbox features can be seen in Table 2.
Figures 8, 9, and 10 show the working of Matlab toolbox executing query of Ipv4, IPv6, and autonomous system number (ASN) respectively. The corresponding functions can be used to pass any value of IPv4, IPv6, and ASN to return the RDAP response. These functions will fetch the relevant authoritative URL as per IANA bootstrap and then will download the RDAP response using secure HTTP (HTTPS) from that Registry web service and display it as raw JSON (in Matlab structure). In the example in Figure 8 the authoritative URL or base URL for IPv4 address e.g. A.B.C.D. Similarly, the RDAP response of IPv6 and ASN will be obtained using a different function as shown in Figures 9 & 10.
The RDAPClient class contains functions GetDomainAuthoritativeURL, GetIPv4AuthoritativeURL, GetIPv6AuthoritativeURL, GetASNAuthoritativeURL and RDAPClientTestNameserver, these functions can be used to obtain the authoritative URL for a domain, IPv4, IPv6, ASN or nameserver value. We need to pass the RDAP profile name as parameter to constructor of RDAPClient class. As shown in Figures 11, 12, 13, and 14.
The project also implemented PunyCode algorithm which is used to transform the domain name into Internationalized domain name value. To encode and Unicode domain name. The class Punycode
Implements the encode and decode function to encode and decode Unicode domain. Figure 15 shows the example of encoding and decoding a Unicode domain to IDN and back to Unicode. To use these functions Matlab must be set to use UTF-8 as default encoding and default local. Following commands might be helpful in configuring UTF-8 as default locale and encoding:
- feature(‘DefaultCharacterSet’, ‘UTF8’);
- slCharacterEncoding(‘UTF-8’)
All these native Matlab classes and functions can seamlessly operative with the other Matlab toolbox, and functions to serve a powerful library to process RDAP queries and responses for any kind of research or data analytics computations. This toolbox will provide a plug and play RDAP functions that can be easily used without the need to implement RFCs and RDAP protocol. The work carried out in this project is in line with the scope and methodology proposed in the original proposal and has not changed significantly. However, our organization and team have been facing unique challenges, and pressure due to COVID-19 pandemic since the first quarter of 2020. Since then, the Malaysian government and private sectors have been educating people about the measure to mitigate the spread of COVID-19. Malaysia has been put on Movement Control Order (MCO). Of being affected, as the team was required to stay home and exercise social distancing to break the chain of COVID-19 infection, our team put up its best effort to continue work from home/remotely. Because of that, we were able to achieve the proposed milestones and adopted the new normal. Due to Movement Control Order (MCO 2.0) in Malaysia starting Jan 2021, We have started to schedule the meeting with MYNIC to obtain input regarding the country level RDAP implementation. We have successfully gathered the required feedback from MYNIC Registry and its part of this report.
However, our diverse team has been trying their best to keep their progress as optimal as we can in this challenging time. One positive impact which our team enjoyed is online ICANN67, IETF107 meeting which saves team member’s time, efforts, and cost to possibly attend these meeting in person. Our team also attended ICANN68 and presented the work on ICANN68 Tech Day 0 and we are also trying to present the work in network operators conference across Asia Pacific region. Our team has planned to publish the project as opensource to attract community efforts in its long term success and sustainability and link to github repositories can be accessed here. We will actively look for collaborators to contribute to this project and extending its benefit to the next level. All these measures will address the need of the Internet operation researcher to start using and improving this project (if necessary).
Project Evaluation
The domain name industry is growing yet, facing operational and security challenges. The proposed utility will help researchers and professionals working in the domain name industry diversify the research directions and analytics. The idea is innovative and there is no such utility exist. The target market of these utilities also covers all five RIRs, all national-level domain name Registries, Registrar, and researcher and end-users. Therefore, the investment of time, effort, and funding involved seem justified as per the scope of the proposal. The strengths of the project are the utilities/library to assist RDAP adoption and use and weaknesses of the project are the scopes of work proposed as domain name industry is very big and a lot of unsolved problems of full adoption, implementation, awareness, and deployment and use of RDAP. Our project has tried its best to keep up to date with the RDAP improvement via the REGEXT working group of IETF to better justify the credibility and reliability of the work, in the future. The MYNIC has agreed to give us an appointment however the meeting schedule is not yet decided due to prevailing Movement Control Oder (MCO) 2.0 has amended the schedule.
The following section presents the outcome of the Feedback gathered from MYNIC Registry. A demo presentation session was scheduled between the University of Malaya (UM) team and MYNIC Registry (MYNIC, Level 3, Tower 2, Menara Cyber Axis, Jalan Impact, Cyberjaya) on Thursday, 11 March 2021 3:00 PM to 4:30 PM at San Francisco Meeting Room. The meeting session was attended by:
- Chaired by Datuk Ts. Hasnul Fadhly Hasan, the CEO of MYNIC Registry
- MYNIC team Mr. David Chui Siew Chong
- MYNIC team Madam Nurah Muhammad
- MYNIC team Madam Mastura
- MYNIC team Madam Suzilah Hassan
- UM team Leader Professor Ts. Miss Laiha Mat Kiah
- UM team member Mr. Ali Hussain
- UM team member Mr. Mahi Uddin
This report summarizes the meeting objective and outcome into two parts:
- Guided Feedback from MYNIC Registry
- Closing remark from MYNIC Registry
Guided Feedback from MYNIC Registry
The purpose of the meeting was to get feedback from MYNIC Registry regarding the Registration Data Access Protocol (RDAP) implementation work carried out by UM team, as part of the Asia Pacific Network Information Centre (APNIC) ISIF Asia – Internet Operation Grant 2019. The UM team has been working on the RDAP implementations project since late 2019, the project aims to gather feedback about the work from Registry for possible their perspective and future work.
The following questions were put forward to MYNIC Registry.
Question: Do you think, it would be beneficial for Registry to set up RDAP backup arrangements at country level Registry? Would such backup act as a fast link as well as extra defense to cater to any unfortunate disaster?
Summary of Feedback:
The MYNIC Registry foresees that the adoption of the new protocol is a long-standing challenge faced by any new Internet protocol. Speaking about IPv6 adoption, it is a challenge to accelerate things among Government departments for necessary approval which also costs some time and sometimes affects the progress of adoption. When we talk about domain authoritative node cache, in the case of the registry it’s the master node as well e.g. Malaysia is the master node of the dot(.) my, and registry use to populate the data worldwide. MYNIC Registry only runs the operation of registration of the name. however, the IP address allocation is not under our scope. Every registry is responsible to take care of different names. MYNIC Registry is heavily relying on APNIC for direct support. MYNIC Registry uses other service providers to propagate the name worldwide. MYNIC Registry evasion that, regardless of the organizational communication challenges and policies. The registry would prefer to have local RDAP copy. There was a caching effort in MYNIC Registry in the past as well, however, the project suffers from a lack of budget. MYNIC Registry is also in touch with ICANN. MYNIC Registry is also interested in accelerating the adoption of RDAP and leverage its benefits for better governance and services. The cost of hosting cache servers in Malaysia is also high and the Malaysia Government is also interested in collaborators to help in hosting servers etc. MYNIC Registry has about 200 servers around the globe, however, the RDAP is not yet implemented in any server. Currently, MYNIC Registry is heavily relying upon the WHOIS for parsing the response, etc. However, with the GDPR we are considering. MYNIC has already implemented query minimization and response volume depending on the activation of DNSSEC. There is a need for greater automation as well as compliance to GDPR and local data protection regulatory requirements. GRPR is complicated, as the company registered under your name, is also protected. As MYNIC Registry goes global, it would need to be more vigilant as we will have to leverage the benefits of RDAP for the effective management of domain name data.
Question No 1: What could be the challenges in implementing such RDAP country level Registry backup?
Summary of Feedback:
MYNIC Registry thinks the adoption should start from a bottom-up approach. It should be initiated from the customer side like the registrant has to demand the RDAP and need to push the registry for the RDAP services. The MYNIC Registry has implemented the DNSSC, IPv6, however, the adoption is very slow. MYNIC Registry as an operator doesn’t have sufficient authority to enforce the registrants to adopt RDAP. MYNIC Registry will try its best to communicate to relevant Government departments. MYNIC Registry is also eager about increasing the IPv6 adoption and believes the same concern will extend to RDAP as well. Registries are usually the first ones to enable any new feature but RDAP adoption is going to be a bit tough. Therefore, the implementation property must cater to the individual registry status and capacity as well to boost the adoption of RDAP.
Question No 2: What would be the overall impact of such country level RDAP instances or cache ? Would this bring any Internet operational benefits to the country level Registry? What are the upcoming implementation and adoption challenges of RDAP?
Summary of Feedback:
The RDAP benefits and its value is significant in solving the complex WHOIS issues registries are facing right now. As the unified architecture will be very helpful. MYNIC Registry believes it would be very good for registries once it is fully adopted. The adoption of the RDAP will significantly improve the overall operation and handling of data for the domain name industry as a whole.
The implementation and best practices will vary from registry to registry as MYNIC Registry would have its own custom JSON format for its internal system use. MYNIC Registry is interested in working with the University of Malaya as potential collaborator during this journey of implementation and adoption of RDAP. Currently, MYNIC Registry is over-mandated as a registrar as well as a registry. Therefore, we are trying to separate the roles. Once MYNIC Registry is fully registered and the accredited registrar it will make things easier to manage. For communication among registrars, the Extensible Provisioning Protocol (EPP) has a few limitations as it doesn’t give enough information to process. E.g., if one customer has multiple accounts it results in multiple objects corresponding to one customer. If there is some sort of grouping that would help the operations.
Acceleration is about the software supporting the RDAP and the use case will depend on a particular registry and their mandate. However, use cases should be such that they facilitate the practical use of RDAP in data analytics, security, and privacy features.
Questions No 3: Any suggestions that MYNIC Registry would like to propose as the future work? Perhaps on the RDAP data processing (i.e., log enrichment, security analytics)?
Summary of Feedback:
MYNIC Registry thinks the future applications of RDAP will also depend on the volume of its data. These days privacy is the default feature, not a premium feature. MYNIC is trying to offer privacy features as a free service in the upcoming release, as the global demand for privacy features is overwhelming. MYNIC Registry will welcome new ideas for data processing. MYNIC Registry is also concerned about the safety and security of RDAP itself as its redirection mentions and it is heavily relying on HTTPS protocol. The resolver and DNS security are equally imported to registries to boost the secure, digital economy and sustainable digital ecosystem.
Closing remark from MYNIC Registry
- The data privacy related benefits extended by RDAP as important. All such necessary configurations are likely, to be suitable as role based access control. Whereby The registry is exchanging the data from multiple registrars. However, there are serious privacy concerns. As the registry should be able to see the data for all its Registrants. If the Registrant is the customer of the Registry then sensitive information can be revealed otherwise the sensitive information should be masked.
- The federated authentication and authorization seem to be tough to achieve as the agreement among the governments, everyone has their way and would potentially prefer to keep the implementation private.
UM team is very thankful to the MYNIC Registry team for their kind cooperation feedback.
Indicators | Baseline | Project activities related to indicator | Outputs and outcomes | Status |
How do you measure project progress, linked to the your objectives and the information reported on the Implementation and Dissemination sections of this report. | Refers to the initial situation when the projects haven’t started yet, and the results and effects are not visible over the beneficiary population. | Refer to how the project has been advancing in achieving the indicator at the moment the report is presented. Please include dates. | We understand change is part of implementing a project. It is very important to document the decision making process behind changes that affect project implementation in relation with the proposal that was originally approved. | Indicate the dates when the activity was started. Is the activity ongoing or has been completed? If it has been completed add the completion dates. |
The completion of working prototypes as proposed initially | There was a need for such utility and the project will wild prototype utilities for the benefit of various technical communities working in the domain name. | Active interest in gaining background knowledge, networking with like-minded professionals, development, testing, and experience. | Output code will be released as open source project on GitHub and will encourage other stakeholders to work on it. | We haven’t made source code public but plan to invite community soo along with the publishing of final report. |
Presenting the finding, experience, and prototype to a relevant forum to invite comments, boost the interest of others to contribute | The activities related to RDPA enhancement are already carried out by various communities, this action gives better visibility to the prototyping work carried out as part of this Grant | Feedback, comments, and support from the community and help to better understand the impact and worth of the project. | We have received valuable interest and comments regarding the relevance of the project during ICANN68 and we have responded to all the comments. We have reached out to MyNIC Registry to gain specific feedback about the country level RDAP implementation | We have achieved/done it |
Gender Equality and Inclusion
The project activities and output are not directly linked to impact the gender gap as its technical implementations which anyone regardless of gender. Our project team composed of one female project leader with two (2) research assistant members make it a great combination of gender balance with leadership skills and technical skills.
The University of Malaya is a one of Public Sector Universities in Malaysia, that cares about gender balance, equal opportunity to all, diversity, and inclusion. The project was executed under the leadership of Professor Ts. Dr. Miss Laiha Mat Kiah. University of Malaya has gender studies program and also eager to address the gender balance using its policies. The faculty is always eager to address the gender balance and encourage diversity.
Project Communication Strategy
Our team followed agile and scrum methodology for inter-team communion. The weekly progress of Research assistants (RA) were reported to the project leader.
Our team sought Knowledge bases and the project tried to seek help from IETF. Our team also used material from the following forums as part of capacity building activity.
Best practice domains (https://bestpractice.domains/)
ICANN DNS Symposium | May 2020 (https://www.icann.org/ids)
GDD Industry Summit | 3-6 May 2020 (https://www.icann.org/gddsummit)
The Registration Operations Workshop (ROW) Workshops (http://regiops.net)
Our team has presented the project at ICANN68 Tech Day and we are also trying to present it at any network operators conference in Asia Pacific region. We will need ISIF Secretariat support to reach out to relevant stakeholders to better disseminate the benefits of the project and showcase its potential.
Recommendations and Use of Findings
We will try to disseminate the project finding and experience with the community as much we can. Any forum which is active in Internet Operation and academic research locally or internationally will be used to present the results as well as gain knowledge. Folks from IETF Regex group were very kind and helpful to support our team’s capacity building.
As this report highlights the need of enhanced usage of RDAP because of the value addition to Internet operation and research. Therefore the report strongly advocate the multi-stakeholder approach to accelerate the RDAP implementation and welcome any possible contribution or collaboration or partnership with national and international organization.
Bibliography
Professor Ts. Dr. Miss Laiha Mat Kiah received the PhD degree in Information Security from the Royal Holloway, University of London, United Kingdom. She is an active member of global and Malaysia professional community of Association for computing machinery (ACM), IEEE – Senior Member, EC Council – Committee Member, Malaysian Society for Cryptology Research (MSCR), Malaysia Board of Technologists, Committee Member, Centre for Research in Industry 4.0 (CRI4.0)- Committee Members. She is currently serving as a Professor with the Faculty of Computer Science and Information Technology (FSKTM), University of Malaya. She has served in various administrative positions, Deputy Dean, Head of Department, Program Coordinator, Senate Member, and many more. Her current research interests include Internet operation research, Blockchain technology, SMART home monitoring and management system, and IOT systems.
Professor Ts. Dr. Miss Laiha Mat Kiah has successfully completed a number of Research Grant and Project in the past few years. The detailed list is mentioned below:
- Dynamic Value Approach to Address Factory Default and Reset Vulnerabilities on IoT Devices, Principal Investigator(PI), 2018 – 2019, RU Geran – Fakulti Program, (National)
- The Investigation into Permutation Property of Block Ciphers, Consultant, 2018 – 2019, RU Geran – Fakulti Program, (National)
- Smart And Security Enhanced Transportation Ecosystem For A Future Sustainable Smart City, Consultant, 2018 – 2020, Partnership Grant, (National)
- Wireless Backhaul Network Planning and Optimization Techniques Based on Deep Learning Algorithms, Consultant, 2018 – 2020, Bantuan Kecil Penyelidikan (BKP), (National)
- Decentralization Of Laboratory Exercise Via Remote Application: A State-of-the-art Approach Toward Efficient Educational Facility Resource And Energy
- Management In Academic Institutions, Consultant, 2018 – 2019, UM Living Lab Grant Programme – SUS (Sustainability Science), (National)
- Healthcare Meets Big Data: Security And Privacy Protection, Consultant, 2018 – 2020, RU Geran – Fakulti Program, (National)
- Drm For Cloud Based Storage Providers, Principal Investigator (PI), 2017 – 2019, Private Funding, (National)
- Anomaly Detection In Policy Authorization Activity Logs, Consultant, 2017 – 2019, Private Funding, (National)
- Modelling And Governing Traffic Congestion: Air Quality, emission, & Traffic Use, Consultant, 2015 – 2019, Grand Challenge – SUS (Sustainability Science), (University)
- Secure Group Communication For Critical National Information Infrastructur (cnii), Principal Investigator(PI), 2013 – 2016, MOSTI-Science Fund, (National)
- Secure Group Communication for Critical National Information Infrastructure, Principal Investigator(PI), 2013 – 2016, Science Fund, (National)
- Implementation Of Secure Framework For Electronic Medical Record (emrs)., Principal Investigator(PI), 2012 – 2016, High Impact Research – Ministry ofEducation (HIR-MOE) Cycle 2, (National)
- Implementation of Secure Framework for Electronic Medical Records (EMRs), Principal Investigator(PI), 2012 – 2015, High Impact Research (HIR), (National)
- Deployment of Virtual Honeypots, Principal Investigator(PI), 2011 – 2013, Geran Penyelidikan Universiti Malaya (UMRG), (National)
- Information and Communication Security, Principal Investigator(PI), 2010 – 2011, Special Fund, (National)
- A SCALABLE, DISTRIBUTED AND SECURE POSITION-BASED ROUTING PROTOCOL FOR AD-HOC NETWORKS, , 2010 – 2011, Postgraduate Research Grant (PPP) – Research, (National)
- PUBLIC KEY INFRASTRUCTURE FOR SECURE MOBILE MESSAGIN USING ELLIPTIC CURVE CRYPTOSYSTEM, , 2009 – 2010, Postgraduate Research Grant (PPP) – Research, (National)
- AN IMPLEMENTION OF SECURE GROUP COMMUNICATION, Principal Investigator(PI), 2009 – 2011, Geran Penyelidikan Universiti Malaya (UMRG), (National)
- An Implemetation of Secure Group Communication, Principal Investigator(PI), 2009 – 2011, Geran Penyelidikan Universiti Malaya (UMRG), (National)
- A SCALABLE, DISTRIBTED AND SECURE POSITION-BASED ROUTING PROTOCOL FOR AD-HOC NETWORKS, , 2009 – 2010, Postgraduate Research Grant (PPP) – Research, (National)
- Secure Routing Protocols for Large Mobile Ad-Hoc Networks, Principal Investigator(PI), 2008 – 2010, Short Term Research Fund (Vote F)(PJP), (National)
Research Assistants (RAs)
Mr. Ali Hussain is a Cyber Security technology research professional having in-depth knowledge of emerging Cyber Threats and detection technologies, innovation, and the latest trends in the area of Anti-Malware research. With more than 5 years of experience in the anti-malware professional services, research, and training industry at different levels, he had worked with several international organizations, and currently, associated with Security Lab, Wisma R&D, and the University of Malaya.
Mr. Mahi Uddin is a network security professional and a master’s degree student at the University of Malaya and working on this project. After completing his Bachelor’s Degree in Computer Science from East-West University, he joined a software firm as a Software Developer. Then he switched to Bengal Foundation as a Web Developer in June 2006. From 2006 to 2017, Mahu Uddin has been working for Bengal Foundation. He has served as Web Developer, Software Engineer, Sr Software Engineer, and Sr Manager in Bengal Foundation and Acting head of IT. He is also experienced Web and Software Development using PHP Based, Networking, and System Admin. Since May 2018, he is working on Cyber Security and has completed CEH course in October 2018. He is doing VAPT for our organization. He had worked with several international organizations and currently he is working with Security Lab, Wisma R&D, and the University of Malaya.
References
[1] https://www.sciencedirect.com/science/article/abs/pii/S1742287617301688?via%3Dihub
[2] https://www.iana.org/assignments/rdap-dns/rdap-dns.xhtml
[3] https://www.icann.org/resources/pages/idn-2012-02-25-en
[4] https://en.wikipedia.org/wiki/Representational_state_transfer
[10] https://www.mathworks.com/products/matlab.html
[11] https://www.icann.org/rdap
[12] https://en.wikipedia.org/wiki/WHOIS
[13] https://en.wikipedia.org/wiki/Regional_Internet_registry
[15] https://umexpert.um.edu.my/misslaiha
[16] https://github.com/DNSBelgium/rdap
[17] https://www.reddog.mx/home/2017/12/14/server-1.2.2-patch-released.html
[18] https://gitlab.centralnic.com/centralnic/rdap-conformance
[19] https://www.viagenie.ca/rdap/
[20] https://github.com/openrdap/rdap
[21] https://github.com/registrobr/rdap
[22] https://github.com/google/nomulus
[23] https://github.com/hiqdev/rdap
[24] https://github.com/metaregistrar/rdap-client
[25] https://github.com/registrobr/rdap-client
[26] https://github.com/RIPE-NCC/whois/tree/rdap
[27] https://github.com/cnnic/rdap
[28] https://github.com/CZ-NIC/fred-rdap
[29] https://github.com/ntblk/whois-rdap
[30] https://github.com/20c/rdap
[31] https://github.com/dzh/rdap-client
[32] https://rdap.arin.net/registry/ip/4.8.18.34
[33] https://www.theverge.com/2020/4/16/21223800/google-malware-phishing-covid-19-coronavirus-scams
[34] https://mynic.my/
[36] chrome://extensions/?id=onfabjjapmkecfppmmnfomkcleifpkcl
[37] https://my.linkedin.com/in/mahi-uddin-3442084
[38] https://linkedin.com/in/pcmalih
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License