Re: [weirds] Entity name searches

Andrew Newton <andy@hxr.us> Mon, 09 November 2015 20:32 UTC

Return-Path: <andy@hxr.us>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 930A01B839F for <weirds@ietfa.amsl.com>; Mon, 9 Nov 2015 12:32:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gokk90VhIJDU for <weirds@ietfa.amsl.com>; Mon, 9 Nov 2015 12:32:34 -0800 (PST)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5B721B839C for <weirds@ietf.org>; Mon, 9 Nov 2015 12:32:33 -0800 (PST)
Received: by wmww144 with SMTP id w144so92031953wmw.1 for <weirds@ietf.org>; Mon, 09 Nov 2015 12:32:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hxr_us.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=Qjk6gqUaC4pg76L3m6PoBC9MMsCLQdA6AEdVzX1pZJE=; b=yleDdrUxqM/baI3SpwYPqu6pbSgWNER6G90Ycl2byenX+3uSm/WhO7jQGV2NP2k30V qrrhGwfYj89O3Z5LzMYLFcrF3c3Mf3OysjChPa9oTW8BmYnR799nFFqB2MnJYeyGb1Xk e47U3JkFM1s7T5vx4PF8O1x4t9O/Oi4x3Q5gEjcp7/II8jjD1qnnN3CY/+JYBlT+K89A jK2ZsgwQr7d8JC8RNeuR/upafbwvk6lpgJtjPmwOlj3Gap93swtpDSA7ghmUHXrtRhq8 suZJrZRBCc9NQedJb1ESNPSHTFkFW0LQG2mnyiPxBKkY4KLaqLFMQCTlwT5P3cCxBS97 zumA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=Qjk6gqUaC4pg76L3m6PoBC9MMsCLQdA6AEdVzX1pZJE=; b=baYo6JvyyCCkvvZ4tWONXHRM83+tM1ZP5rMvKbkirR9ZvybrnmTFpEfXKFRFAQ+snP TL9GdhgwdwotmKlcVoYXQznMm5PTRd6zFmhujQ8l95Jss6Ap893Sqyt9pT4maCR3hI11 r5ZD/i6ukEy196SavOJT+KusUKKONlzcVrREUnynKc62ZTX2UrhwKWa/nyByYot0lKxe +iRpIsRKrUc399Bj/jJv0WabK29GqOX2I5oVqoVeK2sCQdq8hPea93WDFNj9VLbgTz/C a56vyldHsRKLKHavNuegLvaRbdLNe/8pcEmP+hA7YaKgto4ac1709bQsAZ8LANlLe0oN a+ew==
X-Gm-Message-State: ALoCoQkV7F+ZxLErJKfjGd+9+TTIlBWZoE8LT4SxDpw/yjnMRPRriGeJoQXt5UAgfECiuO7IDSqC
MIME-Version: 1.0
X-Received: by 10.28.174.139 with SMTP id x133mr29828349wme.100.1447101152403; Mon, 09 Nov 2015 12:32:32 -0800 (PST)
Received: by 10.194.91.134 with HTTP; Mon, 9 Nov 2015 12:32:32 -0800 (PST)
X-Originating-IP: [2001:500:4:15:f24d:a2ff:fe31:a268]
In-Reply-To: <DECCCEF3-9870-4599-BFD7-03200F20CEA3@icann.org>
References: <CALRmJyi6i-fo12M0M-gx9Ds50P+0esmX1cRkaFwW_2_L=xcNvg@mail.gmail.com> <CAAQiQRcUvDBLhDEa0ssqmoTPJ18673RiU60mSx7CuxvMq+203w@mail.gmail.com> <CALRmJyixwJZ+pGRKjg6bSpbZEYkqqO3=-Zc46cBzfj8n6Uvv+w@mail.gmail.com> <DECCCEF3-9870-4599-BFD7-03200F20CEA3@icann.org>
Date: Mon, 9 Nov 2015 15:32:32 -0500
Message-ID: <CAAQiQRf3tZ7Vt2Xu79a6vb+hr9=FxsJRkHKOFP8SKaV_C1zJ-Q@mail.gmail.com>
From: Andrew Newton <andy@hxr.us>
To: Dave Piscitello <dave.piscitello@icann.org>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/weirds/5OoTyxyl-SpEbTvw07UdkH1tOHo>
Cc: Brian Mountford <mountford@google.com>, Justine Tunney <jart@google.com>, "weirds@ietf.org" <weirds@ietf.org>
Subject: Re: [weirds] Entity name searches
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/weirds/>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2015 20:32:35 -0000

Ok. I understand the use case. It still requires an extension to RDAP.
That type of search never came up during the standardization process.

At ARIN we do offer more targeted RESTful searches, but it has been my
experience they are used almost exclusively for data mining. And I
suspect that if left wide open, that's how it would be used in RDAP
for DNRs. So to get a "system" to work, there would need to be an
authorization system... and since we are talking multiple DNRs, that
would be federated authorization. And because there are multiple DNRs,
these queries would have to be run in parallel against each one (using
the bootstrap to find them). And then you have the problem that some
domain registries are thin. Those are a lot of problems to solve, and
I'm not sure who has the will to do it.

-andy

On Mon, Nov 9, 2015 at 12:44 PM, Dave Piscitello
<dave.piscitello@icann.org> wrote:
> More generally, if you are looking at 100,000 registration records that have
> been associated with spam, you’d want the ability to search or pivot on any
> data/string that establish relationships among the domain strings (e.g.,
> botnet DGA) but as importantly, _any_ element of the registration record
> that subsets share: POC, creation date, name server…
>
> On Nov 9, 2015, at 12:12 PM, Brian Mountford <mountford@google.com> wrote:
>
> Well, for instance, one might want to search the organization. When I do a
> WHOIS query for google.com, the contacts have an organization of Google Inc.
> I might want to search for all contacts with that organization.
>
> I can try to tailor the interpretation, but since the search string syntax
> does not allow for arbitrary suffix searching, it's not clear what tailoring
> is possible. Are you saying that I could take an entity name search string
> of "McB*" and interpret that as a search for names any of whose words begin
> with McB, so that it would find Joe McBride as well as McBurns Simpson? That
> seems to be playing pretty loose with the partial search string rules, since
> the RFC takes pains to define that syntax so precisely.
>
> Brian
>
> On Fri, Nov 6, 2015 at 4:47 PM, Andrew Newton <andy@hxr.us> wrote:
>>
>> Welcome to the world of internationalization, where the concept of a
>> last name vs a first name is not universal, and US ASCII is not
>> representative all the characters used.
>>
>> Since you know the data in your database best, you should taylor the
>> interpretation of the query input to that which works best with your
>> registry.
>>
>> On Sat, Nov 7, 2015 at 5:54 AM, Brian Mountford <mountford@google.com>
>> wrote:
>> >
>> > And only names? There is no provision for searching entities by address,
>> > etc.?
>> >
>>
>> I don't think that ever came up. It would require an RDAP extension. I
>> do question how useful such a thing would be. Why does anybody care
>> that a particular registry has contacts living on Mumford Lane in East
>> Westover? Are they searching all the registries for that information?
>> Do they need a telephone book instead?
>>
>> -andy
>
>
> _______________________________________________
> weirds mailing list
> weirds@ietf.org
> https://www.ietf.org/mailman/listinfo/weirds
>
>