Dear Colleagues, I am Satoru Tsurumaki from Japan Open Policy Forum Steering Team.
I would like to share key feedback in our community for prop-167, based on a meeting we organized on 25th Aug to discuss these proposals. This feedback is sent on my behalf, but please note that it is a summary of the discussions among the 7 Japanese community members who attended the meeting. Many support opinions were expressed from the attendees about this proposal. (comment details) - Visualizing data is beneficial, but we need to discuss whether the content of the data currently proposed is appropriate. - We should analyze the acquired data to determine what trends or events can be identified first . For example, knowing the top 1000 ASNs of origin is meaningless unless we understand what that signifies. - I don't understand the rationale or benefits for displaying these information on MyAPNIC. Regards, Satoru Tsurumaki JPOPF Steering Team 2025年8月20日(水) 18:09 Shaila Sharmin <[email protected]>: > > Dear SIG members, > > A new version of the proposal "prop-167-v002: Published Statistics on > Directory Service Usage" > has been sent to the Policy SIG for review. > > It will be presented at the Open Policy Meeting (OPM) at APNIC 60 on > Thursday, 11 September 2025. > https://conference.apnic.net/60/program/program/index.html#/day/8/ > > We invite you to review and comment on the proposal on the mailing list > before the OPM. > The comment period on the mailing list before the OPM is an important part of > the Policy Development Process (PDP). > > We encourage you to express your views on the proposal: > > - Do you support or oppose this proposal? > - Does this proposal solve a problem you are experiencing? If so, > tell the community about your situation. > - Do you see any disadvantages in this proposal? > - Is there anything in the proposal that is not clear? > - What changes could be made to this proposal to make it more effective? > > Information about this proposal is appended below as well as available at: > https://www.apnic.net/community/policy/proposals/prop-167/ > > > > Regards, > > Bertrand, Shaila, and Ching-Heng > APNIC Policy SIG Chairs > > > > ----------------------------------------------------------------------------------- > > prop-167-v002: Published Statistics on Directory Service Usage > > ----------------------------------------------------------------------------------- > > Proposer: Jonathan Brewer ([email protected]) > > > 1. Problem statement > > ------------------------- > > The WHOIS protocol was first documented forty three years ago by RFC 812. At > the time the authors of the protocol expected every individual user with a > directory on an ARPANET host (later an Internet host) to be registered in the > database. > > Registration details required included full name, middle initial, U.S. > mailing address, ZIP code, telephone, and email. [1] > > By 2004 when RFC 3912 was published, WHOIS was "widely used to provide > information services to Internet users" but was considered flawed due to its > lack of security and internationalisation support. Due to an absence of > security, it was > > noted then that "WHOIS-based services should only be used for information > which is non-sensitive and intended to be accessible to everyone." [2] > > > Today the APNIC WHOIS and RDAP services are critical components of the > Internet Number Registry System. WHOIS still has no security, and RDAP as > implemented by APNIC has no controls on privacy. The data collected and > distributed has not > > changed in more than 40 years. The system still contains full names, mailing > addresses, telephone numbers, and email addresses. What has changed is the > ease of collecting and exploiting this kind of data. > > > In 2015 the United Nations Human Rights Commission Resolution 28/16 > recognised that the same rights people have offline should be protected > online, including the right to privacy. [3] > > It's possible that APNIC's directory systems now contravene that right. > > Traffic to APNIC's directory services systems appears to have grown beyond > levels consistent with intended operational use. An analysis of WHOIS and > RDAP query logs provided by APNIC covering the period 1 April to 30 June 2025 > showed that APNIC responded to approximately 5.5 billion directory queries in > that period. In some hours, the RDAP service alone received queries from more > than 365,000 unique IP addresses. [4] > > Such patterns suggest that APNIC's directory services are being used for > purposes beyond their original scope — potentially including data mining, > bulk harvesting, or automated analysis by parties outside the network > operator community. > > Without visibility into these usage patterns, APNIC members lack the > information necessary to develop appropriate policy responses. > > > > > > 2. Objective of policy change > > ------------------------- > > To provide APNIC members and stakeholders with visibility into the use of > WHOIS and RDAP services, enabling: > > - Greater transparency around system usage > > - Informed policy discussions about acceptable use and system sustainability > > - Identification of possible abuse or anomalous usage patterns > > - Enable members to track queries on their resources > > > > > > 3. Situation in other regions > > ------------------------ > > To date, no other Regional Internet Registry (RIR) is known to publish > real-time or near-real-time usage statistics for WHOIS or RDAP services, > although historical or aggregate statistics are sometimes provided upon > request or as part of > > research efforts. This proposal may therefore serve as a model for other > RIRs, and similar proposals may be considered in those regions depending on > interest. > > > > > > 4. Proposed policy solution > > ------------------------- > > APNIC will publicly publish real-time or near-real-time statistics about its > directory services usage. This publication should: > > - Be updated hourly. > > - Include the number of queries received by the WHOIS and RDAP services, > broken down by: > > - Source Autonomous System Number (ASN) (for at least the top 1,000 ASNs) > > - Source IP address count per ASN > > - Service (WHOIS vs. RDAP) > > - Include metadata such as query type and method > > - Be published in machine-readable formats such as JSON or CSV. > > - Include a feature within the MyAPNIC portal allowing resource holders to > view how many times their allocated resources (such as IP addresses or ASNs) > have been queried in WHOIS and RDAP, broken down by query type and source ASN > if possible. > > > > > 5. Advantages / Disadvantages > > ------------------------- > > Advantages: > > - Improves transparency and member insight into a core APNIC function. > > - Helps identify abnormal or potentially abusive usage patterns. > > - Informs future policy proposals on RDAP/WHOIS rate limiting, access > control, or acceptable use. > > > Disadvantages: > > - Requires development effort by APNIC to publish and maintain reporting > systems. > > > > 6. Impact on APNIC > > ------------------------- > > APNIC would need to implement data collection, processing, and publication > pipelines. > > APNIC would also need to extend the MyAPNIC portal to display per-resource > query statistics to individual resource holders. > > Resource holders are unlikely to be directly affected, though insights gained > may shape future policies affecting query rate limits or service design. > > > > References > > ------------------------- > > [1] RFC 812: NICNAME/WHOIS > > [2] RFC 3912: WHOIS Protocol Specification > > [3] A/HRC/RES/28/16 General Assembly > > [4] APNIC RDAP and WHOIS Statistics (internal data, April–June 2025 > > > > _______________________________________________ > SIG-policy - https://mailman.apnic.net/[email protected]/ > To unsubscribe send an email to [email protected] -- -- Satoru Tsurumaki BBIX, Inc _______________________________________________ SIG-policy - https://mailman.apnic.net/[email protected]/ To unsubscribe send an email to [email protected]
