TLS Channel for RIPE Whois A Proposal by Martin Millnert <millnert@gmail.com> Presented by Shane Kerr <shane@isc.org> at RIPE 62 in Amsterdam, May 2011
Proposal: TLS for Whois Data TLS is Transport Layer Security (similar to SSL) A TLS channel would provide: Confidentiality of queries Data integrity of the transported data Source data integrity (with server certificate) No additional changes to the RIPE database.
Why not a RESTful API? Several RIR's have new database API's: ARIN-RWS is a RESTful API RIPE NCC has the RIPE Database API TLS is simple TSL offers compatibility with the existing Whois protocol NOC's / ISPs scripts, for example
Details Port 43 (WHOIS) over TLS on port T.B.D. Port 21 (FTP) over SSL on port 443 https://ftp.ripe.net/ripe/dbase/
Example Implementation: Non-TLS import socket import sys query = bytes(' '.join(sys.argv[1:]) + "\r\n", 'ascii') sock = socket.socket(socket.AF_INET6, socket.SOCK_STREAM) sock.connect(('whois.ripe.net', 43)) sock.send(query) answer = sock.recv(4096) while answer != b'': sys.stdout.write(answer.decode('ascii')) answer = sock.recv(4096)
Example Implementation: TLS import socket import sys import ssl query = bytes(' '.join(sys.argv[1:]) + "\r\n", 'ascii') sock = ssl.wrap_socket(socket.socket(socket.AF_INET6, socket.SOCK_STREAM)) sock.connect(('whois.ripe.net', 43434)) sock.send(query) answer = sock.recv(4096) while answer != b'': sys.stdout.write(answer.decode('ascii')) answer = sock.recv(4096)