WHOIS Running the Internet E-Book

Table of Contents

COVER

TITLE PAGE

INTRODUCTION: WHAT IS WHOIS?

I.1 CONVENTIONS USED IN THIS TEXT

I.2 FLOW OF THIS TEXT

I.3 WHOIS FROM VERSUS WHOIS ABOUT

I.4 ORIGIN OF THE TERM WHOIS

I.5 WHY WHOIS IS IMPORTANT (OR SHOULD BE) TO EVERYONE

I.6 WHAT KIND OF USE AND CONTACT IS PERMITTED FOR WHOIS

I.7 WHERE IS THE WHOIS DATA?

I.8 IDENTIFYING REMOTE COMMUNICATION SOURCES

I.9 GETTING DOCUMENTATION

1 THE HISTORY OF WHOIS

1.1 IN THE BEGINNING

1.2 THE SANDS OF TIME

1.3 1950s: ON THE WIRES AND IN THE AIR

1.4 1960s: SPARKING THE INTERNET TO LIFE

1.5 1970s: OK, NOW THAT WE HAVE AN INTERNET, HOW DO WE KEEP TRACK OF EVERYONE?

1.6 1980s: WHOIS GETS ITS OWN RFC

1.7 1990s: THE INTERNET AS WE KNOW IT EMERGES

1.8 2000s: WHOIS STANDARDS

REFERENCES

2 USING WHOIS

2.1 DOMAIN WHOIS DATA

2.2 DOMAIN WHOIS FIELDS

2.3 GETTING RECORDS ABOUT VARIOUS RESOURCES

2.4 IP WHOIS

2.5 ccTLDs AND IDNs

2.6 WHOIS SERVICES

REFERENCES

3 RESEARCH AND INVESTIGATIONS

3.1 COMPLETELY DISASSEMBLING A WHOIS RECORD

3.2 MORE TOOLS

REFERENCES

4 WHOIS IN THE DOMAIN NAME SYSTEM (DNS)

4.1 THE BIG MISTAKE

4.2 BASICS OF THE DNS

4.3 DNS RR

4.4 OUTSIDE THE DNS: AN INTERNET WITHOUT WHOIS

REFERENCE

5 WHOIS CODE

5.1 AUTOMATING WHOIS WITH BATCHING AND SCRIPTING

5.2 WHOIS CLIENT CODE

5.3 WEB WHOIS FORMS

5.4 PARSING WHOIS RECORDS

6 WHOIS SERVERS

6.1 HISTORICAL SERVERS

6.2 SERVER STANDARDS AND ICANN REQUIREMENTS

6.3 FINDING THE RIGHT SERVER

6.4 INSTALLING AND CONFIGURING WHOIS SERVERS

6.5 WHOIS DATABASE

7 WHOIS POLICY ISSUES

7.1 THE WHOIS POLICY DEBATE

7.2 STUDIES, REPORTS, AND ACTIVITIES ON WHOIS

7.3 WHOIS ENFORCEMENT AND NONENFORCEMENT AT ICANN

REFERENCES

8 THE FUTURE OF WHOIS

8.1 NEW gTLDs

8.2 WHOIS-BASED EXTENSIBLE INTERNET REGISTRATION DATA SERVICE (WEIRDS)

8.3 AGGREGATED REGISTRY DATA SERVICES (ARDS)

8.4 TRULY SOLVING THE PROBLEM

8.5 CONCLUSION: THE DOMAIN MONEY WALL—OR WHY ICANN WILL NEVER FIX WHOIS

APPENDIX A: WHOIS CODE

A.1 C CODE EXAMPLE 1: BERKELEY WHOIS.c 8.1

A.2 C CODE EXAMPLE 2: RIPE WHOIS3.c BY SHANE KERR AND CAN BICAN

A.3 C CODE EXAMPLE 3: RIPE WHOIS.c BY MARCO D'ITRI

A.4 JAVA WHOIS BY ERIK THAUVIN

A.5 LISP WHOIS BY METIN EVRIM ULU

APPENDIX B: WHOIS SERVERS

B.1 TOP-LEVEL INTERNET ORGANIZATIONAL WHOIS SERVERS

B.2 RIR WHOIS SERVERS

B.3 ADDITIONAL REGIONAL REGISTRAR WHOIS SERVERS

B.4 INTERNET ROUTING REGISTRIES (IRR) WHOIS SERVERS

B.5 gTLD REGISTRY WHOIS SERVERS

B.6 .PRO SUBDOMAINS

B.7 NEW gTLD WHOIS SERVERS LISTED IN 2013

B.8

cc

TLD WHOIS SERVERS

B.9 AUTHORITATIVE gTLD REGISTRAR WHOIS SERVERS

B.10 CENTRALNIC SUBDOMAINS

B.11 ZANET SUBDOMAINS

B.12 NONAUTHORITATIVE AND SPECIAL USE WHOIS SERVERS

INDEX

END USER LICENSE AGREEMENT

List of Illustrations

Introduction

FIGURE I.1 Bodie Island Light Station.

FIGURE I.2 Cape Hatteras Light Station.

FIGURE I.3 Polybius Torch Signalling, Hulton Archive.

Chapter 01

FIGURE 1.1 Chappe optical telegraph from http://farm3.static.flickr.com/2174/3666825198_a7ab2e6270_m.jpg.

FIGURE 1.2 Telegraph Hill, San Francisco, California. http://www.superstock.com/stock-photos-images/1885-2819.

FIGURE 1.3 Telegraph Street, South Boston, Massachusetts.

FIGURE 1.4 Wedjat,

FIGURE 1.5 From mathisgoodforyou.com. http://www.mathsisgoodforyou.com/topicsPages/egyptianmaths/horusfractions.htm.

FIGURE 1.6 Sputnik, Courtesy of NASA.

FIGURE 1.7 HERE IS key.

FIGURE 1.8 HERE IS key.

FIGURE 1.9 Teletype Overview - 33 ASR Teletype Manual.

FIGURE 1.10 Teletype answer-back drum—

33 ASR Teletype Manual

.

FIGURE 1.11 Key to abbreviations—

33 ASR Teletype Manual

.

FIGURE 1.12 Section 2.10—

33 ASR Teletype Manual

.

FIGURE 1.13 USASCII code chart—

33 ASR Teletype Manual

.

FIGURE 1.14 TELNET Character Set.

FIGURE 1.15 The ARPANET Directory.

FIGURE 1.16 Interface Message Processor.

FIGURE 1.17 InterNIC WHOIS.

Chapter 02

FIGURE 2.1 Domain system tree.

FIGURE 2.2 Nameserver portion of registry WHOIS record.

FIGURE 2.3 Nameserver portion of registrar WHOIS record.

FIGURE 2.4 InterNIC WHOIS record results.

FIGURE 2.5 InterNIC registrar listing.

FIGURE 2.6 Registrar name in WHOIS record.

FIGURE 2.7 .NAME WHOIS results.

FIGURE 2.8 Expanded .NAME WHOIS results.

FIGURE 2.9 ARIN WHOIS.

FIGURE 2.10 Command-line WHOIS.

FIGURE 2.11 GeekTools WHOIS with CAPTCHA code entry.

Chapter 03

FIGURE 3.1 WHOIS domain request.

FIGURE 3.2 WHOIS registrar request.

FIGURE 3.3 WHOIS nameserver request.

FIGURE 3.4 Hurricane Electric Border Gateway Protocol Interface.

Chapter 04

FIGURE 4.1 Internet authority map.

FIGURE 4.2 Internet WHOIS record map.

FIGURE 4.3 ASN routing.

FIGURE 4.4 Web traceroute window.

FIGURE 4.5 Onion routing versus DNS.

FIGURE 4.6 TOR launch window.

FIGURE 4.7 Silk Road webpage.

Chapter 06

FIGURE 6.1 Digital PDP 10.

FIGURE 6.2 Domain WHOIS.

FIGURE 6.3 WHOIS server in WHOIS record.

FIGURE 6.4 Whois Server configuration.

Chapter 07

FIGURE 7.1 Privacy versus disclosure chart.

FIGURE 7.2 Suggested privacy versus disclosure model.

FIGURE 7.3 Privacy protection WHOIS record.

FIGURE 7.4 Mail rejection.

FIGURE 7.5 Hold record status.

FIGURE 7.6 ICANN Compliance investigation chart.

FIGURE 7.7 ICANN Compliance endless loop.

Chapter 08

FIGURE 8.1 Excessive accreditations by five companies.

FIGURE 8.2 Who controls ICANN’s extra money?

FIGURE 8.3 Rejected mail sent to a spam-advertized domain owner.

Guide

Cover

Table of Contents

Begin Reading

Pages

iii

iv

v

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

309

310

311

312

313

314

315

316

317

318

319

320

321

322

323

324

325

326

327

328

329

330

331

332

333

334

335

336

337

338

339

340

WHOIS RUNNING THE INTERNET

Protocol, Policy, and Privacy

This book is dedicated to my father, Robert, who taught me all I know and never stopped teaching.

INTRODUCTION: WHAT IS WHOIS?

WHOIS is a complex topic, as this book explains, but the simplest explanation is that it is a record system for network resources, mostly, but not exclusively on the Internet. WHOIS is one of the most critical and controversial services on the Internet, yet there has been little or no comprehensive documentation. A WHOIS service can be queried to return a WHOIS record, which details who owns or manages an Internet resource. While this service may seem ordinary, WHOIS is one of the most debated issues in Internet policy. In theory, WHOIS is supposed to simply retrieve contact information; in practice, WHOIS varies widely in composition, access, and use. This text covers the universe of topics and issues including the 40-year evolution of the service, policy changes, comprehensive use instructions, service deployment, and advanced coding for programmers. The text is wide in its breadth and attempts to be somewhat deep in each of the major areas, but there are limitations to coverage in a single text.

Unlike computer programming, networking, or hardware development, WHOIS is a disconnected and esoteric discipline. It has many self-taught adepts as well as almost cultish followers. WHOIS is a deep and wide subject without dedicated texts or classroom instruction, a truly strange and hidden world. Welcome, you are about to become a WHOIS sorcerer.

From RFC11771 FYI on Questions and Answers to Commonly asked “New Internet User” Questions (1990)

WHOIS: An Internet program which allows users to query a database of people and other Internet entities, such as domains, networks, and hosts, kept at the NIC. The information for people shows a person’s company name, address, phone number and email address.

Same language in the 1991 version2

In its modern usage, “WHOIS” has become a bit of a misnomer. A more accurate term would be “WHOOWNS,” “WHOCONTROLS,” or “WHOISRESPONSIBLE” since the original WHOIS identified personal accounts or machines tied to a specific person or entity. The one-to-one concept of a resource on the Internet simply no longer applies in most cases, and the WHOIS record will in fact reveal multiple parties with their hands on a domain name or Internet Protocol (IP) address.

Performing a domain WHOIS query lookup on “wiley.com” returns this data:

John Wiley & Sons, Inc

Domain Administrator

111 River Street

Hoboken, NJ 07030

US

Phone: +1.3175723355

Email: [email protected]

The IP address for wiley.com is 208.215.179.146. A WHOIS query lookup on this address returns this data:

Name John Wiley & Sons

Handle C00546298

Street 432 Elizabeth Avenue

City Somerset

State/Province NJ

Postal Code 08875

Country US

These are two very simple examples of a system, which provokes intense concerns about cybercrime, invasion of privacy, and even the survivability of a single global Internet.

The term WHOIS can refer ambiguously to a service program, a database that stores WHOIS records and the WHOIS record itself. The original reason for having these records and making them publicly available is simple: every node on the Internet is capable of passing traffic to another node, which is what makes the Internet work. If one node has functional problems, it threatens the overall operation of the Internet so other administrators must have the ability to contact the owner of a node experiencing a problem somewhere in the chain.

WHOIS as a protocol concept essentially started in 1971 with the creation of Finger, a program that allowed users on a network to retrieve details about other active users on the network. This was most likely the first time it became possible to remotely create a live “online” connection. An updated version in 1977 called Name/Finger actually introduced the term “Whois” as part of the program function. Being able to see who else is on the network and retrieve information about those persons is a fundamental pillar of the Internet, but one also seen as contributing to the decline in personal privacy. There were so few participants on the early network that sharing contact information was not considered controversial. As the network steadily grew, some started to see the public availability of this information as a threat. However, it is generally acknowledged that allowing unaccountable parties onto the public network is just as dangerous. A balance must be found between security and privacy. To address this, a sizable portion of the text is dedicated to this debate.

Following the precise path of the growth of the Internet, WHOIS has experienced changes and even mutations. Unknown to most, there is in fact no single WHOIS database or standard for the Internet. There may be as many as 1500 public WHOIS databases, each with its own rules, formatting, and level of service. The number of WHOIS records currently in existence may exceed 200 million. WHOIS is a massive pile of data with names, addresses, phone numbers, and network resources that explains who owns what is on the Internet.

WHOIS records have long been required for IP addresses and for Internet hostnames. When domain names became available for public consumption, the WHOIS controversy exploded. Criminals began deliberately falsifying WHOIS records, shady marketers exploited the publicly available contact information, and noncommercial domain owners feared for their privacy and safety.

The future of WHOIS is up in the air. There are parties who want to see it banned completely or have access severely restricted. Conversely, the demand and growth of the data is increasing, which calls for better management and more technical tools. Presently, we are at crossroads in the history of WHOIS.

While WHOIS existed in various formats for several decades, the formal documentation used for our current Domain Name System (DNS) was released in 2004 in Request for Comments (RFC) document number 3912.3 This standards document admits to problems with the security and data formats with the expectation or disclaimer that the data is “intended to be accessible to everyone.”

It is important to understand how WHOIS fits in with the overall structure of the DNS.4 WHOIS records are not “required” for the DNS, meaning there is no technical requirement for the WHOIS record to exist, be reachable, or be accurate for a domain name to resolve. However, a variety of networking services depend on WHOIS, for example, the firewall analyzing program fwlogwatch5 calls WHOIS as one of its functions, the -W switch.

What does and does not have a WHOIS record:

example.com—Does

frediessubdom.example.com—Does not

example.com/utils/homepage.html—Does not

ns1.example.com—Does

[email protected]—Does not

Email addresses do not have WHOIS records, but the domain name that serves the mailbox does. So for each email address, there is one unique WHOIS record for the attached domain, no WHOIS record for specific email addresses. Twitter addresses and Facebook pages do not have WHOIS records but twitter.com and facebook.com do. The raw IP addresses behind domain names have WHOIS records as do nameservers and the major Internet providers who sponsor the architecture of the DNS. Specific services may have internal functions called “WHOIS.” For example, Internet Relay Chat6 (IRC) has the commands WHO,7 WHOIS,8 and WHOWAS,9 which provide information about different account holders; these are not usually considered part of the common WHOIS lexicon. WHOIS has multiple definition and uses, including:

WHOIS

record

WHOIS

service

WHOIS

server

WHOIS

database

WHOIS

query

WHOIS

program

While registration data is casually referred to as “WHOIS,” the more accurate term might be Domain Name Registration Data (DNRD), but few outside the industry use this.

I.1 CONVENTIONS USED IN THIS TEXT

All material is intended to be thoroughly sourced with examples and links to additional information or original material—but be warned; the source documents may even be more obscure and difficult to understand. The examples cited are meant to be simple and straightforward. Italicized sections are typically literal command strings intended to be typed at a terminal or shell prompt. While the term “WHOIS” is featured in many different ways (whois, WhoIs, etc.), the convention here is to use “WHOIS” for general concepts and “whois” for specific instructions and coding. In some instances, the capitalization may be from the original context of a cited document.

People tend to regard WHOIS as a single system, but nothing can be further from the truth. The results of a WHOIS query are limited by what the specific database has, what the specific server allows access to, the used account’s level of access, and the functions of the WHOIS client being used.

The way domain owners are described varies within the industry. The official term is domain registrant as no one really owns a domain. Domains are leased for periods of 1 year typically and must be renewed. The colloquial term “domainer” is often used to describe the population of domain registrants in a political context, whereas “registrant” is used to describe their specific relationship with the registrar. Another simpler description is domain customer. All term may be used in this text, but generally refer to the same type of person or entity.

The official term describing what a registrar does for a registrant is sponsorship. However, domain name registrars do not like this term. “Sponsorship” is what appears in the Internet Corporation of Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) contract, but registrars are concerned that this term implies a much more active type of oversight than they are required to provide.

Some records returned by WHOIS queries can be exceedingly long. If we have shortened the records for brevity in the text, it should be indicated clearly or terminated with an ellipsis (…). Specific commands list in the flow of discussion are in bold. Italicized block citations are typically from documentation, memorandum, or texts. If these italicized blocks are in quotes, they are usually from a single person or attributable to single person. Single italicized lines without quotes are literal command expression to be typed on a terminal or command prompt. Example system responses are indented in a different font.

I.2 FLOW OF THIS TEXT

The goal of this book is to provide a comprehensive overview, with a certain amount of depth through its coverage of WHOIS history and WHOIS use, as well as its greater role the DNS. The full picture is seen in WHOIS programming, WHOIS server details, the complex body of WHOIS policy development, and finally the future of WHOIS. All of these topics are deeply interwoven. The history helps explain why WHOIS has been structured as it is and why some of the problems are a result of those initial decisions. Historical issues have influenced how the services were developed technically and how they are used by various consumers of the data. The WHOIS imprint on the fabric of the Internet’s DNS through the servers that implement policy and technical decisions are all dependent factors in the body of WHOIS.

I.3 WHOIS FROM VERSUS WHOIS ABOUT

It is important to understand that it is possible to both query WHOIS from a service and about a service. Registrars and registries are services that host WHOIS service but also have their own WHOIS records that provide contact information for the registrar or registry company itself.

The term WHOIS can refer ambiguously to a service program, a database that stores WHOIS records as well as the WHOIS records themselves:

Contact/owner record for an Internet resource

Database holding Internet contact/owner records

Query of the database holding Internet contact/owner records

Server hosting the database Internet contact/owner records

Service listening for queries of the database Internet contact/owner records

Client program querying the database Internet contact/owner records

The entire scope of all services and policy concerning Internet contact/owner records

In the early days, a single failure on the network could stop all the data from moving. The immediacy of having a technical contact in WHOIS has shifted to security and policy needs. With multiple routes available on the Internet, and more coming all the time, this brings new threats of abuse on the network on even grander scales. The use of WHOIS may have shifted slightly, but its need has become greater.

I.4 ORIGIN OF THE TERM WHOIS

While we can trace the origin of the WHOIS protocol to specific people, events and code finding the exact origin of the term may prove a little difficult. The who am i command and related used is familiar to UNIX users,10 but the use of WHOIS predates even UNIX. Different documents state that WHOIS was already in common use on systems prior to widespread UNIX deployment.11 The use of whois as a command on Internet Relay Chat (IRC )does not appear until 1988.

Often capitalized, WHOIS is not an acronym. It literally means “who is.” At one time, it was possible to type whois * (The asterisk “*” is a common wildcard system code, meaning it can be replaced with anything.) and retrieve all the profiles for everyone on the network. But where did it come from? “Certainly someone coined the term,”12 wrote Ken Harrenstien about the origin of WHOIS. Harrenstien wrote the original WHOIS specification, and everyone I talked to said if anyone knew the origin, “it would be Ken.” However, at the time, preserving the specific source of the term was not likely a priority. Ken surmised that his “suspicion is that it first started being used at the MIT AI lab, which is where I first encountered the name.”13

The Artificial Intelligence (AI) Laboratory at the Massachusetts Institute of Technology was famous for the Incompatible Timesharing System (ITS). In the late 1960s, ITS was where great strides occurred in computing. One of the utilities on this system was called who. who could be used to call up a list of active usernames and the terminal names they were using, but nothing more. For those familiar with Windows NT administration, it would be similar to the net view DOS command, which retrieves a list of machine names connected to the network. who did not tell you anything about the account holder or even where the terminal was located. In 1971, another program called finger was paired with a database to extend the utility of who by providing information about the users found with who. finger would later be combined with the name program to create the precursor for today’s WHOIS. The name/finger combination documentation in 1977 refers to the term “WHOIS” to describe the function, but the actual command switch was “/W”.14 Since this new process all ran on the ITS system, we must assume it was not new to developers at this point. Over time, WHOIS became the prevailing term for the function of seeing the record previously supplied by finger. To follow the logic, if who gave us a list active users but no further information, the follow-up question would likely be “who is” a particular user. Some RFCs assigning port number 43 refer to the service as “Who Is,”15 but obviously the space in the command would cause problems, especially, in earlier systems, so it follows that the term would be contracted.

Unlike many other early commands and future UNIX commands, “Who” is pretty straightforward, as compared to grep. There are some with the same sort of expected meaning like which (shows which version of a program is being used by virtue of the pathname), whereis (searches for files related to a utility), and whatis (describes a command). The one-letter command w combines features of who and finger with some additional features for more powerful searching on the local network. Even more specifically, whodo can retrieve a list of processes being run by which user. These commands check the system utmp16 file (and others), which record user activity. There is also a whom command that is used for examining email headers.17 However, most of these conventions appear long after WHOIS starts creeping into official Internet documents.

It would be difficult to make a direct connection with Internet WHOIS, but the first real use of the term in communication may have come from teletype machines as documented in the chapter on history. Long before the Internet sparked into being on October 29, 1968, remote signals were sent without electronics, and the recipients needed to identify the sender.

I.5 WHY WHOIS IS IMPORTANT (OR SHOULD BE) TO EVERYONE

Anyone who uses the Internet for any commerce or communication needs to understand there is an underlying record set documenting who controls websites and Internet resources. We all share and access the same Internet. How do we identify who controls a resource on this network? Specifically, within the context of a responsible party, for the purpose of addressing technical issues but also in the larger and more subtle context of ensuring a trust relationship on the shared network. Ensuring that a node on the network functions properly and is not passing traffic in a way that disrupts the network is part of that trust foundation. This becomes even more crucial when online transactions come into play. In this world, “transaction” has a few meanings, which need to be clarified. In networking, a transaction refers to a very literal transfer of data and has similar use in database programming. However, in the context of our trust relationship, transaction is used to refer to the exchange (sometimes unauthorized) of personal information or money. The fundamental reason for accurate and accessible WHOIS is to offer a layer of protection to users and consumers. WHOIS keeps the Internet democratic.

I.6 WHAT KIND OF USE AND CONTACT IS PERMITTED FOR WHOIS

There are concerns and accusations that WHOIS is being abused, or at least overused, but the records exist for a reason. WHOIS contact details may be used for “any lawful purpose,”18 which would include research and questions related to online investigations. Registrars, ISPs, registrants, and users engaged in illicit activities may claim that storing or using WHOIS data is a violation of privacy or harassment, but this is merely a tactic. There are limitations on the use of WHOIS data, which includes mass marketing,19 but this is inapplicable to data gathering in an investigation and contact in relation to the domain name. For example, contacting a domain registrant to ask if they have a valid pharmacy license for their domain is a completely legitimate use of WHOIS data. Illicit registrants will often accuse investigators of “spamming” them, but routine contact in connection to the use of a domain name is perfectly acceptable.

Registrars will often insert language into the headers of WHOIS records, which contain additional restrictions on the use of WHOIS. However, these conditions are frequently not supported by the registrar contracts. Specifically, the contract states: “Registrar shall not impose terms and conditions on use of the data provided.”20

I.7 WHERE IS THE WHOIS DATA?

In terms of domain WHOIS data, ICANN does not accept or store WHOIS data. All data is stored in individual registrar or registry databases in addition to the WHOIS escrow at Iron Mountain. The Iron Mountain escrow is not a database that can be queried, and ICANN does not have access to it. The purpose of the Iron Mountain escrow is to provide a recoverable repository of WHOIS data in case of catastrophic failure or if a registrar refuses to turn over their database upon contract termination, which has happened. There is no single WHOIS database. Because of the number of possible office locations, virtual data storage, and off-site backups, the data exists in various states and levels of availability. Some registrar WHOIS servers are even run from small home offices. WHOIS records are not a single record; rather, they are field entries in a database, and in some cases, the results displayed in a query may have come from more than one database. This is why the records will appear different depending on how the record is retrieved or where it is retrieved from. The WHOIS files produced by queries are merely the text output of a database query.

I.8 IDENTIFYING REMOTE COMMUNICATION SOURCES

WHOIS is not a unique or new situation. The problem of identifying persons, devices, or broadcasts on a network predates even the creation of the modern Internet. We can point to the Imperial Wireless Chain21 and the common telephone system.22 Consider examples of communication and source identification, which predate even any kind of wired or wireless transmission, namely, lighthouses. In theory, every lighthouse has a different paint pattern for daytime identification and flash lights at different intervals in the dark.23 While lighthouses keep ships from running aground, they also provide a critical navigational tool; the external stripes, color, or checkers are not just for quaint appearances. This is called a DAYMARK in sailor lingo.24 Compare these two lighthouses from Bodie Island, NC,25 and Cape Hatteras, NC,26 respectively. They are very close to each other in terms of location and similar in construction. The variation in pattern distinguishes them for ships in the area.

FIGURE I.1 Bodie Island Light Station.

Courtesy of U.S. National Park Service.

FIGURE I.2 Cape Hatteras Light Station.

Courtesy of U.S. National Park Service.

Communication is not just about transmitting information but also validating the source of that information. The role of lighthouses in civilization stretches back to ancient times. Two of the Seven Wonders of the Ancient World were lighthouses: the Colossus of Rhodes27 and the Pharos of Alexandria.28 Even more than sources of information, these structures were bold statements identifying the peoples who built them. The reference to lighthouses is not just a convenient comparison. Different types of signaling towers are directly related to the development of long-distance communication technologies that lead to the Internet. In the second century BC, the Greek statesman and historian Polybius created a tower-based signaling system, which employed an alphabet substitution system encoded on a grid, a Polybius Square.29 The original purpose of the code was not encryption but to reduce messaging to a very simple character set that could be translated by the remote recipient. The square was a 5 × 5 grid with the letters of the (Greek) alphabet placed in ordered rows, here in English:

1

2

3

4

5

1

A

B

C

D

E

2

F

G

H

I

K

3

L

M

N

O

P

4

Q

R

S

T

U

5

V

W

X

Y

Z

The ancient Greek alphabet only had 24 letters so we have omitted “J” to make it fit the 25 squares. Now, each letter can be represented by two digits, so 52 23 34 24 43 is “WHOIS.” By using two sets of five torches on a tower, messages can be quickly transmitted.

FIGURE I.3 Polybius Torch Signalling, Hulton Archive.

Copyright Getty Images.

Polybius was not just a communications scientist but also a political philosopher. For the purposes of this text, he serves as a kind of spirit guide on both counts.

An even better modern comparison in communications is radio. Like the Internet, radio waves are a shared public resource. IP addresses and domain names must be unique, just as specific radio frequencies can only be used by one broadcaster at a time within a specific range. Radio stations frequently give out the call letters (WXYZ or whatever) and broadcasting location. This is not just for promoting the station; it is a requirement of their license. In order to prevent clashing of signals, the airwaves are regulated; otherwise, the broadcast with the most powerful signal would simply control the frequency. This has serious implications beyond not being able to hear your favorite music. The frequencies of all radio emitting devices are regulated to keep them from interfering with other equipment or interrupting emergency frequencies of say the police. For example, there have been many cases over the years of military equipment interfering with remote residential garage door openers near air force or naval bases.30 The Federal Communications Commission31 (FCC), similar international agencies,32 and private DXers33 constantly try to track down unknown signals.

I.9 GETTING DOCUMENTATION

One of the main goals of this text is to bring together the rather large but disparate collection of information about WHOIS. Work on this book began out of a lack of texts dedicated to the topic. Much of the public information is incomplete or out of date. In researching, it was found that research for this text revealed that the the standard list of WHOIS servers, often embedded in extensively used code, was at-least 10 years old. The bug-reporting technical email in the VeriSign WHOIS client, [email protected], was rejected because the account address no longer exists. The ICANN has the largest oversight of WHOIS but a surprisingly thin webpage describing the subject.34 However, the information does exist, often because of dedicated technical experts, noted in this text; have kept their own records; and are willing to share it. Here, we have pieced together a picture of WHOIS from a diverse selection of practitioners.

One series of documents that contain a wealth of information about WHOIS are the Internet development memorandums called RFC. This format of memos started in 1969 specifically for proposing Internet standards or creating discussions. The very first RFC, most appropriately, is called “host software” and describes the function of Interface Message Processors35 (IMP), which was a gateway between networked machines. This first memo was written by Steve Crocker who has more recently been serving as board chairman of the ICANN. There are now over 7000 RFCs maintained by the Internet Engineering Task Force36 (IETF). Many of these memos define or refer to WHOIS and form the basis for the current implementations. These documents also document proto-WHOIS implementations or WHOIS-like attempts to record and obtain network resource information. While considered the authoritative documentation for the Internet, RFCs were not the only standard documentation. Internet Experiment Notes (IEN) were documentation for a related Defense Advanced Research Projects Agency (DARPA) Internet project, which were eventually merged with RFCs. The last IEN was issued in 1982.

Some of the most interesting sources of information come from the WHOIS programs and servers themselves. These are the in the form of Help or MAN (for manual) files often stored within the WHOIS program itself. Calling these files may require experimentation since they are not all called the same way. In a Unix-based system, any native program can be detailed by typing man <command-name>; in our case, man whois would return a detailed and interactive instruction set for the program. Help files on various systems, and ones accessed on remote servers, may be retrieved with whois?, whois help, whois --help, or whois –h. This depends on the information source and software used. Some may have no help file, and the irony is that you need to access the help file to know how to access the help file. Sometimes, you can access the help file by making mistake and sending a bad query to the program. In the cases cited in this text, we will attempt when possible to demonstrate access to the help file. Unfortunately, many of the help files for WHOIS are out of date and poorly detailed. Many of the functions documented in WHOIS help files are 10–20 years old and have been disabled or are no longer accepted by the remote servers.

NOTES

1

http://tools.ietf.org/pdf/rfc1177.pdf

2

http://tools.ietf.org/pdf/rfc1206.pdf

3

http://tools.ietf.org/html/rfc3912

4

http://tools.ietf.org/html/rfc1034

5

http://linux.die.net/man/8/fwlogwatch

6

http://tools.ietf.org/html/rfc2812

7

http://tools.ietf.org/html/rfc1459#section-4.5.1

8

http://tools.ietf.org/html/rfc1459#section-4.5.2

9

http://tools.ietf.org/html/rfc1459#section-4.5.3

10

http://linux.die.net/man/1/who

11

http://tools.ietf.org/html/rfc742

12

Harrenstien interview

13

See note 12.

14

See note 11.

15

http://www.ietf.org/rfc/rfc1700.txt

16

http://man7.org/linux/man-pages/man5/utmp.5.html

17

https://www-01.ibm.com/support/knowledgecenter/#!/ssw_aix_61/com.ibm.aix.cmds6/whom.htm

18

http://www.icann.org/en/resources/registrars/raa/ra-agreement-21may09-en.htm#3.3.5

19

http://www.icann.org/en/resources/registrars/consensus-policies/wmrp

20

See note 18.

21

http://hansard.millbanksystems.com/commons/1913/aug/08/new-marconi-agreement

22

http://www.thefreedictionary.com/Plain+old+telephone+service

23

http://www.us-lighthouses.com/faq.php

24

http://pharology.eu/Daymarks.html

25

http://www.nps.gov/caha/planyourvisit/bils.htm

26

http://www.nps.gov/caha/learn/historyculture/movingthelighthouse.htm

27

http://www.britannica.com/EBchecked/topic/501620/Colossus-of-Rhodes

28

http://www.britannica.com/EBchecked/topic/455210/Pharos-of-Alexandria

29

http://penelope.uchicago.edu/Thayer/E/Roman/Texts/Polybius/10*.html#45.6

30

http://abcnews.go.com/blogs/headlines/2013/06/fort-gordon-radio-upgrade-causes-garage-door-havoc/

31

http://www.fcc.gov/

32

http://transition.fcc.gov/mb/audio/bickel/world-govt-telecom.html

33

http://www.dxing.info/introduction.dx

34

http://icannwiki.com/index.php/whois

35

http://www.ietf.org/rfc/rfc1.txt

36

http://www.ietf.org/download/rfc-index.txt

1THE HISTORY OF WHOIS

Through the development of the Internet, in general, we see the development of WHOIS and its concepts as a necessary component. While the need for a clear record set for the network seemed a fundamental technical requirement, it was not simple to construct and manage. Throughout history, questions and discussions about the meaning and use of these resource records began to emerge. It is clear that various policy issues were on the minds of the early RFC authors, which sometimes portend future conflicts.

1.1 IN THE BEGINNING

In 1982, this dry sentence launched the Internet’s model of record access for the next 30 years and beyond:

The NICNAME/WHOIS Server is an NCP/TCP transaction based query/response server, running on the SRI-NIC machine, that provides net-wide directory service to ARPANET users.1

Where the SRI-NIC machine sits or what “SRI” stands for is not explained or footnoted in the document. Anyone reading it at the time would have common knowledge of its meaning. “NIC” of course stands for Network Information Center or Controller. Understanding what is behind these acronyms opens a door to the history of the Internet. SRI stands for Stanford Research Institute. In 1982, SRI-NIC, and its related machines, was the Internet. Many readers may be more familiar with the ARPANET as a precursor to the Internet. The ARPANET was a government-funded initiative to connect networks at the Massachusetts Institute of Technology (MIT), Harvard, Xerox, the RAND Corporation, The Pentagon, and a dozen other entities. However, we see from this memo that the location and coordination of the record set for this nascent network was at Stanford. The machine referenced would hold the contact information for all the hosts and directories on the ARPANET and respond to requests for that information. So what is the real difference between NICNAME and WHOIS, as they are used synonymously starting with the title of RFC 812? In the Unix services file (/usr/etc/inet/services), different ports are assigned for different network traffic. Port 43 lists “whois” as the service name and “nicname” as the process or program.2 This is a common snapshot of that file with the Port 43 lines highlighted, compared to the entries for FTP and Telnet that have no alternate identities:

ftp 21/tcp

telnet 23/tcp

smtp 25/tcp mail #Simple Mail Transfer

whois 43/udp nicname

whois 43/tcp nicname

...

It is in this context a subtle distinction. The whois accepts requests through Port 43 for nicname. The RFC from 1982 is often marked as the beginning of WHOIS by researchers like Milton Mueller,3 a professor at the Syracuse University School of Information Studies and one of the major figures in the WHOIS policy debate. However, here we can push the origin back several years and may be even more.

1.2 THE SANDS OF TIME

In our introduction, we made a brief reference to lighthouses and the role they have played from ancient times, not just in warning ships of the coastline but also in the self-identification of the information source. The concepts in play in computing and networking have a long lineage. We often take our advance technology for granted, not understanding that generations past worked at these ideas long before they became real in our time. Our modern communication technology is an amalgamation of human achievements from prehistory, just out of reach, until now, due to a collision of mechanics and electricity in the last century.

The idea of building a network and passing information across the network did not spring into being 50 years ago. Humans have been tackling this problem since ancient times without computers or even electric power. The need to identify sources of information that could be passed through a network became a challenge as soon as the ancient networks began. Two of the best examples come from the Roman Empire and can still be seen (and even used), namely, roads and aqueducts. The Romans were distinguished from other ancient civilizations by the permanent lines linking cities and settlements. The testament to the Roman road was not just in its construction, but more so in its regulation, maintenance, and use. Roads had to be up to a certain size and standard and separated for specific use. Like modern network technology, the Roman road consisted of layered construction materials each with its own function.

1.2.1 Seals

The Roman roads were of course used for travel, commerce, and messaging. Just like the Internet today, where any host can pass traffic, messages carried on ancient roads could come from anywhere. How would a recipient identify the source of a message? Since ancient times, systems of seals or impressions have been used. Older seals were made from clay and more recently wax. The sender would have a signet ring or special cylinder with an official mark impressed in the seal, which would serve as authentication.4

1.2.2 From Signal Fires on the Great Wall to Telegraphy

Another great construction feat of antiquity that can still be touched is China’s Great Wall. Stretching over 8000 kilometers along China’s northern border, its military defensive and border control are well known, but its use as a network is not. A system of fires, cannon, drums, and flags were used to pass information rapidly, not only up and down the wall but also to and from watchtowers outside the wall. Beyond simply warning of an impending attack, variations in the signals indicated enemy troop strength and position.5

The use of optical signaling (telegraphy or semaphore) continued centuries on for message transmission until replaced by the telegraph. The term telegraphy itself was used initially to refer to long-distance optical signaling.

FIGURE 1.1 Chappe optical telegraph from http://farm3.static.flickr.com/2174/3666825198_a7ab2e6270_m.jpg.

Mary Evans Picture Library.

Many modern cities have locations or streets called “Telegraph Hill,” which actually used to house these stations.

FIGURE 1.2 Telegraph Hill, San Francisco, California. http://www.superstock.com/stock-photos-images/1885-2819.

Travel Library Limited.

FIGURE 1.3 Telegraph Street, South Boston, Massachusetts.

Photo by Author.

The eighteenth-century inventor of modern telegraphy, Claude Chappe [1], was inspired by the writings of the ancient Greek historian and politician Polybius [2]. Polybius is credited with creating one of the earliest coding systems by converting the Greek alphabet to numeric values and representing them with different numbers of torches on the top of a tower. Instead of fire, Chappe used mechanical arms at the top of towers to signal news across France. Prior to the twentieth century, the use of heliographs, mirrors reflecting the sun and transmitting the Morse code, was a concept also mentioned in ancient texts [3]. So, yes, the Internet, in thought, can be traced back over 2000 years.

1.2.3 The Eye of Horus

While we have established methods used by the ancients for conveying messages over long distances, there is still the matter of message compression and encoding. However, this was not much of a problem for our ancestors either.

FIGURE 1.4 Wedjat,

reproduced courtesy of The MIT Press, from Richard J. Gillings, Mathematics in the Time of the Pharaohs.

The ancient Egyptians were obsessed with fractions, and one of their most interesting fractional sequences is wrapped up in a critical myth [4]. The god Horus lost his eye during a battle with his evil uncle Set. The broken pieces of the eye were collected and rebuilt. The Eye of Horus or Wedjat is a symbol of protection and royal power, which most would recognize. Few, however, know that the broken pieces of the eye each represent individually the fractions 1/2, 1/4, 1/8, 1/16, 1/32, and 1/64—each is one half the previous one. This fraction set was only used for measuring grain, which was a sacred resource.

FIGURE 1.5 From mathisgoodforyou.com. http://www.mathsisgoodforyou.com/topicsPages/egyptianmaths/horusfractions.htm.

Reproduced courtesy of The MIT Press, from Richard J. Gillings, Mathematics in the Time of the Pharaohs.

This sequence appears again in representing our binary values 1, 2, 4, 8, 16, 32, 64, 128, 256, and 564—each one is twice the previous one. This sequence has played a role in limiting IP ranges (which are capped in their segments at 256) and the size of certain digital values (domain names have had a 64-character limit). Why? Because these values are mapped to the literal binary switches in a computer that enable them to “do math” by recognizing whether the switches are either active or inactive. With 10 binary operators each assigned with one of the values in the sequence, it is possible to combine them to create any number. The idea of binary numbers in particular could have originated over 2000 years ago and was experimented with by mathematicians throughout the centuries searching for methods to compress or encode information.

1.3 1950s: ON THE WIRES AND IN THE AIR

Everyone knows there was no Internet in the 1950s. Or was there? It could be said that the Internet was almost there. The lines, coding, and terminals were all in place and had been since the previous century, as explained later. WHOIS, the concept anyway, was there too. There were a few pieces missing including ways to store and move large sets of data as well as connections between real client and server networks. The Internet needed a push.

1.3.1 Sputnik Changes Everything

The innovation drive that resulted in our Internet was sparked by the 1957 launch of the USSR’s Sputnik satellite.6 US President Dwight Eisenhower pressed for the immediate creation of a group advancing various technologies in the interest of national security. The Defense Advanced Research Projects Agency (DARPA) was authorized in 1958 to expand research and development beyond the existing military labs. Much of the work was focused on communications and information processing as well as on military hardware like missiles. One of the first projects released was TRANSIT, a satellite navigation system used for tracking US Navy ships and submarines.7 This system was a precursor to our current Global Positioning System (GPS). The idea for this system came directly from the efforts to track Sputnik through Doppler shifts, which is in essence the change in waves between stationary and moving objects. So we see, wrapped up in the early development of the Internet, a need to identify a remote communication source. In fact, one of the things the US government was concerned about was the detection of nuclear explosions.

FIGURE 1.6 Sputnik, Courtesy of NASA.

It was in part this need to get computers small enough to fit into satellites and submarines that required new thinking in the way computers functioned. For example, one of the early TRANSIT satellites began employing the concept of loading software into memory while orbiting the earth. Better computing and remote communication within DARPA projects of course led to the Internet, but not for another 10 years. Also, we indicate earlier that all of this occurred after 1957. What happened before?

1.3.2 Telegraphs, Radio, Teletype, and Telephones

In Victorian Internet,8 author Tom Standage explains how an electronic global nineteenth-century network spread news, delivered letters, and was even used for spam.9 Text messages were converted to Morse code,10 which consisted of varying electronic pulses representing letters of the alphabet and formatting codes circa 1837. Soon there was even competition in the coding from inventors like Jean-Maurice-Émile Baudot11 whose code eventually replaced Morse. The text to code conversion was manual as was the retranslation on the receiving end. The telegraph cables ran over land and under the sea transmitting between North America and Europe in a matter of minutes.12 The deployment of telegraph was often alongside another type of network, the railroads. The phone company SPRINT actually began as part of a railroad. The name SPRINT stands for Southern Pacific Railroad Internal Network Telecommunications. Telegrams continue to be an important part of global communications even in the Internet age.13

Of course, all of this wired technology got competition from the emerging wireless technology of the nineteenth century in the form of radio. Both telegraph and radio stations were identified by two-letter call signs that became longer as more stations started broadcasting. Since all stations in a telegraph network received all messages, the station codes were included to show who the transmission was intended for. This is not too different from peer-to-peer networks that pass traffic not intended for the intermediate machines. Ships and airplanes as well as ground stations have call signs.

While telegraph operators needed training in handling messages, the transmission and output were already automated, meaning it was not a far stretch to automate the translation of message and print the letters instead of a code. Teletype (TTY) took the existing mechanical typewriter model and connected its operations to the electric input. Pressing a letter key on the TTY would issue the same kind of code tapped manually by a code operator. On the receiving end, the electronic codes were mapped to the TTY keys that printed messages on paper. A 1932 Popular Mechanics issue contains this description:

[AT&T] for the first time makes available to the public generally this means of transmitting messages electrically over the wires to any other subscriber, so that whatever is typed at one end of a circuit appears practically the instant at the other end, also in typewritten form.14

The first successful TTY transmission occurred in 1904 and commercial sales began in 1910.15 Its use rapidly expanded for news transmission, law enforcement communication, and even hotel registration. By 1922, the US Navy had successfully used radioteletype (RTTY) to send printing instruction from an aircraft to a ground station.16

1.3.3 WRU: The First WHOIS

These devices were connected to the phone system and the combination made for amazing technology at the time. With multiple locations sending and receiving messages, the immediate questions become: where is the message coming from and who wrote it? The TTY machines had a hardcoded HERE IS key, a special code drum identifying the station.17 Below is an excerpt from a TELETYPE Corporation A Teletype Model 33 ASR manual:

Here Is Answer-Back

2.1.39 The answer-back will cycle once when theHERE ISkey is depressed.

This encoding could be requested remotely by another terminal by issuing the WRU, which stands for “WHO ARE YOU?” This was not a question for the person operating the TTY; it was a question for the machine. Below is the WRU excerpt from the 33 ASR manual:

FIGURE 1.7 HERE IS key.

Courtesy of Jessamyn West, flickr.com/photos/iamthebestartist/5559792267.

WRU Answer-Back

2.1.31 When WRU is sent from the keyboard or tape, the WRU function box mechanism operates at both sending and receiving stations. The answer-back at the sending station is mechanically prevented from responding, while the WRU function box mechanism trips the answer-back at the receiving stations.

FIGURE 1.8 HERE IS key.

Courtesy David Gesswein pdp8online.com.

The WRU command still exists in maritime communication.18 This is the first real WHOIS, the first time an information source would respond automatically to a remote request for identification. The WRU would also be sent along with the end of a TTY message to confirm with the recipient that the transmission was unbroken. This command was also called the ENQ for “ENQuiry.”19 This is an excerpt from a TTY manual showing the location of the ENQ function:

FIGURE 1.9 Teletype Overview - 33 ASR Teletype Manual.

FIGURE 1.10 Teletype answer-back drum—33 ASR Teletype Manual.

Courtesy of AT&T/Teletype Corporation

Part of the drum encoding sequence included codes for Acknowledge (ACK), Carriage Return (CR), and Line Feed (LF), which are all part of the online WHOIS transaction that shows up later. Coding the answer drum involved a screwdriver and needle-nose pliers. Encodings were created by removing tiny tines in a sequence to indicate a specific American Standard Code for Information Interchange (ASCII) code.

FIGURE 1.11 Key to abbreviations—33 ASR Teletype Manual.

Courtesy of AT&T/Teletype Corporation.

FIGURE 1.12 Section 2.10—33 ASR Teletype Manual.

Courtesy of AT&T/Teletype Corporation.

As telephones were becoming available throughout the United States and elsewhere, one might wonder, why bother? Why not just use the telephone? As the then Governor Ronald Reagan stated later in 1972 in one of the first test electronic email messages,20 “All this damned typing… Wouldn’t you rather pick up the phone and call?” Telephones of course were becoming the de facto remote communication standard, which is great as long as you are not deaf. The difficulty of using a telephone is not apparent to those with full hearing, but this actually plays directly into the creation of the Internet and WHOIS with Ken Harrenstien and Deafnet.21 Harrenstien and Vinton Cerf are both hearing impaired and worked on various projects to promote text communication. We partially owe thanks for the Internet to people extending services to users who cannot hear.

Manufacturers of TTY introduced many innovations including data storage. Messages could be stored on punched tape and fed back into the device to be sent again. Eventually, TTY became the primary input devices for computers and time-sharing terminals. The WRU or ENQ remained part of the encoding set that moved into the new systems as part of the ASCII table in 1960.

FIGURE 1.13 USASCII code chart—33 ASR Teletype Manual.

Courtesy of AT&T/Teletype Corporation.

The TTY continued to exist within the Internet even after the device itself was obsoleted by graphic terminals. Terminal software, Telnet, is actually designed to emulate a TTY. Telnet actually stands for Teletype Over Network Protocol. The earliest RFC on Telnet makes the connection clear:

The TELNET protocol is based upon the notion of a virtual teletype, employing a 7-bit ASCII character set. The primary function of a User TELNET, then, is to provide the means by which its users can “hit” all the keys on that virtual teletype.22

The ENQ command from ASCII, originally from the TTY WRU response, now becomes part of the TELNET character set23 and can be invoked with CTRL-E, indicated by ^E:

FIGURE 1.14 TELNET Character Set.

This function on Telnet is virtually identical to the previous TTY manual operation. Telnet uses ENQ to issue a “Who Are You” request to a remote station identification.24

1.4 1960s: SPARKING THE INTERNET TO LIFE

Many of the Internet innovations occurred in the 1960s, especially the concept of packet switching, which breaks data into standard sizes for transmission [5]. This method permits large files to move and multiple users to access the network without consuming all the resources for one use. On early networks, the traffic was moved by circuit switching, which meant that only one use was permitted at a time.25 The term “On-Line” also appears for the first time in the paper ON-LINE MAN-COMPUTER COMMUNICATION by J.C.R. Licklider and Welden E. Clark of Bolt, Beranek and Newman (BBN) Inc. The BBN continued to play a major role in Internet development, eventually becoming a part of Raytheon.26 At the same time, the DARPA took a keen interest in networking technologies. This is an important point: many people and organizations were already developing networks and centralizing computing resources. The government did not create the Internet ex nihilo; rather, it coordinated existing concepts to expand their reach. In this new space, being able to identify which network was which became more and more important.

1.4.1 SRI, SAIL, and ITS

The proto-WHOIS RFC 742 stated the NAME/FINGER program:

Currently only the SAIL (SU-AI), SRI (SRI-(KA/KL)), and ITS (MIT-(AI/ML/MC/DMS)) sites support this protocol.27

This is a list of three labs and seven host machines. SRI, as we saw, stands for Stanford Research Institute and SAIL the Stanford University Artificial Intelligence Laboratory.28 The MIT system ITS in particular stands for “Incompatible Timesharing System” and was named to differentiate itself from the Compatible Timesharing System. “Timesharing” is something we all take for granted now in our systems and devices. Imagine the early computers that could only respond to one user, command, or process at a time. The idea that multiple processes or users could share a computer resource was a revolutionary concept. ITS was an operating system written in the assembly language MIDAS29