Hi Tobias,
let me disagree with you about some conclusions. My comments are inline.
Il 25/01/2019 23:05, Tobias Sattler ha scritto:
Hi everyone,
After seeing the result of the vote, I, as a representative of a domain
registrar, must express my serious concern about the RDAP Reverse Search
document.
A reverse search enables third parties to query RDAP, among other things, so
that all associated domains can be queried using an email address. I consider
this to be very questionable for data protection reasons.
I would agree with you if that capability was available to any user and
if there were no operators entitled to use it. But this is not the case.
Reverse search is an example of a capability which should be provided to
legitimated users according to the policies described in RFC7481. The
current implementation of reverse search by .it public test server is
fully GDPR compliant. Currently, it is allowed only to .it registrars
searching for their own domains. They can submit a reverse search
because they can rely on the "contract" lawful basis. In the next
future, we plan to extend its availability to other legitimated users
(e.g. authorities, police).
The conclusion is: the specification is neutral, the implementations are
subject to laws about privacy, but this occurs exactly in the same way
as other internet protocols.
In addition, such queries can lead to a very high load and strongly influence
other systems - depending on the implementation of the service.
This capability has the same impact on servers of standard search
queries and RDAP providers can implement additional features to make
search queries as sustainable as possible (see partial response and
pagination).
Furthermore, as far as I know, there is currently no requirement for such
functionality - neither from ICANN nor from other registries / registrars.
Which is why I want to suggest that this document should not be adopted for now.
This is the crucial issue. Do most of the WG members agree that this
capability is really helpful ? According to the doodle results, it seems so.
As far as I know, the reverse search concept has been around in TLDs
community since time. However, the implementation in EPP of the so
called "non provisioning operations" have been considered unpractical.
Therefore some registries (including .it) have implemented custom
solutions based on out-of-band mechanisms. Now, I think that the
interest in reverse search still exists and RDAP seems suitable enough
to enable a standardised approach.
Regards,
mario
Best regards,
Tobias
On 18. Jan 2019, at 17:00, James Galvin <gal...@elistx.com> wrote:
The DOODLE was officially closed Friday. There was additional person who
selected documents bringing the total number of contributors to 21. The
additional selections did not material change the ranking of the choices.
Based on raw numbers, the following 5 documents are preferred:
14 Federated Authentication for RDAP
9 RDAP Partial Response
8 RDAP Reverse Search
8 RDAP Sorting and Paging
8 Login Security
For completeness, I will also observe that if you take out the “maybe” votes,
the ranking does not change.
The chairs are making the following assumption at this point: if you selected a
document then you will work on the document. This assumption should be
addressed when you vote to adopt a document, where we will ask you to make it
explicit.
The next thing that is needed is to formally adopt these documents and to set
milestones for them. In addition, recall that we agreed with our area director
to have only 5 milestones open at a time. Here is the process we will use to
achieve these two goals.
1. The chairs will send out a call for adoption for each of the documents.
Folks MUST respond and either agree or disagree with the adoption of each
document. Instructions will be in each message.
2. There are two milestones on our list that do not match these 5 documents.
The chairs will send out a call for objections to removing those two milestones
from our list.
3. After we have adopted our documents we will start a discussion of setting
the milestones for the adopted documents.
Thanks to those who participated in the Doodle poll.
Antoin and Jim
On 21 Dec 2018, at 11:13, James Galvin wrote:
Please take the time to select the documents you support for advancement in
this working group.
https://doodle.com/poll/6nyguby3yr8dx9cp
Please select from 1-5 documents.
If you click once in the box a green check mark will appear. Use this to
indicate support for a document. If you click twice in the box a yellow check
mark in parentheses will appear. You may use the yellow check mark to indicate
support that is a lower priority than a green check mark.
For your convenience I have included the list of documents and their links
below.
This selection process will remain open for 3 weeks, until 11 January 2019.
Enjoy your holiday season! See you all next year!
Jim
DOCUMENTS TO CONSIDER
Registry Reporting Repository
https://datatracker.ietf.org/doc/draft-mcpherson-sattler-registry-reporting-repo/
Registry Reporting Structure
https://datatracker.ietf.org/doc/draft-mcpherson-sattler-registry-report-structure/
Domain Fee Report
https://datatracker.ietf.org/doc/draft-sattler-registry-domain-fee-report/
Registry Transaction Report
https://datatracker.ietf.org/doc/draft-mcpherson-sattler-ry-transaction-report/
Registry Domain Inventory Report
https://datatracker.ietf.org/doc/draft-sattler-registry-domain-inventory-report/
Registry Domain Drop Report
https://datatracker.ietf.org/doc/draft-sattler-registry-domain-drop-report
Registry Unavailable Domain Report
https://datatracker.ietf.org/doc/draft-sattler-registry-unavailable-domain-report/
Registry Maintenance Notifications
https://datatracker.ietf.org/doc/draft-sattler-epp-registry-maintenance/
Unhandled Namespaces
https://tools.ietf.org/html/draft-gould-casanova-regext-unhandled-namespaces
Data Set File Format
https://datatracker.ietf.org/doc/draft-gould-regext-dataset/
Login Security
https://datatracker.ietf.org/doc/draft-gould-regext-login-security/
Federated Authentication for RDAP
https://datatracker.ietf.org/doc/draft-hollenbeck-regext-rdap-openid/
RDAP Partial Response
https://datatracker.ietf.org/doc/draft-loffredo-regext-rdap-partial-response/
RDAP Search
https://datatracker.ietf.org/doc/draft-fregly-regext-rdap-search-regex/
RDAP Reverse Search
https://datatracker.ietf.org/doc/draft-loffredo-regext-rdap-reverse-search/
RDAP Sorting and Paging
https://datatracker.ietf.org/doc/draft-loffredo-regext-rdap-sorting-and-paging/
Registry Data Escrow Specification
https://datatracker.ietf.org/doc/draft-arias-noguchi-registry-data-escrow/
Domain Name Registration Data (DNRD) Objects Mapping
https://datatracker.ietf.org/doc/draft-arias-noguchi-dnrd-objects-mapping/
Third Party DNS Operator to Registrar/Registry
https://datatracker.ietf.org/doc/draft-ietf-regext-dnsoperator-to-rrr-protocol/
Validate
https://datatracker.ietf.org/doc/draft-ietf-regext-validate/
Verification Code
https://datatracker.ietf.org/doc/draft-ietf-regext-verificationcode/
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
--
Dr. Mario Loffredo
Servizi Internet e Sviluppo Tecnologico
CNR - Istituto di Informatica e Telematica
via G. Moruzzi 1, I-56124 PISA, Italy
E-Mail: mario.loffr...@iit.cnr.it
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
