On Fri, Aug 21, 2020, at 11:26, Marc Blanchet wrote: > Hello, > for the rdap bootstrap registries, there has been (well since the very > beginning of the work) discussions about only supporting https URLs. > I’m happy to make it mandatory. Is there a working group agreement on > this? Please speak up if you don’t agree (i.e. you still want no TLS > http).
I would agree with saying TLS is mandatory... only if followed by either recommendations or link to proper RFC/Internet-Draft giving guidance and minimum requirements, because TLS enabled with TLS 1.0 only for example, or using deprecated algorithms, or with a self-signed server certificate (it would be ok if coupled with DANE) is not really useful TLS. So probably a reference at least to BCP195. Also, https://www.icann.org/en/system/files/files/rdap-technical-implementation-guide-15feb19-en.pdf §1.2 already has "The RDAP service MUST be provided over HTTPS only." so that will already cover a not small amount of entries in the bootstrap registry. -- Patrick Mevzek p...@dotandco.com _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
