Hi Scott, On Mon, Jul 15, 2024 at 05:19:07PM +0000, Hollenbeck, Scott wrote: > A few small things: > > The last call notice refers to the draft as "considered for > publication as a Best Current Practice". The draft describes itself > as a Standards Track candidate. I believe that's just an error in > the last call notice. > > [I-D.ietf-regext-rdap-reverse-search] is now RFC 9536. > > I'd like to see something more in the Security Considerations > section that specifically notes how search functionality increases > the risk of disclosing information that wasn't explicitly requested. > We have this text in RFC 9082: > > "Search functionality also increases the privacy risk of disclosing > object relationships that might not otherwise be obvious. For > example, a search that returns IDN variants [RFC6927] that do not > explicitly match a client-provided search pattern can disclose > information about registered domain names that might not be > otherwise available. Implementers need to consider the policy and > privacy implications of returning information that was not > explicitly requested." > > Maybe just note that the Security Considerations described in RFC > 9082 also apply here.
Thanks, updates have been applied per the above (see attached for the current diff from -09). -Tom
<<< text/html; charset=us-ascii: Unrecognized >>>
_______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-le...@ietf.org
