(Sticking to this list 'cause I happen to be subscribed here.) On Fri, Jan 29, 2016 at 04:54:49PM +0000, Francisco Arias wrote:
In all the cross-posting, it seems you may have left out the list where people have currently in scope doing something about this https://community.icann.org/display/gTLDRDS/Next-Generation+gTLD+Registratio...
While that's a fair point to make, I think part of Scott's observation is that we're learning there's a technical mistake in treating all registry data services as though they're interchangeable. Because Whois doesn't provide links, it doesn't ecourage crawlers to build an independent database of linked data the way RDAP does. So, without privacy protections, deploying RDAP as though it's just Whois-on-the-web actually introduces new vulnerabilities. That seems important to take into consideration in the new profile, regardless of what the policy documents say. Surely the policy documents do not require the introduction of new data vulnerabilities just because the policy implies that? Best regards, A -- Andrew Sullivan Dyn asullivan@dyn.com