-----Original Message----- From: gtld-tech-bounces@icann.org [mailto:gtld-tech-bounces@icann.org] On Behalf Of Francisco Arias Sent: Tuesday, February 02, 2016 7:24 PM To: gtld-tech@icann.org Subject: Re: [gtld-tech] [weirds] Search Engines Indexing RDAP Server Content
I talked with Andrew about the email below and I think we clarified things. I thought I’ll share with the list the assessment that Gustavo and I did on the issue. Andrew, please feel free to correct me.
Gustavo and I double checked the draft RDAP profile and do not see any element in there that is leading to expose more data than what the current Whois is, e.g., a domain name links to a few entities (e.g., registrant, registrar, admin, and tech contacts), a registrar, and zero or more name servers.
The search page (https://www.google.co.uk/search?q=site:rdg.afilias.info) appears to be the result of crawling links from the first link that appears there (http://rdg.afilias.info/rdap/help). The help page contains links to search and lookup examples that return several objects with their directly-related objects, which are in turn shown in the search results. This could have happened in web-Whois if someone were to publish a page containing example queries.
In other words, the alluded behavior is not something enabled by RDAP or the profile.
Please let me know if we are missing something.
It's not about exposing more data. It's about making it even easier for that data to be extracted, indexed, archived, and accessed. Unauthenticated RDAP and the current profile proposal continue the WHOIS practice of making PII easily accessible to anyone who asks (including search engines). The fact that the issue isn't new doesn't make it any less of an issue. Scott