On Fri, Jan 29, 2016 at 10:39:29PM +0000, Francisco Arias wrote:
The behavior described as vulnerability has the same potential to appear in the so-called web-Whois that has been there for years and it is not being proposed to disappear in neither gTLD registries nor registrars.
Poppycock. The RDAP provides, on purpose, links among the objects in its responses. Web whois basically provides a terminal-scrape of what people would get if they still knew how to type whois at a command line. Since crawlers respond automatically to the very machine-readable markup that RDAP was precisely designed to emit, this means that crawlers that were never intending to catalogue the entire whois will now do so as a matter of course.
"Beauty is in the eye of the beholder”. What you call a vulnerability others may call it a feature.
Yes. And when my customers are giving me their information and I am forced by contractual terms with ICANN to deploy that in a way that causes a whole new class of people to suck all that up into widely-searchable machine-readable archives, that seems to me to be a new [feature|vulnerability] that I was never in a position to warn people about and to which they didn't agree.
The fact of the matter is that gTLD contracts state that all information must be shown in RDDS services, period. If we don’t like it, there is the RDS policy development process that is tasked, among other things, to revisit differentiated access.
With respect, what you are claiming is that the procedure is being followed and therefore this is ok. I am claiming that Scott has uncovered a new consequence of the policy that seems to have consequences for the implementation, and that needs to be taken into consideration. I'm reasonably willing to believe that, if it turned out using RDAP caused you accidentally to forego your first-born child, we'd be having a different discussion about the implementation. So where, exactly, does the line fall here?
With the exception of Scott, I don’t see any of the people that have complained about the lack of differentiated access in RDDS in the RDS list at https://community.icann.org/pages/viewpage.action?pageId=56986659. If you care about this issue, please participate in RDS.
I have submitted my name, but I have to admit that part of the difficulty in getting permission to spend yet more time on this is the absurd way that ICANN develops policies around things affecting the Internet: anyone who wants to be a "participant" has to promise to join inconveniently-timed phone calls (well, ok, Internet-carried phone calls), fly to far away places for face to face meetings, and so on. If one could actually participate in Internet policy discussions using, you know, the Internet, it might be somewhat easier to justify participation. Best regards, A -- Andrew Sullivan Dyn asullivan@dyn.com