[gnso-rds-pdp-wg] Principle on Proportionality for "Thin Data"access

[Rob Golding]

Allison asked ...
> define abuse because i am not sure how to abuse thin data

It's difficult to describe how thin data is abused currently without 
knowing exactly which items will be in the "thin data list", but 2 items 
which are constantly and continuously used to abuse are
* expiry date
* status

With fake renewal notices, seo solicitations, dodgy transfer attempts, 
social engineering on hosts and many other scams

Some registrar WHOIS excludes status, I imagine for that reason.

Rob wrote ...
> All I need is the domain name to start with, dig the nameservers for 
> the domain, and then dig the SOA.
> Importantly, I DO NOT NEED "whois" or anything else similar to get to 
> these data records

Which is exactly why including them in whois/rds is just going to add 
bloat and errors.

If "thin data" was restricted to
* domain name
* registrar

Then I'd have no problem with unauthenticated queries (subject to 
sensible rate limiting etc) - beyond that I think people need to say who 
they are and why they want the information

Rob