[gnso-rds-pdp-wg] Search Engines Indexing RDAP Server Content
Hollenbeck, Scott
shollenbeck at verisign.com
Sat Jan 30 19:32:45 UTC 2016
So I saw a tweet from Gavin Brown (@GavinBrown) of CentralNic that describes how one particular search engine has indexed the RDAP server of a gTLD registry operator:
https://twitter.com/GavinBrown/status/692718904058191872
This is all the more reason to work on a client authentication specification that includes support for varying responses based on client identity and authorization. I've been working on such a specification and welcome feedback on the approach:
https://datatracker.ietf.org/doc/draft-hollenbeck-weirds-rdap-openid/
I know this group is just getting started and is probably not ready to start discussing deep technical topics. This is one of the kinds of things that we're going to need to talk about. It's also an important data point in the discussion about deploying RDAP services before policies are in place that allow operators to take advantage of the new features provided by RDAP. Deploying RDAP with the same policies associated with WHOIS gives us the same problems associated with WHOIS.
Scott
More information about the gnso-rds-pdp-wg
mailing list