[gtld-tech] [weirds] Search Engines Indexing RDAP Server Content

Andrew Sullivan asullivan at dyn.com
Fri Jan 29 17:25:53 UTC 2016

(Sticking to this list 'cause I happen to be subscribed here.)

On Fri, Jan 29, 2016 at 04:54:49PM +0000, Francisco Arias wrote:
> In all the cross-posting, it seems you may have left out the list where people have currently in scope doing something about this https://community.icann.org/display/gTLDRDS/Next-Generation+gTLD+Registration+Directory+Services+to+Replace+Whois

While that's a fair point to make, I think part of Scott's observation
is that we're learning there's a technical mistake in treating all
registry data services as though they're interchangeable.  Because
Whois doesn't provide links, it doesn't ecourage crawlers to build an
independent database of linked data the way RDAP does.  So, without
privacy protections, deploying RDAP as though it's just
Whois-on-the-web actually introduces new vulnerabilities.

That seems important to take into consideration in the new profile,
regardless of what the policy documents say.  Surely the policy
documents do not require the introduction of new data vulnerabilities
just because the policy implies that?

Best regards,


Andrew Sullivan
asullivan at dyn.com

More information about the gtld-tech mailing list