Dear colleagues,
On 8 Jan 2024, at 11:44, Edward Shryane via db-wg <db-wg@ripe.net> wrote: ... We had a choice either to keep e-mail in the RDAP response and add daily limit accounting, or remove e-mail and include a redaction in the response. We decided to remove e-mail because it's consistent with the other Whois interfaces that filter responses by default. Secondly because RDAP does not use query flags, there is no way for a client to opt-out of receiving personal data. The server decides what to send, and the client can be blocked whether it wants personal data or not. ...
I checked the RDAP query logs and found that only about 10-20 client IPs would be blocked daily (out of 100K's total client IPs) if we enabled daily accounting on RDAP entity responses. Therefore I propose that we restore e-mail to RDAP entity responses and enable daily limit accounting to protect personal data. Any RDAP client that is making /entity/ requests must comply with the daily limit according to the AUP: https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-datab... We will continue to filter e-mail in entities in RDAP /ip/ and /autnum/ responses, so that clients do not get blocked just by querying for resources (i.e. if you want an unfiltered entity, make an /entity/ request separately). If there are no objections, I propose to include this change in the next Whois release. Please let me know your feedback. Regards Ed Shryane RIPE NCC