Hi Ed, I do feel like there should be some way to opt out from receiving personal data and avoid rate limits. Would it maybe make sense to have an alternative RDAP service with rate limits at another "base URL"? (such as https://rdap-rl.db.ripe.net/[...] or whatever) This is assuming that it is not possible to have something equivalent to flags. I do still feel like there should probably be some more discussion in general for how to get RDAP closer to being able to do all the normal things WHOIS can. -Cynthia On Tue, Jan 9, 2024 at 4:39 PM Edward Shryane via db-wg <db-wg@ripe.net> wrote:
Dear colleagues,
On 8 Jan 2024, at 11:44, Edward Shryane via db-wg <db-wg@ripe.net> wrote: ... We had a choice either to keep e-mail in the RDAP response and add daily limit accounting, or remove e-mail and include a redaction in the response. We decided to remove e-mail because it's consistent with the other Whois interfaces that filter responses by default. Secondly because RDAP does not use query flags, there is no way for a client to opt-out of receiving personal data. The server decides what to send, and the client can be blocked whether it wants personal data or not. ...
I checked the RDAP query logs and found that only about 10-20 client IPs would be blocked daily (out of 100K's total client IPs) if we enabled daily accounting on RDAP entity responses.
Therefore I propose that we restore e-mail to RDAP entity responses and enable daily limit accounting to protect personal data.
Any RDAP client that is making /entity/ requests must comply with the daily limit according to the AUP: https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-datab...
We will continue to filter e-mail in entities in RDAP /ip/ and /autnum/ responses, so that clients do not get blocked just by querying for resources (i.e. if you want an unfiltered entity, make an /entity/ request separately).
If there are no objections, I propose to include this change in the next Whois release. Please let me know your feedback.
Regards Ed Shryane RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg