Dear Ben, A reminder that since the Whois 1.111 release last week, Whois now includes e-mail in RDAP entity responses, subject to the AUP daily limit. I will investigate separately how we can allow RDAP clients to indicate whether they want personal data in responses or not. Regards Ed Shryane RIPE NCC
On 9 Jan 2024, at 16:39, Edward Shryane via db-wg <db-wg@ripe.net> wrote:
Dear colleagues,
On 8 Jan 2024, at 11:44, Edward Shryane via db-wg <db-wg@ripe.net> wrote: ... We had a choice either to keep e-mail in the RDAP response and add daily limit accounting, or remove e-mail and include a redaction in the response. We decided to remove e-mail because it's consistent with the other Whois interfaces that filter responses by default. Secondly because RDAP does not use query flags, there is no way for a client to opt-out of receiving personal data. The server decides what to send, and the client can be blocked whether it wants personal data or not. ...
I checked the RDAP query logs and found that only about 10-20 client IPs would be blocked daily (out of 100K's total client IPs) if we enabled daily accounting on RDAP entity responses.
Therefore I propose that we restore e-mail to RDAP entity responses and enable daily limit accounting to protect personal data.
Any RDAP client that is making /entity/ requests must comply with the daily limit according to the AUP: https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-datab...
We will continue to filter e-mail in entities in RDAP /ip/ and /autnum/ responses, so that clients do not get blocked just by querying for resources (i.e. if you want an unfiltered entity, make an /entity/ request separately).
If there are no objections, I propose to include this change in the next Whois release. Please let me know your feedback.
Regards Ed Shryane RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg