Re: [regext] DOODLE: select your documents

[Mario Loffredo <mario.loffredo@iit.cnr.it>]

Hi Tobias,

let me disagree with you about some conclusions. My comments are inline.

Il 25/01/2019 23:05, Tobias Sattler ha scritto:
> Hi everyone,
>
> After seeing the result of the vote, I, as a representative of a domain registrar, must express my serious concern about the RDAP Reverse Search document.
>
> A reverse search enables third parties to query RDAP, among other things, so that all associated domains can be queried using an email address. I consider this to be very questionable for data protection reasons.

I would agree with you if that capability was available to any user and 
if there were no operators entitled to use it. But this is not the case. 
Reverse search is an example of a capability which should be provided to 
legitimated users according to the policies described in RFC7481. The 
current implementation of reverse search by .it public test server is 
fully GDPR compliant. Currently, it is allowed only to .it registrars 
searching for their own domains. They can submit a reverse search 
because they can rely on the "contract" lawful basis.  In the next 
future, we plan to extend its availability to other legitimated users 
(e.g. authorities, police).

The conclusion is: the specification is neutral, the implementations are 
subject to laws about privacy, but this occurs exactly in the same way 
as other internet protocols.

> In addition, such queries can lead to a very high load and strongly influence other systems - depending on the implementation of the service.
This capability has the same impact on servers of standard search 
queries and RDAP providers can  implement additional features to make 
search queries as sustainable as possible (see partial response and 
pagination).
>
> Furthermore, as far as I know, there is currently no requirement for such functionality - neither from ICANN nor from other registries / registrars. Which is why I want to suggest that this document should not be adopted for now.

This is the crucial issue. Do most of the WG members agree that this 
capability is really helpful ? According to the doodle results, it seems so.

As far as I know, the reverse search concept has been around in TLDs 
community since time. However, the implementation in EPP of the so 
called "non provisioning operations" have been considered unpractical. 
Therefore some registries (including .it) have implemented custom 
solutions based on out-of-band mechanisms. Now, I think that the 
interest in reverse search still exists and RDAP seems suitable enough 
to enable a standardised approach.


Regards,

mario

>
> Best regards,
> Tobias
>
>> On 18. Jan 2019, at 17:00, James Galvin <galvin@elistx.com> wrote:
>>
>> The DOODLE was officially closed Friday.  There was additional person who selected documents bringing the total number of contributors to 21.  The additional selections did not material change the ranking of the choices.
>>
>> Based on raw numbers, the following 5 documents are preferred:
>>
>> 14 Federated Authentication for RDAP
>> 9 RDAP Partial Response
>> 8 RDAP Reverse Search
>> 8 RDAP Sorting and Paging
>> 8 Login Security
>>
>> For completeness, I will also observe that if you take out the “maybe” votes, the ranking does not change.
>>
>> The chairs are making the following assumption at this point: if you selected a document then you will work on the document.  This assumption should be addressed when you vote to adopt a document, where we will ask you to make it explicit.
>>
>> The next thing that is needed is to formally adopt these documents and to set milestones for them.  In addition, recall that we agreed with our area director to have only 5 milestones open at a time.  Here is the process we will use to achieve these two goals.
>>
>> 1. The chairs will send out a call for adoption for each of the documents.  Folks MUST respond and either agree or disagree with the adoption of each document.  Instructions will be in each message.
>>
>> 2. There are two milestones on our list that do not match these 5 documents.  The chairs will send out a call for objections to removing those two milestones from our list.
>>
>> 3. After we have adopted our documents we will start a discussion of setting the milestones for the adopted documents.
>>
>> Thanks to those who participated in the Doodle poll.
>>
>> Antoin and Jim
>>
>>
>>
>>
>> On 21 Dec 2018, at 11:13, James Galvin wrote:
>>
>>> Please take the time to select the documents you support for advancement in this working group.
>>>
>>> https://doodle.com/poll/6nyguby3yr8dx9cp
>>>
>>> Please select from 1-5 documents.
>>>
>>> If you click once in the box a green check mark will appear.  Use this to indicate support for a document.  If you click twice in the box a yellow check mark in parentheses will appear.  You may use the yellow check mark to indicate support that is a lower priority than a green check mark.
>>>
>>> For your convenience I have included the list of documents and their links below.
>>>
>>> This selection process will remain open for 3 weeks, until 11 January 2019.
>>>
>>> Enjoy your holiday season!  See you all next year!
>>>
>>> Jim
>>>
>>>
>>> DOCUMENTS TO CONSIDER
>>>
>>> Registry Reporting Repository
>>> https://datatracker.ietf.org/doc/draft-mcpherson-sattler-registry-reporting-repo/
>>>
>>> Registry Reporting Structure
>>> https://datatracker.ietf.org/doc/draft-mcpherson-sattler-registry-report-structure/
>>>
>>> Domain Fee Report
>>> https://datatracker.ietf.org/doc/draft-sattler-registry-domain-fee-report/
>>>
>>> Registry Transaction Report
>>> https://datatracker.ietf.org/doc/draft-mcpherson-sattler-ry-transaction-report/
>>>
>>> Registry Domain Inventory Report
>>> https://datatracker.ietf.org/doc/draft-sattler-registry-domain-inventory-report/
>>>
>>> Registry Domain Drop Report
>>> https://datatracker.ietf.org/doc/draft-sattler-registry-domain-drop-report
>>>
>>> Registry Unavailable Domain Report
>>> https://datatracker.ietf.org/doc/draft-sattler-registry-unavailable-domain-report/
>>>
>>> Registry Maintenance Notifications
>>> https://datatracker.ietf.org/doc/draft-sattler-epp-registry-maintenance/
>>>
>>> Unhandled Namespaces
>>> https://tools.ietf.org/html/draft-gould-casanova-regext-unhandled-namespaces
>>>
>>> Data Set File Format
>>> https://datatracker.ietf.org/doc/draft-gould-regext-dataset/
>>>
>>> Login Security
>>> https://datatracker.ietf.org/doc/draft-gould-regext-login-security/
>>>
>>> Federated Authentication for RDAP
>>> https://datatracker.ietf.org/doc/draft-hollenbeck-regext-rdap-openid/
>>>
>>> RDAP Partial Response
>>> https://datatracker.ietf.org/doc/draft-loffredo-regext-rdap-partial-response/
>>>
>>> RDAP Search
>>> https://datatracker.ietf.org/doc/draft-fregly-regext-rdap-search-regex/
>>>
>>> RDAP Reverse Search
>>> https://datatracker.ietf.org/doc/draft-loffredo-regext-rdap-reverse-search/
>>>
>>> RDAP Sorting and Paging
>>> https://datatracker.ietf.org/doc/draft-loffredo-regext-rdap-sorting-and-paging/
>>>
>>> Registry Data Escrow Specification
>>> https://datatracker.ietf.org/doc/draft-arias-noguchi-registry-data-escrow/
>>>
>>> Domain Name Registration Data (DNRD) Objects Mapping
>>> https://datatracker.ietf.org/doc/draft-arias-noguchi-dnrd-objects-mapping/
>>>
>>> Third Party DNS Operator to Registrar/Registry
>>> https://datatracker.ietf.org/doc/draft-ietf-regext-dnsoperator-to-rrr-protocol/
>>>
>>> Validate
>>> https://datatracker.ietf.org/doc/draft-ietf-regext-validate/
>>>
>>> Verification Code
>>> https://datatracker.ietf.org/doc/draft-ietf-regext-verificationcode/
>> _______________________________________________
>> regext mailing list
>> regext@ietf.org
>> https://www.ietf.org/mailman/listinfo/regext
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

-- 
Dr. Mario Loffredo
Servizi Internet e Sviluppo Tecnologico
CNR - Istituto di Informatica e Telematica
via G. Moruzzi 1, I-56124 PISA, Italy
E-Mail: mario.loffredo@iit.cnr.it
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo