ICANN ICANN Email List Archives

[comments-rdap-profile-03dec15]


<<< Chronological Index >>>    <<< Thread Index >>>

Comments from the IAB on RDAP operational profile

  • To: comments-rdap-profile-03dec15@xxxxxxxxx
  • Subject: Comments from the IAB on RDAP operational profile
  • From: IAB Chair <iab-chair@xxxxxxx>
  • Date: Wed, 13 Jan 2016 18:09:32 -0500

Comments from the Internet Architecture Board (IAB) on "Registration
Data Access Protocol (RDAP) Operational Profile for gTLD Registries
and Registrars"

Thank you for the opportunity to provide public comment on the
Registration Data Access Protocol (RDAP) Operational Profile for gTLD
Registries and Registrars.

The Internet Engineering Task Force (IETF) developed RDAP to resolve
the technical shortcomings of WHOIS.  Given the well known issues with
WHOIS, the IAB strongly encourages ICANN and the registration
community to deploy RDAP as soon as possible.  WHOIS lacks support for
authenticated access and differentiated responses.  Since RDAP can
make use of HTTP authentication, the IAB believes that authenticated
access should be part of the first version of the RDAP Profile in
order to significantly decrease the privacy concerns of registration
data exposure.  We believe that failing to include authenticated
access in the RDAP Profile now will result in a very large transition
effort to implement authenticated access and differentiated responses
once a policy that supports them is in place.  We do not believe that
authenticated access will necessarily incur more costs for any users.

The IAB understands that ICANN policy development is needed to
determine which registration data ought to be available to the public
and which registration data deserves additional protection.  We
believe that policy development work should begin immediately.  While
we understand that ICANN cannot approve an RDAP Profile that includes
differentiated responses based on user authentication until that
policy work is complete, we strongly believe that the RDAP Profile can
be specified in such a way that it accommodates the easy introduction
of differentiated responses once the policy is in place.

Finally, the IAB strongly supports running RDAP only over TLS in order
to offer server authentication as well as integrity and
confidentiality for registration data.

Respectfully submitted,
Andrew Sullivan
for the IAB

-- 
IAB Chair (Andrew Sullivan)
iab-chair@xxxxxxx


<<< Chronological Index >>>    <<< Thread Index >>>

Privacy Policy | Terms of Service | Cookies Policy