Hello Ben, Firstly apologies that you were affected by this change. We did this to fix a bug in RDAP that we discovered while implementing the Redacted feature: https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-redacted/
We found that RDAP always returned e-mail attributes without any daily limit accounting, which could have allowed a client to collect every e-mail in the database without limit (including organisation, person, role, mntner entities). This bug had to be fixed to protect personal data. We had a choice either to keep e-mail in the RDAP response and add daily limit accounting, or remove e-mail and include a redaction in the response. We decided to remove e-mail because it's consistent with the other Whois interfaces that filter responses by default. Secondly because RDAP does not use query flags, there is no way for a client to opt-out of receiving personal data. The server decides what to send, and the client can be blocked whether it wants personal data or not. If the DB-WG community prefers to include e-mail by default in RDAP entity responses, and turn on daily limit accounting, we will do this. Regards Ed Shryane RIPE NCC > On 4 Jan 2024, at 17:39, Ben Cartwright-Cox via db-wg <db-wg@ripe.net> wrote: > > Hi everybody, > > I was just re-running some tests internally within bgp.tools and I've > noticed that the RDAP responses from RIPE no longer include the email > address of the person object. For example I used to (and expected) to > get the email address in the object for > https://rdap.db.ripe.net/entity/BC6775-RIPE, but it seems to have been > removed from the output at some point. > > That does not appear to be a way to log in to authenticate > trustworthiness of RDAP responses, is there any other way to get > this information? I can see this information on the RIPE website ( > https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=BC6775-RIPE&type=person > ) but I do not want to scrape that, and this information is incredibly > useful for helping users onboard ( with a trustworthy email address ) > to services like bgp.tools. > > Is this an intended change? Have I done something silly? All of the above ;) ? > > By looking at the release info I can see it was added in November (#1333) > > Thanks > Ben > > -- > > To unsubscribe from this mailing list, get a password reminder, or change > your subscription options, please visit: > https://lists.ripe.net/mailman/listinfo/db-wg -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
