Dear colleagues, > On 8 Jan 2024, at 11:44, Edward Shryane via db-wg <db-wg@ripe.net> wrote: > ... > We had a choice either to keep e-mail in the RDAP response and add daily > limit accounting, or remove e-mail and include a redaction in the response. > We decided to remove e-mail because it's consistent with the other Whois > interfaces that filter responses by default. Secondly because RDAP does not > use query flags, there is no way for a client to opt-out of receiving > personal data. The server decides what to send, and the client can be blocked > whether it wants personal data or not. > ...
I checked the RDAP query logs and found that only about 10-20 client IPs would be blocked daily (out of 100K's total client IPs) if we enabled daily accounting on RDAP entity responses. Therefore I propose that we restore e-mail to RDAP entity responses and enable daily limit accounting to protect personal data. Any RDAP client that is making /entity/ requests must comply with the daily limit according to the AUP: https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-database-acceptable-use-policy We will continue to filter e-mail in entities in RDAP /ip/ and /autnum/ responses, so that clients do not get blocked just by querying for resources (i.e. if you want an unfiltered entity, make an /entity/ request separately). If there are no objections, I propose to include this change in the next Whois release. Please let me know your feedback. Regards Ed Shryane RIPE NCC -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
