This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] email's disappeared from RDAP output

Previous message (by thread): [db-wg] email's disappeared from RDAP output
Next message (by thread): [db-wg] email's disappeared from RDAP output

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Edward Shryane eshryane at ripe.net
Mon Jan 8 11:44:06 CET 2024

Hello Ben,

Firstly apologies that you were affected by this change. We did this to fix a bug in RDAP that we discovered while implementing the Redacted feature:
https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-redacted/

We found that RDAP always returned e-mail attributes without any daily limit accounting, which could have allowed a client to collect every e-mail in the database without limit (including organisation, person, role, mntner entities). This bug had to be fixed to protect personal data.

We had a choice either to keep e-mail in the RDAP response and add daily limit accounting, or remove e-mail and include a redaction in the response. We decided to remove e-mail because it's consistent with the other Whois interfaces that filter responses by default. Secondly because RDAP does not use query flags, there is no way for a client to opt-out of receiving personal data. The server decides what to send, and the client can be blocked whether it wants personal data or not.

If the DB-WG community prefers to include e-mail by default in RDAP entity responses, and turn on daily limit accounting, we will do this.

Regards
Ed Shryane
RIPE NCC

> On 4 Jan 2024, at 17:39, Ben Cartwright-Cox via db-wg <db-wg at ripe.net> wrote:
> 
> Hi everybody,
> 
> I was just re-running some tests internally within bgp.tools and I've
> noticed that the RDAP responses from RIPE no longer include the email
> address of the person object. For example I used to (and expected) to
> get the email address in the object for
> https://rdap.db.ripe.net/entity/BC6775-RIPE, but it seems to have been
> removed from the output at some point.
> 
> That does not appear to be a way to log in to authenticate
> trustworthiness of RDAP  responses,  is there any other way to get
> this information?  I can see this information on the RIPE website  (
> https://apps.db.ripe.net/db-web-ui/lookup?source=ripe&key=BC6775-RIPE&type=person
> ) but I do not want to scrape that, and this information is incredibly
> useful for helping users onboard ( with a trustworthy email address )
> to services like bgp.tools.
> 
> Is this an intended change? Have I done something silly? All of the above ;) ?
> 
> By looking at the release info I can see it was added in November (#1333)
> 
> Thanks
> Ben
> 
> -- 
> 
> To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://mailman.ripe.net/

Previous message (by thread): [db-wg] email's disappeared from RDAP output
Next message (by thread): [db-wg] email's disappeared from RDAP output

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]