Home»Documents»IAB Correspondence, Reports, and Selected Documents»2016»Comments from the Internet Architecture Board (IAB) on "Registration Data Access Protocol (RDAP) Operational Profile for gTLD Registries and Registrars"
On 13 January 2016, the IAB responded to ICANN’s public comment proceeding on Registration Data Access Protocol (RDAP) Operational Profile for gTLD Registries and Registrars. The text of those comments is provided below.
Thank you for the opportunity to provide public comment on the Registration Data Access Protocol (RDAP) Operational Profile for gTLD Registries and Registrars. The Internet Engineering Task Force (IETF) developed RDAP to resolve the technical shortcomings of WHOIS. Given the well known issues with WHOIS, the IAB strongly encourages ICANN and the registration community to deploy RDAP as soon as possible. WHOIS lacks support for authenticated access and differentiated responses. Since RDAP can make use of HTTP authentication, the IAB believes that authenticated access should be part of the first version of the RDAP Profile in order to significantly decrease the privacy concerns of registration data exposure. We believe that failing to include authenticated access in the RDAP Profile now will result in a very large transition effort to implement authenticated access and differentiated responses once a policy that supports them is in place. We do not believe that authenticated access will necessarily incur more costs for any users. The IAB understands that ICANN policy development is needed to determine which registration data ought to be available to the public and which registration data deserves additional protection. We believe that policy development work should begin immediately. While we understand that ICANN cannot approve an RDAP Profile that includes differentiated responses based on user authentication until that policy work is complete, we strongly believe that the RDAP Profile can be specified in such a way that it accommodates the easy introduction of differentiated responses once the policy is in place. Finally, the IAB strongly supports running RDAP only over TLS in order to offer server authentication as well as integrity and confidentiality for registration data. Respectfully submitted, Andrew Sullivan for the IAB