Soon, the #ROW (Registry Operations Workshop) meeting regiops.net/row-main/agenda/

Everything about registration (of domain names, typically), #EPP, #RDAP, #whois, etc.

#regiops

Steve Crocker (author of #RFC 1) presents the Jake project. It's about access to registration data (protocols like #RDAP). This access raises a lot of issues (invalid data, privacy, spam, etc).
The idea seems to attach metadata to requests, data and responses. For instance, requestors have to state their credentials ("gold" access to important orgs like police and IP lawyers) and the purpose.

#regiops

With the metadata attached to both requestors (who, why, what) and data, #RDAP servers could apply a matrix of authorization. (US police may access personal data for US registrants, I presume.)

The picture seems quite complicated, I have doubt that such thing could ever be deployed.

There is even the possibility of labelling collected data with things like "verified".

#regiops

Quoc Pham (GoDaddy) on a very subtle and uncommon problem with RFC 3915 (grace period when registering or renewing).

There is even a XML namespace for #EPP named "unrenew".

#regiops

Ulrich Wisser on regitry lock (locking a domain against changes, by forcing a manual action, activate it if your domain is critical to your activity)

The idea is to allow automatic *locking* (obviously not - yet - unlocking) through #EPP. May be also locking with automatic unlocking after some time.

(Remember: there is no end-to-end security, registrant to registry)

#regiops

Mario Loffredo presents the JScontact data model for domain name contact information. (Currently, #RDAP uses #vCard/#jCard, that everyone dislikes)

jscontact-tools is a Javascript library to manipulate it. Including validation, and conversion to/from vCard/jCard. github.com/consiglionazionaled

#regiops

First question is of course about the transition. Everyone dislikes jCard/vCard but it is already implemented. Should we do it again?

#regiops

Carlos Ganan on #RDAP performance (measuring the response time). The actual measurement lasted one month, from ten vantage points , to every RDAP server known.

Average RTT 1 second, with some outliers taking MINUTES to respond.

The RIR were the fastest, the registrars the slowest.

Highly dependant on the vantage point: probably no anycast on the server?

#regiops

#RDAP being query/response, latency matters and #TLS negotiation takes time, according to the measurements. Moving RDAP to #QUIC?

(Also, distributing the RDAP servers would help. Except #APNIC, they are all unicast.)

#regiops

Mario Loffredo, Francesco Donini, and Maurizio Martinelli now uses #OpenIDconnect to authenticate #RDAP clients, through the #Keycloak software (the authors really love it and thinks it has a lot of great features).

#regiops

Now, the demo. "An error occurred'" Reloading the page and it worked but then query timeouted.

#regiops

Jaromir Talir about #RegeID, an identity solution.

Based on eIADS (european framework for mutual recognition of digital identities). France's #FranceConnect will join soon.

For domain name registry, it could mean mandatory checking of identity to get a domain name (like in Estonia and Denmark).

#regiops

Also, the future NIS 2 european directive plans to mandate these identity checks to have a domain name.

#regiops

People raise concerns about mandatory identity checking for domain names. What if the government does not like you? (Short answer: eIDAS is just a framework, each country can set its own rules, and making the check mandatory or not)

#regiops

Michael Palage & Frank Cona about how the .music TLD deal with #GDPR and #NIS issues (mandatory checking of users identity).

Also of course connected with other identity and personal data talks at #ROW such as the one on Jake or the one on RegeID.

#regiops

Frankly, I don't really understand what they are doing. A lot of buzzwords in the talk, but unclear.

#regiops

Identity again. Werner Staub suggests to use email addresses of domain name registrants to join with identity services.

Nice domain for examples botsin.space/@DNSresolver/1063 (yes, it is what its name says)

#regiops

But you cannot use any email address for that. It may be misleading (president_of_ebonia@gmail.com) or leak personal data. So, it has to be an email address in a known domain, such as their id.sport.

#regiops

Jothan Frakes on the Public Suffix List publicsuffix.org/ (finding the responsible domain, for instance foo.eu.org and bar.eu.org are not under the same administration). A volunteer project, not official. Widely used in browsers and many other things.

I even used it in one of my projects, the  #Gemini crawler #Lupa framagit.org/bortzmeyer/lupa/-

#regiops

Suivre

@bortzmeyer I read Jonathan Frakes 😄

· · Web · 0 · 0 · 0
Inscrivez-vous pour prendre part à la conversation
Mastodon G3L

Instance de l'association G3L basée à Valence, Drôme, France