[190527] in North American Network Operators' Group
Re: New ICANN registrant change process
daemon@ATHENA.MIT.EDU (David Conrad)
Wed Jul 6 22:13:33 2016
X-Original-To: nanog@nanog.org
From: David Conrad <drc@virtualized.org>
In-Reply-To: <CAGFn2k0c5fWxnMx=Cwe+Ya_g1GDzjBBUsLpLEgS-z_oNVYkF7g@mail.gmail.com>
Date: Wed, 6 Jul 2016 16:13:25 -1000
To: Rubens Kuhl <rubensk@gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_6F344F04-8F6C-4877-852F-24B340379841
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Rubens,
On Jul 6, 2016, at 2:20 PM, Rubens Kuhl <rubensk@gmail.com> wrote:
>> Not sure the RPZ hammer has been brought out in force yet. I've seen =
a few recommendations on various mailing lists, but no concerted effort. =
Unfortunately, there is no easy/scalable way to determine who a =
registrar for a given name is,
> That is called RDAP,
I said "scalable".
Given RDAP is based on TCP and there is this concept known as =
"registration data lookup rate limiting", I'm somewhat skeptical RDAP is =
the appropriate choice for (e.g.,) a "DNS Block List"-like solution that =
would (say) dump email that came from domains registered via =
operator-specified registrars.
> but ICANN currently blocks gTLD registries from offering RDAP.
Ignoring the above, and as I'm sure you're aware, the community has not =
determined the policies by which RDAP may be offered as an official =
registry service using production data, e.g., whether and how =
differentiated services will be permitted among other details. As such, =
it is more accurate to say that registries are not permitted to deploy =
new services because of contractual obligations the registries entered =
into that requires them to have new services evaluated to ensure those =
services don't impact DNS security, stability or competition, something =
the community required ICANN enforce as a result of the SiteFinder =
episode ages ago. Registries can, of course, request that evaluation and =
I'm told some have and are actually offering RDAP.
But I would agree it is much easier to simply blame ICANN.
Regards,
-drc
(speaking only for myself)
--Apple-Mail=_6F344F04-8F6C-4877-852F-24B340379841
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJXfbrFAAoJENV6ebf0/4rX6NQH/29m/2KiqI6AfaV8Fj11cSit
Y/KJmg8T1+Jp5fr4IHT+Ws3bkYUX7dtErozBEsJA+7+JxCGVBKJsw06u7jZoGnAo
h8XvdXADnkaLw2OH5JoDHME6+GGQ+2M4rZDmXd8ngLWJF5m5P6YDvsQRpwSakbbZ
2xSZbY+YEHA8oM+LQW6/nyx8fTRNdmsCyxUFaDcdxEDp7E3WnyPpFZ2FkLz6Nx2h
I6Sw0i71dSTEU4V11ihzHFGlMvPFt0C15bAxEgVK5x6/4VDcOnJOFEL3q1Ann3Fn
hVLqgLiiD3aEt0aApPNMT/dKv4Q4A/Cw85d5a3xZFDI+IUDet1avo2jRezDrf08=
=Tlvg
-----END PGP SIGNATURE-----
--Apple-Mail=_6F344F04-8F6C-4877-852F-24B340379841--
