> -----Original Message----- > From: Alissa Cooper <[email protected]> > Sent: Tuesday, July 31, 2018 1:28 PM > To: The IESG <[email protected]> > Cc: [email protected]; Gould, James > <[email protected]>; [email protected]; Gould, James > <[email protected]>; [email protected] > Subject: [EXTERNAL] Alissa Cooper's No Objection on draft-ietf-regext- > rdap-object-tag-04: (with COMMENT) > > Alissa Cooper has entered the following ballot position for > draft-ietf-regext-rdap-object-tag-04: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-object-tag/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I'm not sure why anyone would do this, but I'll ask anyway: is there no > concern about someone maliciously registering an identifier against an > existing RDAP URL, given that the registry is specified to be FCFS? Let's > say I have a grudge against MyLocalRIR and I go register "fubar" as the > service provider name together with an existing mylocalrir.org RDAP URL. > This maybe has little practical effect but surely MyLocalRIR would not be > too happy with it.
Thanks for the review, Alyssa. Yes, this is possible. We could specify another registration policy; perhaps expert review? Even with that policy, though, the expert would have to be able to distinguish a "legitimate" operator from a fake, and that wouldn't always be an easy task and there would still be a risk of a fake getting through. Perhaps we could add text to advice IANA that fakes are possible and IANA should be able to respond to a change request from a "legitimate" operator with assistance from an expert reviewer. Another possibility could be FCFS with email contact information provided so that IANA can attempt to verify the request. Looking at RFC 82126 again, I see that "a minimal amount of clerical information" is required, so adding contact information would be a good change. Scott _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
