On Tue, Aug 4, 2020, at 14:32, Gavin Brown wrote:
> 1. client implementers should be advised to prefer https:// base URLs
> over http:// base URLs.
I think this is already addressed by this text in the current RFC:
"
Per [RFC7258], in each array of base RDAP URLs, the secure versions
of the transport protocol SHOULD be preferred and tried first. For
example, if the base RDAP URLs array contains both HTTPS and HTTP
URLs, the bootstrap client SHOULD try the HTTPS version first.
"
> 2. server operators should be advised that if multiple base URLs with
> the same scheme are present in an entry, then all the RDAP endpoints
> referenced by these base URLs must return identical responses (for the
> same RDAP query).
Why "with the same scheme" here? If there is both `http://` and `https://`,
even if that is not advised, shouldn't both cases respond the same way?
PS: related but not directly, at least for domain registries, it would be
nice to have an `SRV` record on `_rdap._tcp` or something to point to relevant
RDAP server, even if that does not allow to encode the path (but maybe a
solution with .well-known/ and URI template could be found), it allows at least
for nice failover and load balancing. It may be a problem for gTLDs as they have
restrictions in content of their zone.
Maybe the newly expected SCVB record could help...
A setup like that would allow for discoverability without centralization of
data,
which also removes IANA from the hot operational path when RDAP clients do
queries.
--
Patrick Mevzek
[email protected]
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
