Soon, the (Registry Operations Workshop) meeting regiops.net/row-main/agenda/

Everything about registration (of domain names, typically), , , , etc.

Steve Crocker (author of 1) presents the Jake project. It's about access to registration data (protocols like ). This access raises a lot of issues (invalid data, privacy, spam, etc).
The idea seems to attach metadata to requests, data and responses. For instance, requestors have to state their credentials ("gold" access to important orgs like police and IP lawyers) and the purpose.

With the metadata attached to both requestors (who, why, what) and data, servers could apply a matrix of authorization. (US police may access personal data for US registrants, I presume.)

The picture seems quite complicated, I have doubt that such thing could ever be deployed.

There is even the possibility of labelling collected data with things like "verified".

Quoc Pham (GoDaddy) on a very subtle and uncommon problem with RFC 3915 (grace period when registering or renewing).

There is even a XML namespace for named "unrenew".

Ulrich Wisser on regitry lock (locking a domain against changes, by forcing a manual action, activate it if your domain is critical to your activity)

The idea is to allow automatic *locking* (obviously not - yet - unlocking) through . May be also locking with automatic unlocking after some time.

(Remember: there is no end-to-end security, registrant to registry)

Mario Loffredo presents the JScontact data model for domain name contact information. (Currently, uses /#jCard, that everyone dislikes)

jscontact-tools is a Javascript library to manipulate it. Including validation, and conversion to/from vCard/jCard. github.com/consiglionazionaled

First question is of course about the transition. Everyone dislikes jCard/vCard but it is already implemented. Should we do it again?

Carlos Ganan on performance (measuring the response time). The actual measurement lasted one month, from ten vantage points , to every RDAP server known.

Average RTT 1 second, with some outliers taking MINUTES to respond.

The RIR were the fastest, the registrars the slowest.

Highly dependant on the vantage point: probably no anycast on the server?

being query/response, latency matters and negotiation takes time, according to the measurements. Moving RDAP to ?

(Also, distributing the RDAP servers would help. Except , they are all unicast.)

Mario Loffredo, Francesco Donini, and Maurizio Martinelli now uses to authenticate clients, through the software (the authors really love it and thinks it has a lot of great features).

Now, the demo. "An error occurred'" Reloading the page and it worked but then query timeouted.

Jaromir Talir about , an identity solution.

Based on eIADS (european framework for mutual recognition of digital identities). France's will join soon.

For domain name registry, it could mean mandatory checking of identity to get a domain name (like in Estonia and Denmark).

Also, the future NIS 2 european directive plans to mandate these identity checks to have a domain name.

People raise concerns about mandatory identity checking for domain names. What if the government does not like you? (Short answer: eIDAS is just a framework, each country can set its own rules, and making the check mandatory or not)

Michael Palage & Frank Cona about how the .music TLD deal with and issues (mandatory checking of users identity).

Also of course connected with other identity and personal data talks at such as the one on Jake or the one on RegeID.

Frankly, I don't really understand what they are doing. A lot of buzzwords in the talk, but unclear.

Identity again. Werner Staub suggests to use email addresses of domain name registrants to join with identity services.

Nice domain for examples botsin.space/@DNSresolver/1063 (yes, it is what its name says)

But you cannot use any email address for that. It may be misleading (president_of_ebonia@gmail.com) or leak personal data. So, it has to be an email address in a known domain, such as their id.sport.

Jothan Frakes on the Public Suffix List publicsuffix.org/ (finding the responsible domain, for instance foo.eu.org and bar.eu.org are not under the same administration). A volunteer project, not official. Widely used in browsers and many other things.

I even used it in one of my projects, the   crawler framagit.org/bortzmeyer/lupa/-

The Public Suffix List rejects additions for domains in "alternative roots". People often react violently to this rejection.

The Public Suffix List is important: unlike what many people think, not every registration domain is a TLD.

The speaker insists: DON'T USE REGEXPS TO VALIDATE IF SOMETHING IS A TLD, OR IF IT IS A REGISTRATION DOMAIN.

Show newer

@bortzmeyer Not implemented by any registries AFAIK. I fear the same will happen with "unrenew", I am still not convinced it solves a real problem. There are too many non technical policies attached to domains (grace periods, etc.) to make any kind of undo not creating at the end more problems than solutions.

@pmevzek It seems to me that most people, during the discussion, thought that it was a lot of work for a small, even non-existing problem. The guy from Go Daddy had trouble finding real cases.

Sign in to participate in the conversation
Mastodon - Gougère Network

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!