Hi Tero,
thanks a lot for your review.
Please find my comments below.
Il 08/08/2023 21:45, Tero Kivinen via Datatracker ha scritto:
Reviewer: Tero Kivinen
Review result: Ready
I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG. These
comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments just
like any other last call comments.
This document describes the reverse search method for RDAP protocol. It does
include implementation considerations, privacy considerations in addition
security considerations, which do list number of issues that the implementations
need to solve. Including limiting number of resources returned, protecting
Personally Identifiable Information, and methods of doing authentication.
It does require HTTPS because of the privacy concerns, but authentication and
authorization is only SHOULD:
In general, given the sensitivity of this functionality, it SHOULD be
accessible to authorized users only, and for specific use cases only.
This SHOULD does not list reason when it would be ok to provide this
information without authorization. I would assume one such use case
would be when there is no PII or sensitive information in the database...
[ML] Yes, that is the main case where authorization couldn't be needed.
Since the document defines a generic reverse search model based on the
relationships between RDAP objects, the reverse search property used in
the query couldn't correspond to PII or sensitive information.
RFC 9082 already defines two reverse-like searches not based on PII
(i.e. nsLdhName and nsIp) to find all the domains associated to the
nameservers matching the search pattern.
However, I don't have a legal background hence I can't exclude reverse
search implementations based on entity details which wouldn't require
the requestor to be authorized first while being still compliant with
laws or regulations that restrict the use of personal data.
Based in my experience, the two things are incompatible with each other.
Best,
Mario
--
Dott. Mario Loffredo
Senior Technologist
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
