And at the end of #regiops, open discussion with a panel.

Use of the Public Suffix List, and refreshing of its content, is a choice by the developer of an application, they do what they want, nothing is mandatory.

Some warnings for developers: do not rely on this list for real security.

#regiops

The speaker insists: DON'T USE REGEXPS TO VALIDATE IF SOMETHING IS A TLD, OR IF IT IS A REGISTRATION DOMAIN.

#regiops

The Public Suffix List is important: unlike what many people think, not every registration domain is a TLD.

#regiops

The Public Suffix List rejects additions for domains in "alternative roots". People often react violently to this rejection.

#regiops

Jothan Frakes on the Public Suffix List https://publicsuffix.org/ (finding the responsible domain, for instance foo.eu.org and bar.eu.org are not under the same administration). A volunteer project, not official. Widely used in browsers and many other things.

I even used it in one of my projects, the  #Gemini crawler #Lupa https://framagit.org/bortzmeyer/lupa/-/commit/5aed4e365c5ccdc451d4103d3af3ea013225c017

#regiops

But you cannot use any email address for that. It may be misleading (president_of_ebonia@gmail.com) or leak personal data. So, it has to be an email address in a known domain, such as their id.sport.

#regiops

Identity again. Werner Staub suggests to use email addresses of domain name registrants to join with identity services.

Nice domain for examples https://botsin.space/@DNSresolver/106375989049156954 (yes, it is what its name says)

#regiops

Frankly, I don't really understand what they are doing. A lot of buzzwords in the talk, but unclear.

#regiops

Michael Palage & Frank Cona about how the .music TLD deal with #GDPR and #NIS issues (mandatory checking of users identity).

Also of course connected with other identity and personal data talks at #ROW such as the one on Jake or the one on RegeID.

#regiops

People raise concerns about mandatory identity checking for domain names. What if the government does not like you? (Short answer: eIDAS is just a framework, each country can set its own rules, and making the check mandatory or not)

#regiops

Also, the future NIS 2 european directive plans to mandate these identity checks to have a domain name.

#regiops

Jaromir Talir about #RegeID, an identity solution.

Based on eIADS (european framework for mutual recognition of digital identities). France's #FranceConnect will join soon.

For domain name registry, it could mean mandatory checking of identity to get a domain name (like in Estonia and Denmark).

#regiops

Now, the demo. "An error occurred'" Reloading the page and it worked but then query timeouted.

#regiops

Mario Loffredo, Francesco Donini, and Maurizio Martinelli now uses #OpenIDconnect to authenticate #RDAP clients, through the #Keycloak software (the authors really love it and thinks it has a lot of great features).

#regiops

#RDAP being query/response, latency matters and #TLS negotiation takes time, according to the measurements. Moving RDAP to #QUIC?

(Also, distributing the RDAP servers would help. Except #APNIC, they are all unicast.)

#regiops

Carlos Ganan on #RDAP performance (measuring the response time). The actual measurement lasted one month, from ten vantage points , to every RDAP server known.

Average RTT 1 second, with some outliers taking MINUTES to respond.

The RIR were the fastest, the registrars the slowest.

Highly dependant on the vantage point: probably no anycast on the server?

#regiops

First question is of course about the transition. Everyone dislikes jCard/vCard but it is already implemented. Should we do it again?

#regiops

Mario Loffredo presents the JScontact data model for domain name contact information. (Currently, #RDAP uses #vCard/#jCard, that everyone dislikes)

jscontact-tools is a Javascript library to manipulate it. Including validation, and conversion to/from vCard/jCard. https://github.com/consiglionazionaledellericerche/jscontact-tools

#regiops

Oh, and if you don't know how a domain name registry works, you can start with this simple article https://www.afnic.fr/en/observatory-and-resources/expert-papers/what-happens-when-you-register-a-domain-name/

#regiops