Take-down policy

This page is the public take-down policy required by §10 of spec/directory.md. It governs only the canonical directory at registry.afauth.org. Mirrors and aggregators set their own policies (§8).

Categories

The canonical directory will remove listings that:

Hard-delete vs soft-delete

By default the directory soft-deletes — sets status: "deleted" and retains the record so mirrors converge. The soft-deleted record is excluded from the default GET /v1/listings response and surfaces only when ?include_deleted=true is set (§10 of the spec).

Hard-erase — removing the record entirely so it disappears from mirrors that re-poll — is reserved for unlawful content. The operator will not hard-erase listings on the basis of a controller's withdrawal request alone; for routine withdrawal, use the §4.2 DELETE endpoint and the listing will soft-delete in the normal way.

Procedure

Reports may be sent to [email protected]. Include:

The operator will acknowledge receipt within a reasonable window and publish the outcome where relevant. Decisions are appealable by the listing controller, who is the entity that originally proved control of the discovery host (§4.1).

Re-claim by the legitimate controller

A controller whose listing has been soft-deleted or marked stale due to a hostile takeover of their discovery host may re-claim the listing by repeating the §4.1 challenge flow from the (recovered) host. A successful re-challenge revokes all prior session tokens for that listing.

Mirrors

Operational decisions made by the canonical directory do not bind mirrors or aggregators. A removal here may not propagate to mirrors that disagree with the determination; consumers depending on a specific take-down should consult the mirror or aggregator's own policy.