In this case, the endpoint (and not the lookup clients) needs to be
careful to check the RD's authorization.
(It seems that something also needs to cause the RD to check the
authorization of lookup clients to receive the information in question,
which might be worth reiterating in this section.)
→ "The RD (always, but especially here) then
needs to verify any lookup client's authorization before reveling this
information directly (in resource lookup) or indirectly (when using it
to satisfy a resource lookup search criterion)"
From Ben's updated ballot::
→ "The RD (always, but especially here) then needs to verify any lookup client's authorization before reveling this information directly (in resource lookup) or indirectly (when using it to satisfy a resource lookup search criterion)"