Re: [calsify] JSContact in RDAP
Mario Loffredo <mario.loffredo@iit.cnr.it> Tue, 17 January 2023 14:34 UTC
Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CA23C151555 for <calsify@ietfa.amsl.com>; Tue, 17 Jan 2023 06:34:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OMIQ4mhYpRdk for <calsify@ietfa.amsl.com>; Tue, 17 Jan 2023 06:34:37 -0800 (PST)
Received: from mx5.iit.cnr.it (mx5.iit.cnr.it [146.48.58.12]) by ietfa.amsl.com (Postfix) with ESMTP id 43E4FC14EB17 for <calsify@ietf.org>; Tue, 17 Jan 2023 06:34:36 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx5.iit.cnr.it (Postfix) with ESMTP id 601D5C03B1; Tue, 17 Jan 2023 15:34:34 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mx5.iit.cnr.it
Received: from mx5.iit.cnr.it ([127.0.0.1]) by localhost (mx5.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J2OhsRESFiiU; Tue, 17 Jan 2023 15:34:31 +0100 (CET)
Received: from [192.168.16.66] (sa.nic.it [192.12.193.247]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mx5.iit.cnr.it (Postfix) with ESMTPSA id EEF4AC02EB; Tue, 17 Jan 2023 15:34:30 +0100 (CET)
Content-Type: multipart/alternative; boundary="------------0vW4saOSU4YKNpVBjjTKWfgI"
Message-ID: <ed8cd750-88da-fa1e-a6ff-487590011d77@iit.cnr.it>
Date: Tue, 17 Jan 2023 15:31:14 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.1
To: Robert Stepanek <rsto=40fastmailteam.com@dmarc.ietf.org>, calsify@ietf.org
References: <c0a301d7-92ac-3831-3db5-0f947fafc603@iit.cnr.it> <6660d1f8-29f8-45e1-adfd-08ca960f7666@app.fastmail.com>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
In-Reply-To: <6660d1f8-29f8-45e1-adfd-08ca960f7666@app.fastmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/LiXzCStpqcLIn4a94gZd7Vd3jQY>
Subject: Re: [calsify] JSContact in RDAP
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Calendaring and Scheduling Standards Simplification <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jan 2023 14:34:41 -0000
Hi Robert, Il 17/01/2023 09:59, Robert Stepanek ha scritto: > > On Fri, Jan 13, 2023, at 7:05 PM, Mario Loffredo wrote: >> >> To avoid correlation of contacts associated with domains across RDAP >> domain query responses, the uid property could be redacted by the >> RDAP server. The possible redaction methods are defined in another >> draft currently under discussion at RegExt, namely >> draft-ietf-regext-rdap-redacted >> <https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-redacted/>. >> >> The preferrable redaction method would be the uid removal but, >> unfortunately, it doesn't comply with the mandatory constraint on uid. >> > > I say we need to sort this out to make JSContact work for RDAP, so I > am generally open to all options. But we should first consider if we > can support this specific use case and keep uid mandatory. That being > said, UID also is optional in vCard4 but we want to do away with that > in JSContact. > >> I have proposed some alternatives to work around this issue (e.g. >> using randomly generated UUIDs at every response or setting the uid >> to an empty string since the free-text format is allowed). >> Nevertheless, I must agree that it would be better if the uid >> property was optional in RDAP. >> > > Is the only goal to not allow correlating JSContact objects by uid? If > so, I do not understand why a random uuid4 per request does not > resolve that issue. Or is it also important to signal to the recipient > that the uid property value is redacted? In that case, how about > setting the nil uuid (all bits set to zero)? Thanks for the questions so that I'm able to provide further information about the context of my post. Based on what is described in draft-ietf-regext-rdap-redacted, the RDAP server signals the client about the redacted response fields by including them in the "redacted" array. Each array entry contains information about the method used for redaction. The most suitable methods for uid could be: "redaction by removal", obviously under the assumption that the method is not mandatory, and"redaction by emtpy value", which has been introduced to redact some jCard properties that can't be removed such as the "adr" components and the "fn" property. Since the free-text format is allowed for uid, the latter method could be used but the former is considered better due to the following reasons: - RDAP already makes use of another property, namely the entity handle, to identify a contact. Therefore, to avoid the case of two distinct unrelated identifiers for the same object, it would be advisable that the uid value was related to/derived from the handle value, for example the uid value could include the RDAP entity lookup URL (e.g. https://example.com/rdap/entity/XXXX where "XXXX" is the handle value). But the entity handle value is defined as optional and could be redacted due to the server policy (see the ICANN RDAP response profile for gTLDs). Making the uid property optional could allow the RDAP server to consistently display/redact both the properties . - secondly, the use of a randomly generated UUID as well as a nil UUID would result in defining in the rdap-redacted doc a new redaction method to be likely used just for the uid property (e.g. redaction either by a random value or by a pre-defined value). Another objection against the use of randomly generated UUIDs is that it is expected that an RDAP server always provides the same response values based on the user profile; - last but not the list, making uid optional in RDAP would make RDAP independent on any future change of the uid format. As a sort of mediator between RegExt and CalExt, would like to point out that I'm merely explaining the reasons supporting the RegExt request for making the uid property optional. I'm not advocating a way to proceed. > >> I strongly apologize if I didn't introduce the matter earlier but >> this is the time I'm finalizing rdap-jscontact for the WGLC and only >> now some RegExt members asked me as JSContact co-author for seeking a >> possible way to make uid optional in RDAP. >> > > Better we resolve this now than publish a spec that turns out not to > be useful for other working groups. Totally agreed. > >> For example, would it make sense to state in JSContact spec that the >> mandatory constraint on uid can be overriden when JSContact is used >> within other specifications? >> > > The moment we do that any protocol-independent JSContact parser > implementation will have to support optional uid properties anyway. > Let's try to come up with a solution that fits all our known use cases > first. Cheers, Mario > > _______________________________________________ > calsify mailing list > calsify@ietf.org > https://www.ietf.org/mailman/listinfo/calsify -- Dott. Mario Loffredo Technological Unit “Digital Innovation” Institute of Informatics and Telematics (IIT) National Research Council (CNR) via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Web:http://www.iit.cnr.it/mario.loffredo
- [calsify] JSContact in RDAP Mario Loffredo
- Re: [calsify] JSContact in RDAP Robert Stepanek
- Re: [calsify] JSContact in RDAP Mario Loffredo
- Re: [calsify] JSContact in RDAP Robert Stepanek
- Re: [calsify] JSContact in RDAP Doug Royer
- Re: [calsify] JSContact in RDAP Robert Stepanek