Re: [Ecrit] planned-changes: two questions
Randall Gellens <rg+ietf@randy.pensive.org> Mon, 13 September 2021 22:12 UTC
Return-Path: <rg+ietf@randy.pensive.org>
X-Original-To: ecrit@ietfa.amsl.com
Delivered-To: ecrit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BA463A1356 for <ecrit@ietfa.amsl.com>; Mon, 13 Sep 2021 15:12:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.789
X-Spam-Level:
X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, T_FORGED_RELAY_MUA_TO_MX=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qFYRmEgrmcZZ for <ecrit@ietfa.amsl.com>; Mon, 13 Sep 2021 15:12:43 -0700 (PDT)
Received: from turing.pensive.org (turing.pensive.org [99.111.97.161]) by ietfa.amsl.com (Postfix) with ESMTP id D436F3A1352 for <ecrit@ietf.org>; Mon, 13 Sep 2021 15:12:42 -0700 (PDT)
Received: from [99.111.97.181] (99.111.97.161) by turing.pensive.org with ESMTP (EIMS X 3.3.9); Mon, 13 Sep 2021 15:12:42 -0700
From: Randall Gellens <rg+ietf@randy.pensive.org>
To: Brian Rosen <br@brianrosen.net>
Cc: Jeff Martin <Jeff.Martin@comtechtel.com>, Dan Banks <dbanks=40ddti.net@dmarc.ietf.org>, ecrit@ietf.org
Date: Mon, 13 Sep 2021 15:12:41 -0700
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <AF1EFC94-0BAB-41B8-BC6D-D5923B450AC4@randy.pensive.org>
In-Reply-To: <8696CD3E-46AF-43C7-82E5-D71FEB073918@brianrosen.net>
References: <A0FC259C-DF34-4496-9013-422006278DA6@randy.pensive.org> <FB2A33E8-E146-404B-B150-1496C40510EF@brianrosen.net> <5577e2e6daa4405bbe12ef61675e1f55@bell.ca> <DE195D79-5A01-48EE-95CA-6C4B82E0886D@brianrosen.net> <e6e17f501711441188119cdfbe384d3d@bell.ca> <3AD58DEC-1DC9-4BC0-B55C-4E782E4AAA74@brianrosen.net> <E20342E7-2EFB-4479-96C2-85B4B7E16989@randy.pensive.org> <A7D59E8E-A014-4CC8-A0FF-5F58E81C6D4A@brianrosen.net> <2b4abbef37be4131a87471af75b6e7da@bell.ca> <CF2E8EDC-B38D-4742-B317-F3CE3E831578@brianrosen.net> <f82108f590674341a22da9c2e4c649e0@bell.ca> <7C4F6B87-C480-4963-B582-7639A9A1B029@brianrosen.net> <89a34416a9224a3bbccb520408283373@bell.ca> <D3AA7F51-01F4-4ED6-BFC3-2B3BF5AB1536@brianrosen.net> <DA890A1B-E22F-4EBB-B312-53A6C5BCD7B9@randy.pensive.org> <3441984B-D273-48FC-BCF1-AACB4AFCA2BF@brianrosen.net> <E31A5619-0FC6-45FD-8541-644C269AE5EC@randy.pensive.org> <83D1AC98-BE13-4BB7-AAC0-D9D60719D0F6@brianrosen.net> <4aa79e0c61394f588c61badeb779de16@bell.ca> <CO6PR09MB8600D17E58AECCC9E80C20889FD59@CO6PR09MB8600.namprd09.prod.outlook.com> <DM5PR1701MB181841BF7E917A62D89BACD0A7D69@DM5PR1701MB1818.namprd17.prod.outlook.com> <9953AB0C-E4C8-4395-8014-9F8E7A5FD949@brianrosen.net> <CO6PR09MB860009C5324D1380484280719FD69@CO6PR09MB8600.namprd09.prod.outlook.com> <3F2B5D84-9B76-483B-A1FA-467CD26C5BA3@brianrosen.net> <ADFD1EA2-6114-40A1-A4A5-6B2F379B148D@randy.pensive.org> <8696CD3E-46AF-43C7-82E5-D71FEB073918@brianrosen.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_4AAF03D7-41D4-47BE-9A4F-DB4652A13FF0_="
Embedded-HTML: [{"HTML":[826, 69074], "plain":[495, 22965], "uuid":"C73DEAEC-5477-48DF-B81E-E022C441062B"}]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ecrit/8cGlwwm9wKnOEQ_aB4bf0HupENc>
Subject: Re: [Ecrit] planned-changes: two questions
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Emergency Context Resolution with Internet Technologies <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ecrit/>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Sep 2021 22:12:50 -0000
Fitting his concept into the draft leads us to retain the concept of the server returning an ID with a query result; the change is that instead of a notification URI we have a new query. I suppose this new query (e.g., "plannedChangesRequest") could either return a list of all IDs potentially invalidated with an "asOf" date, or the query could contain a set of IDs and the response can indicate the "asOf" date for each queried ID. --Randall On 13 Sep 2021, at 14:45, Brian Rosen wrote: > Well, since there is no planned changes, it’s suggested that LISs > revalidate periodically. I think 30 days is the suggested frequency. > A user configured address is validated when they enter it. That > doesn’t work well now, but newer systems using LoST will make that > immediate. The systems usually don’t allow an invalid location to > be configured. I never thought that was a good idea, but that’s > what I’ve seen. They don’t initiate service, or keep the old > address until it’s validated. > > Yes. I think you have described Dan’s proposal correctly. He > didn’t have IDs, the system delivers addresses and AsOf dates. He > had the notion of a partial civic address, which may make the change > list much smaller. > > Brian > >> On Sep 13, 2021, at 5:27 PM, Randall Gellens >> <rg+ietf@randy.pensive.org> wrote: >> >> Do LISs frequently revalidate addresses? An address that's user >> configured is likely to be wrong (not where the user is at the time >> of a call) but still valid. >> >> If I understand Dan's suggestion and how it would fit into the draft, >> the LoST server returns an ID in the response, as in the current >> draft, but instead of the client providing a URI which the server >> stores and later sends a POST to, we define a new LoST query (e.g., >> "plannedChangesRequest"), and in the response to that, the server >> includes sets of IDs and "asOf" dates. Is that it? >> >> --Randall >> >> On 13 Sep 2021, at 5:30, Brian Rosen wrote: >> >> The kind of thing I’ve seen many times is an annexation. It’s >> announced months, sometimes years in advance. While there are clear >> boundaries, they very often don’t match postal boundaries or the >> existing “unincorporated community name”, A4. It takes weeks to >> months of prep to figure out which entries will change and which stay >> the same. Of course a good reason it takes that long is that at >> present, there is nothing like LoST Planned Changes, so it’s got a >> whole lot of manual work. I am aware that sometimes, things really >> do change where you don’t find out more than 24 hours ahead. >> Usually, that’s poor planning, rather than an actual short fuse >> change, but it happens, and has to be dealt with. >> >> Just polling is a really poor answer IMO, because you have to >> revalidate the entire dataset to find the entries that changed. >> I’ve built many systems with TTL where the TTL was gradually >> reduced around a change so that the entries that changed had short >> TTLs and the entries that didn’t had longer ones. That only works >> if you know far enough in advance that a change is coming. That’s >> generally true for the events that planned-changes is designed for, >> but not always. If your norm is 90 day TTL, and something comes up >> where you find out 30 or 60 days in advance, then that idea won’t >> work. >> >> Dan’s system fixes that, by having a poll for changes. He >> publishes a list of entries that will change. That can be polled >> frequently, because it’s small. If I understand the “partial >> civic” idea, it can often be very small. >> >> I still prefer push, because it actually fits the problem: the server >> wants to tell the client that something is changing. But I’m >> willing to do what Dan suggests. It’s not my favorite, but it will >> work. Just using TTL won’t, in my opinion. Either you have to do >> way too frequent full revalidations, or you miss events. >> >> I’ve never liked the fact that LoST servers have 99.99% of >> transactions that are mostly worthless - revalidations of things that >> didn’t change. >> >> But as editor, I will write up whatever the work group consensus is. >> >> Brian >> >>> On Sep 10, 2021, at 4:11 PM, Jeff Martin <Jeff.Martin@comtechtel.com >>> <mailto:Jeff.Martin@comtechtel.com>> wrote: >>> >>> Brian wrote: >>>> [the client] not knowing well in advance [of a server change] is, I >>>> think, unacceptable >>> >>> In my outlined suggestion, I ended with: >>> The data in the [server] issued set could be further extended to >>> convey upcoming potential impacts to ids that have not yet been >>> impacted. >>> >>> The server's issued set(s) could contain 'invalidAsOf' indicators >>> with the locationIds, similar to the draft's server-pushed >>> <locationInvalidated invalidAsOf="..." ...>. So if a server knows >>> "well in advance", say 24 hours, as long as the clients pull within >>> 24 hours the clients would also know well in advance. My outlined >>> suggestion also includes server-provided TTL in server responses to >>> give hints to clients about polling frequency. >>> >>> Balancing the tradeoffs of polling vs uri+push requires answering >>> this question: What will be the typical and/or exceptional >>> lead-times for servers operators to know about upcoming changes? >>> >>> If it's common that server operators themselves often identify >>> changes with less than one-hour notice, then the complexity of >>> client-registered-uri with server-push is more justified. >>> >>> But if it's common that server operators usually identify changes >>> with one day or more notice, and one-hour notice is very uncommon, >>> then the simplicity of polling is more justified. >>> >>> IMO based on experience at my company, days of lead time (not hours) >>> is typical for server operators dealing with "planned changes" that >>> affect validity. So the simplicity of polling with responses that >>> include 'invalidAsOf' is better than the complexity of uri+push, >>> whose benefits would rarely be realized in an environment dominated >>> by days of lead time. >>> >>> /Jeff/ >>> >>> >>> From: Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>> Sent: Friday, September 10, 2021 10:30 AM >>> To: Dan Banks <dbanks=40ddti.net@dmarc.ietf.org >>> <mailto:dbanks=40ddti.net@dmarc.ietf.org>> >>> Cc: Jeff Martin <jeff.martin@comtechtel.com >>> <mailto:jeff.martin@comtechtel.com>>; ecrit@ietf.org >>> <mailto:ecrit@ietf.org> >>> Subject: Re: [Ecrit] planned-changes: two questions >>> >>> >>> Minutes? >>> >>> So the clients of this service poll for changes every few minutes? >>> >>> What is a “partial civic address”? Example? Something like an >>> A1/A2/A4 but no street name/number, meaning any address in this >>> unincorporated community name? >>> >>> ISTM that a planned change quite often can’t be fixed in a way >>> that code could do it. So, we still need to advertise the change >>> well in advance of the change, and have the ability to do the AsOf >>> validation. Changing the way the client discovers that a change is >>> coming is one thing, not knowing well in advance is, I think, >>> unacceptable. >>> >>> Brian >>> >>> >>> >>> >>> >>> ___________________________________________________________________ >>> On Sep 10, 2021, at 12:13 PM, Dan Banks >>> <dbanks=40ddti.net@dmarc.ietf.org >>> <mailto:dbanks=40ddti.net@dmarc.ietf.org>> wrote: >>> >>> I am opposed to asking LoST servers to store URIs as well. I >>> believe it significantly overcomplicates the solution and is the >>> biggest reason why I have not supported the planned changes draft. >>> >>> Several years ago we implemented a mechanism to allow a LIS to know >>> that it needs to revalidate. Roughly described, that mechanism >>> consists of a web API that can be queried for changes after a >>> particular time. The response is a summary of changes in terms of >>> partial civic addresses that allow the LIS to identify records that >>> are likely to be affected, or possibly that there have been so many >>> changes that a full revalidation is recommended. We’ve made the >>> API discoverable via U-NAPTR using the same app string as a given >>> LoST server. >>> >>> Yes, the LIS has to poll the various LoST servers and ask if there >>> have been any changes. That is a cheap operation to implement, and >>> the practical difference between knowing the very instant a change >>> is published versus finding out within a few minutes is not >>> significant in any way. >>> >>> Dan >>> >>> From: Ecrit <ecrit-bounces@ietf.org <mailto:ecrit-bounces@ietf.org>> >>> On Behalf Of Jeff Martin >>> Sent: Thursday, September 9, 2021 4:09 PM >>> To: ecrit@ietf.org <mailto:ecrit@ietf.org> >>> Subject: Re: [Ecrit] planned-changes: two questions >>> >>> Asking a server to store and later user a client-provided uri opens >>> the door for abuse by malicious actors. Which got me to thinking, >>> what if we removed the client-provided uri entirely? If no uris >>> then no risk of abuse. >>> >>> Keep the new optional <plannedChange asOf="..."> but without 'uri' >>> in the client's <findServiceRequest>. Keep the new optional <ttl> >>> in the server's <findServiceResponse> as a hint to clients that may >>> want to initiate revalidation from the client side. Keep the new >>> optional server "unique location ID" in the server response as >>> discussed on this list (but not yet in published draft), which the >>> client could choose to associate with the client's internal records. >>> >>> The server periodically (server policy) issues a set of "potentially >>> impacted" ids, where "potentially impacted" has already been >>> discussed on this list. Each set includes: the ids that have been >>> "potentially impacted" since the previous set was issued; the >>> time-range covered; and a TTL hint on how long until the server is >>> likely to issue the next list. The server keeps the sets going back >>> some interval defined by server policy. >>> >>> Client sends a "discovery" query to server, where server response >>> is: the url(s) of the most recent and past set(s); and a TTL hint on >>> how long until next list likely to be released. Client then queries >>> any of these urls, and server responds with the set that includes: >>> the ids that have been "potentially impacted" since the previous set >>> was issued; the time-range covered; and a TTL hint on how long until >>> the server is likely to issue the next list. >>> >>> For clients that want to be highly proactive for changes, the client >>> can store the "unique location id" from <findServiceResponse> and >>> associate to the client's internal records. The client then >>> periodically queries the server for the set(s) of impacted IDs, and >>> client gets a copy of each set. The client uses these sets of >>> impacted ids from the servers list to check the clients internal >>> records, and client can then revalidate those. >>> >>> No more client-provided uris entirely removing the possibility of >>> abuse by malicious actors. >>> >>> The data in the issued set could be further extended to convey >>> upcoming potential impacts to ids that have not yet been impacted. >>> >>> >>> /Jeff/ >>> >>> From: Ecrit <ecrit-bounces@ietf.org <mailto:ecrit-bounces@ietf.org>> >>> On Behalf Of Caron, Guy >>> Sent: Thursday, September 9, 2021 7:52 AM >>> To: Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>>; >>> Randall Gellens <rg+ietf@randy.pensive.org >>> <mailto:rg+ietf@randy.pensive.org>> >>> Cc: ECRIT <ecrit@ietf.org <mailto:ecrit@ietf.org>> >>> Subject: Re: [Ecrit] planned-changes: two questions >>> >>> I’m aligned with Brian on the proposal to embed a reverse HTTP >>> transaction within an existing one. I think this is asking for >>> trouble. >>> >>> Guy >>> >>> De : Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>> Envoyé : 8 septembre 2021 19:32 >>> À : Randall Gellens <rg+ietf@randy.pensive.org >>> <mailto:rg+ietf@randy.pensive.org>> >>> Cc : Caron, Guy <g.caron@bell.ca <mailto:g.caron@bell.ca>>; ECRIT >>> <ecrit@ietf.org <mailto:ecrit@ietf.org>> >>> Objet : [EXT]Re: [Ecrit] planned-changes: two questions >>> >>> Inline. I think we need other opinions. Certainly, we don’t have >>> rough consensus. >>> >>> >>> >>> ________________________________________________________ >>> On Sep 8, 2021, at 5:45 PM, Randall Gellens >>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>> wrote: >>> >>> Why is a subsequent transaction better than a parallel one? The >>> subsequent transaction model delays knowledge of the state. >>> If the client doesn't see an immediate POST, it doesn't know if >>> there's been an error or not. >>> Yes it does. If it doesn’t see an immediate POST, then there was >>> a problem and it has to try again. >>> >>> If the client sees a POST and sends an ID, it doesn't know if the >>> server received it and stored the URI. >>> Technically true, but vanishingly small issue. You had a complete >>> HTTPS transaction, but somehow the client isn’t sure the server >>> got the ID. >>> >>> If the server tries a POST but gets an error, it may retry but >>> meanwhile the client may retry the query, since it didn't get a >>> POST. >>> That's always going to be something the server has to deal with: >>> re-enrollment of the URI. The client gets a normal response, and >>> that tells it the URI was accepted. >>> >>> Should a client retain IDs if it hasn't seen a POST? >>> No, lack of POST means URI is not enrolled >>> >>> Also, requiring that the client send an ID seems like it may >>> constrain client architectures since any part of the client system >>> that receives a POST must know which IDs are pending. >>> I don’t agree. This is a pretty normal “I send you a magic >>> number and you have to return it to me” thing. There are no >>> “pending IDs”. This is the first ID, so you need to return it, >>> and only it, but it’s the only ID the client has at this point. >>> >>> What is the objection to a parallel POST? >>> I was taught that you don’t embed an HTTP transaction in another >>> with the same partner because things go wrong with timeouts and >>> logic. It’s not a parallel POST, it’s an HTTPS transaction one >>> way that encloses another HTTPS transaction the other way. You are >>> dependent on the inner one completing before the outer one times out >>> or has some other issue. I just think that’s dangerous. I will >>> admit that I was taught this quite a long time ago (before HTTPS for >>> sure) and things could have changed, but I can’t recall an API >>> that does that. Also note that keep alive works exactly the same >>> way as the initial POST. In your proposal, those are different. >>> That’s not much, but it’s some code. The “test” transaction >>> tells you that the mechanism works and your URI is being retained, >>> whether that happens the first time, or a year later. >>> >>> --Randall >>> On 8 Sep 2021, at 14:22, Brian Rosen wrote: >>> I don’t think there is any fragility in the URI setup. For a new >>> URI, the client requests the server to keep it in a findService. >>> That transaction concludes by sending an ID. The server immediately >>> sends the test notification, to which the client responds with the >>> ID. At that point both sides know the URI was accepted and the >>> client is valid. That may be repeated periodically so both sides >>> know the other is happy with the arrangements. If the client >>> doesn’t get the test notification, it knows the URI isn’t >>> accepted. If the server doesn’t see the ID, it’s knows that was >>> a bogus request, or there is some other problem, and it shouldn’t >>> save the URI. >>> >>> I proposed a null ID as the test transaction flag. That would be a >>> piece of XML with the right namespace, the right element name, but >>> no value. I think that is adequate and meets Guy’s minimal >>> mechanism criteria. The same XML is always sent. It either has a >>> set of IDs or it’s empty. >>> >>> Brian >>> >>> >>> On Sep 8, 2021, at 5:11 PM, Randall Gellens >>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>> wrote: >>> >>> The proposed mechanism seems fragile. A client has no way to know if >>> its request to store a URI was accepted. That makes it hard to >>> debug. If there are errors of any kind when the server initially >>> verifies a URI, the client has no idea. Even if the client repeats >>> the transaction, the server will silently discard the URI. To me, >>> that's asking for problems. >>> In my proposal, when the client requests to be notified and provides >>> a URI, the server immediately does a parallel POST to that URI. If >>> it gets a 202 Accepted response to the POST (or we can choose a >>> different value), it stores the URI and returns the query result. If >>> it gets a different response, it does not store the URI and returns >>> the query result with a uriNotStored warning. If a client is trying >>> to get the server to launch an attack on a third party entity, that >>> entity will likely not support the URI in the first place, or will >>> likely return an error response. If you want additional >>> verification, have the server include the queried location in its >>> test POST. That way, if the client maliciously sent a URI of a third >>> party LIS, that LIS will know it does not have a query with that >>> location outstanding. >>> Doing a parallel POST from the server to the client is one small >>> transaction; this mechanism provides immediate feedback to both >>> client and server. If there are DNS failures or network congestion >>> or whatever, the server returns uriNotStored and the client can try >>> again later. >>> As for multiple IDs in a single notification POST, having the client >>> specify in the initial request the maximum it is prepared to accept >>> seems reasonable. We can require that clients support a minimum >>> number. If a server has more than the maximum, it sends them in >>> multiple POSTs, with whatever separation in time it chooses. A >>> server can include fewer IDs in a POST than the client's maximum. >>> We can have a 'test' notification value that is used both for the >>> initial verification test and for periodic keep-alive tests. >>> --Randall >>> On 8 Sep 2021, at 12:17, Brian Rosen wrote: >>> Okay, I think the three of us are converging, Here is a restatement >>> of your description: >>> 1) In a validation query, a Client can request to be notified when >>> the proffered LI should be revalidated, and provides a URI to send >>> the notifications to; >>> 2) In the validation response, the Server provides an ID that the >>> Client associates with the LI it just validated. The server may >>> silently ignore repeated requests to store a URI where the test in 4 >>> below fails. >>> 3) Immediately thereafter, if the URI is new to the Server, the >>> Server sends a ‘test’ notification to the URI, with an empty ID. >>> 4) The recipient at the URI is expected to respond with the ID >>> provided in step 2. If it does, the Server stores the URI for future >>> notifications. If it does not, the server ignores the request to >>> store the URI. >>> 5) Some time after, the Server notifies the Client of an upcoming >>> planned change by sending a notification to the successfully tested >>> URI with the location ID; >>> 6) The client revalidates each LI in its database that matches the >>> ID as of the date of the planned change. If no ID matches, it is a >>> no-op at the Client. Revalidations may also result in no-op at the >>> Client. >>> 7) LIs at the Client that are invalidated by the planned change are >>> modified in its database to be valid (which probably mean another >>> revalidation cycle) with an effective date set to <revalidateAsoF> >>> value. >>> 8) The Server may send ’test’ notifications to the URI without >>> any ID as a form of “keep-alive”. Any ID provided by the Server >>> to the client may be used as the response to the test transaction >>> >>> >>> There has been a discussion of sending more than one ID in a >>> transaction. I think that is a decent idea, but I worry about how >>> big that could be. Either we put a hard limit in the text or have >>> something in the response to the test transaction that specifies a >>> size limit for that client. >>> >>> Brian >>> >>> >>> On Sep 7, 2021, at 8:31 PM, Caron, Guy <g.caron@bell.ca >>> <mailto:g.caron@bell.ca>> wrote: >>> >>> 1) In a validation query, a Client can request to be notified when >>> the proffered LI should be revalidated, and provides a URI to send >>> the notifications to; >>> 2) In the validation response, the Server provides an ID that the >>> Client associates with the LI it just validated; >>> 3) Immediately thereafter, the Server sends a ‘test’ >>> notification to the URI, without any ID;\ >>> [br[For every new ID? Or just once? I wanted this to be a one time >>> registration. >>> [GC] Just once per offered URI. >>> >>> >>> 4) The recipient at the URI is expected to respond with the ID >>> provided in step 2. If it does, the Server stores the URI for future >>> notifications. If it does not, the Server [let’s pick one: reject >>> silently the URI and block the Client permanently/provides a >>> ‘uriNotStored’ warning response to the URI {not compatible with >>> the current proposal to test outside of LoST}/reject silently the >>> URI and block the Client temporarily/other?]; >>> [br]I don’t think an explicit failure is a problem. The LoST >>> server can limit retries if it needs to. >>> [GC] Ok for HTTP failures but what I’m talking about is when it >>> fails to return the ID, like in your DoS example. >>> >>> >>> >>> 5) Some time after, the Server notifies the Client of an upcoming >>> planned change by sending a notification to the successfully tested >>> URI with the location ID; >>> 6) The client revalidates each LI in its database that matches the >>> ID as of the date of the planned change. If no ID matches, it is a >>> no-op at the Client. Revalidations may also result in no-op at the >>> Client. >>> 7) LIs at the Client that are invalidated by the planned change are >>> modified in its database to be valid (which probably mean another >>> revalidation cycle) with an effective date set to <revalidateAsoF> >>> value. >>> [br]I wanted periodic keep alives. How would that work? >>> [GC] You mean at step 3? As I mentioned below, I was wondering about >>> the necessity for periodic tests. If the group is convinced it is >>> needed, the Server can simply redo step 3 and the Client can respond >>> with one or many IDs it has from that Server. >>> >>> >>> NOTICE TO RECIPIENT: This email, including attachments, may contain >>> information which is confidential, proprietary, attorney-client >>> privileged and / or controlled under U.S. export laws and >>> regulations and may be restricted from disclosure by applicable >>> State and Federal law. Nothing in this email shall create any legal >>> binding agreement between the parties unless expressly stated herein >>> and provided by an authorized representative of Comtech >>> Telecommunications Corp. or its subsidiaries. If you are not the >>> intended recipient of this message, be advised that any >>> dissemination, distribution, or use of the contents of this message >>> is strictly prohibited. If you received this message in error, >>> please notify us immediately by return email and permanently delete >>> all copies of the original email and any attached documentation from >>> any computer or other media. >>> _______________________________________________ >>> Ecrit mailing list >>> Ecrit@ietf.org <mailto:Ecrit@ietf.org> >>> https://www.ietf.org/mailman/listinfo/ecrit >>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fecrit&data=04%7C01%7Cjeff.martin%40comtechtel.com%7Cb6354e9963b1469a1a1808d9747845af%7Ca9a26e696ae040c1bd801ca6cc677828%7C0%7C0%7C637668882191609050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NDkyikK2aPrzaE826qPjFrrlsn1WtrgpqjKx3KBKnQQ%3D&reserved=0> >> _______________________________________________ >> Ecrit mailing list >> Ecrit@ietf.org >> https://www.ietf.org/mailman/listinfo/ecrit >> <https://www.ietf.org/mailman/listinfo/ecrit>
- [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- [Ecrit] PLEASE READ: We need people to comment on… Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- [Ecrit] Fwd: PLEASE READ: We need people to comme… James Kinney
- Re: [Ecrit] planned-changes: two questions Jeff Martin
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brandon Abley
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Dan Banks
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Jeff Martin
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen