Re: [Ecrit] planned-changes: two questions
Randall Gellens <rg+ietf@randy.pensive.org> Tue, 14 September 2021 16:57 UTC
Return-Path: <rg+ietf@randy.pensive.org>
X-Original-To: ecrit@ietfa.amsl.com
Delivered-To: ecrit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92C353A25F4 for <ecrit@ietfa.amsl.com>; Tue, 14 Sep 2021 09:57:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.789
X-Spam-Level:
X-Spam-Status: No, score=-1.789 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, T_FORGED_RELAY_MUA_TO_MX=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wY41AYmZgp9Z for <ecrit@ietfa.amsl.com>; Tue, 14 Sep 2021 09:57:27 -0700 (PDT)
Received: from turing.pensive.org (turing.pensive.org [99.111.97.161]) by ietfa.amsl.com (Postfix) with ESMTP id EC1B53A25D9 for <ecrit@ietf.org>; Tue, 14 Sep 2021 09:57:26 -0700 (PDT)
Received: from [99.111.97.181] (99.111.97.161) by turing.pensive.org with ESMTP (EIMS X 3.3.9); Tue, 14 Sep 2021 09:57:26 -0700
From: Randall Gellens <rg+ietf@randy.pensive.org>
To: Brian Rosen <br@brianrosen.net>
Cc: Jeff Martin <Jeff.Martin@comtechtel.com>, Dan Banks <dbanks=40ddti.net@dmarc.ietf.org>, ecrit@ietf.org
Date: Tue, 14 Sep 2021 09:57:25 -0700
X-Mailer: MailMate (1.13.2r5673)
Message-ID: <D9737F56-57F2-4AF3-A06A-50CBDC533D6D@randy.pensive.org>
In-Reply-To: <A892C21A-8D63-459A-A976-0FCC4E2A1198@brianrosen.net>
References: <A0FC259C-DF34-4496-9013-422006278DA6@randy.pensive.org> <FB2A33E8-E146-404B-B150-1496C40510EF@brianrosen.net> <5577e2e6daa4405bbe12ef61675e1f55@bell.ca> <DE195D79-5A01-48EE-95CA-6C4B82E0886D@brianrosen.net> <e6e17f501711441188119cdfbe384d3d@bell.ca> <3AD58DEC-1DC9-4BC0-B55C-4E782E4AAA74@brianrosen.net> <E20342E7-2EFB-4479-96C2-85B4B7E16989@randy.pensive.org> <A7D59E8E-A014-4CC8-A0FF-5F58E81C6D4A@brianrosen.net> <2b4abbef37be4131a87471af75b6e7da@bell.ca> <CF2E8EDC-B38D-4742-B317-F3CE3E831578@brianrosen.net> <f82108f590674341a22da9c2e4c649e0@bell.ca> <7C4F6B87-C480-4963-B582-7639A9A1B029@brianrosen.net> <89a34416a9224a3bbccb520408283373@bell.ca> <D3AA7F51-01F4-4ED6-BFC3-2B3BF5AB1536@brianrosen.net> <DA890A1B-E22F-4EBB-B312-53A6C5BCD7B9@randy.pensive.org> <3441984B-D273-48FC-BCF1-AACB4AFCA2BF@brianrosen.net> <E31A5619-0FC6-45FD-8541-644C269AE5EC@randy.pensive.org> <83D1AC98-BE13-4BB7-AAC0-D9D60719D0F6@brianrosen.net> <4aa79e0c61394f588c61badeb779de16@bell.ca> <CO6PR09MB8600D17E58AECCC9E80C20889FD59@CO6PR09MB8600.namprd09.prod.outlook.com> <DM5PR1701MB181841BF7E917A62D89BACD0A7D69@DM5PR1701MB1818.namprd17.prod.outlook.com> <9953AB0C-E4C8-4395-8014-9F8E7A5FD949@brianrosen.net> <CO6PR09MB860009C5324D1380484280719FD69@CO6PR09MB8600.namprd09.prod.outlook.com> <3F2B5D84-9B76-483B-A1FA-467CD26C5BA3@brianrosen.net> <ADFD1EA2-6114-40A1-A4A5-6B2F379B148D@randy.pensive.org> <8696CD3E-46AF-43C7-82E5-D71FEB073918@brianrosen.net> <AF1EFC94-0BAB-41B8-BC6D-D5923B450AC4@randy.pensive.org> <A892C21A-8D63-459A-A976-0FCC4E2A1198@brianrosen.net>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_423F2850-A7B9-42BA-A410-E7CA48EED008_="
Embedded-HTML: [{"HTML":[736, 70699], "plain":[405, 23907], "uuid":"E74C7F49-F389-4652-9C99-1A43B95ED2D6"}]
Archived-At: <https://mailarchive.ietf.org/arch/msg/ecrit/YJEPTslo5Fipu7lApE0EmjpWI8k>
X-Mailman-Approved-At: Tue, 14 Sep 2021 11:09:09 -0700
Subject: Re: [Ecrit] planned-changes: two questions
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Emergency Context Resolution with Internet Technologies <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ecrit/>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Sep 2021 16:57:46 -0000
I wasn't clear that Dan was making a specific proposal; I interpreted his description as what he implemented. As I understand, he uses a separate API (not LoST) that returns partial civic addresses. What I described is how I would fit what he did into what the draft does now, specifically, a new LoST query instead of a non-LoST API, and IDs. --Randall On 14 Sep 2021, at 5:28, Brian Rosen wrote: > Dan’s proposal doesn’t use IDs. He returns partial civic > addresses. > >> On Sep 13, 2021, at 6:12 PM, Randall Gellens >> <rg+ietf@randy.pensive.org> wrote: >> >> Fitting his concept into the draft leads us to retain the concept of >> the server returning an ID with a query result; the change is that >> instead of a notification URI we have a new query. I suppose this new >> query (e.g., "plannedChangesRequest") could either return a list of >> all IDs potentially invalidated with an "asOf" date, or the query >> could contain a set of IDs and the response can indicate the "asOf" >> date for each queried ID. >> >> --Randall >> >> On 13 Sep 2021, at 14:45, Brian Rosen wrote: >> >> Well, since there is no planned changes, it’s suggested that LISs >> revalidate periodically. I think 30 days is the suggested frequency. >> A user configured address is validated when they enter it. That >> doesn’t work well now, but newer systems using LoST will make that >> immediate. The systems usually don’t allow an invalid location to >> be configured. I never thought that was a good idea, but that’s >> what I’ve seen. They don’t initiate service, or keep the old >> address until it’s validated. >> >> Yes. I think you have described Dan’s proposal correctly. He >> didn’t have IDs, the system delivers addresses and AsOf dates. He >> had the notion of a partial civic address, which may make the change >> list much smaller. >> >> Brian >> >>> On Sep 13, 2021, at 5:27 PM, Randall Gellens >>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>> wrote: >>> >>> Do LISs frequently revalidate addresses? An address that's user >>> configured is likely to be wrong (not where the user is at the time >>> of a call) but still valid. >>> >>> If I understand Dan's suggestion and how it would fit into the >>> draft, the LoST server returns an ID in the response, as in the >>> current draft, but instead of the client providing a URI which the >>> server stores and later sends a POST to, we define a new LoST query >>> (e.g., "plannedChangesRequest"), and in the response to that, the >>> server includes sets of IDs and "asOf" dates. Is that it? >>> >>> --Randall >>> >>> On 13 Sep 2021, at 5:30, Brian Rosen wrote: >>> >>> The kind of thing I’ve seen many times is an annexation. It’s >>> announced months, sometimes years in advance. While there are clear >>> boundaries, they very often don’t match postal boundaries or the >>> existing “unincorporated community name”, A4. It takes weeks to >>> months of prep to figure out which entries will change and which >>> stay the same. Of course a good reason it takes that long is that >>> at present, there is nothing like LoST Planned Changes, so it’s >>> got a whole lot of manual work. I am aware that sometimes, things >>> really do change where you don’t find out more than 24 hours >>> ahead. Usually, that’s poor planning, rather than an actual short >>> fuse change, but it happens, and has to be dealt with. >>> >>> Just polling is a really poor answer IMO, because you have to >>> revalidate the entire dataset to find the entries that changed. >>> I’ve built many systems with TTL where the TTL was gradually >>> reduced around a change so that the entries that changed had short >>> TTLs and the entries that didn’t had longer ones. That only works >>> if you know far enough in advance that a change is coming. That’s >>> generally true for the events that planned-changes is designed for, >>> but not always. If your norm is 90 day TTL, and something comes up >>> where you find out 30 or 60 days in advance, then that idea won’t >>> work. >>> >>> Dan’s system fixes that, by having a poll for changes. He >>> publishes a list of entries that will change. That can be polled >>> frequently, because it’s small. If I understand the “partial >>> civic” idea, it can often be very small. >>> >>> I still prefer push, because it actually fits the problem: the >>> server wants to tell the client that something is changing. But >>> I’m willing to do what Dan suggests. It’s not my favorite, but >>> it will work. Just using TTL won’t, in my opinion. Either you >>> have to do way too frequent full revalidations, or you miss events. >>> >>> I’ve never liked the fact that LoST servers have 99.99% of >>> transactions that are mostly worthless - revalidations of things >>> that didn’t change. >>> >>> But as editor, I will write up whatever the work group consensus is. >>> >>> Brian >>> >>>> On Sep 10, 2021, at 4:11 PM, Jeff Martin >>>> <Jeff.Martin@comtechtel.com <mailto:Jeff.Martin@comtechtel.com>> >>>> wrote: >>>> >>>> Brian wrote: >>>>> [the client] not knowing well in advance [of a server change] is, >>>>> I think, unacceptable >>>> >>>> In my outlined suggestion, I ended with: >>>> The data in the [server] issued set could be further extended to >>>> convey upcoming potential impacts to ids that have not yet been >>>> impacted. >>>> >>>> The server's issued set(s) could contain 'invalidAsOf' indicators >>>> with the locationIds, similar to the draft's server-pushed >>>> <locationInvalidated invalidAsOf="..." ...>. So if a server knows >>>> "well in advance", say 24 hours, as long as the clients pull within >>>> 24 hours the clients would also know well in advance. My outlined >>>> suggestion also includes server-provided TTL in server responses to >>>> give hints to clients about polling frequency. >>>> >>>> Balancing the tradeoffs of polling vs uri+push requires answering >>>> this question: What will be the typical and/or exceptional >>>> lead-times for servers operators to know about upcoming changes? >>>> >>>> If it's common that server operators themselves often identify >>>> changes with less than one-hour notice, then the complexity of >>>> client-registered-uri with server-push is more justified. >>>> >>>> But if it's common that server operators usually identify changes >>>> with one day or more notice, and one-hour notice is very uncommon, >>>> then the simplicity of polling is more justified. >>>> >>>> IMO based on experience at my company, days of lead time (not >>>> hours) is typical for server operators dealing with "planned >>>> changes" that affect validity. So the simplicity of polling with >>>> responses that include 'invalidAsOf' is better than the complexity >>>> of uri+push, whose benefits would rarely be realized in an >>>> environment dominated by days of lead time. >>>> >>>> /Jeff/ >>>> >>>> >>>> From: Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>>> Sent: Friday, September 10, 2021 10:30 AM >>>> To: Dan Banks <dbanks=40ddti.net@dmarc.ietf.org >>>> <mailto:dbanks=40ddti.net@dmarc.ietf.org>> >>>> Cc: Jeff Martin <jeff.martin@comtechtel.com >>>> <mailto:jeff.martin@comtechtel.com>>; ecrit@ietf.org >>>> <mailto:ecrit@ietf.org> >>>> Subject: Re: [Ecrit] planned-changes: two questions >>>> >>>> >>>> Minutes? >>>> >>>> So the clients of this service poll for changes every few minutes? >>>> >>>> What is a “partial civic address”? Example? Something like an >>>> A1/A2/A4 but no street name/number, meaning any address in this >>>> unincorporated community name? >>>> >>>> ISTM that a planned change quite often can’t be fixed in a way >>>> that code could do it. So, we still need to advertise the change >>>> well in advance of the change, and have the ability to do the AsOf >>>> validation. Changing the way the client discovers that a change is >>>> coming is one thing, not knowing well in advance is, I think, >>>> unacceptable. >>>> >>>> Brian >>>> >>>> >>>> >>>> >>>> >>>> ___________________________________________________________________ >>>> On Sep 10, 2021, at 12:13 PM, Dan Banks >>>> <dbanks=40ddti.net@dmarc.ietf.org >>>> <mailto:dbanks=40ddti.net@dmarc.ietf.org>> wrote: >>>> >>>> I am opposed to asking LoST servers to store URIs as well. I >>>> believe it significantly overcomplicates the solution and is the >>>> biggest reason why I have not supported the planned changes draft. >>>> >>>> Several years ago we implemented a mechanism to allow a LIS to know >>>> that it needs to revalidate. Roughly described, that mechanism >>>> consists of a web API that can be queried for changes after a >>>> particular time. The response is a summary of changes in terms of >>>> partial civic addresses that allow the LIS to identify records that >>>> are likely to be affected, or possibly that there have been so many >>>> changes that a full revalidation is recommended. We’ve made the >>>> API discoverable via U-NAPTR using the same app string as a given >>>> LoST server. >>>> >>>> Yes, the LIS has to poll the various LoST servers and ask if there >>>> have been any changes. That is a cheap operation to implement, and >>>> the practical difference between knowing the very instant a change >>>> is published versus finding out within a few minutes is not >>>> significant in any way. >>>> >>>> Dan >>>> >>>> From: Ecrit <ecrit-bounces@ietf.org >>>> <mailto:ecrit-bounces@ietf.org>> On Behalf Of Jeff Martin >>>> Sent: Thursday, September 9, 2021 4:09 PM >>>> To: ecrit@ietf.org <mailto:ecrit@ietf.org> >>>> Subject: Re: [Ecrit] planned-changes: two questions >>>> >>>> Asking a server to store and later user a client-provided uri opens >>>> the door for abuse by malicious actors. Which got me to thinking, >>>> what if we removed the client-provided uri entirely? If no uris >>>> then no risk of abuse. >>>> >>>> Keep the new optional <plannedChange asOf="..."> but without 'uri' >>>> in the client's <findServiceRequest>. Keep the new optional <ttl> >>>> in the server's <findServiceResponse> as a hint to clients that may >>>> want to initiate revalidation from the client side. Keep the new >>>> optional server "unique location ID" in the server response as >>>> discussed on this list (but not yet in published draft), which the >>>> client could choose to associate with the client's internal >>>> records. >>>> >>>> The server periodically (server policy) issues a set of >>>> "potentially impacted" ids, where "potentially impacted" has >>>> already been discussed on this list. Each set includes: the ids >>>> that have been "potentially impacted" since the previous set was >>>> issued; the time-range covered; and a TTL hint on how long until >>>> the server is likely to issue the next list. The server keeps the >>>> sets going back some interval defined by server policy. >>>> >>>> Client sends a "discovery" query to server, where server response >>>> is: the url(s) of the most recent and past set(s); and a TTL hint >>>> on how long until next list likely to be released. Client then >>>> queries any of these urls, and server responds with the set that >>>> includes: the ids that have been "potentially impacted" since the >>>> previous set was issued; the time-range covered; and a TTL hint on >>>> how long until the server is likely to issue the next list. >>>> >>>> For clients that want to be highly proactive for changes, the >>>> client can store the "unique location id" from >>>> <findServiceResponse> and associate to the client's internal >>>> records. The client then periodically queries the server for the >>>> set(s) of impacted IDs, and client gets a copy of each set. The >>>> client uses these sets of impacted ids from the servers list to >>>> check the clients internal records, and client can then revalidate >>>> those. >>>> >>>> No more client-provided uris entirely removing the possibility of >>>> abuse by malicious actors. >>>> >>>> The data in the issued set could be further extended to convey >>>> upcoming potential impacts to ids that have not yet been impacted. >>>> >>>> >>>> /Jeff/ >>>> >>>> From: Ecrit <ecrit-bounces@ietf.org >>>> <mailto:ecrit-bounces@ietf.org>> On Behalf Of Caron, Guy >>>> Sent: Thursday, September 9, 2021 7:52 AM >>>> To: Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>>; >>>> Randall Gellens <rg+ietf@randy.pensive.org >>>> <mailto:rg+ietf@randy.pensive.org>> >>>> Cc: ECRIT <ecrit@ietf.org <mailto:ecrit@ietf.org>> >>>> Subject: Re: [Ecrit] planned-changes: two questions >>>> >>>> I’m aligned with Brian on the proposal to embed a reverse HTTP >>>> transaction within an existing one. I think this is asking for >>>> trouble. >>>> >>>> Guy >>>> >>>> De : Brian Rosen <br@brianrosen.net <mailto:br@brianrosen.net>> >>>> Envoyé : 8 septembre 2021 19:32 >>>> À : Randall Gellens <rg+ietf@randy.pensive.org >>>> <mailto:rg+ietf@randy.pensive.org>> >>>> Cc : Caron, Guy <g.caron@bell.ca <mailto:g.caron@bell.ca>>; ECRIT >>>> <ecrit@ietf.org <mailto:ecrit@ietf.org>> >>>> Objet : [EXT]Re: [Ecrit] planned-changes: two questions >>>> >>>> Inline. I think we need other opinions. Certainly, we don’t >>>> have rough consensus. >>>> >>>> >>>> >>>> ________________________________________________________ >>>> On Sep 8, 2021, at 5:45 PM, Randall Gellens >>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>>> wrote: >>>> >>>> Why is a subsequent transaction better than a parallel one? The >>>> subsequent transaction model delays knowledge of the state. >>>> If the client doesn't see an immediate POST, it doesn't know if >>>> there's been an error or not. >>>> Yes it does. If it doesn’t see an immediate POST, then there was >>>> a problem and it has to try again. >>>> >>>> If the client sees a POST and sends an ID, it doesn't know if the >>>> server received it and stored the URI. >>>> Technically true, but vanishingly small issue. You had a complete >>>> HTTPS transaction, but somehow the client isn’t sure the server >>>> got the ID. >>>> >>>> If the server tries a POST but gets an error, it may retry but >>>> meanwhile the client may retry the query, since it didn't get a >>>> POST. >>>> That's always going to be something the server has to deal with: >>>> re-enrollment of the URI. The client gets a normal response, and >>>> that tells it the URI was accepted. >>>> >>>> Should a client retain IDs if it hasn't seen a POST? >>>> No, lack of POST means URI is not enrolled >>>> >>>> Also, requiring that the client send an ID seems like it may >>>> constrain client architectures since any part of the client system >>>> that receives a POST must know which IDs are pending. >>>> I don’t agree. This is a pretty normal “I send you a magic >>>> number and you have to return it to me” thing. There are no >>>> “pending IDs”. This is the first ID, so you need to return it, >>>> and only it, but it’s the only ID the client has at this point. >>>> >>>> What is the objection to a parallel POST? >>>> I was taught that you don’t embed an HTTP transaction in another >>>> with the same partner because things go wrong with timeouts and >>>> logic. It’s not a parallel POST, it’s an HTTPS transaction one >>>> way that encloses another HTTPS transaction the other way. You are >>>> dependent on the inner one completing before the outer one times >>>> out or has some other issue. I just think that’s dangerous. I >>>> will admit that I was taught this quite a long time ago (before >>>> HTTPS for sure) and things could have changed, but I can’t recall >>>> an API that does that. Also note that keep alive works exactly the >>>> same way as the initial POST. In your proposal, those are >>>> different. That’s not much, but it’s some code. The >>>> “test” transaction tells you that the mechanism works and your >>>> URI is being retained, whether that happens the first time, or a >>>> year later. >>>> >>>> --Randall >>>> On 8 Sep 2021, at 14:22, Brian Rosen wrote: >>>> I don’t think there is any fragility in the URI setup. For a new >>>> URI, the client requests the server to keep it in a findService. >>>> That transaction concludes by sending an ID. The server >>>> immediately sends the test notification, to which the client >>>> responds with the ID. At that point both sides know the URI was >>>> accepted and the client is valid. That may be repeated >>>> periodically so both sides know the other is happy with the >>>> arrangements. If the client doesn’t get the test notification, >>>> it knows the URI isn’t accepted. If the server doesn’t see the >>>> ID, it’s knows that was a bogus request, or there is some other >>>> problem, and it shouldn’t save the URI. >>>> >>>> I proposed a null ID as the test transaction flag. That would be a >>>> piece of XML with the right namespace, the right element name, but >>>> no value. I think that is adequate and meets Guy’s minimal >>>> mechanism criteria. The same XML is always sent. It either has a >>>> set of IDs or it’s empty. >>>> >>>> Brian >>>> >>>> >>>> On Sep 8, 2021, at 5:11 PM, Randall Gellens >>>> <rg+ietf@randy.pensive.org <mailto:rg+ietf@randy.pensive.org>> >>>> wrote: >>>> >>>> The proposed mechanism seems fragile. A client has no way to know >>>> if its request to store a URI was accepted. That makes it hard to >>>> debug. If there are errors of any kind when the server initially >>>> verifies a URI, the client has no idea. Even if the client repeats >>>> the transaction, the server will silently discard the URI. To me, >>>> that's asking for problems. >>>> In my proposal, when the client requests to be notified and >>>> provides a URI, the server immediately does a parallel POST to that >>>> URI. If it gets a 202 Accepted response to the POST (or we can >>>> choose a different value), it stores the URI and returns the query >>>> result. If it gets a different response, it does not store the URI >>>> and returns the query result with a uriNotStored warning. If a >>>> client is trying to get the server to launch an attack on a third >>>> party entity, that entity will likely not support the URI in the >>>> first place, or will likely return an error response. If you want >>>> additional verification, have the server include the queried >>>> location in its test POST. That way, if the client maliciously sent >>>> a URI of a third party LIS, that LIS will know it does not have a >>>> query with that location outstanding. >>>> Doing a parallel POST from the server to the client is one small >>>> transaction; this mechanism provides immediate feedback to both >>>> client and server. If there are DNS failures or network congestion >>>> or whatever, the server returns uriNotStored and the client can try >>>> again later. >>>> As for multiple IDs in a single notification POST, having the >>>> client specify in the initial request the maximum it is prepared to >>>> accept seems reasonable. We can require that clients support a >>>> minimum number. If a server has more than the maximum, it sends >>>> them in multiple POSTs, with whatever separation in time it >>>> chooses. A server can include fewer IDs in a POST than the client's >>>> maximum. >>>> We can have a 'test' notification value that is used both for the >>>> initial verification test and for periodic keep-alive tests. >>>> --Randall >>>> On 8 Sep 2021, at 12:17, Brian Rosen wrote: >>>> Okay, I think the three of us are converging, Here is a >>>> restatement of your description: >>>> 1) In a validation query, a Client can request to be notified when >>>> the proffered LI should be revalidated, and provides a URI to send >>>> the notifications to; >>>> 2) In the validation response, the Server provides an ID that the >>>> Client associates with the LI it just validated. The server may >>>> silently ignore repeated requests to store a URI where the test in >>>> 4 below fails. >>>> 3) Immediately thereafter, if the URI is new to the Server, the >>>> Server sends a ‘test’ notification to the URI, with an empty >>>> ID. >>>> 4) The recipient at the URI is expected to respond with the ID >>>> provided in step 2. If it does, the Server stores the URI for >>>> future notifications. If it does not, the server ignores the >>>> request to store the URI. >>>> 5) Some time after, the Server notifies the Client of an upcoming >>>> planned change by sending a notification to the successfully tested >>>> URI with the location ID; >>>> 6) The client revalidates each LI in its database that matches the >>>> ID as of the date of the planned change. If no ID matches, it is a >>>> no-op at the Client. Revalidations may also result in no-op at the >>>> Client. >>>> 7) LIs at the Client that are invalidated by the planned change are >>>> modified in its database to be valid (which probably mean another >>>> revalidation cycle) with an effective date set to <revalidateAsoF> >>>> value. >>>> 8) The Server may send ’test’ notifications to the URI without >>>> any ID as a form of “keep-alive”. Any ID provided by the >>>> Server to the client may be used as the response to the test >>>> transaction >>>> >>>> >>>> There has been a discussion of sending more than one ID in a >>>> transaction. I think that is a decent idea, but I worry about how >>>> big that could be. Either we put a hard limit in the text or have >>>> something in the response to the test transaction that specifies a >>>> size limit for that client. >>>> >>>> Brian >>>> >>>> >>>> On Sep 7, 2021, at 8:31 PM, Caron, Guy <g.caron@bell.ca >>>> <mailto:g.caron@bell.ca>> wrote: >>>> >>>> 1) In a validation query, a Client can request to be notified when >>>> the proffered LI should be revalidated, and provides a URI to send >>>> the notifications to; >>>> 2) In the validation response, the Server provides an ID that the >>>> Client associates with the LI it just validated; >>>> 3) Immediately thereafter, the Server sends a ‘test’ >>>> notification to the URI, without any ID;\ >>>> [br[For every new ID? Or just once? I wanted this to be a one >>>> time registration. >>>> [GC] Just once per offered URI. >>>> >>>> >>>> 4) The recipient at the URI is expected to respond with the ID >>>> provided in step 2. If it does, the Server stores the URI for >>>> future notifications. If it does not, the Server [let’s pick one: >>>> reject silently the URI and block the Client permanently/provides a >>>> ‘uriNotStored’ warning response to the URI {not compatible with >>>> the current proposal to test outside of LoST}/reject silently the >>>> URI and block the Client temporarily/other?]; >>>> [br]I don’t think an explicit failure is a problem. The LoST >>>> server can limit retries if it needs to. >>>> [GC] Ok for HTTP failures but what I’m talking about is when it >>>> fails to return the ID, like in your DoS example. >>>> >>>> >>>> >>>> 5) Some time after, the Server notifies the Client of an upcoming >>>> planned change by sending a notification to the successfully tested >>>> URI with the location ID; >>>> 6) The client revalidates each LI in its database that matches the >>>> ID as of the date of the planned change. If no ID matches, it is a >>>> no-op at the Client. Revalidations may also result in no-op at the >>>> Client. >>>> 7) LIs at the Client that are invalidated by the planned change are >>>> modified in its database to be valid (which probably mean another >>>> revalidation cycle) with an effective date set to <revalidateAsoF> >>>> value. >>>> [br]I wanted periodic keep alives. How would that work? >>>> [GC] You mean at step 3? As I mentioned below, I was wondering >>>> about the necessity for periodic tests. If the group is convinced >>>> it is needed, the Server can simply redo step 3 and the Client can >>>> respond with one or many IDs it has from that Server. >>>> >>>> >>>> NOTICE TO RECIPIENT: This email, including attachments, may contain >>>> information which is confidential, proprietary, attorney-client >>>> privileged and / or controlled under U.S. export laws and >>>> regulations and may be restricted from disclosure by applicable >>>> State and Federal law. Nothing in this email shall create any legal >>>> binding agreement between the parties unless expressly stated >>>> herein and provided by an authorized representative of Comtech >>>> Telecommunications Corp. or its subsidiaries. If you are not the >>>> intended recipient of this message, be advised that any >>>> dissemination, distribution, or use of the contents of this message >>>> is strictly prohibited. If you received this message in error, >>>> please notify us immediately by return email and permanently delete >>>> all copies of the original email and any attached documentation >>>> from any computer or other media. >>>> _______________________________________________ >>>> Ecrit mailing list >>>> Ecrit@ietf.org <mailto:Ecrit@ietf.org> >>>> https://www.ietf.org/mailman/listinfo/ecrit >>>> <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fecrit&data=04%7C01%7Cjeff.martin%40comtechtel.com%7Cb6354e9963b1469a1a1808d9747845af%7Ca9a26e696ae040c1bd801ca6cc677828%7C0%7C0%7C637668882191609050%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=NDkyikK2aPrzaE826qPjFrrlsn1WtrgpqjKx3KBKnQQ%3D&reserved=0> >>> _______________________________________________ >>> Ecrit mailing list >>> Ecrit@ietf.org <mailto:Ecrit@ietf.org> >>> https://www.ietf.org/mailman/listinfo/ecrit >>> <https://www.ietf.org/mailman/listinfo/ecrit>
- [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- [Ecrit] PLEASE READ: We need people to comment on… Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- [Ecrit] Fwd: PLEASE READ: We need people to comme… James Kinney
- Re: [Ecrit] planned-changes: two questions Jeff Martin
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Brandon Abley
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Dan Banks
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Jeff Martin
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Caron, Guy
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen
- Re: [Ecrit] planned-changes: two questions Randall Gellens
- Re: [Ecrit] planned-changes: two questions Brian Rosen