IETF Logo Mail Archive

Re: [Ecrit] Benjamin Kaduk's No Objection on draft-ietf-ecrit-similar-location-18: (with COMMENT)

Brian Rosen <br@brianrosen.net> Wed, 02 March 2022 19:13 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: ecrit@ietfa.amsl.com
Delivered-To: ecrit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 119973A0BFB for <ecrit@ietfa.amsl.com>; Wed, 2 Mar 2022 11:13:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nOQulBBqhkE8 for <ecrit@ietfa.amsl.com>; Wed, 2 Mar 2022 11:12:58 -0800 (PST)
Received: from mail-il1-x12b.google.com (mail-il1-x12b.google.com [IPv6:2607:f8b0:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E49F3A0958 for <ecrit@ietf.org>; Wed, 2 Mar 2022 11:12:58 -0800 (PST)
Received: by mail-il1-x12b.google.com with SMTP id d3so2183173ilr.10 for <ecrit@ietf.org>; Wed, 02 Mar 2022 11:12:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20210112.gappssmtp.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jxf2d9/YQAejFI5+tPU0lVD5gAmgq+AQVNrxHLffUBQ=; b=zWhxy7euQmYHylxrpOcuwsjAwVdfofSALR64fI/88DQ+TWT7Y6vyFQo2zYmRyBgEwR ZXNSb++ZqzrlkeZgJyjBUIbQJYFb+A0A7wRZRZsHEmdsfmmMItR2D/DagC9r10J+W8jO ADyXwJriSnXXPRkmgt7zaZB3t/2mzHXggNoAvEEm1DhlAO5kbz0VWGjfQ4E9zOiyuuWO uDqmz6lPf8lvCMulUvSo7IFFp64mL0jIBFdgRBTiwmRVFN7PP4QFMYdRcj/+OOJxWyY7 CIxWnPTVMMxqPWX1p30SZMUK4N7f6uBhU70kbLCYQgien04k4Pfh+bJT5M/5OnVkWQ8E WKlg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=jxf2d9/YQAejFI5+tPU0lVD5gAmgq+AQVNrxHLffUBQ=; b=x/vU386NTDYyFqoLUV87HxDPgr+MWg+sMNeiusR5hfZX/YsWA1wguum17eaAUUG0ow ovGxVGVSSLW4szMEBzDfXP/cCkve09C2glL/irMb1+ufgL0kZAlpGH4DM1WcvzCzVejr KKNshY2Q4od71rW0hRMbhlcZPeeN2y5pg7b/PGiJVDDztvw6OLAjjMdCVS3eCgt93DuK UUbc7WnhnIeFhyKD8eme7kfFFQhGZPP1Idp9Edo9QEtNJmrxILGTE8ZAxIaNvjX1QDoA upbUbTTsR9TmVr0pux+YYdFENbG6sZlU1RPIv/Deb+4ozrXDbjHm2zTonBUp/KF0Powk elCA==
X-Gm-Message-State: AOAM53152GHCdkwkRkYpVwymM6w1/jV4tXERnlmNNJty8la9GBqkOGBc Dl14RpoDD4mnFyERv+CC4ooPzw==
X-Google-Smtp-Source: ABdhPJxhn2yvPbIjfG1x1g0/66Chq1oCKQ/WlxY1LBm3RaTdIigp/ro8xOdg5Ci0pxyxJW2DtO93kw==
X-Received: by 2002:a05:6e02:190e:b0:2bf:ac1e:b5b7 with SMTP id w14-20020a056e02190e00b002bfac1eb5b7mr29110127ilu.304.1646248376869; Wed, 02 Mar 2022 11:12:56 -0800 (PST)
Received: from smtpclient.apple (dynamic-acs-24-154-121-237.zoominternet.net. [24.154.121.237]) by smtp.gmail.com with ESMTPSA id l13-20020a056e021c0d00b002c1efc8ac4bsm10558349ilh.21.2022.03.02.11.12.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Mar 2022 11:12:56 -0800 (PST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.20.0.1.32\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <164608019887.14867.9078735069677970948@ietfa.amsl.com>
Date: Wed, 02 Mar 2022 14:12:55 -0500
Cc: The IESG <iesg@ietf.org>, draft-ietf-ecrit-similar-location@ietf.org, ecrit-chairs@ietf.org, ecrit@ietf.org, dwightpurtle@gmail.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <F6617978-7A12-463D-8F79-FC8D26E10F3C@brianrosen.net>
References: <164608019887.14867.9078735069677970948@ietfa.amsl.com>
To: Benjamin Kaduk <kaduk@mit.edu>
X-Mailer: Apple Mail (2.3693.20.0.1.32)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ecrit/f5FGXV9Hcs_AzaPHgvwofzQ1Vqc>
Subject: Re: [Ecrit] Benjamin Kaduk's No Objection on draft-ietf-ecrit-similar-location-18: (with COMMENT)
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Emergency Context Resolution with Internet Technologies <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ecrit/>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2022 19:13:00 -0000

Thanks for the careful review of this document.

Comments inline

> On Feb 28, 2022, at 3:29 PM, Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote:
> 
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-ecrit-similar-location-18: No Objection
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-ecrit-similar-location/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> There were a few terms/XML elements used that I couldn't readily find a
> clear definition for, across this document, RFC 5139, and RFC 5222, which
> makes me wonder if there are any additional references we could list as
> background reading for relevant terminology.  (Things like <POD> and
> <STS>, though the latter is slightly harder to do a plaintext search for
> so I may have just missed it.)
I’ll add a reference to RFC4776 that has these.


> 
> Section 2
> 
>   Civic Location:  The term Civic Location applies to a set of one or
>      more Civic Address Elements that are used in conjunction with each
>      other, and in accordance with a known ruleset to designate a
>      specific place within a region of geography, or a region of
>      geography by itself as defined in [RFC5139].
> 
> Interestingly, I find neither the word "region" nor the word "geography"
> in RFC 5139 ... perhaps we should say more about specifically which parts
> of RFC 5139 are relevant here (particularly for the "as defined in" statement)?
Since this talks about the ruleset, we could really just say “country” and make the 5139 reference to the civic address elements:
     The term Civic Location applies to a set of one or
     more Civic Address Elements as defined in [RFC5139] that are used in conjunction with each
     other, and in accordance with a known ruleset to designate a
     specific place within a country

The only issue with that is that country is one of the Civic Address Elements.  I think that’s okay for this document.
> 
>   Complete Location:  An expanded civic location that includes other
>      Civic Address Elements in addition to the existing validated Civic
>      Address Elements provided as input to a LoST server.  Complete
>      Location may be returned when the input location is valid but
>      incomplete
> 
> This definition seems to be purely observational, relying on the LoST
> server providing more elements than were supplied to it, without any
> mention of why the server would do so or what information the new elements
> might contain.  In other words, in what sense is this "complete”?
The “may be returned when the input location is valid but incomplete” is supposed to tell the reader why it might be useful.  The document does have examples. I could add “such as when an important element is missing, but the provided elements still identify a unique location”

> 
> Also, we don't define what "incomplete" or an "incomplete location" is…
But we also don’t use those terms.
-
> 
> Section 7
> 
> We do pretty clearly state earlier that "the client cannot assume that any
> [of the response locations] is the correct location", so I'm on the fence
> about whether there's value in restating here that "though the intent of
> this extension is to allow the LoST server to provide more accurate
> location information to the client, only the client is in a position to
> assess whether the response accurately reflects the intended location; in
> particular, the client cannot assume that any of the returned locations is
> the correct one without performing its own validation”.
Yeah, it’s redundant, but I’d rather keep it.

> 
>                                 Providing more CAtypes generally
>   doesn't actually reveal anything more.  [...]
> 
> The main route to a potential exception of the "generally" qualifier here
> would be if the LoST server somehow had particularly sensitive or
> non-public information in its database (but I can't come up with any
> particularly plausible examples of that at the moment).  That said, this
> sentence also reads a bit strangely to me, so I might consider
> NEW:
> % Providing more CAtypes generally doesn't actually reveal anything more
> % than the unique location of the address in question, unless the LoST
> % server has particularly sensitive or non-address information in its
> % database.
There is no defined use case of a LoST server containing non-address information (other than the URIs and other data that are associated with the address information which the LoST server returns when given an address).  There are some circumstances where there could be sensitive location information (say, address data in a sensitive military facility where local authorities still respond to some kinds of emergency calls).  However, the extension doesn’t make any of that more sensitive or provide any other data that isn’t reasonably guessable.  That’s an argument for not including the second sentence in your proposed new text.  
> 
> 
> NITS
> 
> Section 1
> 
>                                      The use of this protocol extension
>   facilitates the timely correction of errors, and allows location
>   servers to be more easily provisioned with complete address
>   information.
> 
> I'm a little confused at how specifically this extension allows *location
> servers* to be more easily *provisioned* with complete address
> information.  I would have thought that rather it allows location servers
> to more readily *provide* complete address information to location
> consumers.  Am I misunderstanding the LoST protocol flow?
You use LoST’s validation function when you load an address in a Location Information Server (LIS).  You do that to make sure that any address you keep in the LIS is valid.
The easy use case is a consumer orders a new landline phone service.  The database that holds the address that would be associated with the phone number of the subscriber for emergency calls is a LIS.  The address is validated as the LIS is provisioned with the address.  That will assure that it’s valid before any emergency call is placed.

> 
> Section 4
> 
>   These elements MAY contain location information either in the Basic
>   Civic profile defined in [RFC5222] or in another profile whose
>   definition provides instructions concerning its use with this
>   extension but this MUST be the same profile as the location in the
>   query.  [...]
> 
> I think a comma or other punctuation before "but" would aid readability.
Will do
> 
> 
>

v2.23.0 | Report a Bug | By Email