IETF Logo Mail Archive

Re: [Ecrit] planned-changes: two questions

Brian Rosen <br@brianrosen.net> Mon, 30 August 2021 15:22 UTC

Return-Path: <br@brianrosen.net>
X-Original-To: ecrit@ietfa.amsl.com
Delivered-To: ecrit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB2F03A163A for <ecrit@ietfa.amsl.com>; Mon, 30 Aug 2021 08:22:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=brianrosen-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cMA958j3A0SH for <ecrit@ietfa.amsl.com>; Mon, 30 Aug 2021 08:22:20 -0700 (PDT)
Received: from mail-io1-xd2d.google.com (mail-io1-xd2d.google.com [IPv6:2607:f8b0:4864:20::d2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41CDE3A1634 for <ecrit@ietf.org>; Mon, 30 Aug 2021 08:22:20 -0700 (PDT)
Received: by mail-io1-xd2d.google.com with SMTP id a13so20357705iol.5 for <ecrit@ietf.org>; Mon, 30 Aug 2021 08:22:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brianrosen-net.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rYNvGd98kSnUun0OI+W6iDvHxEE5CBnQMIHyAzwI/qA=; b=H9UKnpEQZcIouLImlJHoTBc87jXFj9dc/bUB8Lr2p/J/m2xh7sqtGPdiXT0BKDzfot yXSYFw+/jYPNJAm0T6/GEPxlCEOZ24s+PiTv2DykeCl5D0EdANj1m1+xb2HeRWh290tT G9Hwi5sf5PLZY/21TMr7APsxGVzJBTDD0xjkdwEsc2eitFgE5+/TLIar2+cpA6LNH4kO elBIHxJLM6ZcUDnNf1gtxUuPWFWf20W/bTJnFZ0AGvjVTggjruLOOw7lh3rLr+2Vq9Kq MsMs5/ApL186UqzqdK5kG7NYVmzbaYJvef6pg5js+OU4HPfnyNhIawOCEKBG3jawMUmf i0rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=rYNvGd98kSnUun0OI+W6iDvHxEE5CBnQMIHyAzwI/qA=; b=tKT/xoRvGxoAXju6wb3Yytw+ZHorpKrUfgt4PnfIg2Ara6AyJmCepgGX0dYb73ZrVR D5m/DuSgilzpEL7ggeMwyP2xLc/mFIBWp6AqJoLisSFMONnOCch4W6m/QTQUnjvE1Kd/ 2AyH4I7kJ1pegDq0b5ALtzCJ8Tsti2SE5/3ZuPxer08E4x6ivHO9taVAZOrrqURgnmCT LyFxCcN1/zQZJvju3qsolx1f0V4zLUjYBSPGL9VyYDRtIbi5EwU+ij2WUn0oWSUhlvNA 1Cd2dV1Rgs7K0D+K0BV+JtbHvl0C5L9oeoQUX4PrWVgIJt1xOPU5hEpNN4Go3DGVzG+r ncCQ==
X-Gm-Message-State: AOAM5306CTXMrzVeQE/1JSgiy+0TD8psNyrrNtZzt08300tSqcl6Fh8n +CtgwLriY8mYC3xSy9pFqk293tqnBWYIuISz
X-Google-Smtp-Source: ABdhPJx0pTz03Q9ulZLxfEh2wG9sn4lx/laqa/QzTMzKsl93fS/AynpwmuScNMm3d0NYMps+Ler9dQ==
X-Received: by 2002:a5d:9707:: with SMTP id h7mr19338578iol.28.1630336937963; Mon, 30 Aug 2021 08:22:17 -0700 (PDT)
Received: from smtpclient.apple (dynamic-acs-24-154-121-237.zoominternet.net. [24.154.121.237]) by smtp.gmail.com with ESMTPSA id c16sm8677405ilh.50.2021.08.30.08.22.17 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Aug 2021 08:22:17 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.100.0.2.22\))
From: Brian Rosen <br@brianrosen.net>
In-Reply-To: <A0FC259C-DF34-4496-9013-422006278DA6@randy.pensive.org>
Date: Mon, 30 Aug 2021 11:22:14 -0400
Cc: ECRIT <ecrit@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FB2A33E8-E146-404B-B150-1496C40510EF@brianrosen.net>
References: <A0FC259C-DF34-4496-9013-422006278DA6@randy.pensive.org>
To: Randall Gellens <rg+ietf@randy.pensive.org>
X-Mailer: Apple Mail (2.3654.100.0.2.22)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ecrit/y8bZvkn0kz6W0Ce2tFbsS_JQzMA>
Subject: Re: [Ecrit] planned-changes: two questions
X-BeenThere: ecrit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Emergency Context Resolution with Internet Technologies <ecrit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ecrit>, <mailto:ecrit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ecrit/>
List-Post: <mailto:ecrit@ietf.org>
List-Help: <mailto:ecrit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ecrit>, <mailto:ecrit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2021 15:22:26 -0000

Answer 1: yes.  Since there is going to be a revalidation, just deleting the setting seems right to me.
Answer 2: Up to server.  If I were implementing, I would hash the real ID with the URI and some kind of predictable nonce.  

We probably have to say more about how the server identifies the client, so that replacement of the URI works.  Could we say we use the domain of the URI (the entire domain with all the dots) to identify the client, and anything can occur after it (meaning a slash and whatever)?  If we do that, then how would delete the notification?  Force there to be something other than the domain (ugly).  Explicit delete request?

Hmmm, we’ve opened a DoS attack: a rogue client stores a bunch of URIs for servers it wants to victimize.  In North America we have a real simple solution for that, because we have a PKI, so we know, for sure, who the client is, and could restrict who we allow to store URIs, but that wouldn’t be true in general.  Also, it would be nice for the client to have confidence the mechanism worked before it needed it.

So
Let’s add a “command” to plannedChange in the findService request.  And, have the client have a response to the notification which is the ID (json with the 200)


The client starts by sending a command of “initialize”.  The domain is the identity of the client.  The response is an immediate notification to the with whatever LI was in the request and an ID.  The  response by the client (which is the notification web server) is a piece of json containing the ID.  We can say that the LI in this initialize command could be something simple like the Country Code that wouldn’t get a planned change.

Thereafter, the LoST server (notification client) periodically repeats this keepalive notification every day or week with the initialize LI.  The client has to respond with the ID.

The regular notification request is a command of “notify”.  The server ignores a request for notification from an uninitialized client.
The notification can be deleted with a command of “delete”.  If you delete the initialize LI, then the server won’t send any more notifications to that client and deletes all URIs it was saving for that client.  The client would have to re-initialize to reset.

Brian

> On Aug 27, 2021, at 5:41 PM, Randall Gellens <rg+ietf@randy.pensive.org> wrote:
> 
> I think we're moving to a model where:
> - In a query, a client can request to be notified when the location should be revalidated;
> - In the response, the server provides an ID which the client associates with the location it just validated;
> - The server sends a notification to the URI, containing the ID;
> - The client revalidates each location with which that ID is associated.
> 
> Question 1: Does the server delete/inactivate the URI once it has sent the notification?
> 
> Question 2: Presumably, when the client revalidates the location(s), it will again request notification.  Does the server return the same ID as before, or a different ID?  A different ID could perhaps be useful in edge cases where the server didn't send or the client didn't get the notification, but any utility seems small.  If it's the same ID, then the answer to question 1 can be that the URI remains active until the client asks to no longer be notified (by sending an empty URI?).
> 
> --Randall
> 
> _______________________________________________
> Ecrit mailing list
> Ecrit@ietf.org
> https://www.ietf.org/mailman/listinfo/ecrit

v2.8.7 | Report a Bug | By Email