IETF Logo Mail Archive

Re: [regext] Fwd: New Version Notification for draft-ietf-regext-rdap-jscontact-15.txt

"Gould, James" <jgould@verisign.com> Wed, 04 January 2023 13:49 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABF50C151705 for <regext@ietfa.amsl.com>; Wed, 4 Jan 2023 05:49:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.396
X-Spam-Level:
X-Spam-Status: No, score=-4.396 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zNEXOw3YF1gh for <regext@ietfa.amsl.com>; Wed, 4 Jan 2023 05:49:44 -0800 (PST)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3C09C151703 for <regext@ietf.org>; Wed, 4 Jan 2023 05:49:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=21889; q=dns/txt; s=VRSN; t=1672840184; h=from:to:cc:subject:date:message-id:mime-version; bh=fLYSol/WYyFFW9lK7/fD3FCnNnAju63CoGkwJeHlXMI=; b=V81DNApS3E7Q+CD04ALmAcmJz5+k49gXbM+ZMxT4ICE5+PWQzrbbupcG kdbLGT6DxEyYoVjRtc3pxvkGEJ/6T6eOXc34OgWypVXyIuNmEf2S/9rfc zU+mS5ugn3i5lUoam9f/U8cUkVHc8EsNLWRZreP4AM3G5rF2S3jFwMZ+t dbXKJWQiC069MA8b1MFrEAoIhHgFEIuS9pOrQjBO8U9ndBUHIx2zNvcHc cvSzvyJofyvM8ZO7aZC2lhESI4D1xAe3nvEqlVYrDsChgpHkAld6NHBf4 oiBTWUHAqI/SRQOcdQI/8lSvpM6NmOVDBHXys2rWhKvNhXchSVW6T0ipb g==;
IronPort-Data: A9a23:UKKiea3abECXbvVnPvbD5axwkn2cJEfYwER7XKvMYLTBsI5bp2RUm GcaW2vUbqnZZmWget9waovk/U4H7MXQzIRhT1NsqSg9HnlHl5HIVI+TRqvS04F+DeWYFR46s J9OAjXkBJppJpMJjk71atANlVEliefSAOKU5NfsYkhZXRVjRDoqlSVtkus4hp8AqdWiCmthg /uryyHkEALjimAc3l48sfrZ80s25Kiq41v0g3RlDRx1lA6G/5UqJM9HTU2BByOQapVZGOe8W 9HCwNmRlo8O105wYj8Nuu+TnnwiGtY+DyDX4pZlc/HKbix5m8AH+v1T2Mw0Mh4L1mrTz7id/ /0W3XC4YV9B0qTkxrxBA0EAe810FfUuFLTveRBTvSEPpqFvnrSFL/hGVSkL0YMkFulfXFxsy N0hLCk3VjOnqua6zrbqTOw2mZF2RCXrFNt3VnBI5wv/VMkAbKCbGePU7thCxHE5ioZQB+3YI cEebFKDbjyZO1sWZQxRUc9l2rv57pX8W2QwRFa9p6Uw/mzf5BJ8yrn2MdXTPNeNQK25m27B9 zmdrzmiWHn2MvTY9RyB20+S3tPf3gr8f5lCC5GA2vND1Qj7Kms7TUd+uUGAifywkE+5HdZYJ UIO9yYphakz6AqgSMO7XgHQiHeCsg80W8pKVfAhgCmXx6XZ8xqxB2UYQHhGctNOiSMtbTYw0 AaWmd75XWYqq6OPD3ec7fKeqnW4Iy5Ma3EYfilCRgwAizX+nLwOYtv0Zo4LOMaIYhfdQFkcH xjiQPACuogu
IronPort-HdrOrdr: A9a23:uUXIZKnOUH2wpbSNWmwXfyepiHDpDfIb3DAbv31ZSRFFG/Fwz/ re/sjy1XfP5Ar5K0tQ/OxoWZPwOU80mqQU3WB8B92ftWrdyRCVxeNZnOjfKlTbckWUygc378 hdmt1FaeEYemIVsS+V2mSF+p0bsb26GeiT9IDjJz0Gd3ANV0hP1XYBNjqm
X-IronPort-AV: E=Sophos; i="5.96,300,1665446400"; d="scan'208,217"; a="19338532"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Wed, 4 Jan 2023 08:49:42 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.016; Wed, 4 Jan 2023 08:49:42 -0500
From: "Gould, James" <jgould@verisign.com>
To: "mario.loffredo@iit.cnr.it" <mario.loffredo@iit.cnr.it>, "andy@hxr.us" <andy@hxr.us>
CC: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: [regext] Fwd: New Version Notification for draft-ietf-regext-rdap-jscontact-15.txt
Thread-Index: AQHZIENl7VgwqkC7pEavvT5p/Rv+XQ==
Date: Wed, 04 Jan 2023 13:49:42 +0000
Message-ID: <EBA53214-F384-4A5F-9BAB-5A2A12DF82A2@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.66.22101101
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_EBA53214F3844A5F9BAB5A2A12DF82A2verisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/-NtBtWYnNBPYqZ8cOUmrxBoYX8U>
Subject: Re: [regext] Fwd: New Version Notification for draft-ietf-regext-rdap-jscontact-15.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jan 2023 13:49:48 -0000

Mario,



The recommendation in draft-ietf-regext-rdap-jscontact is that the JSCard “uid” property SHOULD contain the same value as the RDAP “handle” property.  We do provide an example of redacting the domain RDAP “handle” property in draft-ietf-regext-rdap-redacted, so it’s not a stretch to also redact the entity RDAP “handle” property.  Based on the IRT OneDoc and the supporting draft Version 2.2 of the RDAP Response Profile, the “handle” for the Registrant (e.g., “Registry Registrant ID”) and Tech (e.g., “Registry Tech ID”) contacts are subject to redaction requirements, so this is not much of a corner case in RDAP.  You may want to follow-up with calext on the possibility of having to redact the “uid” field, since it looks like a true possibility downstream in RDAP.  I don’t believe draft-ietf-regext-rdap-jscontact can make a required field of JSContact optional, but I don’t believe it can be made mandatory in RDAP.  Attempting to redact a required field of an RDAP extension in draft-ietf-regext-rdap-redacted gets into thorny compliance issues, such as removing a required field via the Redaction by Removal Method or keeping the field by clearing the value that may have format requirements via the Redaction by Empty Value Method.



I believe Redaction by Removal Method is the cleanest method of redaction for a standard JSON member.  It will be up to the RDAP extensions to be more conservative in their normative language for JSON members to support redaction if required by server policy.  I don’t recommend updating draft-ietf-regext-rdap-redacted to attempt to override the normative language of an RDAP extension explicitly by removing the member or implicitly by returning an empty value.



--



JG







James Gould

Fellow Engineer

jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>



703-948-3271

12061 Bluemont Way

Reston, VA 20190



Verisign.com <http://verisigninc.com/>



On 1/4/23, 4:58 AM, "Mario Loffredo" <mario.loffredo@iit.cnr.it> wrote:





    Hi James,



    honestly don't think that the "uid" field will ever get redacted, I

    mean, it's recommended to be an UUID and normally UUIDs are opaque. Both

    UUIDv3 (MD5) and UUIDv5 (SHA1) can be derived from a string (like for

    example the entity handle) so there is no need to generate and store a

    new value.  If it was optionally represented as an URI, a reasonable

    value could be the URL of the entity lookup whose response includes the

    contact card. Since the entity lookup is based on the entity handle

    value and such a value is a registry unique identifier, either in this

    case, the "uid" redaction seems very unlikely to me. Anyway, I can't

    completely exclude such a corner case. In the unlikely event that the

    "uid" field is redacted, I would process it in the same way as the jCard

    "fn" property.



    Both of them are required text fields so don't see why they should be

    processed differently. In addition, there is a requirement from calext

    about keeping uid mandatory.





    Best,



    Mario





    Il 03/01/2023 17:33, Gould, James ha scritto:

    > Mario,

    >

    > I don't see any need to add a dependency between draft-ietf-regext-rdap-jscontact and draft-ietf-regext-rdap-redacted, but this does add an interesting case for draft-ietf-regext-rdap-redacted with redacting a required JSON member.  Do you see the requirement to be able to redact the required "uid" JSContact property?  If there is the need to redact it, then wouldn't that make the case for it not to be defined as mandatory in draft-ietf-calext-jscontact?  I'm not sure whether providing an empty value via the Redaction by Empty Value Method is any better than simply removing it via the Redaction by Removal Method.  We would need to first determine whether there is the need to cover the case of redacting a required JSON member in draft-ietf-regext-rdap-redacted and if so how best to handle it.

    >

    > Thanks,

    >

    --

    Dott. Mario Loffredo

    Technological Unit “Digital Innovation”

    Institute of Informatics and Telematics (IIT)

    National Research Council (CNR)

    via G. Moruzzi 1, I-56124 PISA, Italy

    Phone: +39.0503153497

    Web: http://secure-web.cisco.com/1dUrW2nmIC0BLllxqOdvyNJK5jfCH4-D45wpX6KaFLgWfNx6Le_Mud9m9ktIoHTtzUlk6SlpeYMgGQfmJzds6HeOkZj1FfogRWY5RhWmnpk_EPL0BD7rHq_455H43ZDeaKw0Q-sqQ7YkhmF2P0Adk40p5dh5EU__t9yITWm551g0_Uqs90zOztBNH7H4wL2gmnkaAOYeYWTsVhoNWX7ctYsHaYgBBfwWXwxa8xRzSjbaNJMblH--htjDjKydpncQJJZevOW9_fICNnUf5GZih5lIRzGvDFUnqb_4QSFuu73M/http%3A%2F%2Fwww.iit.cnr.it%2Fmario.loffredo

v2.23.0 | Report a Bug | By Email