IETF Logo Mail Archive

Re: [regext] Request WGLC for draft-ietf-regext-rdap-redacted

"Gould, James" <jgould@verisign.com> Fri, 09 December 2022 18:16 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72F25C14CE3F for <regext@ietfa.amsl.com>; Fri, 9 Dec 2022 10:16:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2JfcCC53VLhY for <regext@ietfa.amsl.com>; Fri, 9 Dec 2022 10:15:56 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BC8AC15258E for <regext@ietf.org>; Fri, 9 Dec 2022 10:15:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=51008; q=dns/txt; s=VRSN; t=1670609756; h=from:to:subject:date:message-id:mime-version; bh=RGAf8IkeOHSjOYigH62QHYcnWb+LX8FfCpfVccXaJeU=; b=ZlNyh1gxfl1cJH7Sj5EMdJ+5BX5noWQ14IGsALPNg5Zc/t+gE0aqUC5H /CBMcLYR/+OYLNMZZCCSjaZLCFbNsQUx5cg0kyBOglD6M8UBzVbY9/Gvs PWaKnKq/jyRCIfCNVcS00kyHT6vXPDsH6QJEi+2rTiqnsIG1bl/8jkEmM r3H89OjnAI/v59N9Ln2xYupU3xbxPEmMSRiI4AiXBJd/AA6Qc/+k9Dqpa s8l7Y327WhTF8bNWZTFvTNxAlay50UTN+Iz0uU8zkGFO4jWfT3p+YpKLJ fHSsa2oHxb6wdeUtx4nqSB352j5MLbGMtHBuAcQlHoXZf+FpRcelauiO8 A==;
IronPort-Data: A9a23:+lVFmKJr/QQKjXELFE+Rn5UlxSXFcZb7ZxGr2PjLsTEN7Y4Qp2xan zVKWWmHJL/UNVJBSKl+a4+xpEgC7ZfUyt4xTFM+rywwFXhE+JeYXYjDIE78M3PKcpzKRxs95 ZpAMtLLcpppFCaA+k70Y7K6pHUs3vvULlaQ5I8oHwgoLeMzYHt40E8Ld5cFv7NUbbFVYu/nk dL3qsLSYAf/nSZyPQr4gIqNokxitqqus29G7wVna6BA5VXSy3IeUM5BfP67InGkHIINFbDrF rvOkLri9DPQokt0AI37nO2mL0NUSOXZZVeD4pY6t8lOpzAbzsBl+vpibaR0hT5rtgi0c/BNJ PRl7MToGQsjY/OXlb5EC0EJTi0iZPUXpe6cfCfhuJHPxUOaKiu9yPhQV0xnZodwFsSbo41t3 adBdG1SNEDra8aemu/TpjxE35x7RCXTFNpD/CsmlVk1NN5+KbjbWaLG+NRE6zk5g8FKDJ72a tEQAdZVRE2ojyZnZxFGVvrSoM/y3iOlKmcA+QrOzUYKyzO7IDJZgeCF3OX9J4TiqfV9xi6wu m/A9mLlNRAWXPT3Je2tqy/EakfnxEsXaapKfFGK3qcCbG67nwT/PCYruW6T+pFVvGblAo4Cd BZEksYZhfNaGESDFrERVjXm+CLU5kZ0t9B4S4XW4ynVokbYDprw6sHpgVetZfR/3PLaSwDG2 XfYn+L1NBI0i4aHTEy/07m5kmvpegcaeDpqiS8sFWPp4vHJmqdqsTTifo46VrC+icftXzj8h S6Qty54jLIW5SIJ//zjuwmY2HT1+8OPEl5dCgb/BwpJ6it7a4m4Y4CA91XB7O1BI4DfRV6E1 JQBs5HPvLxXVM/V/MCLaLxOQI+p1easCjzNswVoRpQkrDuk+0f2KOi85xk7fi+FKP0sfDbzY UiVvQRf6oVeMHyCbK5rJYm3EYIr0cDID9nqW+DIRttDfpY3cxWIlByCfmaaxWa0j04hgflmf IyFa4CpDG1fA6MhxiCwHqEDy6QtgCs5wAs/WKzG8vhu6pLGDFb9dFvPGALmgjwRhE9cnDjoz g==
IronPort-HdrOrdr: A9a23:CYmoRaMTiTtnX8BcT3z155DYdb4zR+YMi2TDiHoedfUFSKOlfp 6V8MjzjSWE9Qr5K0tQ5exoX5PwDE80lKQFq7X5WI3CYOCIghrQEGgP1/qB/9SkIVyFygc/79 YtT0EdMqyJMbESt6+Ti2PUc6dC/DDEytHSuQ609QYIcegeUdAH0+4PMHf9LqQZfngiObMJUL 6nouZXrTupfnoaKu6hAGMeYuTFr9rX0Lr7fB8vHXccmUazpALtzIS/PwmT3x8YXT8K66wl63 L5nwvw4bjmm+2nyyXby3TY4/1t6ZXcI5p4dY2xY/ouW3bRYzWTFcZcsnq5zXUISdSUmRYXeR /30lMd1opImjTslyqO0GTQMkHboUgTAjnZuBmlab+Jm72geNr8YPAx3L6xOyGpmnYIrZVy1r lG0HmesIcSBRTcnD7l79yNTB1ykFGoyEBS2NL7okYvJrf2UoUh27A37QdQCtMNDSj64IcoHK 1nC9zd/u9fdRefY2rCtmdizdSwVjBrdy32CXQqq4iQyXxbjXp5x0wXyIgWmWoB7os0T91B6/ 7fOqplmblSRosdbL57Bu0GXcyrY1a9CS7kISaXOxDqBasHM3XCp9r+56g0/vijfNgSwJ47iP 36ISdlXK4JCjfT4OG1re92G0r2MRWAtBzWu7Jj26Q=
X-IronPort-AV: E=Sophos;i="5.96,232,1665446400"; d="png'150?scan'150,208,217,150";a="19841160"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Fri, 9 Dec 2022 13:15:54 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.016; Fri, 9 Dec 2022 13:15:54 -0500
From: "Gould, James" <jgould@verisign.com>
To: Mario Loffredo <mario.loffredo@iit.cnr.it>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: [regext] Request WGLC for draft-ietf-regext-rdap-redacted
Thread-Index: AQHZC/pGIyMfagyYyUK+1OsyQ+Brtg==
Date: Fri, 09 Dec 2022 18:15:54 +0000
Message-ID: <E457EA77-2204-4611-B4E8-29969E01ED01@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.66.22101101
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_005_E457EA7722044611B4E829969E01ED01verisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/-TpQ9tS_PN5d9IqMcg4Ke6-ZNq4>
Subject: Re: [regext] Request WGLC for draft-ietf-regext-rdap-redacted
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2022 18:16:01 -0000

Mario,

Sorry for the delay in responding to your feedback.  Thanks for the feedback and below are the responses to it.

--

JG

[cid:image001.png@01D90BD0.5D9CCAC0]

James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://verisigninc.com/>

From: Mario Loffredo <mario.loffredo@iit.cnr.it>
Date: Tuesday, November 15, 2022 at 9:05 AM
To: James Gould <jgould@verisign.com>, "regext@ietf.org" <regext@ietf.org>
Subject: [EXTERNAL] Re: [regext] Request WGLC for draft-ietf-regext-rdap-redacted


Hi James,

some comments from my side:

1) With reference to the following sentence in section 3.2:

such as "" for a jCard [RFC7095] Text ("text") property or null for non-Text ("text") properties.

it seems to me that RFC7095 doesn't include a clear statement in that sense.

Some VCard types (i.e. text, uri, language-tag, utc-offset, and all date type variants) are mapped to JSON strings, other VCard types are mapped to other JSON primitive types (i.e number, boolean).

Given that, apart from "fn"  that is a required "text" property, a JSON string can be either null or empty.

For sure, the use of the empty string makes more sense for "text" values, but null value is not clearly prohibited for the other VCard properties mapped to JSON strings.

JG – Yes, the other jCard properties may be mapped to a JSON string, but they include additional string format requirements that would not be met with the use of an empty string.  The reference to the Text (“text”) property does not apply to the other jCard properties that map to a JSON string, so the redaction is handled with the use of a null value.

2) WIth regard to redaction by replacement method, should the example in Fig.7 be updated as in the following:

OLD

   "redacted": [

     {

       "name": {

         "type": "Registrant Email"

       },

       "path": "$.entities[?(@.roles[0]=='registrant')].<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')][3]>

                  vcardArray[1][?(@[0]=='email')][3]"<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')][3]>,

       "replacementPath": "$.entities[?(@.roles[0]=='registrant')].<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')][3]>

                  vcardArray[1][?(@[0]=='contact-uri')][3]"<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')][3]>,

       "pathLang": "jsonpath",

       "method": "replacementValue",

     }

   ]

NEW

   "redacted": [

     {

       "name": {

         "type": "Registrant Email"

       },

       "path": "$.entities[?(@.roles[0]=='registrant')].<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')]>

                  vcardArray[1][?(@[0]=='email')]"<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='email')]>,

       "replacementPath": "$.entities[?(@.roles[0]=='registrant')].<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')]>

                  vcardArray[1][?(@[0]=='contact-uri')]"<mailto:$.entities[?(@.roles[0]=='registrant')].vcardArray[1][?(@[0]=='contact-uri')]>,

       "pathLang": "jsonpath",

       "method": "replacementValue",

     }

   ]

Based on the example in Fig.6, the "email" property instead of the "email" value is replaced.

JG – Yes, I agree that the “email” property instead of the “email” value is replaced.  This will be addressed in draft-ietf-regext-rdap-redacted-10.



3) Would rephrase the following sentence in section 4.2

OLD

The "redacted" member contains an array of redacted

   objects with the following child members

NEW

The "redacted" member contains an array of

   objects with the following child members

The objects in the "redacted" array are not redacted but rather the response fields represented by those objects.

JG – This will be updated in draft-ietf-regext-rdap-redacted-10.

4) Wonder if section 6.2 should include an entry for pathLang.

JG – Yes, based on the feedback from Pawel Kowalik, the “redacted expression language” type will be added with an initial registration of the “jsonpath” value for the JSON Values Registry.

5) A last feedback about JSONPath Considerations:

5.a) Is it allowed to use wildcard in JSONPath? Think it could be useful especially when the same redaction rule is applied to each result of a search response.

For example, if a registry policy consists in redacting all the domain handles, the "redacted" content could simply be:

           "redacted": [

             {

               "name": {

                 "type": "Registry Domain ID"

               },

               "path": "$.domainSearchResults[*].handle",

               "pathLang": "jsonpath",

               "method": "removal",

               "reason": {

                 "type": "Server policy"

               }

             }

           ]

JG – Actually for searches the “redacted” member can be included on a per-object basis, since the redaction may be different per object.  Attempting to define crosscutting redaction definitions for all objects included in the search seems like something the server could do, but I don’t believe it should be encouraged.

5.b) I consider this a corner case so feel free to ignore it  ;-)

The VCard label property (as well as the JSContact fullAddress property) is usually derived from the postal address information.

When the postal address is partially redacted, what should be the label value and the related redaction method?

If you think it's worth managing this case, I would suggest a conservative solution:  the label property should be omitted and the redaction method should be "removal".

JG – The rule is if the property can be and is removed due to redaction, then it is omitted, and the redaction method should be “removal”.  I’m not sure if this fully answers your feedback, so please let me know with an example if it doesn’t.

Hope it could be helpful.

Best,

Mario




Il 10/11/2022 19:38, Gould, James ha scritto:
This is a formal request to start the WGLC for draft-ietf-regext-rdap-redacted.  There is a normative reference to draft-ietf-jsonpath-base, which has a JSONPath working group November milestone.  draft-ietf-jsonpath-base looks stable and can progress in parallel with draft-ietf-regext-rdap-redacted.

Thanks,

--

JG

[cid:image002.png@01D90BD0.5D9CCAC0]

James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://secure-web.cisco.com/1jBgmRGLp97BwyI56ZY6E2KnhXLBn_CyaRjxVZ7GqU5nP4VoGbDmOFaSadTLrZ8OaIMWwNr4CLXsVIYNhnH4Z3c6przEWV0581stOfOtCDYyVb1U8iX-OaeglUaY6UIjRbRsoaAcqnx12w7uDgnjrwnhLrtSCH3NQK20VhpKXQbAofvo4jOJsx4cHjD5sxmv-xKgfyjXZgr7oOpxU9z41XgH02hJZZTYbogCf05948JANuWS0T4DojwwmNtmQHoN9UjVqPRqZKAn7gbjnO0xXK3ZDaxx9N9iz65hy3ZqIgQYHxdSLk5KUHbNvQydrwCxd/http%3A%2F%2Fverisigninc.com%2F>



_______________________________________________

regext mailing list

regext@ietf.org<mailto:regext@ietf.org>

https://www.ietf.org/mailman/listinfo/regext<https://secure-web.cisco.com/1QZXPKZg0yOi5FGPtQR9fKFNSa-mIVnC7WC4ALwt1eRfK3-ypZSt6_2xY-hSaVmgzAytTYYHcnL4rCXxWO2UpEtkMlh-OegPiK5nrIShRzg2hBlREYZPS41o1IwIWcM7UZPGQ-FxQBxkkf8fRsG27ZJPh6SN4Npz5Nx0eTyp0BNyD27_AEHQOQGphegY8qsrmx-Wjd9q7Csh129rmKkvKVxpZzed_u_8Pwyn4g4DN11Ns2RGRyh6-ymPx7BK5CxqUGI6OovchjtlylImbPICIi7KiCZMvnjcPCyn_ZDbQbxVQpIu6ikjianxcAM8RpdtD/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext>

--

Dott. Mario Loffredo

Technological Unit “Digital Innovation”

Institute of Informatics and Telematics (IIT)

National Research Council (CNR)

via G. Moruzzi 1, I-56124 PISA, Italy

Phone: +39.0503153497

Web: http://www.iit.cnr.it/mario.loffredo<http://secure-web.cisco.com/139AqdF7WT3CdxSSc0UPSoDgA0gl9_QwVKklekryCslll0JvKfIWV4X16QAKacmsRBjPmY6-F04c28s5zpz2HwT6ki7ON7XQHsnRXipvn3m1NoGxfR9XMNRGTtoSlaoXahD0z-bP-mSUPsraAy5ewotwaYuTsKuafF8T5HN8JqEL4pqYsq1WAdl8WS_bHigbb8mVKIhqTDuRazKzVCpoByy52N_M-Hf8megqz4jAbIU_D7CgzVTQH7GQXldLgfms9L0ugpZtQ0bewrH_9DBeNO0aiY2BRkZ8adIM_8V-TsGl3qCbgdfLzBl6RNTz79GpF/http%3A%2F%2Fwww.iit.cnr.it%2Fmario.loffredo>

v2.23.0 | Report a Bug | By Email