IETF Logo Mail Archive

[regext] Re: RDAP versioning - on client-server interactions and 2-RTT flow

"kowalik@denic.de" <kowalik@denic.de> Thu, 21 November 2024 18:17 UTC

Return-Path: <kowalik@denic.de>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 331B6C20C8D2 for <regext@ietfa.amsl.com>; Thu, 21 Nov 2024 10:17:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denic.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id whwkY9R3ZoWa for <regext@ietfa.amsl.com>; Thu, 21 Nov 2024 10:17:01 -0800 (PST)
Received: from mout-b-112.mailbox.org (mout-b-112.mailbox.org [195.10.208.42]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7888BC1CAF59 for <regext@ietf.org>; Thu, 21 Nov 2024 10:16:36 -0800 (PST)
Received: from smtp102.mailbox.org (smtp102.mailbox.org [10.196.197.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-112.mailbox.org (Postfix) with ESMTPS id 4XvRJJ0X9mzDtKw; Thu, 21 Nov 2024 19:16:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denic.de; s=MBO0001; t=1732212992; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WyIOya/Q8p91VXQeEo4B0P+gB+j61Ngx/PX3IVjH554=; b=0Bg+1TRJBP10ptkoDsmAjaB5TrAqBcgaLHxNn+KVSPrp6e/aSHlWgqU7GKFbW8Q8WVVZIr hz0tB5M40tr1Ni00ZPh5WPpQZBqwrxLXUoQexoSzyi05Rkr6xE4WcQcCtQhYItQeXRbRME /i9S2fKYlyOemFe3OqsLZdgqL64f2G+Dg7pvKaca4Q3cUo42fnBapB1uYsp3+oomSibcR1 EfbVcrW3vmg4rNM6PcT3bRNF7SpntNCkJi2os8yeavW62MA/0/1nk2JHNkwTV1dXQfWGK9 R5MtZM5FjhI7dxT3i8O+OuN3n/8gIvulSOBDz+BkJhNqlzzQXUCMFjAKzIN7mA==
Message-ID: <7fc24d8e-f845-4e62-b164-cf6dcaa39915@denic.de>
Date: Thu, 21 Nov 2024 19:16:30 +0100
MIME-Version: 1.0
From: "kowalik@denic.de" <kowalik@denic.de>
To: "Gould, James" <jgould@verisign.com>, "regext@ietf.org" <regext@ietf.org>
References: <10ba3faa-8bf7-4202-81bf-e2c99473c3db@denic.de> <10BE3B85-4538-49C5-AB98-4EDDCDCF2B5F@verisign.com> <a872a3d3-ca80-4fbc-b747-b3738e857dae@denic.de> <F6BD2F41-C0E6-4892-B9DA-920A62A46CC5@verisign.com>
Content-Language: en-GB, de-DE
In-Reply-To: <F6BD2F41-C0E6-4892-B9DA-920A62A46CC5@verisign.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms090704010806070802050509"
X-MBO-RS-ID: 4ca12888378f94a8baf
X-MBO-RS-META: rjgtih3xqua8khkyhar8raf8pneacfwk
Message-ID-Hash: 3RROHMDLAHAGYG7R5CODRJJJ7V3T6IST
X-Message-ID-Hash: 3RROHMDLAHAGYG7R5CODRJJJ7V3T6IST
X-MailFrom: kowalik@denic.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [regext] Re: RDAP versioning - on client-server interactions and 2-RTT flow
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/1Dm9h8dWqv_xpTm_16spfyJKqcA>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>

Hi Jim,

Got it. These are all optimisations of 2-RTT model.
I am missing your feedback to my 1-RTT proposal and risks related to 
redirects in 2-RTT scenario.

Kind Regards,

Pawel

On 21.11.24 19:00, Gould, James wrote:
>
> Pawel,
>
> The client has multiple options:
>
>  1. Proactively leverage the versioning help with every query (2-RTT)
>     or a pre-defined intervals to keep the configuration accurate.
>      1. I don’t see the extension versions changing frequently and the
>         versioning extension does support pre-publishing support for
>         an extension version to the client, so my recommendation would
>         be to check it daily or even less frequently in a single client.
>  2. Lazily leverage the versioning help when there is an identified
>     extension version issue
>      1. This could be automated with the first error and then stored
>         with the correct extension versioning information for
>         subsequent queries.
>      2. This could be manual when an error is reported, and operations
>         uses the versioning help to diagnose the issue for a fix.
>
> There are probably many additional options, where having the meta-data 
> along in the versioning help (e.g., “versioning_help” member) with the 
> extension versioning detail with each response (e.g., “versioning” 
> member) should provide value with any RDAP client to address extension 
> compatibility issues automatically or manually.
>
> Thanks,
>
> -- 
>
> JG
>
>
> cid87442*image001.png@01D960C5.C631DA40
>
> *James Gould
> *Fellow Engineer
> jgould@Verisign.com 
> <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
>
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
>
> Verisign.com <http://verisigninc.com/>
>
> *From: *"kowalik@denic.de" <kowalik@denic.de>
> *Date: *Thursday, November 21, 2024 at 12:36 PM
> *To: *James Gould <jgould@verisign.com>, "regext@ietf.org" 
> <regext@ietf.org>
> *Subject: *[EXTERNAL] Re: [regext] RDAP versioning - on client-server 
> interactions and 2-RTT flow
>
> Hi Jim,
>
> If the client would like to benefit from machine readable version 
> information from versioning extension, there is no way around 2-RTT.
>
> If not, then this extension is basically of no practical meaning to 
> such client, so not really worth considering.
>
> Kind Regards,
>
> Pawel
>
> On 21.11.24 18:29, Gould, James wrote:
>
>     Pawel,
>
>     RFC 9082 states the following for the Help Path Segment:
>
>     The help path segment can be used to request helpful information (command syntax, terms of service, privacy policy, rate-limiting policy, supported authentication methods, supported extensions, technical support contact, etc.) from an RDAP server. The response to "help" should provide basic information that a client needs to successfully use the service.
>
>     This is exactly what the versioning extension is doing in the "versioning_help" member, by providing help information on supported extensions.  A client is not required to use the versioning extension to perform queries, since the server does have a default extension version that is specified in the "versioning_help" member.  If a client does run into an extension compatibility issue, it could use the help command to programmically (lazily) or manually determine the root cause of the issue for resolution.
>
>     There is no requirement or expectation that an RDAP client implement 2-RTT.
>
>     Thanks,
>
>     -- 
>
>     JG
>
>     James Gould
>
>     Fellow Engineer
>
>     jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> <mailto:applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
>
>     703-948-3271
>
>     12061 Bluemont Way
>
>     Reston, VA 20190
>
>     Verisign.com<http://verisigninc.com/> <http://secure-web.cisco.com/1i4F4XceuHxhs-b9i0KfN2SASQv-TqK69F2z5EdAqIhCxvhNvC3WwTfK6ANtRgjWLd-R8d-Cqyv-UD-CDH530aIlcZGBWm2yG1KKtbY1TC3EuirdyZQMdD6m8QZxEis3VeDni07o4rQRu8oP6EsH75zHCBqovfVVxdTQR2RG4TWq-JSOiQGFBxZo-rT98XqthLeXHhlNAGdU4WeXMwzWqT6EUQND3wycz-A1IZhl6TZs0OrUj1i16L6RWb2XC51tpxYvBo1-crVyGevQ5AGLM6MWtAFYuGnkJXhUPgBL98fI/http%3A%2F%2Fverisigninc.com%2F> 
>
>     On 11/21/24, 12:19 PM, "Pawel Kowalik" <kowalik@denic.de <mailto:kowalik@denic.de> <mailto:kowalik@denic.de>> wrote:
>
>     Hi,
>
>     Thinking of interactions between the client and server that versioning
>
>     draft assumes I think we are heading towards 2-RTT model for every request.
>
>     Step 1: The client makes an HTTP GET request to the /help endpoint of
>
>     the RDAP server.
>
>     Step 2: The response is processed to extract rdapConformance and versioning.
>
>     Step 3: Compare the server's supported extensions and versions with
>
>     those supported by the client.
>
>     Step 4: If compatible configurations are found, the client makes target
>
>     request to a resource endpoint (e.g., domain/foo.com) using headers or
>
>     query parameters to specify the desired configuration.
>
>     So we have 2 full RTTs. Of course a client can cache it for some time
>
>     but not forever, as the server may change at any time its configuration.
>
>     In a cold state or a client without capability to cache this will be
>
>     always 2-RTT if the client would like to be aware of the versions.
>
>     I don't think this is in line with rfc7480, which assumes "a client
>
>     implementation should be possible using common operating system
>
>     scripting tools (e.g., bash and wget)". Also not with the usage pattern
>
>     defined in Section 1. None of it is normative, however I would not just
>
>     ignore it without discussing consequences of going this way.
>
>     I would like to see more that versioning draft would assume 1-RTT model
>
>     as a primary use-case, so that the client would put a range of versions
>
>     it supports into a request and the server would put best efforts to
>
>     fulfil it. This would be also more "redirect friendly", so that a
>
>     redirected request to another server (no matter if with query parameters
>
>     or headers) would have the same information about client capabilities
>
>     and able to serve the response as opposed to getting a request for
>
>     configuration crafted for the origin server of a redirect.
>
>     Kind Regards,
>
>     Pawel
>

v2.31.3 | Report a Bug | By Email | System Status