IETF Logo Mail Archive

[regext] Re: WGLC: draft-ietf-regext-rdap-geofeed-05

"Andrew Newton (andy)" <andy@hxr.us> Mon, 22 July 2024 22:28 UTC

Return-Path: <andy@hxr.us>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBF1CC1D8768 for <regext@ietfa.amsl.com>; Mon, 22 Jul 2024 15:28:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hxr-us.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wHZAV7MpWWGX for <regext@ietfa.amsl.com>; Mon, 22 Jul 2024 15:28:21 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10946C1D6202 for <regext@ietf.org>; Mon, 22 Jul 2024 15:28:20 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-52efef496ccso1825637e87.1 for <regext@ietf.org>; Mon, 22 Jul 2024 15:28:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hxr-us.20230601.gappssmtp.com; s=20230601; t=1721687299; x=1722292099; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=Ti4OL/h6P30ZByE42bq1lLKyIRYSxNhHnM1lT9Qd6W0=; b=GLUxbE+1VRsKid/gqPAK/QopWQCmfyJWOq0k/o8eqcTztAg8LjmIUX6CU2dAqtxrwq dvrHqvF2XYZ8TcKeOAl4mK6AmoncivLb5bSh4WLcOfk9dMJd13erdh6CEya6dw0d7Bs2 wwKxHngrTRjONbNjxzrgj2/CJQbsgCETOeGCGoiRH1cKTepx3s39bngSUCxl9/iG92w0 xOx+z6nmDAA2K2Jw1w7+FByE8Nd9ckIHDg9KvHp39FBtKw6tmkGurPGFEU94ho23ax7M AL1ZoiVTC6pFmN/7/+XuabiX/zB1GK8+mMs8M3+Z2k7ZemvjFSTePcDEFbbHu7jvOWFU 2yBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721687299; x=1722292099; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ti4OL/h6P30ZByE42bq1lLKyIRYSxNhHnM1lT9Qd6W0=; b=WQggb4e34/QCs7r0r2z5ODt9h7yPqJoOM8jNtQyWCX5EIGbGkv66RcSP7FWQwk3Lkx SZCCVOl1lyDBB+Xyvsq0op6y2iIkxb/fLFvM+/E+lI00TrWn9YXV6suHmAx/Ck8Za+EP 65q9bCwdGbdA11zxl7N2wFFFhUwpJQ7Qv4BlukY9VRUiN7V41SnDirOgEfjQt5TJAzXs OGDASsDU8ocm5Mgn1DgKqQesS/VaAQpUeorblWmPpVTzTKlxRAUl+SvNMgYt51NpLcaX Jjwq5WegbRy0d/oq3EY6Zbbyq+C3urlYViycrfjWs/F2FjnU5sijRb6AwcnvPHFEJ9UX y8YA==
X-Gm-Message-State: AOJu0YzNmnk8n4q8CUj4LDJ0eA81CwxK4BkeKTwn6YTNUCn0sIy7aC4u 1NF46pvKe5cCgHp8z3JRR+CxNcQO/f2EC9t3II3D6MWS8GsHNsTXSYnAokKXIExbcduiwRKW9Pa S/8C4TZBazmDyneNxvcZBPvWI2Z/lGDxzm3JTNA==
X-Google-Smtp-Source: AGHT+IEmTbLqvkvXGZYF07eBj1IWVA29qgiHCfDYAeRz4a6X1QAOVU0DIIMcKOno9HRJBN4fb+C0m8OgHiEUBcpiZic=
X-Received: by 2002:a05:6512:110b:b0:52e:fd50:fe5a with SMTP id 2adb3069b0e04-52fc675a228mr71790e87.24.1721687298833; Mon, 22 Jul 2024 15:28:18 -0700 (PDT)
MIME-Version: 1.0
References: <9AE89B13-D3D1-4D15-8EAA-105CCFA0F540@elistx.com> <72adbded-39af-42dc-9971-6e9ff69bfc59@hxr.us> <LV3PR15MB645369A839DF17BB2C1A2AB3C9AE2@LV3PR15MB6453.namprd15.prod.outlook.com>
In-Reply-To: <LV3PR15MB645369A839DF17BB2C1A2AB3C9AE2@LV3PR15MB6453.namprd15.prod.outlook.com>
From: "Andrew Newton (andy)" <andy@hxr.us>
Date: Mon, 22 Jul 2024 15:28:07 -0700
Message-ID: <CAAQiQRdprYV1iAm1HLHOBsR7Eqz1rGk2Mr-ERtXR3wzPsGfo+w@mail.gmail.com>
To: Jasdip Singh <jasdips@arin.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: T7CDCPQNLTUDGEQZVLKV6OLWMDXLX5EA
X-Message-ID-Hash: T7CDCPQNLTUDGEQZVLKV6OLWMDXLX5EA
X-MailFrom: andy@hxr.us
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: REGEXT Working Group <regext@ietf.org>, "tomh@apnic.net" <tomh@apnic.net>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [regext] Re: WGLC: draft-ietf-regext-rdap-geofeed-05
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/5EWFN8-EY9oaj-ITSjntRIHEpbo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>

Hi Jasdip,

Can you point to the spot in opsawg-9022-update that states clients
are to ignore non-standard data?

Also, I see this in the opsawg-9022-update:

"When reading data from an unsigned geofeed file, one MUST ignore data
outside the referring inetnum: object's address range."

That to me indicates that clients should not process any geofeed link
found in anything other than an "ip network", but it also means the
should not process any geofeed link data in an "ip network" where the
geofeed data is outside the network boundary of the "ip network"
object.

-andy

On Sat, Jul 20, 2024 at 9:20 AM Jasdip Singh <jasdips@arin.net> wrote:
>
> Hi Andy,
>
>
>
> Thanks for these insightful questions. Tom and I discussed them. Let me try answering. :)
>
>
>
> Tom, please add/subtract if needed.
>
>
>
> Jasdip
>
>
>
> From: Andrew Newton (andy) <andy@hxr.us>
> Date: Thursday, July 18, 2024 at 3:19 PM
> To: REGEXT Working Group <regext@ietf.org>, Jasdip Singh <jasdips@arin.net>, tomh@apnic.net <tomh@apnic.net>
> Subject: [regext] Re: WGLC: draft-ietf-regext-rdap-geofeed-05
>
> Hi Jasdip and Tom,
>
> I like this draft, but I do have a couple of questions.
>
> 1. This draft mentions the ip network object class but none of the other
> object classes. Are those not allowed by this extension? What happens if
> a server uses a geofeed link in a domain object? Should that be covered
> under a different extension? What if bigisp.com wants to allow other
> network operators to find their geofeeds just by looking up bigisp.com
> in RDAP? That seems like it might be a useful thing. If not, are clients
> to ignore processing the link if found any object other than an ip network?
>
>
>
> [JS] Since the goal of this extension has been to complement the RFC 9092 Update [1] semantics by providing a point of presence in RDAP, we’d like to keep the spec limited to IP network objects, given some of the RIRs are already enabling geofeed link additions as part of network registrations. The bigisp.com domain scenario is interesting, and some verbiage could have been added to allow geofeed links for other object classes if the authority of the holder of these non-network objects extended over the networks in question. That might be possible for reverse domains in the RIRs but not sure how that authority could be ascertained for forward domains in the DNRs when the network data is in another registry. We think that a more focused, new extension for such a scenario would do a better job from spec angle.
>
>
>
> To your “If not, are clients to ignore processing the link if found any object other than an ip network?”, we think yes since clients are expected to ignore non-standard data.
>
>
>
> [1] https://datatracker.ietf.org/doc/html/draft-ietf-opsawg-9092-update-11
>
>
>
> 2. Do the IPs in the geofeed file have to be in the IP boundaries of the
> ip network object class where the link is found? That doesn't look to be
> a requirement, but perhaps this should be explicitly stated.
>
>
>
> [JS] From what we are noticing at the RIR level is that the service providers generally create a geofeed file with a one-to-many relationship with multiple networks. Requiring IP boundaries would impede how it is presently done.
>
>
>
> 3. What is a client to do if it finds the geofeed link in a response
> without a "geofeed1" extension? Is it suppose to treat the link as if
> the response had a "geofeed1" extension? The expectation of client
> processing should be more explicit in this allowable corner case.
>
>
>
> [JS] Glad you noted this edge case. After seeing James’ feedback on replacing RECOMMENDED with MUST for the extension id inclusion, we think MUST would be better since it 1) helps eliminate any confusion on RECOMMENDED being misconstrued as optional, and 2) brings this extension more in line with the new “marker” extension definition from the RDAP Extensions draft [2]. If MUST is acceptable, that still leaves the scenario of a server returning a geofeed link without this extension id in the response but that would not be in line with this spec and the client is free to proceed as it would for any non-standard data in a response; most likely, ignore.
>
>
>
> [2] https://github.com/anewton1998/draft-regext-rdap-extensions/blob/main/draft-regext-rdap-extensions.md
>
>
>
>

v2.39.1 | Report a Bug | By Email | System Status