Return-Path: X-Original-To: regext@ietfa.amsl.com Delivered-To: regext@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A074C14F71D for ; Wed, 17 Jul 2024 00:16:27 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.005 X-Spam-Level: X-Spam-Status: No, score=-2.005 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iit.cnr.it Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWY-fEARrBNH for ; Wed, 17 Jul 2024 00:16:22 -0700 (PDT) Received: from mx3.iit.cnr.it (mx5.iit.cnr.it [146.48.58.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95763C14F71B for ; Wed, 17 Jul 2024 00:16:21 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 mx3.iit.cnr.it E4461C0664 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iit.cnr.it; s=mx520231221; t=1721200578; bh=sWgvhnns2JkAxq3cTIiUXFOJjWlE4+xfx9D0gSqyzGM=; h=Date:Subject:To:References:From:In-Reply-To:From; b=SdPAHkhS28Ih7k5PsOuEOsqCt8nW4Mxe56/ibO28MF9DqSWG4mFsdgoqmJsSeZbaI gVc8YS7KO95Mr0G4qkAKGs0poYYL2Z43f9iIq9DV94840VQgkmNKid63lSTOvJ7OOR YyjyHqCchzO60oaKIZMI7MnsR7s/EsLpYbnwFZcSALWjNzaJdQcT6xA3QSwsBRp7bB jerNJgi+19MWTsGn4K81uQ0L5Fbu/d3vTJDMh4mUv1GU4cElbqD08QbvnLS02ivA7z +LYdzhyRXXYqHxkcL+QstQw97YbtBg4w7pXu1vJHpZ2LfUGiDfobeGtklg7+D/QLtO YeZ8ophqBzTuA== Received: from localhost (localhost [127.0.0.1]) by mx3.iit.cnr.it (Postfix) with ESMTP id E4461C0664; Wed, 17 Jul 2024 09:16:18 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mx5.iit.cnr.it Received: from mx3.iit.cnr.it ([127.0.0.1]) by localhost (mx5.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10028) with ESMTP id HIYR5sRrSZcz; Wed, 17 Jul 2024 09:16:18 +0200 (CEST) X-Relay-Autenticated: yes Content-Type: multipart/alternative; boundary="------------t5e96cALviiCMYEKIKFD6o0B" Message-ID: Date: Wed, 17 Jul 2024 09:10:41 +0200 Mime-Version: 1.0 To: Jasdip Singh , "regext@ietf.org" References: <9AE89B13-D3D1-4D15-8EAA-105CCFA0F540@elistx.com> <95504da0-2733-4ace-9fb4-db3737018136@iit.cnr.it> Content-Language: it From: Mario Loffredo In-Reply-To: Message-ID-Hash: AJH3KQ6BU5AAC57KRTXGQWLUVYGP2HPV X-Message-ID-Hash: AJH3KQ6BU5AAC57KRTXGQWLUVYGP2HPV X-MailFrom: mario.loffredo@iit.cnr.it X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.9rc4 Precedence: list Subject: =?utf-8?q?=5Bregext=5D_Re=3A_WGLC=3A_draft-ietf-regext-rdap-geofeed-05?= List-Id: Registration Protocols Extensions Working Group Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: This is a multi-part message in MIME format. --------------t5e96cALviiCMYEKIKFD6o0B Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable Il 17/07/2024 01:01, Jasdip Singh ha scritto: > > Hi Mario, > > *From: *Mario Loffredo > *Date: *Tuesday, July 16, 2024 at 9:56 AM > *To: *regext@ietf.org > *Subject: *[regext] Re: WGLC: draft-ietf-regext-rdap-geofeed-05 > > Have reviewed this document. > > Per what is stated in section 3, it's not clear to me what servers=20 > should do whenever the geofeed file exposes the location of an individu= al. > > Neither Section 7 of [I-D.ietf-opsawg-9092-update] seems to clarify=20 > this point as it contains only a generic warning (see below): > > *... In publishing pointers to geofeed files as described in this=20 > document, the operator should be aware of this exposure in geofeed=20 > data and be cautious....* > > Should RDAP servers omit to present the geo link=C2=A0 or should they=20 > remove from the linked geofeed file the information related to the=20 > location of individuals ? > > [JS] Since maintaining the public geofeed files from privacy angle,=20 > per the guidance from RFC 9092 update, is expected to be the concern=20 > of the ISPs, =C2=A0and not the RDAP server operators, we should clarify= =20 > this in section 3. How about updating the first paragraph in that=20 > section as follows? > Works for me. > > =E2=80=9CWhen including a geofeed file URL in an IP Network object, an = RDAP=20 > server operator SHOULD follow the guidance from=C2=A0Section 7=C2=A0of=20 > [I-D.ietf-opsawg-9092-update]=C2=A0to not accidentally expose the locat= ion=20 > of an individual.=E2=80=9D > > ----> > > =E2=80=9CWhen including a geofeed file URL in an IP Network object, it = is=20 > expected that the service provider publishing the geofeed file has=20 > followed the guidance from=C2=A0Section 7=C2=A0of=20 > [I-D.ietf-opsawg-9092-update]=C2=A0to not accidentally expose the locat= ion=20 > of an individual.=E2=80=9D > > Does it mean that the geo link can be redacted ? If so, which=20 > redaction method should be used? > > [JS] IIRC, we discussed this earlier and decided that redaction does=20 > not factor here since the geofeed files are public to start with.=20 > Please see section 7.3 change history. > Sorry. I missed that. Best, Mario > Thanks for your review, > > Jasdip > --=20 Dott. Mario Loffredo Senior Technologist Technological Unit =E2=80=9CDigital Innovation=E2=80=9D Institute of Informatics and Telematics (IIT) National Research Council (CNR) Address: Via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Web:http://www.iit.cnr.it/mario.loffredo --------------t5e96cALviiCMYEKIKFD6o0B Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


Il 17/07/2024 01:01, Jasdip Singh ha scritto:

Hi Mario,=

=C2=A0=

From: Mario Loffredo <mario.loffredo=3D40iit.cnr.i= t@dmarc.ietf.org>
Date: Tuesday, July 16, 2024 at 9:56 AM
To: regext@ietf.org <regext@ietf.org>
Subject: [regext] Re: WGLC: draft-ietf-regext-rdap-geofeed-05

Have reviewed this document.

Per what is stated in section 3= , it's not clear to me what servers should do whenever the geofeed file exposes the location of an individual.

Neither Section 7 of [I-D.ietf-opsawg-9092-update] seems to clarify this point as it contains only a generic warning (see below):

... In publishing pointers t= o geofeed files as described in this document, the operator should be aware of this exposure in geofeed data and be cautious....

Should RDAP servers omit to present the geo link=C2=A0 or should they remove from the linked geofeed file the information related to the location of individuals ?

[JS] Since maintaining the public geofeed files from privacy angle, per the guidance from RFC 9092 update, is expected to be the concern of the ISPs, =C2=A0and not the RDAP server operators, we should clarify this in section 3. How about updating the first paragraph in that section as follows?

Works for me.

=E2=80=9CWhen in= cluding a geofeed file URL in an IP Network object, an RDAP server operator SHOULD follow the guidance from=C2=A0Section 7=C2= =A0of [I-D.ietf-opsawg-9092-update]=C2=A0to not accidentally ex= pose the location of an individual.=E2=80=9D=

---->

=E2=80=9CWhen in= cluding a geofeed file URL in an IP Network object, it is expected that the service provider publishing the geofeed file has followed the guidance from=C2=A0Section 7=C2=A0of [I-D.ietf-opsawg-9092-update]=C2=A0to not accidentally ex= pose the location of an individual.=E2=80=9D=

Does it mean that the geo link can be redacted ? If so, which redaction method should be used?

[JS] IIRC, we discussed this earlier and decided that redaction does not factor here since the geofeed files are public to start with. Please see section 7.3 change history.=

Sorry. I missed that.


Best,

Mario

Thanks for your review,

Jasdip

=C2=A0
--=20
Dott. Mario Loffredo
Senior Technologist
Technological Unit =E2=80=9CDigital Innovation=E2=80=9D
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
Address: Via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo
--------------t5e96cALviiCMYEKIKFD6o0B--