IETF Logo Mail Archive

Re: [regext] Fwd: New Version Notification for draft-ietf-regext-rdap-reverse-search-16.txt

Mario Loffredo <mario.loffredo@iit.cnr.it> Mon, 28 November 2022 18:22 UTC

Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D3FAC1526E3 for <regext@ietfa.amsl.com>; Mon, 28 Nov 2022 10:22:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nd1DzOkLM2cm for <regext@ietfa.amsl.com>; Mon, 28 Nov 2022 10:22:29 -0800 (PST)
Received: from iit.cnr.it (mx4.iit.cnr.it [146.48.58.11]) by ietfa.amsl.com (Postfix) with ESMTP id 7F3A7C14F606 for <regext@ietf.org>; Mon, 28 Nov 2022 10:22:28 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx4.iit.cnr.it (Postfix) with ESMTP id D13C7B80A60; Mon, 28 Nov 2022 19:22:26 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mx4.iit.cnr.it
Received: from iit.cnr.it ([127.0.0.1]) by localhost (mx4.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FGmtxTdI7_Hf; Mon, 28 Nov 2022 19:22:23 +0100 (CET)
Received: from [192.168.16.66] (sa.nic.it [192.12.193.247]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by mx4.iit.cnr.it (Postfix) with ESMTPSA id 21973B8024F; Mon, 28 Nov 2022 19:22:23 +0100 (CET)
Message-ID: <470775a9-7e6f-031f-7d98-de4b611f7b81@iit.cnr.it>
Date: Mon, 28 Nov 2022 19:19:20 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.5.0
To: "regext@ietf.org" <regext@ietf.org>, "pawel.kowalik@ionos.com" <pawel.kowalik@ionos.com>
References: <166904400845.63178.12808486915076028699@ietfa.amsl.com> <3cf24684-e89c-2565-e2ae-be797359ebc4@iit.cnr.it> <Y3zH8UtSf4QMwHU5@TomH-802418> <3d566ca4-999e-4e72-e8f1-2e9dd65d2440@iit.cnr.it> <Y39njQxonjw4vw21@TomH-802418> <85c931a7-7800-6f57-6eed-5115fc1d448c@iit.cnr.it> <Y4Pbb2exb8B34eXc@TomH-802418>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
In-Reply-To: <Y4Pbb2exb8B34eXc@TomH-802418>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/G2l7oOcKdg7OlW2xUBTKBG364Y8>
Subject: Re: [regext] Fwd: New Version Notification for draft-ietf-regext-rdap-reverse-search-16.txt
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 18:22:33 -0000

Hi Tom,

please find my comments below prefixed with ML3.

Il 27/11/2022 22:49, Tom Harrison ha scritto:
> Hi Mario,
>
> On Fri, Nov 25, 2022 at 02:18:35PM +0100, Mario Loffredo wrote:
>> Il 24/11/2022 13:46, Tom Harrison ha scritto:
>>> This is the part I (still) don't follow, sorry.  The fact that the
>>> label is a JSON value in the "reverse_search_properties" member of
>>> the help response does not mean that the label needs to be
>>> registered in the "RDAP JSON Values" registry, as best I can tell.
>> [ML2] Per my understanding of the introduction of RFC8126, any
>> constant defined in a protocol should be registered.
>>
>> Since the "reverse_search_properties" member includes some
>> pre-defined JSON values, they can be added to the "RDAP JSON Values"
>> registry.
>>
>>     Many protocols make use of points of extensibility that use
>>     constants to identify various protocol parameters.  To ensure
>>     that the values in these fields do not have conflicting uses and
>>     to promote interoperability, their allocations are often
>>     coordinated by a central record keeper.
> Thanks, this was the part I was missing.
>
>>>> The content of  "reverse_search_properties" member disambiguates
>>>> the meaning of that labels in the context of the reverse search
>>>> queries a server supports, e.g. an RDAP server could provide
>>>>
>>>> "domains/reverse_search/entity?handle" rather than
>>>> "nameservers/reverse_search/entity?handle" or both of them.
>>>>
>>>> That said, I admit that the description of the "handle" entry as
>>>> presented in the document is tailored on the "entity" as related
>>>> resource type so, if there is consensus on this way to go, I'll
>>>> make it more generic.
>>> I don't see how the entry could be made more generic with respect
>>> to the related resource type.  Even the current descriptions are
>>> arguably too broad, since they do not limit the searchable object
>>> type to one of domains, nameservers, or entities (being the three
>>> searchable object types mentioned in section 2) but could e.g. be
>>> read as applying to IP networks and ASNs as well.  A separate
>>> registry would fix this problem.

[ML3] I don't have any objection to opt for a separate registry.

Provided that there is no concern on using a separate registry from 
other WG members, I'll come up with a new proposal on the mailing list 
shortly.

>> [ML2] I would simply remove the reference to the "entity" object
>> class as in the following:
>>
>> OLD
>>
>> When the related resource type in a reverse search query is
>> "entity", it signals that the RDAP server supports the reverse
>> search based on the "fn"property of an entity associated with the
>> selected searchable resource type
>>
>> NEW
>>
>> It signals that the RDAP server supports the reverse search based on
>> the "fn"property of the given resource type associated with the
>> given searchable resource type
>>
>> As I wrote in my previous mail, the reverse search property maps a
>> property of the related resource type in a reverse search query. The
>> searchable resource type is just needed to specify which reverse
>> query an RDAP operator is willing to support but this information is
>> included in the "reverse_search_properties" help response extension.
>>
>> This approach would minimize the number entries compared to those
>> required for a registry including all the variables in the reverse
>> search query model.
>>
>> In fact, having defined four reverse search properties and based on
>> the fact that the object class entity is associated to any RFC9083
>> object class, the pre-defined entries of a possible "Reverse Search
>> Properties" registry should be the following:
>>
>> (domains|nameservers|entities) - entity - handle
>>
>> (domains|nameservers|entities) - entity - fn
>>
>> (domains|nameservers|entities) - entity - email
>>
>> (domains|nameservers|entities) - entity - role
>>
>> domains - nameserver - handle
>>
>> Applying reverse search to ips and autnums searchable resource types
>> without declaring  additional properties would add no entry to "RDAP
>> JSON Values" registry instead of eight additional entries in the
>> "Reverse Search Properties"  registry.
> My main concern here is that the reverse search document defines
> behaviour for searchable object types that contain an 'entities'
> member which is a list of entity-type objects, with the further
> requirement that the 'fn' and 'email' searches only work correctly for
> entity-type objects containing vCards (i.e. they won't work for
> entity-type objects containing JSContact records).  Defining the
> registry property generically runs the risk of server implementors
> adding reverse search properties for other object types (searchable or
> related), without properly defining the behaviour for those searches.
> Using the existing registry is fine (IMHO) if the text limits the
> search to the cases considered by this document.  (That does mean that
> it's not possible to register more than one reverse search for a given
> name, but maybe that's not a serious problem in practice, given that
> implementors can just choose another name if necessary.)
>
>>> But there's no way to prevent collisions from happening, if custom
>>> reverse search properties are supported.  If server S1 uses a
>>> custom reverse search property named P, and server S2 then
>>> registers with IANA a property with the same name, then there will
>>> be a collision between the two names.  It won't necessarily be
>>> possible for S2 to confirm that P hasn't previously been used.
>> [ML2] Even now there is no real way to prevent collisions since
>> extension identifiers and JSON values are normally used for long
>> before they are registered.
>>
>> Currently, only when an extension is considered stable, the related
>> identifier is registered.
>>
>> Think that preventing RDAP operators to provide temporary reverse
>> search properties is incompatible with registries'policy of
>> releasing features on test platforms for a limited period before
>> running them in the live environment.
> I can see the argument here, but the document doesn't say e.g. "custom
> properties may only be used temporarily, or for testing purposes", so
> it doesn't prevent two servers from having two custom properties with
> the same name and different behaviour, each of which is intended to be
> used long-term (i.e. neither server intends to register the property,
> for whatever reason).  If support for custom properties is omitted
> from the document, then a server wanting to support a new reverse
> search property temporarily or for testing can still do that, but the
> lack of in-protocol support for that makes it clear that it's not
> meant to be a long-term solution.

[ML3] Would like to reach the largest consensus on this point too.

Therefore, my proposal is to rearrange the "reverse_search_properties" 
extension by removing "type" and keeping "links" anyway.

The "links" member could be used to provide additional information about 
unregistered properties.

Would it work for you?


Best,

Mario

>>>> With regard to the meaning of your last sentence, I need a
>>>> clarification.  Are you meaning that inconsistencies come up
>>>> because, for example, the "email" reverse search property maps the
>>>> same JSON value but identified through two different JSONPaths in
>>>> the RDAP response ?
>>> I don't think it would be open to a server to do this under the
>>> current document, because the JSONPath to "email" is defined in the
>>> document itself.  An example scenario where inconsistency could occur:
>>>
>>>    - S1, S2, and S3 implement support for JSContact.
>>>    - S1 decides to add a custom reverse search property called "name",
>>>      for matching a JSContact "name" (per 2.2.1 of that document), by
>>>      looking at the "given" and "surname" name components for the
>>>      JSContact "name".
>>>    - S2 also adds a custom reverse search property called "name", but
>>>      instead matches against the JSContact "fullName".
>>>    - S3 also adds a custom reverse search property called "name", in the
>>>      same manner as S2, but if a jCard is retrieved, it falls back to
>>>      using the same logic as that for an "fn" reverse search per the
>>>      current document.
>> I still think that custom properties are useful for the reasons above.
>>
>> On the other hand, their possible misuse should be ruled somehow.
>>
>> Here in the following a possible statement limiting the scope of custom
>> properties:
>>
>> "A custom reverse search property MUST NOT collide with a registered reverse
>> search property and MUST NOT match an RDAP property, or any of its variants,
>> matched by a registered reverse search property."
>>
>> Being JSContact fullName a variant of jCard fn, both S2 and S3 can't define
>> "name" as a custom property.
> I still don't see how the document can require that a custom reverse
> search property not collide with registered reverse search properties
> as to its name or the members that it refers to, because the person
> registering a new reverse seach property is not guaranteed to be aware
> of all existing custom reverse search properties.  The fact that a
> given field is a 'variant' of another may not be obvious to
> implementors, either.  If any new reverse search that isn't covered by
> the existing document has to be defined in an extension, then these
> problems go away.
>
> -Tom
>
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

-- 
Dott. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo

v2.23.0 | Report a Bug | By Email