IETF Logo Mail Archive

Re: [regext] OK, What Next? (was RDAP Extensions Approach Analysis v2)

"Gould, James" <jgould@verisign.com> Mon, 18 July 2022 17:06 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30ED9C13C52C for <regext@ietfa.amsl.com>; Mon, 18 Jul 2022 10:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XSQO_Sl463R3 for <regext@ietfa.amsl.com>; Mon, 18 Jul 2022 10:06:04 -0700 (PDT)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4E81C13C515 for <regext@ietf.org>; Mon, 18 Jul 2022 10:06:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=15408; q=dns/txt; s=VRSN; t=1658163965; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=gjf/IpcFKlt2Nm+QICzyGbYVqkoL2f1SbWHW4nzMMWA=; b=Cxrm1lpQts4Wueddo0Ft/VWJfzo99jSVLmafTM4NoW5mXLlg9r+G/v5d tEtD/tx8/fguk8/vyKNMiPh/B0M4O84aBaJny9wsR/kkfajElsWchalNv s73fpeWJZLhVDUEskJdI+qqZ2mgiA/wzMelCbrgfJnkYsBe63ZRaTPCM0 tvv2m4v3Ttk3xI41lcnZO7T55Y4BRAOuVvzAc214GS1rgpT26VxTodAhL AQnD+KIKXJhrYg2RLxDNxXfdvo/v5Wv3fD/m2iSRGUeYpzNx91bfA1PXD LoPRGdRtrdIhxWxwqWhtTF48Qr5d++Zpy5wbqDHxAiOzzpzNZ7DLfLnxL Q==;
IronPort-Data: A9a23:hXAiraCxocpj1hVW/1Liw5YqxClBgxIJ4kV8jS/XYbTApDIr0DZRz DYXDD/Ta/aMN2L1KtEjbY618h4P757VmoQyTANkpHpgcSlH+JHPbTi7wuUcHAvJd5GeExg3h yk6QoOdRCzhZiaE/n9BClVlxJVF/fngqoDUUYYoAQgsA14+IMsdoUg7wbRh3dc42YHR7z6l4 rseneWOYDdJ5BYpagr424rbwP+4lK2v0N+wlgVWicFj5DcypVFMZH4sDfjZw0/Df2VhNrXSq 9Drl+jlozyDr3/BPfv++lrzWhVirrf6Y1DS2iIOM0SoqkAqSicais7XOBeAAKv+Zvrgc91Zk b1wWZKMpQgBPqrmhO0YYURkAg5sG7Fn/q72LXnjmJnGp6HGWyOEL/RGJnsQZLI+19YvWydQ/ vsCMHYEYladnfmwhrm8T4GAhOx6dI+yY9hZ4yw7i22IZRolacmrr6Hi59BfwTM8rt5DB/fFZ sUfLzFoaXwsZjUWZwZKV81kzY9EgFGnQxRKhVaphpMW2EzU9E9QzqfVLNf8L4niqcJ92xzwS nj913/5BRUeOdqVxDGGpy70mOLVnDj6V4RUH7q93vJviUeYgG0eFBNQUkG0ydG8g1S/XJRbL EIa4CciqoAz9VDtRd/nGRykyFaNuBINc9pACasn82ml0Kfb7haFLmkJUjAHb8Yp3PLaXhQgz FnQgNXkFWQ19aaLUzSY96zRpzT0MzITdCkcfzQCCwAC5rEPvb0Os/4Gdf47eIbdszE/MWiYL +yixMTmu4gusA==
IronPort-HdrOrdr: A9a23:pnLM/KlAaK8/2kD47ryox5HgJVDpDfII3DAbv31ZSRFFG/Fwz/ re/sjy1XfP5Ar4wBkb6Ku90dq7MBbhHPlOkPMs1NaZLXHbUQSTTL2KgbGJ/9SCIVyCygc+79 YCT0EWMrSZZmSS5vyU3ODMKbcdKa68npxA692y854nd3APV0gp1XYfNu7QeHcGIjWuK6BJba ah2g==
X-IronPort-AV: E=Sophos;i="5.92,281,1650945600"; d="scan'208";a="15957729"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.28; Mon, 18 Jul 2022 13:05:46 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2375.028; Mon, 18 Jul 2022 13:05:46 -0400
From: "Gould, James" <jgould@verisign.com>
To: "shollenbeck=40verisign.com@dmarc.ietf.org" <shollenbeck=40verisign.com@dmarc.ietf.org>, "mario.loffredo@iit.cnr.it" <mario.loffredo@iit.cnr.it>, "andy@hxr.us" <andy@hxr.us>
CC: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: RE: RE: Re: [regext] OK, What Next? (was RDAP Extensions Approach Analysis v2)
Thread-Index: AQHYmsifo3ys1TfAoU6GObSUh+5XNA==
Date: Mon, 18 Jul 2022 17:05:46 +0000
Message-ID: <31035266-4E5F-46A4-B367-1BE784F4C292@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.62.22061100
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <665FC84701A4AD469B797345EA32E400@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/QtwSCUUC9OUPNI9i4WYPYde4T6g>
Subject: Re: [regext] OK, What Next? (was RDAP Extensions Approach Analysis v2)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Jul 2022 17:06:09 -0000

Scott,

>    You can't give drafts, and the content they contain, implementation status 
>    that they don't have. I get the value of implementation experience, but that 
>    doesn't mean that we can add something to IETF processes that doesn't exist.

I'm not stating that a draft has the implementation status, but by supporting pointed versioning and minimal client / server impact to draft updates, it will encourage implementations and contribute to the implementation status section.  We found the pointed versioning to be very useful with the EPP extensions, which should be reused for RDAP extensions.  

> [SAH] As I mentioned in my response to Mario, part of the answer may lie in
> the server NOT removing support for older versions of an extension if it
> wishes to provide backward compatibility.

Eventually the support for the old version can and will go away on the server-side, where embedding the version into all the extension elements can create interoperability issues without the prior knowledge of the server.  There is no version negotiation in RDAP, so once the old version support is removed, a client implementation can be broken.  Using just the RDAP conformance for hinting / signaling the support of the versioned extension(s), can be adjusted by the server with little to no impact to the clients.  

What is the advantage with embedding the version into the prefix used by all the extension elements?  

If a common and unique prefix (e.g., "foo") is used for the extension elements (e.g., "foo", "foo_member1", "foo_member2") and the RDAP conformance values (e.g., "foo_level_1", "foo_level_2"), you get the advantage of the extension consistency without the negative side effect of causing interoperability issues when removing support for older versions.  

-- 
 
JG



James Gould
Fellow Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/>

On 7/18/22, 11:51 AM, "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org> wrote:


    > -----Original Message-----
    > From: Gould, James <jgould=40verisign.com@dmarc.ietf.org>
    > Sent: Monday, July 18, 2022 10:58 AM
    > To: Hollenbeck, Scott <shollenbeck@verisign.com>; mario.loffredo@iit.cnr.it;
    > andy@hxr.us
    > Cc: regext@ietf.org
    > Subject: [EXTERNAL] Re: RE: Re: [regext] OK, What Next? (was RDAP
    > Extensions Approach Analysis v2)
    >
    > Caution: This email originated from outside the organization. Do not click 
    > links
    > or open attachments unless you recognize the sender and know the content
    > is safe.
    >
    > Scott,
    >
    > I include feedback embedded below.
    >
    > --
    >
    > JG
    >
    >
    >
    > James Gould
    > Fellow Engineer
    > jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-
    > B4BA42740803/jgould@Verisign.com>
    >
    > 703-948-3271
    > 12061 Bluemont Way
    > Reston, VA 20190
    >
    > Verisign.com <http://secure-
    > web.cisco.com/1l09ohVR1jHRe9ssf8R6XsOKixnyEIYRwaGWA6p-
    > _lCHj70APFeZ6ZgDRlKuWVFXsEnCaTDvtDcrLdJbpHVIjnBN3SCYtLDwpglgNIDT
    > di47-
    > OZrMRXg4ny6jr9zJIydegMyefFxtlQRFoaU4Ibih8yhUqmt0TSGL43AlkL4gzEIT68
    > KarDHGCq7uaJO8vRdk3kqYY99THVX9nX2f6jqQYjqI7GnftfsVSN2ltZ0exH9FuG
    > e9KmSee2HzYmtCRGRY/http%3A%2F%2Fverisigninc.com%2F>
    >
    > On 7/18/22, 9:11 AM, "Hollenbeck, Scott"
    > <shollenbeck=40verisign.com@dmarc.ietf.org> wrote:
    >
    >     > -----Original Message-----
    >     > From: Mario Loffredo <mario.loffredo@iit.cnr.it>
    >     > Sent: Monday, July 18, 2022 4:40 AM
    >     > To: Gould, James <jgould=40verisign.com@dmarc.ietf.org>;
    > andy@hxr.us
    >     > Cc: Hollenbeck, Scott <shollenbeck@verisign.com>; regext@ietf.org
    >     > Subject: [EXTERNAL] Re: [regext] OK, What Next? (was RDAP Extensions
    >     > Approach Analysis v2)
    >     >
    >     > Caution: This email originated from outside the organization. Do not 
    > click
    >     > links
    >     > or open attachments unless you recognize the sender and know the
    > content
    >     > is safe.
    >     >
    >     > I agree with James.
    >     >
    >     > The drawback of Approach A is that even an additive change to an
    > existing
    >     > extension would result in a breaking change to the RDAP service. As a
    >     > consequence,  servers should always manage the transition from two
    >     > subsequent versions of an extension.
    >
    >     Please explain how there's a breaking change. Let's assume that we have
    > an
    >     extension named "foo version 1" identified by the prefix "foov1". 
    > "foov1"
    > is
    >     registered with IANA, returned in the server's rdapConformance data
    > structure,
    >     and used to prefix extension elements.
    >
    >     Now assume that a second version of the extension (foo version 2) 
    > exists,
    >     identified by the prefix "foov2". "foov2" is also registered with IANA,
    >     returned in the server's rdapConformance data structure, and used to
    > prefix
    >     extension elements.
    >
    > JG - There is an additional case of pointed versioning with an Internet 
    > Draft
    > ("0.1", "0.2", "0.N" in EPP or "O_1", "0_2", "0_N" in RDAP), where the
    > pointed versioning will change more frequently than what is reflected in the
    > IANA registry for RFCs.  If changing the hinted version in the RDAP
    > Conformance also requires changing all the extension elements (path
    > segments, query parameters, response members, and objectClassName
    > values), even with backward compatible updates (e.g., inclusion of new
    > optional feature), it will impact all client implementations, or it will 
    > discourage
    > the use of pointed versioning to reduce the impact.  Implementation to draft
    > versions does come with risk, but it's important for drafts to get
    > implementation experience, and we want to reduce the impact of making
    > version updates.  Using pointed versioning has become a best practice in the
    > creation of the EPP extensions and should be used as well for RDAP
    > extensions.

    [SAH] There's a problem with that case, though, Jim:

    https://secure-web.cisco.com/1-qfhjxpOvFi-jovaCwbvXmpUfuuhuRW3z0CWypNoZS0yNLFBStDEx_pPdLN5KtBql32uSGrM0ms8Djg2TTUeoAdMCmpo1NgxLLbhHN7727Djt0wa1_pV_c6fFy0sSatqDOLyaz04lntrC03IUDzuAkKssFIZ0A3CEKLweiR4acL7g_iwZeM1sykhC-prKfLeUv7EYWU3WGppk3rSA8zymDa02jWUjIeE6udL4WyucV_rr6Cu6fIv60DYxQYoBTaM3HCxxuNmjbUWOkrL_Egedw/https%3A%2F%2Fwww.ietf.org%2Fhow%2Fids%2F

    "Internet-Drafts (often referred to simply as "drafts") have no formal status, 
    and are subject to change or removal at any time; therefore they should not be 
    cited or quoted in any formal document."

    You can't give drafts, and the content they contain, implementation status 
    that they don't have. I get the value of implementation experience, but that 
    doesn't mean that we can add something to IETF processes that doesn't exist.

    >     If the server supports only "foov1" or "foov2", it returns only one of 
    > those
    >     values in the rdapConformance data structure, accepts only extension
    > elements
    >     prefixed with the supported value, and returns only extension elements
    >     prefixed with the supported value. If a server supports both "foov1" and
    >     "foov2", it returns both values in the rdapConformance data structure,
    > accepts
    >     extension elements prefixed with either value, and returns extension
    > elements
    >     prefixed with the value that matches the requested value. So how does
    > this
    >     transition scenario not work?
    >
    >     Server supports "foov1" and returns that value in the rdapConformance
    > data
    >     structure. The server accepts requests and returns responses prefixed
    > with
    >     "foov1". The client sends requests and receives responses prefixed with
    >     "foov1".
    >
    >     At some point in the future a new version of "foo", identified by 
    > "foov2",
    >     exists. The server enters a transition period and announces support for
    > both
    >     extensions by returning both values in the rdapConformance data
    > structure. It
    >     accepts extension elements prefixed with either value and returns
    > extension
    >     elements prefixed with the value that matches the requested value. The
    > client
    >     sends requests and receives responses prefixed with either "foov1" or
    > "foov2"
    >     depending on which value of the extension they support.
    >
    >     Time passes, and the transition period ends. The server deprecates
    > support for
    >     "foov1" and announces support for only "foov2" by returning only that
    > value in
    >     the rdapConformance data structure. The server accepts requests and
    > returns
    >     responses prefixed with "foov2". The client sends requests and receives
    >     responses prefixed with "foov2".
    >
    >     Where's the breakage here? In both cases, the client and server can
    > identify
    >     extension elements by doing a simple pattern match for "foov1" or
    > "foov2".
    >
    > JG - There is no true version negotiation of extensions in RDAP like there 
    > is
    > for EPP, where some extensions only include response members and do not
    > include extensions of the path segments or query parameters.  A server
    > would need to remove inclusion of the "foov1" response members and only
    > use the "foov2" response members after some time of overlap.  What is the
    > advantage with potentially breaking the clients that have not been updated
    > to look for "foov2"?  The updated extension could be completely backward
    > compatible.  Support for version 1 and version 2 can be included in the RDAP
    > conformance with the values ("foo_level_1" and "foo_level_2") for clients
    > that are interested, but the response members with "foo" can stay as is. 
    > The
    > same prefix "foo" can be used for the RDAP conformance values and the
    > extension elements for consistency and guaranteed uniqueness.  Non-
    > backward compatible changes should be discouraged, but if needed the
    > signaling in the RDAP conformance should provide the client with versioning
    > information.  The RDAP conformance member is meant for signaling
    > extension support and is well suited to support versioning.  Cascading
    > versioning down to the extension elements can cause interoperability issues
    > with little to no benefit to the clients, such as returning only "foov2" 
    > instead
    > of "foov1" or "foov1" with "foov2".

    [SAH] As I mentioned in my response to Mario, part of the answer may lie in 
    the server NOT removing support for older versions of an extension if it 
    wishes to provide backward compatibility.

    Scott

v2.23.0 | Report a Bug | By Email