[regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions

"Gould, James" <jgould@verisign.com> Mon, 26 August 2024 15:58 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4FDDC151062 for <regext@ietfa.amsl.com>; Mon, 26 Aug 2024 08:58:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uVVMnFWEICai for <regext@ietfa.amsl.com>; Mon, 26 Aug 2024 08:58:55 -0700 (PDT)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) by ietfa.amsl.com (Postfix) with ESMTP id C85DFC14F705 for <regext@ietf.org>; Mon, 26 Aug 2024 08:58:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=97334; q=dns/txt; s=VRSN; t=1724687934; h=from:to:date:message-id:mime-version:subject; bh=nCxlaeID/4uALvV4MzNNJExxIZtQNWl7JNOUGlz1WRk=; b=NLFWePCOVsQ/jfXc7G8LHgXdLg+mTfnzMSC0WU4JC8tYJ1lUsn1jG3p/ JCslI1UhCpGYFJJQ+NSTHDs1RVB8/BZ0TaJufS9ypLjfL+OgRjPE2tomq SHdCEctMq+ZpZYYkTrcTCNnFVSyKFKJUFhBTVPKZEOG/sb7g6TQj1YWF6 JrJL11h5kWtdlwDAJ47utUPpkdpUZ2oSRpmUTej9H1zcz6QZ4hC1mXsFr kX8ep9EybssrghCho8yehoeKztgY3a8zIoVH4kJftvNHaJ6J/jULCD+Kq leXJh1A+eCevX9HnzP5e2kBU2wqqHIkd3+r+olJzFnR1EIytAfXO42UkH A==;
X-CSE-ConnectionGUID: AsKzQ5kTSeGCqTEOcCBgeg==
X-CSE-MsgGUID: N1lVf/8zSZGEQmdXcFjV5g==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:GhLAYKhdGqgsfOHTf3ocnV4jX161rRAKZh0ujC45NGQN5FlGYwSz9 9YtKTDba6jfYmL0ZZkoP70CxjpQ65GAnNBnGwZqpCg0QSJB8MDJWd+SchuuZnyYI8efEkk+5 JtPO4TNcMtvRC/V+0v0OOa/oyIhiK/WTOH3ULHJUswdqW6IbQ944f40s7Jg29AAbaGFPj6xV boewiG1EF6g0jF5ajpOrbqFp3uD19yo42oU5w0wP6wU4VPXzSIbVMMTf/y7JnKlE4AJQuC2T LuanLrnoj/U8UkkVI37z+6nLxEBG+fcbFOC1XAJUvKo6vQuSk3e945iXBZLQRsO0mrhc6lN9 ehxWfVcKOtDFqzJkesQC0EDVTl4MsWqk5efKCnmu8fIlxycfSGxkvlnXBhvNIdGoL0nCmwe+ fZCI2lQYkuN3ujmzeLnFrk93518dJKwY4gR4iA8x2/UAah+KXyvr8QmwPcBtNtnrpwXRKa2i 7MlVAdSgDT8jzxnN1lOUsxulbzzinSiLmMF9w/JqfZn6jOMlgZ/jrOyPtOJI4zbTshrxUvJ/ WiuE0YVoP05HIfGlWfaqCLEasvnx36TtFc6TeXgnhJSqATOgDFVUVtOCAbTTcCR0iaWQ8hYJ 1Ef5h0gpK0z8F3DZtTmVnVUmlbd1vInc4QWSrVSBD2lkPKOv17JXDZcFFatVfR93CMIbW1yv rO2t46xbdBfmOX9YW6Q8L6SsQSzNUA9RUceZTUJRBcy+NLqpoc+lHrnFr6Px4bs07UZsRmpq 9y7hHBWa4c71Kbn5I3ilbzzuA9Ak7CSJuIDzl6OAj/6tFMRiLmNPORE4XCDhRpJBNjBEgnZ5 BDokeDGhAwFJcnleCBg3IzhtVxmjhqIGGS0vLJhI3Uu3x222GyaIINs2zxRD15VH+EPUhXmb UCG7Gu95LcLVJerRYVNRduOLekalfKmC9/iTOiSZ9YIfIJqckmM+yQGiUy4hjiryRd31/hiY tHHIK5ADl5DYUhj5Di5QPoZ3Zc1yzo/3mLcQ9bwyBHPPb+2PyXPEOtcbATmguYRyvqAnguSo 8RkBeSn8hBTYObQYBeK/ttGRbwNBT1hbXzskORVf/WPIxJ9MGg7CvmXx749E6R/kqtYhvvg/ 3yhVAlf0lWXuJHcAQ+QbCl8br7/Bcw6tmwheyktJhOi3D4pe4D2qrkFbJ1xdr4inAB+8cNJo zA+U53oKpxypv7volzxsbGVQFReSSmW
IronPort-HdrOrdr: A9a23:lMF7xqOr6F+qvsBcThyjsMiBIKoaSvp037BN7TEVdfU1SL37qy nAppQmPHPP5gr5O0tOpTnoAsDpfZq2z+8X3WB+B9afdTijlmeuIJpr8IfuhxbxcheTysdtkY NtabJ3BtG1L1Rr5PyR3CCIV/It2sOO/qztv/rZ1HsFd2xXQrtt9Bh0ETyWFUBKRA1LbKBTKK ah
X-Talos-CUID: 9a23:79/w72n3/HgFnS+vCzQwue/jb7bXOVTG72XpfkyEMmtGY6SpZHib04lrnsU7zg==
X-Talos-MUID: 9a23:DRm4zAXIpyH5xPHq/Bm1gA9sc5d62JaBJXkInaUNlcu6aCMlbg==
X-IronPort-AV: E=Sophos;i="6.10,178,1719878400"; d="png'150?scan'150,208,217,150";a="33214147"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Mon, 26 Aug 2024 11:58:53 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.037; Mon, 26 Aug 2024 11:58:53 -0400
From: "Gould, James" <jgould@verisign.com>
To: "jasdips@arin.net" <jasdips@arin.net>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions
Thread-Index: AQHa99DZSwZv1yHVV0qM+Y6EJMUWeg==
Date: Mon, 26 Aug 2024 15:58:52 +0000
Message-ID: <5BE870CA-3D80-4888-9C5F-7F4FC33A008F@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.82.24021116
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_006_5BE870CA3D8048889C5F7F4FC33A008Fverisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Message-ID-Hash: DH333WKMAFSBE33BMPB47DUBDS5FBDO7
X-Message-ID-Hash: DH333WKMAFSBE33BMPB47DUBDS5FBDO7
X-MailFrom: jgould@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/SFUw-i7phW0RM8gOOD4MrOyKl1I>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>

Jasdip,

If you feel that draft-ietf-regext-rdap-x-media-type should be independent of draft-ietf-regext-rdap-versioning, I’m fine with that, but I wanted to raise the possibility of merging them.  The passing of the RDAP extensions to the server is supported in draft-ietf-regext-rdap-versioning using the x-media type and using a query parameter, so draft-ietf-regext-rdap-x-media-type could be directly embedded in draft-ietf-regext-rdap-versioning.

I have an issue with the “Query Parameters Considered Harmful” section in draft-ietf-regext-rdap-x-media-type, where query parameters are used in the base RDAP RFCs as well as other RDAP extensions including the Versioning Extension.  If use of query parameters should be discouraged in RDAP, it should be moved from draft-ietf-regext-rdap-x-media-type to draft-ietf-regext-rdap-extensions.  I personally don’t agree that the use of query parameters in RDAP should be considered “harmful”, but it can be pointed out in draft-ietf-regext-rdap-extensions that query parameters may not be preserved via redirects.  An author of an RDAP extension that has the need for client input can take into consideration that query parameters may not be presented via redirects while creating the extension.  I don’t view this as unique to the passing of the desired set of extensions in the RDAP query.

I look forward to the updates to draft-ietf-regext-rdap-x-media-type and draft-ietf-regext-rdap-extensions to provide alignment with draft-ietf-regext-rdap-versioning.

Thanks,

--

JG

[cid87442*image001.png@01D960C5.C631DA40]

James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://verisigninc.com/>

From: Jasdip Singh <jasdips@arin.net>
Date: Monday, August 26, 2024 at 11:35 AM
To: James Gould <jgould@verisign.com>, "regext@ietf.org" <regext@ietf.org>
Subject: [EXTERNAL] Re: [regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions


Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi James,

Andy and I reviewed your note and believe it would be better to keep the RDAP-X and Versioning drafts separate.

The RDAP-X media type leverages the standard HTTP content negotiation using the Accept and Content-Type headers and is guaranteed to seamlessly work for any RDAP response scenario, including redirects and referrals. It would be helpful to keep the RDAP-X draft separate and focused on this HTTP axiom. We should though beef up the normative language in both drafts about how RDAP-X and Versioning relate. As for the “RDAP Extension Versioning” appendix in this draft, that could be removed given the Versioning draft addresses semantic versioning. The “Query Parameters Considered Harmful” appendix helps highlight the pitfalls vis-à-vis redirects and referrals, and in our opinion, should stay.

Since the Versioning draft introduces a new term “extension version identifier” beside the standard “extension identifier” term, as part of the normative language beefing up, that would need addressing in the other drafts.

Thanks,
Jasdip


From: Gould, James <jgould=40verisign.com@dmarc.ietf.org>
Date: Tuesday, August 20, 2024 at 4:28 PM
To: jgould=40verisign.com@dmarc.ietf.org <jgould=40verisign.com@dmarc.ietf.org>, regext@ietf.org <regext@ietf.org>
Subject: [regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions
With the latest updates posted for draft-ietf-regext-rdap-x-media-type and draft-ietf-regext-rdap-extensions, we need to look at the below alignment feedback that I provided back in July between the three drafts.

I believe that merging draft-ietf-regext-rdap-x-media-type into draft-ietf-regext-rdap-versioning should be considered, since draft-ietf-regext-rdap-versioning supports draft-ietf-regext-rdap-x-media-type as an option for the client to provide the extension signaling and as a requirement for the server.  Merging will ensure that there is alignment.

Thanks,

--

JG

[cid:image002.png@01DAF7AF.51ECC5A0]

James Gould
Fellow Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://secure-web.cisco.com/1ZBssVCCS6L8QC7s6oQPtTY0USrODdV9pNW_CRJwid3lbocrtK3utgH5aLd-11B3DkWDnVB92sHGBVr86M6VE_kYC-ljOeMj4urFw4L7yrsNE6VW40lFVa0on0KNOgzqEEMlq9NQVwD9jzrqQIcqu48vRn2XZ4sVd1ps1xdr76X1iHl2jaoTjAc7eQE1mNmS-odMMHavcOBU3ffYRWf9XtYmTl2rkVFsbDFgym2l3nAH-_IoZ9tYksKFV1ScnSRlonDiY8MAkEzEeeDx08JnzBaiNr_BGaSwPNwZu_23eoRI/http%3A%2F%2Fverisigninc.com%2F>

From: "Gould, James" <jgould=40verisign.com@dmarc.ietf.org>
Date: Monday, July 22, 2024 at 10:59 AM
To: "regext@ietf.org" <regext@ietf.org>
Subject: [EXTERNAL] [regext] Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions

Hi,

I did a detailed review of the three drafts draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions for alignment.  The following are my findings:


1.      draft-ietf-regext-rdap-versioning includes support for draft-ietf-regext-rdap-x-media-type and the “versioning” query parameter for the client to provide a hint of the extension versions to include in the RDAP query and RDAP response.  The server MUST support both methods and the client MUST include a single method in the RDAP query to ensure that there are no conflicts.  This ensures that clients can specify the extension versions via a query parameter and via an HTTP header per draft-ietf-regext-rdap-x-media-type.

2.      draft-ietf-regext-rdap-x-media-type could be merged into draft-ietf-regext-rdap-versioning, since it now represents one method of an Extension Versioning Request.

a.      An alternative is for draft-ietf-regext-rdap-x-media-type to support a more generic form of query parameters for use in any RDAP extension.

b.      The extension can stay separate if there is some advantage.

3.      draft-ietf-regext-rdap-versioning defines a Extension Version Identifier in section 3.1 https://datatracker.ietf.org/doc/html/draft-ietf-regext-rdap-versioning#name-extension-version-identifie<https://secure-web.cisco.com/1Tdg4m5JitpxW6itEfcDynMUFCuaVtWRHjT4Li7mRPC8UmAlVU_JxLuj7Y53vZJjVIR3n60cKb17D6wR_sDwnP79PdfmqbAlbxRqfox-oWj7B6Aeo1ojJt7OCM02c6qrjL6v55axy0p6djQEJeRe2Wgio4lKVrHAXTRScpTRFYy26KtX5wGXwv5J7EZjfZ0ef_BBc8Z4bBkdoXrJ4qzpK6q_wICynV8dTxUFZKqLjeWjR_qkIWQQSoptYD2sP5EvFNw47vdC4Q2jGX_zkRBvhKPoCPBL40QUuUObkQ5E80A0/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-regext-rdap-versioning%23name-extension-version-identifie> as:

a.      ABNF

extension-version-identifier = identifier versioning

identifier = ALPHA *( ALPHA / DIGIT / "_") ; Extension Identifer

versioning = ["-" 1*VCHAR]

b.      draft-ietf-regext-rdap-x-media-type needs to also support the extension-version-identifier to use it with draft-ietf-regext-rdap-versioning, which currently uses the language:

“This media type has a parameter of "extensions" which is a whitespace-separated list of RDAP extensions as defined in the IANA RDAP Extensions registry.”

1.      How about making this more generic to support additional types of extension versioning schemes, such as the language:

a.      “This media type has a parameter of "extensions" which is a whitespace-separated list of RDAP extensions, such as defined in the IANA RDAP Extensions registry.”

Use of the IANA RDAP Extensions registry will support Opaque Versioning in draft-ietf-regext-rdap-versioning, where use of “such as” will allow for additional RDAP extensions schemes.

“the values in the media type's extension parameter SHOULD match the values in the rdapConformance array in the return JSON.”

1.      The Extension Version Identifier does include the extension identifier, so the question is whether inclusion of the versioning suffix will meet the “match the values in the rdapConformance array”.

2.      How about making this more specific to directly reference the version identifiers, which would work better with draft-ietf-regext-rdap-versioning:

a.      “the extension identifier values in the media type's extension parameter SHOULD match the values in the rdapConformance array in the return JSON.”

3.      “though clients SHOULD list the extension identifier in the extensions parameter when using other protocol elements of those extensions.  Servers SHOULD NOT require the usage of extension identifiers in the extensions paramater when other extension protocol elements are used.

a.      To support draft-ietf-regext-rdap-versioning, this could be modified as:

“though clients SHOULD list the extension identifier in the extensions parameter when using other protocol elements of those extensions.  Servers SHOULD NOT require the usage of extensions identifiers in the extensions parameter when other extension protocol elements are used”

Referencing extension instead of extension identifier would be more generic to support the Extension Version Identifier.

Nit – replace “paramater” with “parameter”

4.      draft-ietf-regext-rdap-x-media-type Security Considerations parameter below may be best to address in draft-ietf-regext-rdap-versioning and even more generically in draft-ietf-regext-rdap-extensions

a.      “This specification does contrast with solutions using query parameters in that those solutions require servers to blindly copy query parameters into redirect URLs in situations where such copying could cause harm, such as copying an API key intended for one server into the redirect URL of another server.”

5.      draft-ietf-regext-rdap-x-media-type B.2 “Query Parameters Considered Harmful” could be moved to draft-ietf-regext-rdap-extensions, since query parameters are used in many places in RDAP, so providing clear guidance when a query parameter should or should not be used would be useful in draft-ietf-regext-rdap-extensions.  I don’t believe query parameters are “harmful” but has a disadvantage in the use cases presented.  The query parameter has the advantage of being a simple approach for clients to provide their hint when directly interfacing with the server.  In re-reviewing draft-ietf-regext-rdap-extensions it does look like section 12 “Redirects” includes some guidance related to query parameters, where I believe it would be beneficial to have a separate query parameter section in draft-ietf-regext-rdap-extensions.

6.      draft-ietf-regext-rdap-x-media-type B.2.4 “Architectural Violations” and B.3 “RDAP Extension Versioning” could be removed, since I don’t see how the use of a query parameter in RDAP would be considered an architectural violation and RDAP Extension Versioning will be worked on in parallel in draft-ietf-regext-rdap-versioning.

7.      draft-ietf-regext-rdap-versioning (This should have been draft-ietf-regext-rdap-extensions)

a.      In section 8 “Extension Versioning”, I just want to confirm that draft-ietf-regext-rdap-versioning address the normative language and if not what needs to be added:

“If a future RFC defines a versioning scheme (such as using the mechanims defined in section Section 2<https://secure-web.cisco.com/15kcKfUiYym7gBk1mVusqYAdquOxwIgm_53XywlVoON2ihVovuCML-2ZhyMGPjGkdt2Z63y-GbfeeaEVyeKg-3js7fyImP-1no66yzSAaxsrj2jf_yl1ynAbwPI6LYd7efhCR7CcvdIsp1e8cqh40mItcXpVudaDh1XE5TT8LvMckqbtVFIHv7IOnd1Ayr-BaV3ywMz7IxTZalGZQeqt7muOT83ufqFkxhfbY8Y-pdJeI39vUGU-uuY8uTrTirdWhJvj25rFgNkuNj1Ki3Om0BduxblIFMZxcwO5IlrVTb24/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-regext-rdap-extensions%23extension_identifier>) an RDAP extension definition MUST explicitly denote this compliance.”

b.      Section 8.1 “Backwards-Compatible Changes”

This section may not be needed with draft-ietf-regext-rdap-versioning, since the set of supported extension versions are explicitly specified, where in the case of Opaque Versioning the server could support many versions of the extension.

c.      Section 8.2 “Backwards-Incompatible Changes”

IT would be helpful to include the reference to draft-ietf-regext-rdap-versioning as an option to consider in signaling support for more than one version of an extension.

d.      Section 9 “Extension Identifiers in a Response”

You can update the reference of [I-D.gould-regext-rdap-versioning] to be [I-D.draft-ietf-regext-rdap-versioning].
Thanks,

--

JG

[cid87442*image001.png@01D960C5.C631DA40]

James Gould
Fellow Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://secure-web.cisco.com/1QfmZ69AqpY4_0f2H_wOSkMPb4YSFxX_XF4DUcbip8tazdYNrRhHWvn1Ld4w1YalJihKwDu1GJ4_dxuwWX4Q_tcGrlllEFRM2CTf6ylO1oPHzVXTYf_vRNN6TGVhZM5BJSxSrAMzOvmyyZhCGQZiB6hcvKJBMJ2Mw6qx1CIw6hIqgkVzkQefDtXIARPs9epJ5x5ycEtNbmfHHkXyeX5e_u78qTmeQF0u5Q9pGMElUJtzhmyTXpIQEeNhTqYZLHQ2dilf26snWcKLzVV0DjL3Znw4Skrt3B0gMlnQgVjKvLN8/http%3A%2F%2Fverisigninc.com%2F>