Re: [regext] Roman Danyliw's No Objection on draft-ietf-regext-rdap-partial-response-13: (with COMMENT)
Mario Loffredo <mario.loffredo@iit.cnr.it> Sat, 05 September 2020 14:19 UTC
Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 15A113A114E; Sat, 5 Sep 2020 07:19:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.847
X-Spam-Level:
X-Spam-Status: No, score=-2.847 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.948, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9bSgAoX90Us; Sat, 5 Sep 2020 07:19:41 -0700 (PDT)
Received: from smtp.iit.cnr.it (mx4.iit.cnr.it [146.48.98.151]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8BDD3A0901; Sat, 5 Sep 2020 07:19:40 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by smtp.iit.cnr.it (Postfix) with ESMTP id 6DF5EB80392; Sat, 5 Sep 2020 16:19:38 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mx4.iit.cnr.it
Received: from smtp.iit.cnr.it ([127.0.0.1]) by localhost (mx4.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8hNp4YW4EUzq; Sat, 5 Sep 2020 16:19:35 +0200 (CEST)
Received: from [192.12.193.108] (pc-loffredo.nic.it [192.12.193.108]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by smtp.iit.cnr.it (Postfix) with ESMTPSA id 7F44EB802BA; Sat, 5 Sep 2020 16:19:35 +0200 (CEST)
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: draft-ietf-regext-rdap-partial-response@ietf.org, regext-chairs@ietf.org, regext@ietf.org, Jasdip Singh <jasdips@arin.net>
References: <159925400198.5399.1992122496217646432@ietfa.amsl.com>
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
Message-ID: <0a018fbc-aa4d-8a82-c0c6-95ee02daa58e@iit.cnr.it>
Date: Sat, 05 Sep 2020 16:16:23 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <159925400198.5399.1992122496217646432@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: it
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/_XFiW-fdq3JoSYS2-EA1uSwJFYk>
Subject: Re: [regext] Roman Danyliw's No Objection on draft-ietf-regext-rdap-partial-response-13: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Sep 2020 14:19:44 -0000
Hi Roman, thanks a lot for your review. Plase find my comments inline. Il 04/09/2020 23:13, Roman Danyliw via Datatracker ha scritto: > Roman Danyliw has entered the following ballot position for > draft-ietf-regext-rdap-partial-response-13: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-partial-response/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > ** Section 2.1. Can a server return multiple entries in the availableFieldSets > area with default=TRUE? Probably not. Should something be said to that effect? [ML] Obviously not. I don't think something should be furtherly said in this case. I simply consider it a server failure. > > ** Section 4. Per ‘Fields included in the "brief" and "full" field set > responses MUST take into account the user's access and authorization levels’, > would there be circumstances where the “id” field set should also take into > account the user’s access and authorization level? Section 8 noted that “RDAP > operators can vary the information returned in RDAP responses based on a > client's access and authorization levels.” My thinking is that if a given > client’s access level would result in particular fields being removed, then > perhaps they shouldn’t have been listed in the with the “id” field list to > begin with. [ML] Removing an object identifier from the "id" field set seems to me something deeply disagreeing with the purpose of that field set. An RDAP provider may evaluate to provide more side information (more links, more notices, more remarks) according to the user access level, but not less relevant information. Besides, removing the object identifer but keeping the self link is a nonsense because it means providing the same information as the object identifier but more diffiicult to process for an RDAP client. > ** Section 8. > > A search query typically requires more server resources (such as > memory, CPU cycles, and network bandwidth) when compared to a lookup > query. This increases the risk of server resource exhaustion and > subsequent denial of service due to abuse. This risk can be > mitigated by supporting the return of partial responses combined with > other strategies ... > > I do not follow how partial responses provide denial of service mitigation when > the attack is intentional. Wouldn’t the attacker continue to request full > queries given the choice between loading the server with a subset vs. full > query? Or is this text saying that because of the use of partial responses the > server would have more capacity and this would enable it to better result a > denial service? [ML] Obviously, the second one but I agree with you that the sentence needs to be rearranged. Could removing "due to abuse" be enough ? > > ** Editorial: > -- Section 1. Editorial. s/fewer data/less data/ [ML] I was suggested by a mother tongue to replace "less data" with "fewer data" before WGLC . After a further check on the web, it seems that "less" fits better for massive data. Therefore, I'll revert that change in the next version. Looking forwad for your answer to my comments. Best, Mario. > > > -- Dr. Mario Loffredo Systems and Technological Development Unit Institute of Informatics and Telematics (IIT) National Research Council (CNR) via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Mobile: +39.3462122240 Web: http://www.iit.cnr.it/mario.loffredo
- [regext] Roman Danyliw's No Objection on draft-ie… Roman Danyliw via Datatracker
- Re: [regext] Roman Danyliw's No Objection on draf… Mario Loffredo
- Re: [regext] Roman Danyliw's No Objection on draf… Barry Leiba
- Re: [regext] Roman Danyliw's No Objection on draf… Mario Loffredo