IETF Logo Mail Archive

Re: [regext] RDAP queries based on redacted properties

"Gould, James" <jgould@verisign.com> Mon, 09 January 2023 12:29 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DF9AC1522B5 for <regext@ietfa.amsl.com>; Mon, 9 Jan 2023 04:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1e39aVPThQ_n for <regext@ietfa.amsl.com>; Mon, 9 Jan 2023 04:29:17 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E9BFC1522B2 for <regext@ietf.org>; Mon, 9 Jan 2023 04:29:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=28714; q=dns/txt; s=VRSN; t=1673267357; h=from:to:subject:date:message-id:mime-version; bh=G7bMxrd7jfvKXcst/i9PRRcndi14x+jIsfL2OVoUe60=; b=Nmib++Lla0ilo6Wv0VzPm3RrVY0SEacesg2mDfqIH10PUFI7gsXF51CM dk7aM/flIK5snNeBoH06fSks/Afupe7AMe8JbY+7QITSRIi19QDZ+7oRk y3D5n3q0+SWQ8fajyptPQiASVtcP1CzUTLtfmZp65eBW0+27tW4OBoX16 d0KLAStje7tl34aMxpblR8era5fD4GNg1V4mmsTp8k6tdcTM4gvpKxkuy 5gQPCxRA1QmH/7UjJV24ntqBS1uSCRcXMcLI58vZjZsRwc7ZLpVdjNveJ Me11mJxGRs9DOaB8ZwzMx+emkWJ9iz6ijcRBQjaFDW258TX3xUO0q6gai Q==;
IronPort-Data: A9a23:6BnISqhAQ+ijdieVRwNh3n99X161uREKZh0ujC45NGQN5FlGYwSz9 9YtKTDba6jfYmL0ZZkoP70CxjoP6sPVnYVhSQRlrnowRXtApZqfWtiXIh/9ZC3Lfp2SHR82s ZQTY4Cecp5rRXWHrEf9bLXrpnIgj/jRF7H3WLOUUswdqW6IbQ944f40s7Jg29IAbaGFPj6wV fPOT+z3NlGoizUpbz1Pt6nZ8EkysPqptjkU51czPv5HslGHxnNJVcJOLqyPdHapGYM88sxW5 Qrg5Orgoj6GpUdF5veNyOuTnpgiG+aKVeS2oiMKHfLk2nCunwRquo4jLv0QdExLvDuAmtF12 b1luIe5IesTFvSkdN81Dl8JTUmSAYUcoOWceSHn4JTJp6H7WyCEL8tGXRle0bIwp74f7VFmr ZQwND0LZxafsOO6qJrTpj5E35lLwGHDZevzi1k4pd3rJa9OraPrGs0m0eRlMAIY3aiiK96FP pZENmA/BPj3S0Yn1l8/UPrSlc/23iWvK2UwRFi9/cLb6ECLpOB9PSSE3HM4tbVmSO0M9nt0q F4q8EzELTY4JYGxywC+2SOVgt3jt3v/aoANQejQGv5C2DV/x0Q5MjtPan2WkaHjzFC1XMhHb UUYvDQ0tq50/0uuJjX/d0Tg5ifb5VhFBoEWT7xSBAKlk8I45y6bCW8ZSjJpdtE8tdQ3Sjps3 ViM9z/sLWY36+zKGSrGnluShQ7sEjMQKHY7WT5HYlId6IC5hIotkx2aG76PF4bw1LUZAwrYx jmQrS94g7Idg9QG26KT/FHbxTmqvN7IUmYd/AjYU3K5xgJ0eIDjYJangWU39t5KNoDAUV+Mr CBe3tOA9qYLDIrInivLSv8LRfe3/e2DdjbbhDaDAqUcythkwFb7Fag43d20DB4B3hosEdMxX HLuhA==
IronPort-HdrOrdr: A9a23:PwWJ6aG7QcRHz/2OpLqENceALOsnbusQ8zAXPidKOHlom62j5q KTdZsgtSMc5Ax+ZJhCo7+90cC7KBvhHPVOkOos1NmZPTXOiS+HIIZv9oP+zzClMD2WzIJg/J YlV6RlEtX/ARxZgdaS2mOFOudl5NWc6qiniaPl0nF3QWhRBp1I9QtjFQqBKEFwSTRHAZZRLv Gh2vY=
X-IronPort-AV: E=Sophos;i="5.96,311,1665446400"; d="png'150?scan'150,208,217,150";a="20397803"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.16; Mon, 9 Jan 2023 07:29:15 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.016; Mon, 9 Jan 2023 07:29:15 -0500
From: "Gould, James" <jgould@verisign.com>
To: "mario.loffredo@iit.cnr.it" <mario.loffredo@iit.cnr.it>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: [regext] RDAP queries based on redacted properties
Thread-Index: AQHZJCX8cTAQ1KdNBkyZTpUupQVN5Q==
Date: Mon, 09 Jan 2023 12:29:15 +0000
Message-ID: <15EF9CB1-C817-4D0F-B5EE-DD3D3FBB45C8@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.66.22101101
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_15EF9CB1C8174D0FB5EEDD3D3FBB45C8verisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/fb6fuaMW56LYTOVeBpqlVJSzntk>
Subject: Re: [regext] RDAP queries based on redacted properties
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2023 12:29:22 -0000

Mario,

My responses are embedded below.

--

JG

[cid:image001.png@01D923FC.13858AF0]

James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://verisigninc.com/>

From: Mario Loffredo <mario.loffredo@iit.cnr.it>
Date: Sunday, January 8, 2023 at 8:38 AM
To: James Gould <jgould@verisign.com>, "regext@ietf.org" <regext@ietf.org>
Subject: [EXTERNAL] Re: [regext] RDAP queries based on redacted properties


Hi James,

please find my comments below.
Il 06/01/2023 14:54, Gould, James ha scritto:

Mario,



The JSContact "uid" and the jCard "handle" may be redacted in the entities member of a domain query response, where the entity is returned as a sub-object.  Redaction of the JSContact "uid" and the jCard "handle" in the domain query response doesn't impact the query at all.  I don't believe it makes much sense to redact the lookup key (JSContact "uid" and the jCard "handle") for an object in the case of an entity query.

Think that, at least in theory, such a policy may result in a privacy bug.

Given that the entity handle must be the same when the entity is included in both a domain query response and an entity query response, if one was able to discover the method used to assign handle values to entities, he would also be able to desume a possible redacted value by submitting a an entity lookup and receiving a valid response.

Obviously, in practice, the RDAP server can implement some stategies to operate consistently such as making the entity lookup to return an error when the handle is redacted somewhere in an RDAP response as well as allowing the entity lookup only to those users who can access the entity handle.

But, without a clarification in that sense, redacting the entity handle depending on the entity role in domain query responses and, at the same time, allowing the entity lookup to everyone appear to me two inconsistent statements.

JG – I’m not advocating for redaction of the entity handle in the domain response or the entity response but bringing up the possibility that it may be redacted in the domain response per the draft RDAP Profile.  Considering that there is a known use case that the “uid” will be redacted, it’s important for draft-ietf-regext-rdap-jscontact directly or indirectly via the use of draft-ietf-calext-jscontact to make it required.



This is one reason that the draft-ietf-regext-rdap-jscontact "uid" member should not be mandatory due to the need for redaction at the sub-object level.  Can draft-ietf-regext-rdap-jscontact override the draft-ietf-calext-jscontact mandatory "uid" member to be optional to support redaction in RDAP?  The draft-ietf-regext-rdap-redacted is strictly focused on the redaction methods of the responses and I don't believe it needs to mandate or recommend policy on what quires a server needs to support or not support.

As already said, I'll propose to calext to make uid optional when JSContact is used as a contact representation within protocols supporting other contact identifiers.

Therefore, my proposal for the uid field in RDAP will be the following:

Option 1) uid is optional - uid can be redacted or not depending on its format and server policy

   The JSCard "uid" property SHOULD be a URN in the UUID namespace [RFC4122], MAY

   be a URI where the URI is the URL of the lookup query for the entity

   related to the contact card.  The entity lookup URL MUST always be

   used regardless of the query generating the response including the

   contact card.

Option 2) uid is required - uid must be inherently opaque and undecipherable

   The JSCard "uid" property MUST be a URN in the UUID namespace [RFC4122]. If the

   uid value is generated starting from a redacted value (i.e. name-based UUID),

   SHA-1 MUST be used as hashing algorithm.



JG – Either draft-ietf-calext-jscontact needs to remove the “(mandatory)” marking or draft-ietf-regext-rdap-jscontact needs to override the mandatory marking to make it optional in RDAP.

Best,

Mario





Thanks,



--

Dott. Mario Loffredo

Technological Unit “Digital Innovation”

Institute of Informatics and Telematics (IIT)

National Research Council (CNR)

via G. Moruzzi 1, I-56124 PISA, Italy

Phone: +39.0503153497

Web: http://www.iit.cnr.it/mario.loffredo<http://secure-web.cisco.com/1BbmuPqS2BAJK2bTpjZqNHpJG1vYbreydeGM-DH5CafJ17E6WkfXZdKRw_p-blZFE4VQNYJFFPmdbMMzZv4cMmj6TMUWhUIAUAXZGxKaUOIFg8VFZ_mGkzm3MgoiIPNCYBU4nS7Jwy81wB0v4EWzwzUXGHLVmrfZIC2oPDEmMxqSwfM6jYeAp-EDKVv52TtXWFlQbR3LLWk0Z_kG_7vXBvuLZExzirKcOnP3T__X9Oif7Dn5ANjPhzkJgJ3xR4Pxr98B1aK0VmYWQo6WSaoWIXJklBvoQEqhwfrP6eA9bL7I/http%3A%2F%2Fwww.iit.cnr.it%2Fmario.loffredo>

v2.23.0 | Report a Bug | By Email