[regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions
"Gould, James" <jgould@verisign.com> Mon, 22 July 2024 18:30 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4EAABC15152E for <regext@ietfa.amsl.com>; Mon, 22 Jul 2024 11:30:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.995
X-Spam-Level:
X-Spam-Status: No, score=-1.995 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MZdIp9kvzKv3 for <regext@ietfa.amsl.com>; Mon, 22 Jul 2024 11:29:59 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F4C9C14CF09 for <regext@ietf.org>; Mon, 22 Jul 2024 11:29:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=87878; q=dns/txt; s=VRSN; t=1721672999; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=ER00B8fWxdbXM0O8PymEOGGzrM326rl8L9KhFAV1odg=; b=ng1c5F8Es7J90uoyJVWd6HlgrtC7oIelUyAVpJ15+4Ir+L3radj38dZc m9T3Nkf5Z3GhwMJ6AkuwrrReyUW4smkKyRhdMM7tOKQnFtbhIV4MPZCDR RUJIdGqYu7khvAdQIusSTBJL/dFaMRJqO/dx7jdqsDbQRui8QS4hgTMtB 8GR2rkR3eqUUVEQBOmwBhfw4WT3Zmctn0UmNc/U5UJAa8+MbhjNBcoOU0 xixrPpfwlKWPxriFnOZBFc7Yi9V5ABt7sQ084ez8yIajGtYrwTerZuQKH TaqR91RYYxUapS8PlQRUWBaHRZZiG92Wf4KXwhBnUsVYUjW7m/e7HQNID g==;
X-CSE-ConnectionGUID: OJQM0RtxTS6gSUMfHpPuxg==
X-CSE-MsgGUID: j24EVuI3SKKiPTwTDhvFcQ==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:SoZ7gKiTJcdrfW/n9qrS7buPX161jhEKZh0ujC45NGQN5FlGYwSz9 9YtKTDba6jfYmL0ZZkoP70CxjpQ65GAnNBnGwZqpCg0QSJB8MDJWd+SchuuZnyYI8efEkk+5 JtPO4TNcMtvRC/V+0v0OOa/oyIhiK/WTOH3ULHJUswdqW6IbQ944f40s7Jg29AAbaGFPj6wV fPOT+z3aVOuhWIobTIYtfzb9h0x46r45j9BtFI0OK8S4gSAzHNJVcJOLqyPdHapGYM88sxW5 Qrg5Orgoj6GpUdF5veNyOuTnpgiG+aKVeS2oiMLHfXk214a+3FaPp8TbJI0cV1QhyiCg+d/w dBMsY3YYQoyN8UgosxEO/VjO384ZfwuFIPveyDl7ZTMlReeKRMA/t01ZK0IFdxAkgpIKTwWn RAoAGhlRgyOgeuw3IW6RoFE7uw/LNPmNZ8ooXppyzfUF54OGfgvlI2TuLe0dB9p7ix/Na62i /gxMFKDXzyZC/F7AWr7Pbpl9AueriKmL2AH8gL9SZ0fuAA/xCQpuFTkGISNJozSHa25lG7Az o7N1zyR7h33qLVzYNdKm56hrranoM/1ZG4dPJqaz9syukGD+ldNByYrcFWbucGkmkHrDrqzK 2RMksYvhYII0hWUaPTNB0f+vnWDpAZaUtYWDfch7keGza+8DwSxXzBCF2EaLoV774lqFFTG1 XfQ9z/tLT5gt6CRRVqD+62VtjK9P24eKmpqiSosFlBVs4S5/dxbYhTnTIw/PZCor4bOOhLx+ wyVkAQ+mZsYtJtev0m81RWd6962nbDGRwor5wP/U2ak9R9pIoWiYuSA81XU4OZcBIeUUlfHu 2IL8/Vy98gEF5fUiyqAUL1XWaq3/bCAMSaZi1kpFYMnrnKz4WWlO4tX5VmSOXtUDyrNQhexC Ge7hO+bzMY70KeCBUOvX7+MNg==
IronPort-HdrOrdr: A9a23:jR1ZHKuBsFlodgqPU5NL1lJ37skDq9V00zEX/kB9WHVpm6uj5q WTdZUgpH3JYVkqOE3I9ervBEDiexzhHPdOiOEs1NyZLWrbUQWTTb1K3M/NzzrtACXi+uMY/r cIScRDIey1KVRhl8717E2bH8ZI+rO62ZHtoevF1X9iQUVRdqd6425CZzqzCEFsWwVcP5Y/Ga ed4sYvnVGdRUg=
X-Talos-CUID: 9a23:wRFGqmm/IA4TDoxWpkEvPkZqm8zXOVr/9VKIGVOoNV03R4aobFGw4Jt5g8U7zg==
X-Talos-MUID: 9a23:kWdJjg3X9ecYx5JOP4XzJ2znAzUj4f7yJX4QsM49mOqFDRBvBxudkhq8e9py
X-IronPort-AV: E=Sophos;i="6.09,228,1716249600"; d="png'150?scan'150,208,217,150";a="33885255"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Mon, 22 Jul 2024 14:29:57 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.037; Mon, 22 Jul 2024 14:29:57 -0400
From: "Gould, James" <jgould@verisign.com>
To: "galvin@elistx.com" <galvin@elistx.com>
Thread-Topic: [EXTERNAL] Re: [regext] Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions
Thread-Index: AQHa3Ee0tyO/farT80m4JiWh7uh4BbIDQaWA///QGoA=
Date: Mon, 22 Jul 2024 18:29:57 +0000
Message-ID: <DA91CC42-D410-4E4B-A6B9-6BFBB4F93B0E@verisign.com>
References: <3F7C7147-048B-4E8E-85DE-C5C886F08140@verisign.com> <BCF9324F-F9DC-4493-BF48-DA0B14591EFB@elistx.com>
In-Reply-To: <BCF9324F-F9DC-4493-BF48-DA0B14591EFB@elistx.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.82.24021116
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_DA91CC42D4104E4BA6B96BFBB4F93B0Everisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Message-ID-Hash: 4HPPP6UDV2YBDT4KZHNCEEEW2IE23PX7
X-Message-ID-Hash: 4HPPP6UDV2YBDT4KZHNCEEEW2IE23PX7
X-MailFrom: jgould@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "regext@ietf.org" <regext@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [regext] Re: Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/jGRqX1Y0fcxlU_aQd1e2AX1pLBE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>
Jim, I believe we’ve discussed the problem being solved by the draft’s multiple times. To be clear, these are the problems that I see the drafts solving: 1. draft-ietf-regext-rdap-versioning – While progressing the most recent RDAP extensions it was agreed that there was no formal versioning in RDAP other than what is referred to as opaque versioning. draft-ietf-regext-rdap-versioning provides for extensible versioning in RDAP, with support for the server to provide versioning information to the client in the help and the query responses and support the capability for the client to provide the hint of the desired extension versions in the query. There is built-in support for Opaque Versioning and Semantic Versioning and there is support for the client to provide the hint of the desired extension versions using a query parameter or using draft-ietf-regext-rdap-x-media-type. 2. draft-ietf-regext-rdap-x-media-type – Andy and Jasdip can provide a better description, but my take is that draft-ietf-regext-rdap-x-media-type enables a client to provide the hint of the desired extensions using an HTTP header, which survives redirects. 3. draft-ietf-regext-rdap-extensions – Based on the large volume of discussion on the mailing list related to extension identifiers, it was clear that guidance was needed for RDAP extensions, which I believe is the purpose of draft-ietf-regext-rdap-extensions. I see this draft as meeting the need that RFC 3735 does for EPP, so we can really consider many areas of RDAP extension guidance in this draft. Again, Andy and Jasdip can provide the authoritative description for this draft. Thanks, -- JG [cid87442*image001.png@01D960C5.C631DA40] James Gould Fellow Engineer jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com<http://verisigninc.com/> From: James Galvin <galvin@elistx.com> Date: Monday, July 22, 2024 at 1:21 PM To: James Gould <jgould@verisign.com> Cc: "regext@ietf.org" <regext@ietf.org> Subject: [EXTERNAL] Re: [regext] Review of draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Speaking as co-Chair: Thank you Jim for these detailed comments. For the working group, the question that will be before us in the discussion on Wednesday, which was also before us at IETF119, is what problem are we trying to solve? The second order question, which was also before us at IETF119, is what is the relationship between these documents. Jim’s note is a pretty deep consideration of that second question. Please come prepared on Wednesday to discuss the first question. There will be Chair slides later today with more details. Thanks, Jim co-Chair REGEXT On 22 Jul 2024, at 7:59, Gould, James wrote: Hi, I did a detailed review of the three drafts draft-ietf-regext-rdap-versioning, draft-ietf-regext-rdap-x-media-type, and draft-ietf-regext-rdap-extensions for alignment. The following are my findings: 1. draft-ietf-regext-rdap-versioning includes support for draft-ietf-regext-rdap-x-media-type and the “versioning” query parameter for the client to provide a hint of the extension versions to include in the RDAP query and RDAP response. The server MUST support both methods and the client MUST include a single method in the RDAP query to ensure that there are no conflicts. This ensures that clients can specify the extension versions via a query parameter and via an HTTP header per draft-ietf-regext-rdap-x-media-type. 2. draft-ietf-regext-rdap-x-media-type could be merged into draft-ietf-regext-rdap-versioning, since it now represents one method of an Extension Versioning Request. * An alternative is for draft-ietf-regext-rdap-x-media-type to support a more generic form of query parameters for use in any RDAP extension. * The extension can stay separate if there is some advantage. 1. draft-ietf-regext-rdap-versioning defines a Extension Version Identifier in section 3.1 https://datatracker.ietf.org/doc/html/draft-ietf-regext-rdap-versioning#name-extension-version-identifie<https://secure-web.cisco.com/1_MBwhG1qjXRHnMMq9TlFEdX_SLq1eE5Gvice0sxS8g7VpHB9Oa09-LzBt-J0Qg47q8COFBayFNpnYh3b9MhJyNIJBI0BSGk_eunPgHve0N3e37fOME3HtGysbmAELZ7zKZIojO-ntRsg2PJyzVbEeLuHaIKZ2h20Flr3ynIL9zWgU-7KOTCKrRR7xzzRkP6UZrURE8eSBeJwSGYpIg_GP1VyOIAPx_1kZGeAEQGhpQNn76rMuL_l0IUU4uCcp2efxUo4RpCot86OFi6PPcEd4M1R-PqG6Utxqji6OfIdbTs/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-regext-rdap-versioning%23name-extension-version-identifie> as: * ABNF i. extension-version-identifier = identifier versioning ii. identifier = ALPHA *( ALPHA / DIGIT / "_") ; Extension Identifer iii. versioning = ["-" 1*VCHAR] * draft-ietf-regext-rdap-x-media-type needs to also support the extension-version-identifier to use it with draft-ietf-regext-rdap-versioning, which currently uses the language: i. “This media type has a parameter of "extensions" which is a whitespace-separated list of RDAP extensions as defined in the IANA RDAP Extensions registry.” * How about making this more generic to support additional types of extension versioning schemes, such as the language: * “This media type has a parameter of "extensions" which is a whitespace-separated list of RDAP extensions, such as defined in the IANA RDAP Extensions registry.” i. Use of the IANA RDAP Extensions registry will support Opaque Versioning in draft-ietf-regext-rdap-versioning, where use of “such as” will allow for additional RDAP extensions schemes. ii. “the values in the media type's extension parameter SHOULD match the values in the rdapConformance array in the return JSON.” * The Extension Version Identifier does include the extension identifier, so the question is whether inclusion of the versioning suffix will meet the “match the values in the rdapConformance array”. * How about making this more specific to directly reference the version identifiers, which would work better with draft-ietf-regext-rdap-versioning: * “the extension identifier values in the media type's extension parameter SHOULD match the values in the rdapConformance array in the return JSON.” * “though clients SHOULD list the extension identifier in the extensions parameter when using other protocol elements of those extensions. Servers SHOULD NOT require the usage of extension identifiers in the extensions paramater when other extension protocol elements are used. * To support draft-ietf-regext-rdap-versioning, this could be modified as: i. “though clients SHOULD list the extension identifier in the extensions parameter when using other protocol elements of those extensions. Servers SHOULD NOT require the usage of extensions identifiers in the extensions parameter when other extension protocol elements are used” ii. Referencing extension instead of extension identifier would be more generic to support the Extension Version Identifier. iii. Nit – replace “paramater” with “parameter” 1. draft-ietf-regext-rdap-x-media-type Security Considerations parameter below may be best to address in draft-ietf-regext-rdap-versioning and even more generically in draft-ietf-regext-rdap-extensions * “This specification does contrast with solutions using query parameters in that those solutions require servers to blindly copy query parameters into redirect URLs in situations where such copying could cause harm, such as copying an API key intended for one server into the redirect URL of another server.” 1. draft-ietf-regext-rdap-x-media-type B.2 “Query Parameters Considered Harmful” could be moved to draft-ietf-regext-rdap-extensions, since query parameters are used in many places in RDAP, so providing clear guidance when a query parameter should or should not be used would be useful in draft-ietf-regext-rdap-extensions. I don’t believe query parameters are “harmful” but has a disadvantage in the use cases presented. The query parameter has the advantage of being a simple approach for clients to provide their hint when directly interfacing with the server. In re-reviewing draft-ietf-regext-rdap-extensions it does look like section 12 “Redirects” includes some guidance related to query parameters, where I believe it would be beneficial to have a separate query parameter section in draft-ietf-regext-rdap-extensions. 2. draft-ietf-regext-rdap-x-media-type B.2.4 “Architectural Violations” and B.3 “RDAP Extension Versioning” could be removed, since I don’t see how the use of a query parameter in RDAP would be considered an architectural violation and RDAP Extension Versioning will be worked on in parallel in draft-ietf-regext-rdap-versioning. 3. draft-ietf-regext-rdap-versioning * In section 8 “Extension Versioning”, I just want to confirm that draft-ietf-regext-rdap-versioning address the normative language and if not what needs to be added: i. “If a future RFC defines a versioning scheme (such as using the mechanims defined in section Section 2<https://secure-web.cisco.com/141yE73XKv2NLc7O2rVUTJ_4y2IpMgJTa-QoamzcGlrHgDPVp7u8jHdUqVvbraHil7_y1TUSzgTR77fR4qybyICTJOl28Z1CtMRDi8tMB4pf1praTqIowh-F-9eDu7CiX4GzQcUbLhV7xilhB7LhatlvZAi4k7txt-jKGKtaTfyEDiWP-VItrpXgYpigOFQw9eqPJLbmOVsU5kxb6_WPpKJctmnasbi5FiSxA-B0E5Loh11TAntVf2uthDiZ8U6Xb3L1rZ6P8eYf02gp3aqQtT6PwIPGFZuQmXVrflHHdLuA/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-regext-rdap-extensions%23extension_identifier>) an RDAP extension definition MUST explicitly denote this compliance.” * Section 8.1 “Backwards-Compatible Changes” i. This section may not be needed with draft-ietf-regext-rdap-versioning, since the set of supported extension versions are explicitly specified, where in the case of Opaque Versioning the server could support many versions of the extension. * Section 8.2 “Backwards-Incompatible Changes” i. IT would be helpful to include the reference to draft-ietf-regext-rdap-versioning as an option to consider in signaling support for more than one version of an extension. * Section 9 “Extension Identifiers in a Response” i. You can update the reference of [I-D.gould-regext-rdap-versioning] to be [I-D.draft-ietf-regext-rdap-versioning]. Thanks, -- JG [cid87442*image001.png@01D960C5.C631DA40] James Gould Fellow Engineer jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com<http://secure-web.cisco.com/16eLJyBzKynyyP1bYXROFzMDBfEPhoAFdCM5MViJ0eO3tBXTX0LFFoKOEv63okfIyCAClPsGsGtg8FXeCMNIfjMNT4PN8oSZyhnSAaX2JMKqfvJZOr06_nlmS3rcuKEplIuSv-WXtKFs449uwoh7-LMwT2mH450eJXw6L-eP1ljicpYKpB5WCJX5rSFSlFslBV0aBdOAse1nT5wVDNMB-iZ8npnSmazO0nDg48OIJFaNsJ_tsSqCC7zx5h3tV9H5KHceO_iN5wxWmimbgh095XIUS1CXU1qO5GcMSAAm4SVw/http%3A%2F%2Fverisigninc.com%2F> _______________________________________________ regext mailing list -- regext@ietf.org To unsubscribe send an email to regext-leave@ietf.org
- [regext] Review of draft-ietf-regext-rdap-version… Gould, James
- [regext] Re: Review of draft-ietf-regext-rdap-ver… James Galvin
- [regext] Re: Review of draft-ietf-regext-rdap-ver… Gould, James
- [regext] Re: Review of draft-ietf-regext-rdap-ver… James Galvin
- [regext] Re: Review of draft-ietf-regext-rdap-ver… Gould, James
- [regext] Re: Review of draft-ietf-regext-rdap-ver… Jasdip Singh
- [regext] Re: Review of draft-ietf-regext-rdap-ver… Gould, James
- [regext] Re: Review of draft-ietf-regext-rdap-ver… Andrew Newton (andy)