IETF Logo Mail Archive

[regext] Re: RDAP versioning - on client-server interactions and 2-RTT flow

"kowalik@denic.de" <kowalik@denic.de> Thu, 21 November 2024 19:06 UTC

Return-Path: <kowalik@denic.de>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFD1EC14F617 for <regext@ietfa.amsl.com>; Thu, 21 Nov 2024 11:06:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=denic.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QfZmhJEyPV_S for <regext@ietfa.amsl.com>; Thu, 21 Nov 2024 11:06:49 -0800 (PST)
Received: from mout-b-210.mailbox.org (mout-b-210.mailbox.org [IPv6:2001:67c:2050:102:465::210]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D66C4C1CAF32 for <regext@ietf.org>; Thu, 21 Nov 2024 11:06:48 -0800 (PST)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-210.mailbox.org (Postfix) with ESMTPS id 4XvSQC2Gt3zDvWw; Thu, 21 Nov 2024 20:06:43 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=denic.de; s=MBO0001; t=1732216003; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=UtgYge3vuUzwsP1fb3B4eJz+Tg5dwjq2lQM5WjQirlo=; b=jv3M0XN04dsrtnSUSod91ZpXKRwJvgOKTFlhtsKcQZinB7ZNDC6KV9w1L5P2Qx3ceb6t+1 HMhzCxirhLSmFlPn0t1D4g6AdFv+bb7//NCC0tShSB7XjwQJq8qQDTjf+ZUO1wFs/Ya9CR +jM5QEiQ7zQYiBZMW5IQb/Qq1iV++5Ki6HVe2uMVwbsq8WapW2GvH8EqWBWC2wLVC/4kqN hgG7SP+v5N7yAwxmgmtpHDrDGyUGifY2QV9R4Rn5TDJxttRfqGQinJVf+3r0b2K9z5NVGN ql0CGrzQnsYyJHCvIjwt9QMzH5ionfqfthp/3O4Bsw/QYzD8hURkRz/76Y3dsg==
Message-ID: <beb2763a-97ea-4e71-b144-45c5a3501042@denic.de>
Date: Thu, 21 Nov 2024 20:06:41 +0100
MIME-Version: 1.0
From: "kowalik@denic.de" <kowalik@denic.de>
To: "Gould, James" <jgould@verisign.com>, "regext@ietf.org" <regext@ietf.org>
References: <10ba3faa-8bf7-4202-81bf-e2c99473c3db@denic.de> <10BE3B85-4538-49C5-AB98-4EDDCDCF2B5F@verisign.com> <a872a3d3-ca80-4fbc-b747-b3738e857dae@denic.de> <F6BD2F41-C0E6-4892-B9DA-920A62A46CC5@verisign.com> <7fc24d8e-f845-4e62-b164-cf6dcaa39915@denic.de> <02044771-6C63-466D-88F4-FD08B270F4F3@verisign.com>
Content-Language: en-GB, de-DE
In-Reply-To: <02044771-6C63-466D-88F4-FD08B270F4F3@verisign.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-512"; boundary="------------ms030300070109090202070904"
X-MBO-RS-ID: 1d8c62d5271a3696d31
X-MBO-RS-META: 3tirdy4rq8sgq36s3fb18qu67o3exhgp
Message-ID-Hash: Q7MNH4ET5T2N7WXTRMNSY6U4DEQU4ZER
X-Message-ID-Hash: Q7MNH4ET5T2N7WXTRMNSY6U4DEQU4ZER
X-MailFrom: kowalik@denic.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [regext] Re: RDAP versioning - on client-server interactions and 2-RTT flow
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/k7Osy4vzGEncEneQsOTgpPEBSLE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>

Hi Jim,

Again, the proposal for 1-RTT model is that the client would put a range 
of versions it supports into a request and the server would put best 
efforts to fulfil it. Like 
?versioning=versioning-0.3-versioning-0.9,versioning-1.0+. Current draft 
allows listing all supported versions one by one, but this list may grow 
big in this case. The draft is not clear about what to do if server does 
not support the requested version. Say server supports 0.3 (default) and 
0.9 and client requests 0.6. It would be better for the client that the 
server responds with 0.9 (best fitting compatible version with 0.6) 
rather than with default 0.3.

Also a redirect target server can deliver the best fitting response 
rather than falling back to default.

Kind Regards,

Pawel

On 21.11.24 19:26, Gould, James wrote:
>
> Pawel,
>
> The server has a default set of extensions with or without the 
> versioning extension and will return the defaults.  I don’t see your 
> concern with exposing the supported extension versions in the help 
> response, since it really doesn’t require a 2-RTT flow.  The lazily 
> option includes the sub-option of manually using the meta-data to 
> address an error.  If there was no versioning extension, there would 
> be no meta-data within RDAP to use to determine the root cause of the 
> extension issue when the server supports more than one version of an 
> extension at a time.
>
> The versioning extension is optional for the RDAP client to implement, 
> as should be the case for other RDAP extensions, provides help 
> information in the help response per RFC 9082, and the help 
> information can be used at any time automatically or manually when 
> needed.  Introducing an optional RDAP extension that provides extra 
> meta-data in the help response in no way implies the need for a 2-RTT 
> flow.
>
> Thanks,
>
> -- 
>
> JG
>
>
> cid87442*image001.png@01D960C5.C631DA40
>
> *James Gould
> *Fellow Engineer
> jgould@Verisign.com 
> <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
>
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
>
> Verisign.com <http://verisigninc.com/>
>
> *From: *"kowalik@denic.de" <kowalik@denic.de>
> *Date: *Thursday, November 21, 2024 at 1:16 PM
> *To: *James Gould <jgould@verisign.com>, "regext@ietf.org" 
> <regext@ietf.org>
> *Subject: *[EXTERNAL] Re: [regext] RDAP versioning - on client-server 
> interactions and 2-RTT flow
>
> Hi Jim,
>
> Got it. These are all optimisations of 2-RTT model.
> I am missing your feedback to my 1-RTT proposal and risks related to 
> redirects in 2-RTT scenario.
>
> Kind Regards,
>
> Pawel
>
> On 21.11.24 19:00, Gould, James wrote:
>
>     Pawel,
>
>     The client has multiple options:
>
>      1. Proactively leverage the versioning help with every query
>         (2-RTT) or a pre-defined intervals to keep the configuration
>         accurate.
>
>          1. I don’t see the extension versions changing frequently and
>             the versioning extension does support pre-publishing
>             support for an extension version to the client, so my
>             recommendation would be to check it daily or even less
>             frequently in a single client.
>
>      2. Lazily leverage the versioning help when there is an
>         identified extension version issue
>
>          1. This could be automated with the first error and then
>             stored with the correct extension versioning information
>             for subsequent queries.
>          2. This could be manual when an error is reported, and
>             operations uses the versioning help to diagnose the issue
>             for a fix.
>
>     There are probably many additional options, where having the
>     meta-data along in the versioning help (e.g., “versioning_help”
>     member) with the extension versioning detail with each response
>     (e.g., “versioning” member) should provide value with any RDAP
>     client to address extension compatibility issues automatically or
>     manually.
>
>     Thanks,
>
>     -- 
>
>     JG
>
>
>     cid87442*image001.png@01D960C5.C631DA40
>
>     *James Gould
>     *Fellow Engineer
>     jgould@Verisign.com
>     <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
>
>     703-948-3271
>     12061 Bluemont Way
>     Reston, VA 20190
>
>     Verisign.com
>     <http://secure-web.cisco.com/11KWO61ONP3_D4UFnzav5ddD672ljzIQFbvruzfwmY-UufG83Q9qeOASRq90wZO8rDn82Gl4ezO8LFsywN9iX3eaC5gYTNS0Ozvj6CU2GBLBBSRCuB6e9EGJKiN-NcQtPiB-HOey2X25gQ3_nyB0nxGbKVW4I55_OmmuVgZhhNnOt8694hHAgDJ3cpDNm5pqCcCUsdenKtJtfBm-zU1I_FIaakyB7wjBqGUrVlscG4wTNhTveqTvx8r4FVlGeYNJygo_yFL8fQACGVkqOV9ksrUYTvvW5KIx1v_eOO6w4acI/http%3A%2F%2Fverisigninc.com%2F>
>
>     *From: *"kowalik@denic.de" <mailto:kowalik@denic.de>
>     <kowalik@denic.de> <mailto:kowalik@denic.de>
>     *Date: *Thursday, November 21, 2024 at 12:36 PM
>     *To: *James Gould <jgould@verisign.com>
>     <mailto:jgould@verisign.com>, "regext@ietf.org"
>     <mailto:regext@ietf.org> <regext@ietf.org> <mailto:regext@ietf.org>
>     *Subject: *[EXTERNAL] Re: [regext] RDAP versioning - on
>     client-server interactions and 2-RTT flow
>
>     Hi Jim,
>
>     If the client would like to benefit from machine readable version
>     information from versioning extension, there is no way around 2-RTT.
>
>     If not, then this extension is basically of no practical meaning
>     to such client, so not really worth considering.
>
>     Kind Regards,
>
>     Pawel
>
>     On 21.11.24 18:29, Gould, James wrote:
>
>         Pawel,
>
>           
>
>         RFC 9082 states the following for the Help Path Segment:
>
>           
>
>         The help path segment can be used to request helpful information (command syntax, terms of service, privacy policy, rate-limiting policy, supported authentication methods, supported extensions, technical support contact, etc.) from an RDAP server. The response to "help" should provide basic information that a client needs to successfully use the service.
>
>           
>
>         This is exactly what the versioning extension is doing in the "versioning_help" member, by providing help information on supported extensions.  A client is not required to use the versioning extension to perform queries, since the server does have a default extension version that is specified in the "versioning_help" member.  If a client does run into an extension compatibility issue, it could use the help command to programmically (lazily) or manually determine the root cause of the issue for resolution.
>
>           
>
>         There is no requirement or expectation that an RDAP client implement 2-RTT.
>
>           
>
>         Thanks,
>
>           
>
>         -- 
>
>           
>
>         JG
>
>           
>
>           
>
>           
>
>         James Gould
>
>         Fellow Engineer
>
>         jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> <mailto:applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
>
>           
>
>         703-948-3271
>
>         12061 Bluemont Way
>
>         Reston, VA 20190
>
>           
>
>         Verisign.com<http://verisigninc.com/> <http://secure-web.cisco.com/1i4F4XceuHxhs-b9i0KfN2SASQv-TqK69F2z5EdAqIhCxvhNvC3WwTfK6ANtRgjWLd-R8d-Cqyv-UD-CDH530aIlcZGBWm2yG1KKtbY1TC3EuirdyZQMdD6m8QZxEis3VeDni07o4rQRu8oP6EsH75zHCBqovfVVxdTQR2RG4TWq-JSOiQGFBxZo-rT98XqthLeXHhlNAGdU4WeXMwzWqT6EUQND3wycz-A1IZhl6TZs0OrUj1i16L6RWb2XC51tpxYvBo1-crVyGevQ5AGLM6MWtAFYuGnkJXhUPgBL98fI/http%3A%2F%2Fverisigninc.com%2F> 
>
>           
>
>           
>
>           
>
>           
>
>         On 11/21/24, 12:19 PM, "Pawel Kowalik" <kowalik@denic.de <mailto:kowalik@denic.de> <mailto:kowalik@denic.de>> wrote:
>
>           
>
>           
>
>         Hi,
>
>           
>
>           
>
>         Thinking of interactions between the client and server that versioning
>
>         draft assumes I think we are heading towards 2-RTT model for every request.
>
>           
>
>           
>
>         Step 1: The client makes an HTTP GET request to the /help endpoint of
>
>         the RDAP server.
>
>         Step 2: The response is processed to extract rdapConformance and versioning.
>
>         Step 3: Compare the server's supported extensions and versions with
>
>         those supported by the client.
>
>         Step 4: If compatible configurations are found, the client makes target
>
>         request to a resource endpoint (e.g., domain/foo.com) using headers or
>
>         query parameters to specify the desired configuration.
>
>           
>
>           
>
>         So we have 2 full RTTs. Of course a client can cache it for some time
>
>         but not forever, as the server may change at any time its configuration.
>
>         In a cold state or a client without capability to cache this will be
>
>         always 2-RTT if the client would like to be aware of the versions.
>
>           
>
>           
>
>         I don't think this is in line with rfc7480, which assumes "a client
>
>         implementation should be possible using common operating system
>
>         scripting tools (e.g., bash and wget)". Also not with the usage pattern
>
>         defined in Section 1. None of it is normative, however I would not just
>
>         ignore it without discussing consequences of going this way.
>
>           
>
>           
>
>         I would like to see more that versioning draft would assume 1-RTT model
>
>         as a primary use-case, so that the client would put a range of versions
>
>         it supports into a request and the server would put best efforts to
>
>         fulfil it. This would be also more "redirect friendly", so that a
>
>         redirected request to another server (no matter if with query parameters
>
>         or headers) would have the same information about client capabilities
>
>         and able to serve the response as opposed to getting a request for
>
>         configuration crafted for the origin server of a redirect.
>
>           
>
>           
>
>         Kind Regards,
>
>           
>
>           
>
>         Pawel
>
>           
>
>           
>
>           
>
>           
>
>           
>

v2.31.3 | Report a Bug | By Email | System Status