IETF Logo Mail Archive

[regext] Re: RDAP versioning - on client-server interactions and 2-RTT flow

"Gould, James" <jgould@verisign.com> Thu, 21 November 2024 18:00 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78DDBC1CAF4A for <regext@ietfa.amsl.com>; Thu, 21 Nov 2024 10:00:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxzxZyaUH0tP for <regext@ietfa.amsl.com>; Thu, 21 Nov 2024 10:00:21 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) by ietfa.amsl.com (Postfix) with ESMTP id 8E943C169423 for <regext@ietf.org>; Thu, 21 Nov 2024 10:00:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=35298; q=dns/txt; s=VRSN; t=1732212021; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=aAcOFL+pfIGEW3RyG7M2CQWPJvjywe24TbQaGcEvBkk=; b=cCS69ZlaLfqcakqQoGv2kxsEMaVEI73c2hCCVe3E60UDPYUVfQeG/GPX Maaj9wgtrMS5sEMfhnXEc7LcwElJQcMouArUgtZuNAQ/1elJsn6lsr8i8 49R/f55Uf+8zYt5fwp1kRVEh+4/uytmxhSgtz8rcTgWNzI3HoBF811SFw vmtLovEH1CFWScdD+50WsoohpsolyG+swEU1bErj/qWk6pENIAb8EQuFm QX3lfHTRwnlagnnXwlFNzv11j2T+YYFFJh7z5Q876wLeLqijT2DuvpP/c A/Tgzl9ffq/RIWK7Z5TfpLMlNCsMj9R0DpaugDZrRPQPMXdP3Oy/GcCMe w==;
X-CSE-ConnectionGUID: gJLz+/qGRuWulysF1zLDJA==
X-CSE-MsgGUID: VcT2Vk68RZuaC98Sir64Gg==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:enyEXq5Fkt28lJamA8geegxRtNfGchMFZxGqfqrLsTDasI4TYwyz/ BJGBDjRb/+KY3y1JY5G3L7GoxgB7MTTyoVnTgttrH89RCtApZbODojFcB6vNS6YcpPIFUk5v pRDZ4XLd8pkRyKA/x3zbLa68CRyi6vTTeKjBYYoVswQqSpMEU/N3jo/wrdn6mIRveWEPu+th T/Ti8GPYg/712QvPGgesKnZ8R1h5aj/5DgRswI1Pa8X5A6GyyBFXZkSG/q8fiDyKmV28kxWZ M6Yle3koTmJl/sJIon4+louWhRSGtY+BSDX1zwLHfLk2kESzsAL+v5THOIGbktKgCm+kdl0y dFc3bS9Ug5B0pfkwYzxaDEGVXgkVUF60OWfeyTm6JbKlxeun0bEmJ2CMmlnZeX0xc4qWQmix dRAQBgRYxaKgf6Bwb7TYoFEmsQ5IcD3C5gUs3dmwCuxJa5OrUfrGviiCXdwhV/ct+gWdRrsT 5NxhQlHNXwsVyZy1mI/U/rSqs/z3yWiLGcIwL6ijfFfD2D7lGSd2ZCzaIaFIoTiqc99xi50r Uqel4j1741z2HVyBlNp/1r17tIjkx8XV6odNpmqtblzr2eO+XEXGQY4DEmfjduQ3xvWt9J3c yT4+wIEl45ry2qGfoGnGQOzp2Sc+BcQHcRKCOt84waIokbWy1/BQDFbFXgYNYdg6J5eqT8Cj zdlm/vrCjtytLG9V3+H96yVojX0Mi8QRYMHTXRbF1Bdu4myyG01pizEcoxdE/DltO/oEBqhk wuLtnZiqLpG2Kbn0I3+pzgrmQmEpZ/WRwo05S3bU2Sk5UV1aeaNfYGn5EjHxfdNMIjfSUOO1 EXogOCU9uZXEpeAhHTXBf4TBves5u3AOjqai0RpRt8/7S+rvXWkeOi8/Q1DGaugCe5cEReBX aMZkVo5CEN7VJdyUZJKXg==
IronPort-HdrOrdr: A9a23:fhRaPK1/IycpyRpGUnOq2AqjBJ4kLtp133Aq2lEZdPUMSL38qy ncpoV+6faUskdrZJhOo7G90cW7K080sKQFg7X5Xo3SJjUO2lHJEGgK1+KLqAEIWReOldK1vp 0NT0EKMrPN5C9B4voSjjPULz9q+qjhzEnhv5a5858mJzsaEp2IwT0JcjqmLg==
X-Talos-CUID: 9a23:uiTF6Gk8AcBWz1mp6TYQTQV4kuzXOXL/6GWTZFaXM3tWVbmEUnHJ6odIseM7zg==
X-Talos-MUID: 9a23:hnMXjgXk58tMtyTq/AHnuGtcN5k42ZazAWtcwa4HoZfYGiMlbg==
X-IronPort-AV: E=Sophos;i="6.12,173,1728950400"; d="png'150?scan'150,208,217,150";a="37230089"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Thu, 21 Nov 2024 13:00:20 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2507.037; Thu, 21 Nov 2024 13:00:20 -0500
From: "Gould, James" <jgould@verisign.com>
To: "kowalik@denic.de" <kowalik@denic.de>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] RDAP versioning - on client-server interactions and 2-RTT flow
Thread-Index: AQHbPDveKiqeoFSQXUKbiqiy724ywLLCBfyA
Date: Thu, 21 Nov 2024 18:00:19 +0000
Message-ID: <F6BD2F41-C0E6-4892-B9DA-920A62A46CC5@verisign.com>
References: <10ba3faa-8bf7-4202-81bf-e2c99473c3db@denic.de> <10BE3B85-4538-49C5-AB98-4EDDCDCF2B5F@verisign.com> <a872a3d3-ca80-4fbc-b747-b3738e857dae@denic.de>
In-Reply-To: <a872a3d3-ca80-4fbc-b747-b3738e857dae@denic.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.91.24111020
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_F6BD2F41C0E64892B9DA920A62A46CC5verisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Message-ID-Hash: CMMXZSQIZXUV5ZKNDKX46VJGAUCGD6NY
X-Message-ID-Hash: CMMXZSQIZXUV5ZKNDKX46VJGAUCGD6NY
X-MailFrom: jgould@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [regext] Re: RDAP versioning - on client-server interactions and 2-RTT flow
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/nGjJYcsWi4pqMGWY4DAnkPl6e-s>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>

Pawel,

The client has multiple options:


  1.  Proactively leverage the versioning help with every query (2-RTT) or a pre-defined intervals to keep the configuration accurate.
     *   I don’t see the extension versions changing frequently and the versioning extension does support pre-publishing support for an extension version to the client, so my recommendation would be to check it daily or even less frequently in a single client.
  2.  Lazily leverage the versioning help when there is an identified extension version issue
     *   This could be automated with the first error and then stored with the correct extension versioning information for subsequent queries.
     *   This could be manual when an error is reported, and operations uses the versioning help to diagnose the issue for a fix.

There are probably many additional options, where having the meta-data along in the versioning help (e.g., “versioning_help” member) with the extension versioning detail with each response (e.g., “versioning” member) should provide value with any RDAP client to address extension compatibility issues automatically or manually.

Thanks,

--

JG

[cid87442*image001.png@01D960C5.C631DA40]

James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com<http://verisigninc.com/>

From: "kowalik@denic.de" <kowalik@denic.de>
Date: Thursday, November 21, 2024 at 12:36 PM
To: James Gould <jgould@verisign.com>, "regext@ietf.org" <regext@ietf.org>
Subject: [EXTERNAL] Re: [regext] RDAP versioning - on client-server interactions and 2-RTT flow


Hi Jim,

If the client would like to benefit from machine readable version information from versioning extension, there is no way around 2-RTT.

If not, then this extension is basically of no practical meaning to such client, so not really worth considering.

Kind Regards,

Pawel
On 21.11.24 18:29, Gould, James wrote:

Pawel,



RFC 9082 states the following for the Help Path Segment:



The help path segment can be used to request helpful information (command syntax, terms of service, privacy policy, rate-limiting policy, supported authentication methods, supported extensions, technical support contact, etc.) from an RDAP server. The response to "help" should provide basic information that a client needs to successfully use the service.



This is exactly what the versioning extension is doing in the "versioning_help" member, by providing help information on supported extensions.  A client is not required to use the versioning extension to perform queries, since the server does have a default extension version that is specified in the "versioning_help" member.  If a client does run into an extension compatibility issue, it could use the help command to programmically (lazily) or manually determine the root cause of the issue for resolution.



There is no requirement or expectation that an RDAP client implement 2-RTT.



Thanks,



--



JG







James Gould

Fellow Engineer

jgould@Verisign.com<mailto:jgould@Verisign.com> <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com><mailto:applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>



703-948-3271

12061 Bluemont Way

Reston, VA 20190



Verisign.com <http://verisigninc.com/><http://secure-web.cisco.com/1i4F4XceuHxhs-b9i0KfN2SASQv-TqK69F2z5EdAqIhCxvhNvC3WwTfK6ANtRgjWLd-R8d-Cqyv-UD-CDH530aIlcZGBWm2yG1KKtbY1TC3EuirdyZQMdD6m8QZxEis3VeDni07o4rQRu8oP6EsH75zHCBqovfVVxdTQR2RG4TWq-JSOiQGFBxZo-rT98XqthLeXHhlNAGdU4WeXMwzWqT6EUQND3wycz-A1IZhl6TZs0OrUj1i16L6RWb2XC51tpxYvBo1-crVyGevQ5AGLM6MWtAFYuGnkJXhUPgBL98fI/http%3A%2F%2Fverisigninc.com%2F>









On 11/21/24, 12:19 PM, "Pawel Kowalik" <kowalik@denic.de<mailto:kowalik@denic.de> <mailto:kowalik@denic.de><mailto:kowalik@denic.de>> wrote:





Hi,





Thinking of interactions between the client and server that versioning

draft assumes I think we are heading towards 2-RTT model for every request.





Step 1: The client makes an HTTP GET request to the /help endpoint of

the RDAP server.

Step 2: The response is processed to extract rdapConformance and versioning.

Step 3: Compare the server's supported extensions and versions with

those supported by the client.

Step 4: If compatible configurations are found, the client makes target

request to a resource endpoint (e.g., domain/foo.com) using headers or

query parameters to specify the desired configuration.





So we have 2 full RTTs. Of course a client can cache it for some time

but not forever, as the server may change at any time its configuration.

In a cold state or a client without capability to cache this will be

always 2-RTT if the client would like to be aware of the versions.





I don't think this is in line with rfc7480, which assumes "a client

implementation should be possible using common operating system

scripting tools (e.g., bash and wget)". Also not with the usage pattern

defined in Section 1. None of it is normative, however I would not just

ignore it without discussing consequences of going this way.





I would like to see more that versioning draft would assume 1-RTT model

as a primary use-case, so that the client would put a range of versions

it supports into a request and the server would put best efforts to

fulfil it. This would be also more "redirect friendly", so that a

redirected request to another server (no matter if with query parameters

or headers) would have the same information about client capabilities

and able to serve the response as opposed to getting a request for

configuration crafted for the origin server of a redirect.





Kind Regards,





Pawel

v2.31.3 | Report a Bug | By Email | System Status