Re: [regext] ACTION REQUESTED: split draft-ietf-regext-rdap-jscontact
Mario Loffredo <mario.loffredo@iit.cnr.it> Thu, 16 November 2023 14:28 UTC
Return-Path: <mario.loffredo@iit.cnr.it>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FC1BC15106F for <regext@ietfa.amsl.com>; Thu, 16 Nov 2023 06:28:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.905
X-Spam-Level:
X-Spam-Status: No, score=-1.905 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1usJIltjGB4Y for <regext@ietfa.amsl.com>; Thu, 16 Nov 2023 06:28:42 -0800 (PST)
Received: from mx5.iit.cnr.it (mx3.iit.cnr.it [146.48.58.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28F9AC14CE52 for <regext@ietf.org>; Thu, 16 Nov 2023 06:28:41 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mx5.iit.cnr.it (Postfix) with ESMTP id 74239600F92; Thu, 16 Nov 2023 15:28:38 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at mx3.iit.cnr.it
Received: from mx5.iit.cnr.it ([127.0.0.1]) by localhost (mx3.iit.cnr.it [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Uwx4MxCQbYid; Thu, 16 Nov 2023 15:28:35 +0100 (CET)
X-Relay-Autenticated: yes
Content-Type: multipart/alternative; boundary="------------QVGY3c30AMNrnZ07QM7St5El"
Message-ID: <b59a060c-f1aa-4fa8-b32e-bc0f16ecf756@iit.cnr.it>
Date: Thu, 16 Nov 2023 15:24:03 +0100
Mime-Version: 1.0
From: Mario Loffredo <mario.loffredo@iit.cnr.it>
To: Andrew Newton <andy@hxr.us>
References: <ABE9A12A-BBF7-42F5-B532-F821A9E7765F@elistx.com> <3ae6f8d2-252e-49a7-8cdf-c696f78bff63@denic.de> <CAAQiQRd3WVvAREqu5Rn_aOUiQo05UbO79qVD7zTdU08_Fk2ivQ@mail.gmail.com> <5dc77e45-58d7-4d92-ab07-aa81f8d03cb3@iit.cnr.it> <CAAQiQReWwTP2WorhM=rQoDfRnzPLJJoXz+aRj+GsvT0102NTww@mail.gmail.com> <0558e944-f74c-43b6-b776-d6f340ef82e6@iit.cnr.it> <CAAQiQRcvJ=JXkGo+u8TwJxXxD=Ju3XvocjR_Hr_2uJvCsvoKyg@mail.gmail.com>
Content-Language: it
Cc: "regext@ietf.org" <regext@ietf.org>
In-Reply-To: <CAAQiQRcvJ=JXkGo+u8TwJxXxD=Ju3XvocjR_Hr_2uJvCsvoKyg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/nyUR1Qm7pOzWafv1BroopPbkvl4>
Subject: Re: [regext] ACTION REQUESTED: split draft-ietf-regext-rdap-jscontact
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Nov 2023 14:28:46 -0000
Hi Andy, please find my comments inline. Il 15/11/2023 14:41, Andrew Newton ha scritto: > Mario (and JG), > > On Wed, Nov 15, 2023 at 5:17 AM Mario Loffredo > <mario.loffredo@iit.cnr.it> wrote: >> [ML] About preserving query parameters in HTTP redirection, my opinion >> is that it depends on each application protocol built over HTTP. >> >> There are a ton of protocols on the web preserving query parameters in >> redirection and AFAIU there is nothing in RFC9110 stating that query >> parameters must be purged. >> >> On the contrary, RFC 9110 itself admits that a POST could be redirected >> and changed into a GET and I cannot imagine how it could be done without >> using query parameters. > There is no disagreement on that. However, RFC 9110 does state that > content negotiation is done with accept and content-type headers. > >> If RDAP rules out preserving query parameters in redirection, this ought >> to be explicitly stated in section 5.2 of RFC 7480. > The counter to that is that nowhere is it specified that they do > generally survive redirects, there exists RFC language to instruct > servers to ignore unknown query parameters, and there exist current > deployments that do not preserve them. [ML] I agree with you on "unknown parameters" but RDAP has already defined many well known parameters for searches as well as lookups (i.e. dnt and qp in rdap-openid). Besides, there exist also current deployments that preserve them in redirection. For example, my RDAP server preserve the jscard parameter of rdap-jscontact in redirection. Since a normative language is missing, everyone is allowed to interpret RFC7480 and implement their own redirection strategy. >> Anyway, I wouldn't welcome such a policy for the following reasons: >> >> - RDAP is a relatively young protocol not yet largely used. At present, >> I couldn't exclude such a feature from being useful in future developments. >> >> - It would result in a sort of confusion between using query parameters >> in lookups and searches and also between different lookups. To be noted >> that rdap-openid, just gone through the WGLC, allows to specify two >> parameters which can be used in RDAP queries. >> >> - Bootstrapping is an optional feature. Would an RDAP provider be >> allowed to define a request custom lookup extension incuding query >> parameters if that kind of query will never be redirected ? > The issue isn't that they are forbidden, the issue is that to use them > in any scenario involving redirection, all servers participating in > that redirection must behave in the same manner. At present, that is > demonstrably untrue. [ML] As I wrote, the applicable query parameters are defined and well known by each HTTP-based application protocol. In RDAP, they have already been defined for both kinds of query and can be either ignored or implemented. As a consequence, I think it would be more consistent to allow for them in general, to preserve them in redirection and let the target servers to implement them rather than to try to delimit the cases where they are allowed and those where they aren't. >> With regard to the content negotiation, I personally interpreted that >> Accept header is used to negotiate a format involving the overall >> response rather than a portion, i.e. the contact information. >> >> Just to give an example: at last meeting, you mentioned CBOR. The use of >> CBOR would not be restricted to only the contact information. >> >> Anyway, I admit that this depends on different point of views. >> >> Instead, I am a bit doubtful about how the "extension" parameter is >> defined in the rdap-x draft but I confess that I'm not knowledgeable >> about media types so I asked an expert for a clarification. > I'd be curious who he is and what he has to say. [ML] Nothing special. It was just for my better understanding of RFC6838. > Also, since you (and JG) have been arguing vehemently on your > position, did you find a technical flaw in the rdap-x draft? Have you > found a scenario where it does not work? [ML] Am not "arguing vehemently", I'm quietly explaining what does not completely convince me. Your proposal would have many implications on existing implementations and as many of them in the future, hence, it should be carefully evaluated. Here in the following some remarks/objections from my side sorted by relevance: - RDAP extensions are not only response extensions. So, even assuming that signaling preferences about response extensions is a matter of content negotiation, pure request extensions wouldn't theoretically be covered. How would they be manged ? - AFAIK caches generally ignore Accept by default, so when content negotiation is first introduced, clients often get the wrong response type. In this case, it would result in getting the default response by the RDAP server. Implementers should add Accept to Vary. Should it be addressed by rdap-x draft ? - Requiring HTTP headers with media types makes it more difficult to test and explore the API using a browser. During development, you can launch the browser and easily see what the server is responding by simply using the address bar. When relying on content negotiation it's a bit more tricky, and you have to leverage plugins or cURL or anything else that can manipulate the headers. - (Minor) I wonder how much tricky it could be to get the value of the extensions parameter. At a quick glance, it doesn't look to me as straightforward as getting the value of a query parameter. I'd be curious to know if someone in the WG has already implemented it. > If not, then why do you insist on a path with known interoperability > issues over a path without them? [ML] Because I personally see drawbacks in such an approach as well as possible inconsistencies in implying that lookup queries should not include query parameters. Anyway, if the WG agreed on this way to go, some normative language should be added somewhere to make it clear when query parameters are forbidden or unrecommended. Best, Mario > -andy -- Dott. Mario Loffredo Senior Technologist Technological Unit “Digital Innovation” Institute of Informatics and Telematics (IIT) National Research Council (CNR) via G. Moruzzi 1, I-56124 PISA, Italy Phone: +39.0503153497 Web:http://www.iit.cnr.it/mario.loffredo
- [regext] ACTION REQUESTED: split draft-ietf-regex… James Galvin
- Re: [regext] [Ext] ACTION REQUESTED: split draft-… Gavin Brown
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… kowalik
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Andrew Newton
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Mario Loffredo
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… James Galvin
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Gould, James
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Hollenbeck, Scott
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Andrew Newton
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Gould, James
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Mario Loffredo
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Andrew Newton
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Andrew Newton
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Gould, James
- [regext] Fwd: ACTION REQUESTED: split draft-ietf-… Mario Loffredo
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Andrew Newton
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Andrew Newton
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Marc Blanchet
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… Mario Loffredo
- Re: [regext] ACTION REQUESTED: split draft-ietf-r… James Galvin
- Re: [regext] Fwd: ACTION REQUESTED: split draft-i… Andrew Newton
- Re: [regext] Fwd: ACTION REQUESTED: split draft-i… Mario Loffredo
- Re: [regext] Fwd: ACTION REQUESTED: split draft-i… Andrew Newton
- Re: [regext] Fwd: ACTION REQUESTED: split draft-i… Mario Loffredo