IETF Logo Mail Archive

Re: [weirds] Ted Lemon's Discuss on draft-ietf-weirds-rdap-query-16: (with DISCUSS and COMMENT)

Andy Newton <andy@arin.net> Wed, 29 October 2014 22:45 UTC

Return-Path: <andy@arin.net>
X-Original-To: weirds@ietfa.amsl.com
Delivered-To: weirds@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 476CC1AC3F2; Wed, 29 Oct 2014 15:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q0N8UPL9AtkH; Wed, 29 Oct 2014 15:45:41 -0700 (PDT)
Received: from smtp1.arin.net (smtp1.arin.net [IPv6:2001:500:4:13::33]) by ietfa.amsl.com (Postfix) with ESMTP id 297A31AC3F0; Wed, 29 Oct 2014 15:45:41 -0700 (PDT)
Received: by smtp1.arin.net (Postfix, from userid 323) id 95328165001; Wed, 29 Oct 2014 18:45:40 -0400 (EDT)
Received: from chaedge01.corp.arin.net (chaedge01.corp.arin.net [192.149.252.118]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp1.arin.net (Postfix) with ESMTP id 9255E164FDE; Wed, 29 Oct 2014 18:45:39 -0400 (EDT)
Received: from CHACAS01.corp.arin.net (10.1.30.107) by chaedge01.corp.arin.net (192.149.252.118) with Microsoft SMTP Server (TLS) id 14.3.181.6; Wed, 29 Oct 2014 18:47:55 -0400
Received: from CHAMBX02.corp.arin.net ([fe80::905e:9b4d:2909:f55a]) by CHACAS01.corp.arin.net ([fe80::a98b:1e52:e85a:5979%13]) with mapi id 14.03.0181.006; Wed, 29 Oct 2014 18:45:31 -0400
From: Andy Newton <andy@arin.net>
To: Ted Lemon <Ted.Lemon@nominum.com>
Thread-Topic: [weirds] Ted Lemon's Discuss on draft-ietf-weirds-rdap-query-16: (with DISCUSS and COMMENT)
Thread-Index: AQHP86jbPycVGSxOaEags5rtlyoB6ZxH79KA
Date: Wed, 29 Oct 2014 22:45:30 +0000
Message-ID: <8CD1C8CB-38B4-44AF-A90D-9792FE62EBA3@arin.net>
References: <20141029184749.10576.92440.idtracker@ietfa.amsl.com>
In-Reply-To: <20141029184749.10576.92440.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.149.252.96]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <0012178D06C77F4AA756F400B662EF9C@corp.arin.net>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/weirds/GeNbuUVXgmxSaxOETd99sB3sn4g
Cc: "weirds-chairs@tools.ietf.org" <weirds-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-weirds-rdap-query@tools.ietf.org" <draft-ietf-weirds-rdap-query@tools.ietf.org>, "weirds@ietf.org" <weirds@ietf.org>
Subject: Re: [weirds] Ted Lemon's Discuss on draft-ietf-weirds-rdap-query-16: (with DISCUSS and COMMENT)
X-BeenThere: weirds@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "WHOIS-based Extensible Internet Registration Data Service \(WEIRDS\)" <weirds.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/weirds>, <mailto:weirds-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/weirds/>
List-Post: <mailto:weirds@ietf.org>
List-Help: <mailto:weirds-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/weirds>, <mailto:weirds-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Oct 2014 22:45:43 -0000

On Oct 29, 2014, at 2:47 PM, Ted Lemon <Ted.Lemon@nominum.com> wrote:

> Point 1:
> 
> In section 3.1.1, it's not clear which of three alternative things you
> may have been specifying: (1) the ASCII representation of the IP address
> is intended to be converted to binary before use, (2) the ASCII
> representation is intended to be used directly, or (3) whether the IP
> address is converted to binary prior to use is an implementation choice. 
> If (1) is what's intended, you should say so explicitly.   If either (2)
> or (3) is intended, then the representation that's used needs to be in
> some canonical form, and the text as written does not ensure that it will
> be.
> 
> So to address this discuss, you should either update the text to say that
> (1) is what's intended, and it won't work otherwise, or you need to
> require, not suggest, a canonical representation.   If you go with the
> second option, your reference to RFC 5952 isn't adequate: you need to
> specifically reference section 4, and specifically exclude section 5.   I
> have no preference as to how you resolve this.

It is option 3. However, the implementer wishes to construct a database is up to the implementer. They need to be able to parse IPv6 addresses and use them to construct whatever key their database uses, be it textual or binary. Having implemented both forms, you cannot simply take the textual representation and use that as a key.

All that being said, I don’t understand the suggested fix. Section 5 of RFC 5952 is about IPv4 embedded addresses in IPv6 addresses. But they are different addresses. There is no collision so the need for canonicalization isn’t obvious. Cutting embedded-IPv4 addresses does make implementation easier, and I don’t think anybody would actually care if they were explicitly forbidden.


> In 3.2.1 and 3.2.2, the main use cases I can see for nameserver searches
> are for spammers to identify related domains, and for eavesdroppers to do
> the same.   What's the motivation for including these capabilities?   At
> a minimum, the privacy considerations for this search ought to be
> discussed in a privacy considerations section or in the security
> considerations section.

Nameserver searches return nameserver objects. I don’t know how useful that would be a to a spammer, but to a nameserver operator trying to determine which registrations are pointing to their nameserver, that seems useful.

> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Point A:
> 
> In 3.1.2:
> 
>   For example, the following URL would be used to find information
>   describing autonomous system number 12 (a number within a range of
>   registered blocks):
> 
>   http://example.com/rdap/autnum/12
> 
>   The following URL would be used to find information describing 4-byte
>   autonomous system number 65538:
> 
>   http://example.com/rdap/autnum/65538
> 
> The examples don't really seem to illustrate what is said in the text.  
> The syntax for both examples is the same, and we don't see any return
> results.   So to say that one example is an example of a number within a
> range of registered blocks, while the other is a 4-byte number, doesn't
> make sense because the query formats are identical.   The preceding text
> is clear, if I understand it correctly: a number in the path element
> following 'autnum' is an autonomous system number, which references a
> block of one or more numbers.   If there are additional semantics, e.g.,
> byte size boundaries for AS numbers, that are also encoded in the query,
> those should be described explicitly.   But IMHO that doesn't make sense:
> in _this_ context, these are just decimal numbers of arbitrary precision,
> and how many bytes they are, or whether any particular number references
> a block or just a single number, is not something that should be
> mentioned in the examples.

Those examples seem far away from that reference to ASPLAIN and RFC 5396. The point is: don’t do ASDOT… which is an issue for 4-byte as numbers. We should probably actually say that, and split apart the first paragraph to put the examples closer to it.

-andy

v2.23.0 | Report a Bug | By Email