A LoST extension to return complete and similar location info
draft-ietf-ecrit-similar-location-19

Thank you to Scott Kelly for the SECDIR review.

** Section 6.  This document should have a normative reference to the schema format used in this section.  Is that RELAX NG? or W3 Schema?  I’ll note that [I-D.ietf-ecrit-lost-planned-changes] also doesn’t normatively reference a schema format.

** Section 7.  Given the deployment models of LoST, is it expected that the entire contents of the server database would be publicly available?  Would it be an issue if large portions of the LoST back-end database (on the LoST server) were revealed?  I ask because if the server is willing to correct input/provide suggestions based on partial on invalid client input, a malicious party could potentially use this to enumerate the database via high volume of invalid/partial queries. If that’s a threat, then perhaps there should be a form for rate limiting applied on the number of corrected queries permitted per unit time.

Thank you for the work put into this document. 

Special thanks to Dwight Purtle for the shepherd's write-up including the detailed section about the WG consensus. 

Thank you as well to Tatuya Jinmei for this INT directorate review at:
https://datatracker.ietf.org/doc/review-ietf-ecrit-similar-location-18-intdir-telechat-jinmei-2022-02-25/
I have seen that Brian Rosen has already replied to this review.

After reviewing the document, I have no further comments.

I hope that Tatuya's review helps to improve the document,

Regards,

-éric

There were a few terms/XML elements used that I couldn't readily find a
clear definition for, across this document, RFC 5139, and RFC 5222, which
makes me wonder if there are any additional references we could list as
background reading for relevant terminology.  (Things like <POD> and
<STS>, though the latter is slightly harder to do a plaintext search for
so I may have just missed it.)

Section 2

   Civic Location:  The term Civic Location applies to a set of one or
      more Civic Address Elements that are used in conjunction with each
      other, and in accordance with a known ruleset to designate a
      specific place within a region of geography, or a region of
      geography by itself as defined in [RFC5139].

Interestingly, I find neither the word "region" nor the word "geography"
in RFC 5139 ... perhaps we should say more about specifically which parts
of RFC 5139 are relevant here (particularly for the "as defined in" statement)?

   Complete Location:  An expanded civic location that includes other
      Civic Address Elements in addition to the existing validated Civic
      Address Elements provided as input to a LoST server.  Complete
      Location may be returned when the input location is valid but
      incomplete

This definition seems to be purely observational, relying on the LoST
server providing more elements than were supplied to it, without any
mention of why the server would do so or what information the new elements
might contain.  In other words, in what sense is this "complete"?

Also, we don't define what "incomplete" or an "incomplete location" is...

Section 7

We do pretty clearly state earlier that "the client cannot assume that any
[of the response locations] is the correct location", so I'm on the fence
about whether there's value in restating here that "though the intent of
this extension is to allow the LoST server to provide more accurate
location information to the client, only the client is in a position to
assess whether the response accurately reflects the intended location; in
particular, the client cannot assume that any of the returned locations is
the correct one without performing its own validation".

                                 Providing more CAtypes generally
   doesn't actually reveal anything more.  [...]

The main route to a potential exception of the "generally" qualifier here
would be if the LoST server somehow had particularly sensitive or
non-public information in its database (but I can't come up with any
particularly plausible examples of that at the moment).  That said, this
sentence also reads a bit strangely to me, so I might consider
NEW:
% Providing more CAtypes generally doesn't actually reveal anything more
% than the unique location of the address in question, unless the LoST
% server has particularly sensitive or non-address information in its
% database.


NITS

Section 1

                                      The use of this protocol extension
   facilitates the timely correction of errors, and allows location
   servers to be more easily provisioned with complete address
   information.

I'm a little confused at how specifically this extension allows *location
servers* to be more easily *provisioned* with complete address
information.  I would have thought that rather it allows location servers
to more readily *provide* complete address information to location
consumers.  Am I misunderstanding the LoST protocol flow?

Section 4

   These elements MAY contain location information either in the Basic
   Civic profile defined in [RFC5222] or in another profile whose
   definition provides instructions concerning its use with this
   extension but this MUST be the same profile as the location in the
   query.  [...]

I think a comma or other punctuation before "but" would aid readability.

Thank you for the work on this document

Many thanks to Claudio Allocchio for his ART ART review:
https://mailarchive.ietf.org/arch/msg/art/gTqJGjkpYHmcYZPoX1oTvPqC_Zg/.

I only have one comment on two uses of SHOULD in the text.

Francesca

1. -----

   call, it might not be as desirable for other services.  Individual
   LoST server implementations SHOULD consider the risk of releasing
   more detail versus the value in doing so.  Generally, supplying more

   LoST server implementations SHOULD evaluate the particular use cases
   where this extension is supported, and weigh the risks around its
   use. 

FP: I believe the use of BCP 14 SHOULD is inappropriate here - these statements are not for interoperability, and as 2119 states, BCP 14 terms must only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm. "SHOULD consider" and "SHOULD evaluate" fall out of this case. Replacing SHOULD with "should" or "ought to" would be my choice.

1. In Section 4 you have

   Clients can control the return of additional location information by
   including the optional 'returnAdditionalLocation' attribute with
   possible values 'none', 'similar', 'complete' or 'any'.  The value
   'none' means to not return additional location information, 'similar'
   and 'complete' mean to only return the respective type of additional
   location information (if the server could send any) and 'any' means
   to include Similar and/or Complete Location (if the server could send
   any).

I don’t know if extensibility is a consideration for you at all, but if it is, might it be appropriate to tweak the definition of ‘any’ slightly? As written, if the returnAdditionalLocation attribute were later extended to have the additional possible value ‘sporcle’, a request for ‘any’ from a strictly compliant implementation would still presumably only return Similar and/or Complete but not Sporcle results.

(The fact I can’t think of a non-silly example may suggest that this point is moot.)

2. In Section 5.2, I’m confused. Surely (or SHIRLEY) that query and response can’t be right? I expected it to match the second example given in Section 3, but it doesn’t at all. Nor do the purported similarLocations seem to match the query very well (they differ in much more than just POD, for example the countries of the two similarLocations differ and of course one differs from the country of the query. And now my head is spinning with the plate tectonic implications of Queensland and Washington State colliding.

Nits:

   (county) and <PC> (Postal Code) Civic Address Elements.  In this
   example, too, the LoST server is able uniquely locate the intended

“is able” -> “is able to”

Found terminology that should be reviewed for inclusivity; see
https://www.rfc-editor.org/part2/#inclusive_language for background and more
guidance:

 * Term "invalid"; alternatives might be "not valid", "unenforceable", "not
   binding", "inoperative", "illegitimate", "incorrect", "improper",
   "unacceptable", "inapplicable", "revoked", "rescinded".

Thanks to Russ Housley for their General Area Review Team (Gen-ART) review
(https://mailarchive.ietf.org/arch/msg/gen-art/mSoW1geq28l0DgXA32V6cZz01fQ).

-------------------------------------------------------------------------------
All comments below are about very minor potential issues that you may choose to
address in some way - or ignore - as you see fit. Some were flagged by
automated tools (via https://github.com/larseggert/ietf-reviewtool), so there
will likely be some false positives. There is no need to let me know what you
did with these suggestions.

Section 4. , paragraph 1, nit:
>  supposed to be; it is guessing. Therefore the correct location may or may n
>                                  ^^^^^^^^^
A comma may be missing after the conjunctive/linking adverb "Therefore".

These URLs in the document can probably be converted to HTTPS:
 * http://www.w3.org/1999/xhtml
 * http://www.w3.org/2001/XMLSchema
 * http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd