Last Call Review of draft-ietf-regext-rdap-partial-response-13
review-ietf-regext-rdap-partial-response-13-opsdir-lc-jaeggli-2020-08-15-00
Request | Review of | draft-ietf-regext-rdap-partial-response |
---|---|---|
Requested revision | No specific revision (document currently at 16) | |
Type | Last Call Review | |
Team | Ops Directorate (opsdir) | |
Deadline | 2020-08-14 | |
Requested | 2020-07-24 | |
Authors | Mario Loffredo , Maurizio Martinelli | |
I-D last updated | 2020-08-15 | |
Completed reviews |
Genart Last Call review of -12
by David Schinazi
(diff)
Opsdir Last Call review of -13 by Joel Jaeggli (diff) Secdir Last Call review of -13 by Joseph A. Salowey (diff) |
|
Assignment | Reviewer | Joel Jaeggli |
State | Completed | |
Request | Last Call review on draft-ietf-regext-rdap-partial-response by Ops Directorate Assigned | |
Posted at | https://mailarchive.ietf.org/arch/msg/ops-dir/52aZW8su_8kOms89adTeRLUj_0U | |
Reviewed revision | 13 (document currently at 16) | |
Result | Ready | |
Completed | 2020-08-15 |
review-ietf-regext-rdap-partial-response-13-opsdir-lc-jaeggli-2020-08-15-00
I have reviewed this document on behalf of the the operations directorate. This document appears ready. I would observe that the document describes fairly wide latitude with respect to what a server could do with with this facility, yet it's largely posed as facility for the client to reduce the data returned to it. A client that is authorized asking for less data then it is authorized for poses no real challenges however if s the document described one uses authorization level to determine what to include in the partial response the implementations need to be careful about how the implement such a control to prevent information leakage (what fielsd are omitted could tell you significant things about your authorization level for example. These server implementation considerations seem outside the scope of this document, and client requests for limited fields in a result don't have this property.