Re: [regext] RDAP preference on abuse reporting

[Mario Loffredo]

Hi Alessandro,

plase see my comments below prefixed with [ML]
Il 15/02/2022 19:23, Hollenbeck, Scott ha scritto:
-----Original Message-----
From: Alessandro Vesely<ves...@tana.it>
Sent: Tuesday, February 15, 2022 1:08 PM
To: Hollenbeck, Scott<shollenb...@verisign.com>;regext@ietf.org
Subject: [EXTERNAL] Re: [regext] RDAP preference on abuse reporting

Caution: This email originated from outside the organization. Do not click
links
or open attachments unless you recognize the sender and know the content
is safe.

Hi,

On Tue 15/Feb/2022 14:28:17 +0100 Hollenbeck, Scott wrote:
From: regext<regext-boun...@ietf.org>  On Behalf Of Alessandro Vesely

I wrote a small utility to get abuse address(es) via RDAP.[*]  Today
someone told me that APNIC only has one abuse address, the other
address in the same vcardArray is not supposed to be used for abuse
reporting.  The addresses can be discriminated by one having pref=1 and
the other no pref.
AFAIK, pref is described in Section 5.3 of RFC 6530.  However, it is
still not very clear how to use it in this particular case.  Which of
the following is better for abuse
reporting:

* When email addresses are ordered by preference use only the most
preferred,

* When email addresses are ordered by preference use all except the
least preferred, or

* When email addresses are ordered by preference use the upper half of
them.

Note that the result is the same in the APNIC case.
[SAH] Could you show us the JSON data structure that you're referring to?
That'll better help us understand the RDAP response.

The example we were talking about is this:
https://secure-
web.cisco.com/1c_nTuKekZk59w0wfIpkFx8t1CZeXY4DolMyhNEdZQkD2yjDIh
mMthVeMz-
rBuu5WgpYPqXn0DWuJ4dsCRjLePgKCI66KJAwl71aiW7Z3q7QacUWrUq7gckRb
M-06XhwNaHFdRuJ00sH6BcV-p1xRVfu-qu-mRL9VSOznJJFa037rUvkB0_u9-
5niG9Lb8wiQc_OgP7d6i9EMIzCmaaRZbAZp3O2iTSiZ3dSlkn-
Xt5MMF8AxqGVaN4kiRD__KIDO/https%3A%2F%2Frdap.apnic.net%2Fip%2F
136.185.8.145
which has:

            [
              "email",
              {},
              "text",
              "shanka...@airtel.com"
            ],
            [
              "email",
              {
                "pref": "1"
              },
              "text",
              "dsltac2north.u...@airtel.com"
            ]
[SAH] According to what I read in 6350,"dsltac2north.u...@airtel.com"  is the
preferred address and"shanka...@airtel.com"  is the least preferred address
because it omits the pref parameter.

[ML] Agreed. The most preferred address is the one having the pref 
parameter with the lowest value.

So if you want to sort the abuse email addresses by the pref parameter 
the order will be the following:

1) Firstly, the email addresses ordered per the pref parameter from the 
lowest to the highest

2) Then, email addresses without the pref parameter in whatever order 
you want (maybe in the order of appearance)


Compare that with the whois version:
https://secure-web.cisco.com/1ODCHjK8pZn1FEkH787OrWs7-
2vqLQE9k1ZPKOwdIBysTqHHGEFIlRmh5NmY5JnNqR5dKowQjFW-TaasRvN-
BoiIcOekHmuLI6bwcg4fo_3ZZacP1c_JEwvUj6MgbC10Wgeg_fUeT0t4Fi4YHjZp
hwUJ5YokMF1hf6gUABG7OLmuXGJrMI-
fC2YwDgGqOS4QD63Flm1kp7IBL4pFAzVFFgZjiQxv7I3MNy7LhjjBFuGBeJT0WI
wI6mvG11zfBMS7T/https%3A%2F%2Fwq.apnic.net%2Fstatic%2Fsearch.html
%3Fquery%3D136.185.8.145
which has a prominent comment:

% Abuse contact for '136.185.0.0 - 136.185.255.255' is
'dsltac2north.u...@airtel.com'
[SAH] OK, this is consistent with the RDAP representation.

and afterwards has:

role: ABUSE BHARTITELEMEDIAIN
address: Bharti Airtel Ltd.
country: ZZ
phone: +000000000
e-mail: shanka...@airtel.com
admin-c: NS282-AP
tech-c: NS282-AP
nic-hdl: AB914-AP
remarks: Generated from irt object IRT-BHARTI-TELEMEDIA-IN
abuse-mailbox:dsltac2north.u...@airtel.com
mnt-by: APNIC-ABUSE
last-modified:  2020-05-16T21:36:43Z
source: APNIC
[SAH] ...and this could be confusing because WHOIS doesn't include anything to
indicate priority. As a human reader, though, the comment tells me which
address is preferred.

Section 5.3 of RFC 6350 doesn't say anything about using only the
most-preferred address(es). My suggestion with respect to 6350 is that
you should start with the most preferred address, use the next one if
that doesn't work, and so on. That suggestion might change depending
on what we see in the RDAP response.
The program's intention is to provide an email address for automated abuse
reports.  It seems clear to me that the intention of APNIC is to provide the
address of the responsible person for human-generated escalated support.
Did they overinterpret RFC 6350?  Or maybe they meant further specify PREF
t some point.  I know Byron participated to the discussion.

I just saw now a new draft for JSContact.  However, it neither says whether
PREF is to be used to discriminate automatic email messages.
[SAH] I'll leave that point for Mario to address. I don't think ANY of these
representations include a method to identify an address to received automated
messages.

[ML] The PREF parameter in vCard as well as the the "preference" type in 
JSContact have the same meaning:

   A preference value MUST be an integer number in the range 1 and 100.
   Lower values correspond to a higher level of preference, with 1 being
   most preferred.  If no preference is set, then the contact
   information MUST be interpreted as being least preferred.

The meaning is that it can be used to convey an order of preference in a 
collection of objects. That's it.

That said, vCard and JSContact are two representations for contact 
cards. They cannot provide special meaning depending on the context the 
contact card is used in.

If you need something to clearly discriminate an object compared to 
another, you can use value extensions.

For example, in vCard you can use an x-name for the value of the TYPE 
parameter. Similarly, in JSContact you can define a vendor-specific 
value for the Context data type.

If needed, property extensions can also be defined in both the 
representations.

Anyway, in my opinion, this is a matter of RDAP profiles.

APNIC can state in its profile that the abuse email address is only the 
preferred email address (I mean the only one with the pref parameter) in 
the list of email addresses of the contact with the abuse role.

Another registry can opt for providing the list of email address sorted 
by preference, another one can set no preference order at all.

In JSContact, you can conventionally use a given key  to assign a 
special meaning to an entry of the "emails" map. For example, you can 
use the key "abuse-mailbox" to identify the abuse mail address 
regardless the value of the "preference" member.


For what is worth, I would proceed as in the following:

1) If a contact with the abuse role exists:

1.a)  If at least one pref parameter exists, I would return only the 
most preferred email address;

1.b)  If the pref parameter is missing, I would return all the email 
addresses in order of appearance.

2) If a contact with the abuse role is missing, I would return no abuse 
email address

Hope It could be helpful.

Best,

Mario



Scott
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

--
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web:http://www.iit.cnr.it/mario.loffredo
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext