On 4/5/23, 12:56 PM, "Mario Loffredo" <mario.loffr...@iit.cnr.it <mailto:mario.loffr...@iit.cnr.it>> wrote: >>>>>> [SAH] Nit: as alluded to by Jasdip above, RFC 7231 has been >>>>>> obsoleted by >>>> RFC 9110. >>>>>> >>>>>> The 501 text is 9110 is consistent with 7231, but I don’t think >>>>>> it’s limited to >>>> an invalid method. If the operative text is “the server does not >>>> support the functionality required to fulfill the request”, the >>>> response can be returned for >>>> *any* condition in which the server does not support the >>>> functionality required to fulfill the request. It doesn’t say that >>>> “the server does not support the requested method”. I still believe that >>>> 501 >> would be the best response. >>>>> After rereading the text, I agree with Scott. >>>> [ML] Just to understand better, daes it mean that an RDAP server >>>> should support additional lookups and searches to those really >>>> implemented with the only purpose of returning an error ? >>> [SAH] No. The point I'm trying to make is that if a client sends a valid >>> request >> to an RDAP server, and that request can't be processed because the requested >> functionality isn't supported, then a 501 response is appropriate. >> >> [ML] It's unclear to me what "functionality" (as well as "unsupported query >> type") means. >> >> Excluding the HTTP methods and the endpoints, what remains is a >> functionality >> requested by clients through either a query parameter or an header but >> unsupported/unknown parameters/headers are simply ignored. >> >> Is there something else ? > [SAH] A path segment? Imagine sending something like this to a domain name > registry: > > https://example.com/rdap/autnum/12 <https://example.com/rdap/autnum/12> > > It's RDAP-valid, but a domain name registry probably doesn't support > autonomous system number lookup functionality.
[ML] Don't know if I'm the only one but I think it's an unpractical recommendation. I admit that 501 is more explanatory because, taking your example, 404 would be returned when the autnum lookup is unsupported and when autnum/12 is not found but a server can provide the clients with information about the supported features by other means. Conversely, exposing useless endpoints on the web means not only to require an unnecessary implementation effort but also to enlarge the surface of cyberattacks. Definitely, the servers need only to handle the endpoints they really listen at and the query parameters or request headers they really support. That said, if I'm the only dissonant voice in discussion, I'll add that recommendation to rdap-reverse-search. [JS] Mario, I think it would be a good idea to add verbiage for 501 (Not Implemented) in this draft since we have a precedence in RFC 9082 and that does not seem to cover new query types like reverse search. Then, the draft can proceed to the next step. :) Cheers, Jasdip _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
