[DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-automation-02 (Ends 2026-01-30)
"Hollenbeck, Scott" <shollenbeck@verisign.com> Tue, 27 January 2026 16:13 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 961E6ADC9DBD; Tue, 27 Jan 2026 08:13:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -4.398
X-Spam-Level:
X-Spam-Status: No, score=-4.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bbKf56Qazh1L; Tue, 27 Jan 2026 08:13:32 -0800 (PST)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) by mail2.ietf.org (Postfix) with ESMTP id 384B1ADC9DB8; Tue, 27 Jan 2026 08:13:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=2234; q=dns/txt; s=VRSN; t=1769530412; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=pYQVIBeCD4O4MVYSnnbUiTIBw8X6j/ISByeWmeC+p3M=; b=ZZcmoTt1G5SaHirw96wMRyQZmIc4eYjYJg4QR+cM/7ZJMG7oHpZ1iB32 nvYtRuXHylLZOwEGENgAAPLbA8i04phyaLEmjbHuUtLapAZSAhHf+o+2J z6nHgcVK9yQdYbO07ZvPrkyhyNDPpNDdTngPWsnT/Si1PUkLoaJEsS0Of wr/8qEafN9YaFztkKJBUnyndep5JuH3wgncVz8rv9nIPBIMz1zYYcbL23 ydgx4KiF1ZKC2PY+V7UV3NMbi5G7oK/GbfhMNcAZCXhqgawkDvfGY7cD3 APUewQAodUTMQzFXNkkV8TJvxVIto1b31J55mgXRfvRNBkSHdop2Q2mnx A==;
X-CSE-ConnectionGUID: 5xZMjq1DS4absU387BsVBA==
X-CSE-MsgGUID: UyBFLzcxSLGHPQJ8vI9SjQ==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:sPS7YqLqpVwGYKzQFE+RFpQlxSXFcZb7ZxGr2PjKsXjdYENS1zQFy mRLDWvUa/+OZTHxL40jOYXno00DupPcz4cxHFNorCE8RH908seUXt7xwmUcnc+xBpaaEB84t ZV2hv3odp1coqr0/0/1WlTZhSAik/nOGvykUbCs1hlZHWdMUD0mhQ9oh9k3i4tphcnRKw6Ws LsemeWGULOe82AyaDt8B56r8ks14qyr4mxA5zTSWNgQ1LPgvyhNZH4gDfzpR5fIatE8NvK3Q e/F0Ia48gvxlz8xCsmom6rMaUYDRLjfJ2Cm0hK6jID733CuDgRrukoKHKJ0hXV/0l1lrPgoo Dl5jqFcfC9yVkH6sL9ED0QHSXEW0Zpuo9crKVDn2SCa5xOeLyu0m52CBmluVWET0r4f7W2ja ZX0gd3CB/yOr7ve/V61dgVjrpkzHuzpJdozgS1pxyrkVqZ5a4v9aYyfsLe03B9o7ixPNdP/Q +VAVhxCXEyaJQNEPU0PTpsy2vmynX+5eDpdwL6XjfNvpTKPkkoojeKraoG9lt+iHK25mm6Dp mXC+2n/CBwRN/SBxCCE6XOjgKnEmiaTtIc6SObnq6Ex3gf7Kmo7NQw8e3+pqumCrmGeY+t9e 1I1qxEslP1nnKCsZpynN/Gim1afvgMFRtd4HOgz6QXLwa3Riy6VAHMDVntKaNUnrtQeRDE22 BmOhdyBLTBpq7qNYXOQ6rnSqim9UQAZN2YMeWoFQBcLptXlu4Yryx7UC99+DKmwh8H0HjfYw j2Wom45nbp7sCIQ/6C6+V+enDShtsCTCxUr/FyRW2O+qwl+Io+haNXu90LA67BLK4PxokS9g UXoUvO2tIgmZaxhXgTXKAnRNNlFP8q4DQA=
IronPort-HdrOrdr: A9a23:Zfe83KvMJctJADjw8wvukmOR7skDq9V00zEX/kB9WHVpm6uj5q WTdZUgpH3JYVkqOE3I9ervBEDiexzhHPdOiOEs1NyZLWrbUQWTTb1K3M/NzzrtACXi+uMY/r cIScRDIey1KVRhl8717E2bH8ZI+rO62ZHtoevF1X9iQUVRdqd6425CZzqzCEFsWwVcP5Y/Ga ed4sYvnVGdRUg=
X-Talos-CUID: 9a23:447hN2s40HknKI21pv0gFHmO6It4Yk/4zm6JD3TkAGxydebFFnWLxolNxp8=
X-Talos-MUID: 9a23:uiuk3Qm7vTZbWHhX0k7vdnpfJe1Gx7alGHspvrU+guvUKw0hADWk2WE=
X-IronPort-AV: E=Sophos;i="6.21,257,1763424000"; d="scan'208";a="43757362"
Received: from MILG1WNEX02.vcorp.ad.vrsn.com (10.246.152.23) by MILG1WNEX02.vcorp.ad.vrsn.com (10.246.152.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.2562.35; Tue, 27 Jan 2026 11:13:14 -0500
Received: from MILG1WNEX02.vcorp.ad.vrsn.com ([10.246.152.23]) by MILG1WNEX02.vcorp.ad.vrsn.com ([10.246.152.23]) with mapi id 15.02.2562.035; Tue, 27 Jan 2026 11:13:14 -0500
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "shuque@gmail.com" <shuque@gmail.com>, "dnsop-chairs@ietf.org" <dnsop-chairs@ietf.org>, "dnsop@ietf.org" <dnsop@ietf.org>, "draft-ietf-dnsop-ds-automation@ietf.org" <draft-ietf-dnsop-ds-automation@ietf.org>
Thread-Topic: [EXTERNAL] [DNSOP] WG Last Call: draft-ietf-dnsop-ds-automation-02 (Ends 2026-01-30)
Thread-Index: AQHchuj5zbraIc+BNUKKXNldsk9qdLVmIX7Q
Date: Tue, 27 Jan 2026 16:13:14 +0000
Message-ID: <1e06022f347b464aadbcf09511f1af81@verisign.com>
References: <176856870440.110819.15196252598377327203@dt-datatracker-865585c994-4fgh4>
In-Reply-To: <176856870440.110819.15196252598377327203@dt-datatracker-865585c994-4fgh4>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Message-ID-Hash: 6AGAFC7GWJIOZ52Q5W3UNJZMCU35IR5K
X-Message-ID-Hash: 6AGAFC7GWJIOZ52Q5W3UNJZMCU35IR5K
X-MailFrom: shollenbeck@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-automation-02 (Ends 2026-01-30)
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/yYCJhlLx2Cngbv9AiQvhTCYRJo4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
The document is in good shape. Section 4 discusses "Registration Locks", and cites RFC 5731. I agree with the recommendations, but the analysis is missing a key point from Section 2.3 of 5731. As stated there: "A server MAY alter or override status values set by a client, subject to local server policies. The status of an object MAY change as a result of either a client-initiated transform command or an action performed by a server operator." Automated DNSSEC delegation trust maintenance may well be part of a server policy. These statements make it very clear that a server operator can override client-set status values subject to local server policies, and as such I think it would be helpful to note this text from 5731 in Section 4.2.2 of the draft. I also think it would be very helpful to add text that describes what a registry server operator should do if they perform an update that overrides a client-set status value. A server operator that supports EPP could notify a client using the message polling service described in Section 2.9.2.3 of RFC 5730. Perhaps something like this could be added as the last paragraph in Section 4.2.2: "Section 2.3 of RFC 5731 [RFC5731] explicitly notes that an EPP server operator may override status values set by a client, subject to local server policies. There is, however, a risk of confusion if the server operator performs actions that override the status values set by a client. This risk can be mitigated by informing the client of automated actions taken buy the server using the polling service described in Section 2.9.2.3 of RFC 5730 [RFC5730]." Scott
- [DNSOP] WG Last Call: draft-ietf-dnsop-ds-automat… Shumon Huque via Datatracker
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Mark Elkins
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Hollenbeck, Scott
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Stefan Ubbink
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Oli Schacher
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Josh Simpson
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Csillag Tamas
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Philip Homburg
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Libor Peltan
- [DNSOP] Re: WG Last Call: draft-ietf-dnsop-ds-aut… Matthijs Mekking