Re: [eppext] I-D Action: draft-zhou-eppext-contact-verification-00.txt

"Gould, James" <JGould@verisign.com> Mon, 04 January 2016 13:28 UTC

Return-Path: <JGould@verisign.com>
X-Original-To: eppext@ietfa.amsl.com
Delivered-To: eppext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 894551A871F for <eppext@ietfa.amsl.com>; Mon, 4 Jan 2016 05:28:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, GB_ABOUTYOU=0.5, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SgZ5AfmsOjDU for <eppext@ietfa.amsl.com>; Mon, 4 Jan 2016 05:27:56 -0800 (PST)
Received: from mail-qg0-x263.google.com (mail-qg0-x263.google.com [IPv6:2607:f8b0:400d:c04::263]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 267131A870A for <eppext@ietf.org>; Mon, 4 Jan 2016 05:27:56 -0800 (PST)
Received: by mail-qg0-x263.google.com with SMTP id b35so17156114qge.0 for <eppext@ietf.org>; Mon, 04 Jan 2016 05:27:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=verisign-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:thread-topic:thread-index:date:message-id :references:in-reply-to:accept-language:content-language :content-type:mime-version; bh=VbGOUdcJoS3PB/NRs/p3yTwI/OkXGHcTtAUlQ9TjuK4=; b=WQVUPh1YDwsywu5He5ojB/q56y0tWiH4RYFT9fcQzoTRgAfiLyEMMkgbp8DL2FnZUn 6WQgqR/oVLXCeyADRQSkOURuubeWICI93VEb/q4Pm1ZHeYHpEGM8lChoMCI5ez6AC8ww DZXz03UQQKBp2mg8rrGire3EfY+D8n9UiNJY8cDee09cBk+Y300rBrCOcPc6iP914Avh EbCEdVaJvyz+ztols9mJxyfvjPkI0ncVQuIdwoyixzzlVzTdMdtT0nnqHXZfF7+yh/+B HSeuEY06kbN4v3l7en2c/rAT6N2KGx/qAA+w1r7J6MYkp/Btix13Oi/qNkMcE4xrPNu+ GUfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-type:mime-version; bh=VbGOUdcJoS3PB/NRs/p3yTwI/OkXGHcTtAUlQ9TjuK4=; b=HPiKQXgbYfhlk8EleH86w/friAht+Bk3vU+7HQ1IN2f46PwgE58jYxAvA4+vOFcssA pkedAxYD2LYdJ+Fy2v8E2hUUINlaC0T2LwDmy2/LgIT8oYpfrdQ+G0oOJSVTsv+pc30J H/gGbeNOqMcpsR1BZbsga13Sedv2kwQRW6rENIxAy3AzCBkw2apz49Niyd6e2CFtESow S3BL/uxKKoJpwzyGrnFINYQElxy82hWFJPZuwDIAJtJWQa+Dw9HvY00j88fIXv4tEeZs RGgRSIlZOI8IqMt1nY5zHqllmcyDrFHjqL8t6U8fD77npW5akHYqKk5SJjecbpIPLXes oyig==
X-Gm-Message-State: ALoCoQl9UoFNetmC163hv5z3bmyxslPlj4rjQsfyvMlGFRsDCnpcfHp2BMxebPaoUi82bGjTz61pb5DA5MtLTRxy9WNNBK1VhSG6+GHi8JxjQHVRxOa1fbI=
X-Received: by 10.140.42.164 with SMTP id c33mr116070504qga.66.1451914075087; Mon, 04 Jan 2016 05:27:55 -0800 (PST)
Received: from brn1lxmailout01.verisign.com (brn1lxmailout01.verisign.com. [72.13.63.41]) by smtp-relay.gmail.com with ESMTPS id x206sm10142673qka.10.2016.01.04.05.27.54 (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 04 Jan 2016 05:27:54 -0800 (PST)
X-Relaying-Domain: verisign.com
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id u04DRrwc024371 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 4 Jan 2016 08:27:53 -0500
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Mon, 4 Jan 2016 08:27:53 -0500
From: "Gould, James" <JGould@verisign.com>
To: Linlin Zhou <zhoulinlin@cnnic.cn>
Thread-Topic: [eppext] I-D Action: draft-zhou-eppext-contact-verification-00.txt
Thread-Index: AQHRRsdnVbdXGFM+d02LQ0rq6Zw8KJ7rrcAA
Date: Mon, 4 Jan 2016 13:27:52 +0000
Message-ID: <DC33ECE6-F9D6-4866-B49E-7DCA7E81A95B@verisign.com>
References: <2015122109491079450710@cnnic.cn> <56780FA4.1000609@knet.cn> <C41D7AF7FCECBE44940E9477E8E70D7A4B22C4E5@BRN1WNEXMBX01.vcorp.ad.vrsn.com> <2015122215070435275863@cnnic.cn> <1A233C0F-484E-4064-A9DB-97D109811986@verisign.com> <2015122417311749669576@cnnic.cn> <218EF327-9DD0-4ED7-A0C7-024BE2D6D29C@verisign.com> <014701d146c7$70a14b30$51e3e190$@cn>
In-Reply-To: <014701d146c7$70a14b30$51e3e190$@cn>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: multipart/related; boundary="_004_DC33ECE6F9D64866B49E7DCA7E81A95Bverisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/eppext/0arm38XCmQSpGCC9y7mpdl7kHs0>
Cc: eppext <eppext@ietf.org>, lidaiming <lidaiming@knet.cn>
Subject: Re: [eppext] I-D Action: draft-zhou-eppext-contact-verification-00.txt
X-BeenThere: eppext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: EPPEXT <eppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eppext>, <mailto:eppext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eppext/>
List-Post: <mailto:eppext@ietf.org>
List-Help: <mailto:eppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eppext>, <mailto:eppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Jan 2016 13:28:02 -0000

Linlin,

My feedback is embedded below.

Thanks,


—


JG


[cid:77031CC3-BE7A-4188-A95F-D23115A30A4D@vcorp.ad.vrsn.com]

James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

VerisignInc.com<http://VerisignInc.com>

On Jan 4, 2016, at 3:10 AM, Linlin Zhou <zhoulinlin@cnnic.cn<mailto:zhoulinlin@cnnic.cn>> wrote:

Hi James,

I assume that you mean SCP or HTTP.  Do you plan on submitting a draft that describes the protocol for transmitting the verification material for verification?
[Linlin] Yes, we are supposed to submit a draft. We are still in discussion.


Great, I look forward to reviewing it and providing feedback.

Yes, but since the contact mapping does not have the concept of type, the verification extension will apply to all contacts independent of the domain to contact relationship.  The contact verification status has interplay with the domain status that could be clarified in the contact extension, the domain extension, or both.
[Linlin] The verification process is based on the contact id. I think maybe a contact status element in domain extension would be possible to reflect the relation.


Yes, the verification is linked to the domain itself.  You may want to define the contact extension statuses as well in the context of the relationship to the domain; otherwise it would be assumed that all contacts (registrant, admin, tech, and billing, and even registrar) would require verification.

For example, what happens to the domain if it references contacts (registrant, admin, tech, and billing) with the supported set of verification statuses on a domain create or domain update?
[Linlin] In our preliminary design, we would like to leave this part to the new draft.


Are you planning on creating a new draft associated with the linkage of the domain to the contacts or are you planning on updating the domain extension, the contact extension, or both?


Regards,
Linlin

From: eppext-bounces@ietf.org<mailto:eppext-bounces@ietf.org> [mailto:eppext-bounces@ietf.org] On Behalf Of Gould, James
Sent: Tuesday, December 29, 2015 12:39 AM
To: Linlin Zhou
Cc: eppext@ietf.org<mailto:eppext@ietf.org>; lidaiming
Subject: Re: [eppext] I-D Action: draft-zhou-eppext-contact-verification-00.txt

Linlin,

My feedback is included below.

We've considered this issue and found that BCP of HTTP API may be more proper.

I assume that you mean SCP or HTTP.  Do you plan on submitting a draft that describes the protocol for transmitting the verification material for verification?  draft-xie-eppext-nv-mapping provides a mechanism to submit the verification material via EPP, which is the most straight forward mechanism.

Actually only the registrant need to be verified according to the regulation in China.


Yes, but since the contact mapping does not have the concept of type, the verification extension will apply to all contacts independent of the domain to contact relationship.  The contact verification status has interplay with the domain status that could be clarified in the contact extension, the domain extension, or both.


Yes, I think the poll command should be extented too.

draft-gould-change-poll can be used to extend the info response of the contact or domain to provide the client with the information associated with the server side verification change.


If only the registrant should be verified, I think a domain will not have different statuses contatcts.

Yes, the focus is on the registrant, but the registrant's contact verification status relationship with the domain status would be good to understand.  Also, the drafts should provide more detail into the relationship of the contact verification statuses of the other contact types (admin, tech, and billing).  This could be left to server policy, if the goal if for the drafts to be used more generically.  For example, what happens to the domain if it references contacts (registrant, admin, tech, and billing) with the supported set of verification statuses on a domain create or domain update?

From my rough understanding, a extensible protocol should support multiple applicable profiles.

Do you intend on targeting these drafts to meet only the China verification rules or to meet a more general set of verification rules?  If you intend on just meeting the China verification rules, then you can add more specific text to describe the China verification policies, and if you intend on meeting a more general set of verification rules, you may want to consider including the concept of verification profiles.

—

JG

<image001.png>

James Gould
Distinguished Engineer
jgould@Verisign.com<x-msg://28/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

VerisignInc.com<http://verisigninc.com/>

On Dec 24, 2015, at 4:31 AM, Linlin Zhou <zhoulinlin@cnnic.cn<mailto:zhoulinlin@cnnic.cn>> wrote:

Hi James,
Thanks for your feedback.
Regards,
________________________________
Linlin Zhou

From: Gould, James<mailto:JGould@verisign.com>
Date: 2015-12-23 23:52
To: Linlin Zhou<mailto:zhoulinlin@cnnic.cn>
CC: eppext@ietf.org<mailto:eppext@ietf.org>; lidaiming<mailto:lidaiming@knet.cn>
Subject: Re: [eppext] Fw: I-D Action: draft-zhou-eppext-contact-verification-00.txt
Linlin,

Thanks of the quick reply, my feedback is included below.

—

JG

<BF09FAA4-32D8-46(12-24-13-34-16).png>

James Gould
Distinguished Engineer
jgould@Verisign.com<x-msg://8/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

VerisignInc.com<http://verisigninc.com/>

On Dec 22, 2015, at 2:07 AM, Linlin Zhou <zhoulinlin@cnnic.cn<mailto:zhoulinlin@cnnic.cn>> wrote:

Hi James,
Thanks for your review. I have following feedbacks about your questions.
1. The drafts specified the query commands only, which are now implemented in some registries in China, to fufill most of the critical requirements . We are not going to add transform extension in EPP drafts at present as this function of upload proof materials has been developed and implemented via HTTP. Maybe after a sufficient test of using EPP transform commands to transfer large files, we could consider standardizing this part in EPP extension.

Since they are informational drafts it makes sense to include what is currently implemented, but it does not provide a complete solution for verification.  My recommendation is to publish your HTTP API as informational drafts to cover the transform side of the solution or extend the transform commands in your EPP extensions.  As noted previously on the list, there is no technical reason that EPP cannot be used to submit the verification material.

[Linlin] Thanks for your suggestion. We've considered this issue and found that BCP of HTTP API may be more proper.


2. Actually in verification process, there are typically two phases, domain verification and contact verification. Domain verification is aimed to check whether a domain is reserved or prohibited. Contact verification is to check the facticity of a person. So These two drafts are seperated.

There is added complexity in separating them since the aggregate verification (domain and real name) impacts the domain and not the contact.  In EPP contacts are managed separately from the domains, so putting the verification on the contacts raises some additional questions:


  1.  Do all contacts need to be verified (registrant, admin, tech, and billing), since contacts themselves don’t have the concept of type?

        [Linlin] Actually only the registrant need to be verified according to the regulation in China.



  1.  What is the expected behavior when a domain references a blocked or unverified registrant?

     *   Does it impact the status of the domain and if so how?
[Linlin] I think the simple process is to verify the domain, the verification status of a domain is pendingVerify. If it is a banned domain, after the period of pendingVerify, the domain will be deleted, no need to further check contact. If a domain passes verification but the registrant is unverified, the status of the domain maybe changed to serverHold and the status of the contact is failed. Updated proof materials are waited to be resubmitted.
     *   How does the client get notified of the domain status change?  We’re leveraging draft-gould-change-poll for this purpose.

                    [Linlin] Yes, I think the poll command should be extented too.



  1.  What happens when the domain is updated to reference a different set of contacts that have different statuses?

        [Linlin] If only the registrant should be verified, I think a domain will not have different statuses contatcts.

  1.  What happens to the domain when the contact statuses change?

        [Linlin] Please see the above answer.

Some of this behavior can be left to server policy and not explicitly defined in the protocol, but it would be good to know how you see this could work.


3. Yes, it is specific to China currently. But we don't exclude the possibility to make them as more general drafts if some other countries also have the verification regulations. Daiming Li mentioned to add some content about verification background as well. I think this is a good suggestion and a quick update will be posted soon.


In the verification code draft we defined the concept of a verification profile, which enables the server to communicate the applicable profile and for the client to explicitly specify the desired verification profile to apply.  You may want to consider some sort of similar concept.  The question is whether a client can have more than one applicable profile (province or state within a country), which may not be the case in China but could be elsewhere.
[Linlin]  From my rough understanding, a extensible protocol should support multiple applicable profiles.


Regards,
________________________________
Linlin Zhou

发件人: Gould, James<mailto:JGould@verisign.com>
发送时间: 2015-12-22 05:16
收件人: lidaiming<mailto:lidaiming@knet.cn>; Linlin Zhou<mailto:zhoulinlin@cnnic.cn>; eppext@ietf.org<mailto:eppext@ietf.org>
主题: Re: [eppext] Fw: I-D Action: draft-zhou-eppext-contact-verification-00.txt
Hi,

I have a few high level questions:

  1.  In reviewing draft-zhou-eppext-contact-verification and draft-wang-eppext-domain-verification, I see only extensions of the query responses (check and info), but I don't see extensions to the transform commands to submit the verification material.  Do you plan on adding extensions to the transform commands in the existing drafts or creating separate drafts for that purpose?
  2.  What is the relationship between the draft-zhou-eppext-contact-verification and draft-wang-eppext-domain-verification drafts?
  3.  Is draft-zhou-eppext-contact-verification and draft-wang-eppext-domain-verification only applicable to China verification or is being proposed as more general drafts?  I assume based on the Informational track that it's specific to China, but there is no reference to China in either draft.

Thanks,

Jim

________________________________
From: EppExt [eppext-bounces@ietf.org<mailto:eppext-bounces@ietf.org>] on behalf of lidaiming [lidaiming@knet.cn<mailto:lidaiming@knet.cn>]
Sent: Monday, December 21, 2015 9:41 AM
To: Linlin Zhou; eppext@ietf.org<mailto:eppext@ietf.org>
Subject: Re: [eppext] Fw: I-D Action: draft-zhou-eppext-contact-verification-00.txt
Linlin,

Thanks for your efforts.

Since this draft together with draft-wang-eppext-domain-verification-00 is intended to describe the very EPP extensions relating to verification mechanism in China, you might include their background and usecases in these drafts, to shed light on their applications and implementations.

Daiming

KNET Technologies

________________________________
发件人:"Linlin Zhou" <zhoulinlin@cnnic.cn<mailto:zhoulinlin@cnnic.cn>>
发送时间:2015-12-21 09:49
主题:[eppext] Fw: I-D Action: draft-zhou-eppext-contact-verification-00.txt
收件人:"eppext@ietf.org<mailto:eppext@ietf.org>"<eppext@ietf.org<mailto:eppext@ietf.org>>
抄送:

The draft of contact verification has been submitted, which is now applied in practice in some registries of China. Any comments are welcome.

Regards,
________________________________
Linlin Zhou

From: internet-drafts<mailto:internet-drafts@ietf.org>
Date: 2015-12-21 09:36
To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org>
Subject: I-D Action: draft-zhou-eppext-contact-verification-00.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.


        Title           : Verification Extension for the Extensible Provisioning Protocol (EPP) Contact Mapping
        Authors         : Linlin Zhou
                          Di Ma
                          Wei Wang
                          Ning Kong
                          Xiaodong Lee
                          James Galvin
Filename        : draft-zhou-eppext-contact-verification-00.txt
Pages           : 17
Date            : 2015-12-20

Abstract:
   This mapping describes an verification extension to EPP contact
   mapping [RFC5733].  Specified in Extensible Markup Language (XML),
   this extended mapping is applied to provide additional features
   required for the provisioning of contact verification.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-zhou-eppext-contact-verification/

There's also a htmlized version available at:
https://tools.ietf.org/html/draft-zhou-eppext-contact-verification-00


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org/>g/>.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org>
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
_______________________________________________
EppExt mailing list
EppExt@ietf.org<mailto:EppExt@ietf.org>
https://www.ietf.org/mailman/listinfo/eppext

_______________________________________________
EppExt mailing list
EppExt@ietf.org<mailto:EppExt@ietf.org>
https://www.ietf.org/mailman/listinfo/eppext

_______________________________________________
EppExt mailing list
EppExt@ietf.org<mailto:EppExt@ietf.org>
https://www.ietf.org/mailman/listinfo/eppext