Re: [eppext] New draft for keyrelay available

["Gould, James" <JGould@verisign.com>]

Scott,

I believe the intent is to insert the transient object into the poll queue for the target client.  The acknowledgement of the poll message should result in the implicit removal of the transient object from the server.  With what you’re proposing, the source client would create the transient object that I’m assuming would result in a poll notification containing a signal to the client to submit an info command to get the transient object information?  I’m assuming that the target client would then need to delete the transient object once they’re done with processing the message.  I believe it’s simpler and consistent with the concept of creating a transient poll message to support the create to create the poll message and the info response poll message for the consumption of the transient object.  In this case the poll queue is functioning as the repository for the transient object with the signal and data being one and the same, and the deletion of the transient object handled via the standard poll queue mechanism.


—


JG


[cid:77031CC3-BE7A-4188-A95F-D23115A30A4D@vcorp.ad.vrsn.com]

James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

VerisignInc.com<http://VerisignInc.com>

On Jan 30, 2015, at 9:20 AM, Hollenbeck, Scott <shollenbeck@verisign.com<mailto:shollenbeck@verisign.com>> wrote:

-----Original Message-----
From: EppExt [mailto:eppext-bounces@ietf.org] On Behalf Of Rik Ribbers
Sent: Tuesday, January 20, 2015 3:02 AM
To: 'Maarten Bosteels'; Miek Gieben; Gould, James; eppext@ietf.org<mailto:eppext@ietf.org>
Subject: Re: [eppext] New draft for keyrelay available

Hello Maarten,

Thx for the feedback, I hope more people with experience on extending
EPP will state their opinion on the list.

We have implemented the functionality in our registration system, but
it is not very actively used. What we see is that most registrars go
insecure. Most of the time we see a transfer command followed (some
time later in time) by a domain update to remove the old key material
and add new key material. There is even a losing registrar that removes
all DNS key data when a registrant requests its authorization token
before the actual transfer.

One more opinion:

After reading through the draft again I believe I would have designed this differently. EPP commands typically act on or read data from objects, and if I'm reading keyrelay correctly the <relay> command isn't doing either of those things. It's pushing information to the server to be stored temporarily (in what?) so that it can be retrieved with a <poll> command. It would be more architecturally consistent to create a temporary relay object with the needed information and use an <info> command to retrieve the data. <poll> can be used to notify the receiving client that the information is there to be retrieved. Anyway, that's my two cents.

Rik's "not very actively used" comment is telling. DNSSEC isn't widely supported by registrars, so it makes sense that we're not seeing a lot of use. I don't have an issue with continuing work on this draft if the intention is to document the existing practice of one operator in an informational way, but I'm not comfortable with pursuing the current approach on the standards track. We should confirm the need before doing standards track work.

Scott