IETF Logo Mail Archive

Re: [eppext] Extension Registration Request: Registry Fee Extension for the Extensible Provisioning Protocol (EPP)

Gavin Brown <gavin.brown@centralnic.com> Fri, 13 February 2015 13:13 UTC

Return-Path: <gavin.brown@centralnic.com>
X-Original-To: eppext@ietfa.amsl.com
Delivered-To: eppext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10BB91A702E for <eppext@ietfa.amsl.com>; Fri, 13 Feb 2015 05:13:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.862
X-Spam-Level:
X-Spam-Status: No, score=0.862 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_MISMATCH_COM=0.553, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6NOyRqhXdpe for <eppext@ietfa.amsl.com>; Fri, 13 Feb 2015 05:13:20 -0800 (PST)
Received: from smtp.centralnic.com (mail-7.fnb.uk.centralnic.net [5.44.25.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24D651A7033 for <eppext@ietf.org>; Fri, 13 Feb 2015 05:13:13 -0800 (PST)
Received: from Gavins-MacBook-Pro.local (unknown [217.138.20.162]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.centralnic.com (Postfix) with ESMTPSA id 0ECDA9E93; Fri, 13 Feb 2015 13:13:12 +0000 (UTC)
Message-ID: <54DDF867.1070705@centralnic.com>
Date: Fri, 13 Feb 2015 13:13:11 +0000
From: Gavin Brown <gavin.brown@centralnic.com>
Organization: CentralNic Ltd
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: Ning Kong <nkong@cnnic.cn>, "Hollenbeck, Scott" <shollenbeck@verisign.com>
References: <831693C2CDA2E849A7D7A712B24E257F49F3C5DD@BRN1WNEXMBX01.vcorp.ad.vrsn.com> <EB6318D0-0AE1-4E98-95C6-F6EC14718952@cnnic.cn>
In-Reply-To: <EB6318D0-0AE1-4E98-95C6-F6EC14718952@cnnic.cn>
OpenPGP: id=F923B4CE
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="18XQPvu9CHrRLfTexjGspQnUF0DoXX6W9"
Archived-At: <http://mailarchive.ietf.org/arch/msg/eppext/LBCji1m6ibwqrTBXeGyhVS1-hlI>
Cc: "eppext@ietf.org" <eppext@ietf.org>
Subject: Re: [eppext] Extension Registration Request: Registry Fee Extension for the Extensible Provisioning Protocol (EPP)
X-BeenThere: eppext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: EPPEXT <eppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eppext>, <mailto:eppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/eppext/>
List-Post: <mailto:eppext@ietf.org>
List-Help: <mailto:eppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eppext>, <mailto:eppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2015 13:13:22 -0000

On 11/02/2015 02:19, Ning Kong wrote:

> #2 IMO, the extension of <check> is not necessary. It seems that the extended <check> is a little overused. I think the extension of <info> is enough.

There has been some discussion of this point on this list; there seemed
to be no consensus for using <check> only or <info> only. In the
interests of pleasing the most number of people, I chose to support both.

I would be happy to revisit this question again as my personal
preference would be to only support one query command.

> #3 I’m afraid this extension may increase the risk of Security and Privacy. The fee information of domain registration is sensitive and maybe trade secrets for most registrars and registries.  Because different registrars would get different price based on their each commercial contract. So usually the fee information can only be known by the business people. But if the EPP is extended with the fee function, the sensitive information about fee may be accessed by the technical guys even through the log file of EPP system.

This is an interesting point. I will think about adding a Security
Considerations section to the draft which addresses this concern.

G.

-- 
Gavin Brown
Chief Technology Officer
CentralNic Group plc (LSE:CNIC)
Innovative, Reliable and Flexible Registry Services
for ccTLD, gTLD and private domain name registries
https://www.centralnic.com/

CentralNic Group plc is a company registered in England and Wales with
company number 8576358. Registered Offices: 35-39 Moorgate, London,
EC2R 6AR.

v2.8.7 | Report a Bug | By Email