Re: [eppext] New draft for keyrelay available

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 30 January 2015 14:20 UTC

From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: Rik Ribbers <rik.ribbers@sidn.nl>, "'Maarten Bosteels'" <maarten.bosteels@dnsbelgium.be>, Miek Gieben <miek@miek.nl>, "Gould, James" <JGould@verisign.com>, "eppext@ietf.org" <eppext@ietf.org>
Thread-Topic: [eppext] New draft for keyrelay available
Thread-Index: AQHQM8z5sCIQ9FoyhUSL8kWeEFCWPZzHobEAgAFZMYCAD8llcA==
Date: Fri, 30 Jan 2015 14:20:01 +0000
Message-ID: <831693C2CDA2E849A7D7A712B24E257F49F33387@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
References: <C80127C588F8F2409E2B535AF968B768B927CDA8@kambx2.SIDN.local> <0ED7237B-F4E8-45D7-971F-1625350DB0FC@verisign.com> <C80127C588F8F2409E2B535AF968B768B9280B52@kambx2.SIDN.local> <472EF001-1A03-4C50-A7DB-3D6B766B3BA8@verisign.com> <20150119094734.GA27180@miek.nl> <AF040383-7DED-4DDA-A52A-F40978697DF9@dnsbelgium.be> <C80127C588F8F2409E2B535AF968B768B9285C2F@kambx2.SIDN.local>
In-Reply-To: <C80127C588F8F2409E2B535AF968B768B9285C2F@kambx2.SIDN.local>
Accept-Language: en-US
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/eppext/Lxpq42P6ogb28ENhPae9ShcbmtY>
Subject: Re: [eppext] New draft for keyrelay available
Precedence: list

> -----Original Message-----
> From: EppExt [mailto:eppext-bounces@ietf.org] On Behalf Of Rik Ribbers
> Sent: Tuesday, January 20, 2015 3:02 AM
> To: 'Maarten Bosteels'; Miek Gieben; Gould, James; eppext@ietf.org
> Subject: Re: [eppext] New draft for keyrelay available
> 
> Hello Maarten,
> 
> Thx for the feedback, I hope more people with experience on extending
> EPP will state their opinion on the list.
> 
> We have implemented the functionality in our registration system, but
> it is not very actively used. What we see is that most registrars go
> insecure. Most of the time we see a transfer command followed (some
> time later in time) by a domain update to remove the old key material
> and add new key material. There is even a losing registrar that removes
> all DNS key data when a registrant requests its authorization token
> before the actual transfer.

One more opinion:

After reading through the draft again I believe I would have designed this differently. EPP commands typically act on or read data from objects, and if I'm reading keyrelay correctly the <relay> command isn't doing either of those things. It's pushing information to the server to be stored temporarily (in what?) so that it can be retrieved with a <poll> command. It would be more architecturally consistent to create a temporary relay object with the needed information and use an <info> command to retrieve the data. <poll> can be used to notify the receiving client that the information is there to be retrieved. Anyway, that's my two cents.

Rik's "not very actively used" comment is telling. DNSSEC isn't widely supported by registrars, so it makes sense that we're not seeing a lot of use. I don't have an issue with continuing work on this draft if the intention is to document the existing practice of one operator in an informational way, but I'm not comfortable with pursuing the current approach on the standards track. We should confirm the need before doing standards track work.

Scott

[eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Miek Gieben
Re: [eppext] New draft for keyrelay available Maarten Bosteels
Re: [eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Ulrich Wisser
Re: [eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Santosh Kalsangrah
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
[eppext] FW: New draft for keyrelay available Rik Ribbers
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Antoin Verschuren
Re: [eppext] New draft for keyrelay available Antoin Verschuren
Re: [eppext] New draft for keyrelay available Maarten Bosteels
Re: [eppext] New draft for keyrelay available Gould, James
Re: [eppext] New draft for keyrelay available Hollenbeck, Scott
Re: [eppext] New draft for keyrelay available Antoin Verschuren
Re: [eppext] New draft for keyrelay available Gould, James