IETF Logo Mail Archive

Re: [eppext] [provreg] Publishing of the Change Poll EPP Extension IETF Draft

"Gould, James" <JGould@verisign.com> Mon, 27 April 2015 13:05 UTC

Return-Path: <JGould@verisign.com>
X-Original-To: eppext@ietfa.amsl.com
Delivered-To: eppext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E7091B3175 for <eppext@ietfa.amsl.com>; Mon, 27 Apr 2015 06:05:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mLIVJqFk1SkA for <eppext@ietfa.amsl.com>; Mon, 27 Apr 2015 06:05:02 -0700 (PDT)
Received: from mail-qg0-f99.google.com (mail-qg0-f99.google.com [209.85.192.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B3F8D1B3174 for <eppext@ietf.org>; Mon, 27 Apr 2015 06:05:01 -0700 (PDT)
Received: by qgdq107 with SMTP id q107so3999495qgd.2 for <eppext@ietf.org>; Mon, 27 Apr 2015 06:05:00 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-type:mime-version; bh=xu1Gy4Yglnqt81ISBUgMo6UOeTRocoG8MxWv1e2/Gdk=; b=gKt7AJwwCBktS/JlTbh7tEi8TysD31ycbJrRFhBGDftmiKcaD/Q8z8086u+PiDNEzr sM7z9XiC6nx1J6bTcIfSong4DNAY3lRiMpyXynL7eetsg10EjPZaznfqLo/JUazd7S3l 4AJrzWwEnzRe4BFFcPIPI9wdfrAcQhtNhNhmmQoiasMx16Bcbex6W4ckZBynurN+4idp GQo/WDZhLcwdEf7uIGeotJDyQtGIoUuWFToStxO+joVUbRM8aA0zcyBTPUP1v9L+i3Py oKiJutnzowgt1RZs4LuXQXvWIT0j1FT31yVatdGd3VIy9nUcajAl0stILSs5bQWLbZgC MV8w==
X-Gm-Message-State: ALoCoQlOKX3B9NuGUFp+UkHzUucJLmPUOyjZQpfiP8j+REjhyUYxZHSNZLaNzTKnWqNOHQBKsaRwtU4pz3+Rj3MjuUj2t6XCJg==
X-Received: by 10.140.28.163 with SMTP id 32mr7362476qgz.5.1430139899916; Mon, 27 Apr 2015 06:04:59 -0700 (PDT)
Received: from brn1lxmailout02.verisign.com (brn1lxmailout02.verisign.com. [72.13.63.42]) by mx.google.com with ESMTPS id hl17sm5078008qcb.4.2015.04.27.06.04.59 (version=TLSv1 cipher=RC4-SHA bits=128/128); Mon, 27 Apr 2015 06:04:59 -0700 (PDT)
X-Relaying-Domain: verisign.com
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id t3RD4wVZ012657 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 27 Apr 2015 09:04:58 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Mon, 27 Apr 2015 09:04:58 -0400
From: "Gould, James" <JGould@verisign.com>
To: Patrick Mevzek <Patrick.Mevzek@afnic.fr>
Thread-Topic: [eppext] [provreg] Publishing of the Change Poll EPP Extension IETF Draft
Thread-Index: AQHQV6GRu+SBKM9m50GIF0h2fdNzaZ1eW4AAgAMN2AA=
Date: Mon, 27 Apr 2015 13:04:57 +0000
Message-ID: <34236AD6-86DD-4B52-AE9C-1AA3AB9C6C32@verisign.com>
References: <211D0420-18A3-43D7-9A3D-553B34C6DF43@verisign.com> <CAJ9-zoVSoY=g+70ZfYFkYG7KEFM88x0BxVRH5jUxNYqMsMt+8A@mail.gmail.com> <77F1013C-BF41-4982-9845-C1F87F69B5F5@verisign.com> <4D5E61F9-D8ED-48A1-BF40-6CE42B09601B@nic.br> <1429972004.16625.6.camel@citrine-mobile>
In-Reply-To: <1429972004.16625.6.camel@citrine-mobile>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: multipart/related; boundary="_004_34236AD686DD4B52AE9C1AA3AB9C6C32verisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/eppext/YQANpinVsq0Y4tUM1ruS91gLaOs>
Cc: "gtld-tech@icann.org" <gtld-tech@icann.org>, "eppext@ietf.org" <eppext@ietf.org>, Rubens Kuhl <rubensk@nic.br>
Subject: Re: [eppext] [provreg] Publishing of the Change Poll EPP Extension IETF Draft
X-BeenThere: eppext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: EPPEXT <eppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eppext>, <mailto:eppext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/eppext/>
List-Post: <mailto:eppext@ietf.org>
List-Help: <mailto:eppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eppext>, <mailto:eppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Apr 2015 13:05:06 -0000

Patrick,

We discussed the Change Poll Extension and the use case of DNS deferred publication at the Registration Operations Workshop (ROW) prior to IETF-92.  The question was whether the deferred publication was part of pending operations (e.g. pendingCreate, pendingUpdate).  No one could speak to the use case.  Can you describe the domain operation flow of a registry that supports deferred publication?  I see two different flows:


  1.  Pending Action
     *   Client sends domain create with NS (domain update would work in a similar fashion)
     *   Server puts the domain on pendingCreate status and returns the 1001 “Command completed successfully; action pending” response
     *   Server validates the NS (DNS servers respond correctly )
     *   If NS validate
        *   Remove the pendingCreate status
        *   Insert pending action (<domain:panData> ) poll message with a positive result ( “paResult=1” )
     *   else if within validation period
        *   Validate again at the next interval
     *   else
        *   Remove domain ( or reject update )
        *   Insert pending action (<domain:panData> ) poll message with negative result ( “paResult=0” ).  An extension could be added to provide more error detail.
  2.  Registration Deferred Publication ( My thoughts without any detail previously provided )
     *   Client sends domain create with NS ( domain update may work in a similar fashion, but I see some added complexity)
     *   Server accepts the domain create for deferred publication and sets the “serverHold” and “ serverUpdateProhibited” statuses pending the validation.
        *   A domain update would be more complex, since I imagine that the update would not add any server statuses to support the deferred validation.  I also imagine that the domain would not be removed from the zone based on the update deferred validation by putting the “serverHold” on it.  Is update of NS validated via a deferred validation model?
     *   Server validates the NS (DNS servers respond correctly )
     *   If NS validate
        *   Remove the “serverHold” and “serverUpdate” statuses
        *   Poll message here is in question.  Should this be a Change Poll message reflecting the update made by the server to remove the and “ serverUpdateProhibited” statuses based on the successful deferred publication validation?
           *   If so, I see the server operation as “update” and the reason as something like “Deferred publication validation success”.  The reason is free-form text.  The change poll message (domain info response) should reflect the removal of the “serverHold” and “serverUpdateProhibited” statuses.
     *   else if within validation period
        *   Validate again at the next interval.  No poll message required, since the state of the domain has not changed.
     *   else
        *   Remove the “serverUpdateProhibited” status to enable the client to modify the NS
        *   Poll message here is in question.  Should this be a Change Poll message reflecting the update made by the server to remove the “serverUpdateProhibited” status based on the failed deferred publication validation?
           *   If so, I see the server operation as “update” and the reason as something like “Deferred publication validation failed”.  The reason is free-form text.  The change poll message (domain info response) should reflect the removal of the “serverUpdateProhibited” status, and not the “serverHold” status still set.
              *   If additional information is required for this failure, I recommend creating a separate deferred publication failure extension or a generic validation failure extension that is attached to the change poll message.  The info response would provide the state of the object (domain in this case), the change poll extension would provide the what, when, why for the server-side change, and the validation failure extension would provide the failure detail.

I don’t see the operations done by the server above as being anything other than an “update” with the reason communicating the deferred publication validation result.  There are two forms of extensibility of operations defined in the draft that is supported by the <changePoll:operation> “op” attribute, which can be used to define a sub-operation (e.g. <changePoll:operation op=“deferredPublication”>update</changePoll:operation>) or a custom operation (e.g. <changePoll:operation op=“deferredPublication”>custom</changePoll:operation> ), which handles extensibility without the need for a new XML schema and requiring an extension to an extension.  Is there any other form of extensibility that you are looking for?

Thanks,


—


JG


[cid:77031CC3-BE7A-4188-A95F-D23115A30A4D@vcorp.ad.vrsn.com]

James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

VerisignInc.com<http://VerisignInc.com>

On Apr 25, 2015, at 10:26 AM, Patrick Mevzek <Patrick.Mevzek@afnic.fr<mailto:Patrick.Mevzek@afnic.fr>> wrote:

Le jeudi 05 mars 2015 à 21:07 -0300, Rubens Kuhl a écrit :

Has the use case of DNS publishing been considered for the changepoll
extension ? Some registries defer publication of a domain to the
registry zone until DNS servers respond correctly (authoritative,
DNSKEY matches DS etc.), and a poll message could signal that to the
sponsoring client. I couldn't find an appropriate operation in
changepoll-02... what are your and the group's thoughts on this ?

I agree that could be very useful, especially if the polling message can
carry some information on what tests have been done, which have failed,
and courses of action for the registrar (including info to know if the
failure is temporary or definitive).

However it could be using the operation name "update". But I would
recommend to define some kind of extensibility into the list of
operation names, making registry able to add some new ones.

When AFNIC did include a message for registrars after a DNS check in the
the past, here was how the polling message looked like :
<msgQ count="1" id="50001">
<qDate>2008-12-25T00:01:00.0Z</qDate>
<msg>
 <resZC type="plain-text">
ZONE : ndd-de-test-0001.fr<http://ndd-de-test-0001.fr>.
NS    : ns1.nic.fr<http://ns1.nic.fr>.
NS    : ns2.nic.fr<http://ns2.nic.fr>.
NS    : ns.ndd-de-test-0001.fr<http://ns.ndd-de-test-0001.fr>. [192.93.0.1, 2001:660:3005:1::1:1]

==> SUCCESS
 </resZC>
</msg>
</msgQ>


It was using at the time the pure text result of the Zonecheck tool.
Today, this tool has been replaced by ZoneMaster.

--
Patrick Mevzek

v2.8.7 | Report a Bug | By Email