Re: [eppext] Stephen Farrell's Discuss on draft-ietf-eppext-tmch-smd-04: (with DISCUSS and COMMENT)

Barry Leiba <barryleiba@computer.org> Thu, 18 February 2016 15:17 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: eppext@ietfa.amsl.com
Delivered-To: eppext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A00BE1A8874; Thu, 18 Feb 2016 07:17:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ozf390DQzr8u; Thu, 18 Feb 2016 07:17:30 -0800 (PST)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49BBE1A00E2; Thu, 18 Feb 2016 07:17:30 -0800 (PST)
Received: by mail-io0-x234.google.com with SMTP id z135so76780476iof.0; Thu, 18 Feb 2016 07:17:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=kQ/5izLZZEJF9iqc8QtZ3hXy28ltttn9OMavyc2c74E=; b=STHWPygeaGz/1IsmG/YhtcMdHKW29B0f486AA9aV74DNNE6yEq4qVdBBSRAVGoFzln hvahVvMRmrps6TUelIbyR9ngRkbbvYxdbQ4woHM9E2XHQ1IhtI1KU/ilY8Sfg2/VmNqw B7IT7vn6QFNOnz5i5XzaTrUjBKclUeyuK2U1yGUEEP9KtK0ZbeEuezZnz8eZE4EeAR92 HWean0oLkKknPJSIo0TUsEEIrqDzehRfpQZIDHarW3qKBAm1EpobYZT4a2LwP4wqVjWQ 3aAldsXLb324QC5p3xahZOrC7pysv5Pwi7gJ92ASC952Uf1Eeakj4wvlrmjnrC//BvAe YXoA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=kQ/5izLZZEJF9iqc8QtZ3hXy28ltttn9OMavyc2c74E=; b=AyGWW3xBANF+PPwtT+M4jPTIIoXk4srA263yw7bJ0r0oejJEBnsOdIxEhFxtZawobe xGQEnZvbEQjI98IRg+Ux5EOn3Mk+Lw5NA29S8L7DGzUQhIHUdWqVu9EnrlZDikNJaYqO gEdbeWMUCEwUrG9PKbVWxYsv9CaBbf81X0HtpHRylUtQ0/znJJBkhe9q2v+5+k8r06Tn E3PjCBuc/NmOzfU6d+jKFiLxuR7Y7y577bRxluTui+cq1v/C+qk/RMhY8fBNYyfvnRhd gCghjWWCEWeakJ3ftftt7EcqLPNC5r+RaNKMqjtESqSgumj1zMxIn7larhPEMto1ttrb iGuA==
X-Gm-Message-State: AG10YOShWDLz/eNBdlOL4VjcTTuLpECnanj5us2gHrz1R9Vl/Qd/n1B/hmQMXi7CgmKucqz2WvAfeolt1GE9Xg==
MIME-Version: 1.0
X-Received: by 10.107.131.206 with SMTP id n75mr9391935ioi.189.1455808649718; Thu, 18 Feb 2016 07:17:29 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.36.156.5 with HTTP; Thu, 18 Feb 2016 07:17:29 -0800 (PST)
In-Reply-To: <20160215191046.25962.24626.idtracker@ietfa.amsl.com>
References: <20160215191046.25962.24626.idtracker@ietfa.amsl.com>
Date: Thu, 18 Feb 2016 07:17:29 -0800
X-Google-Sender-Auth: VDD5WVtdAqnyWVguWcu7lMf9Grs
Message-ID: <CALaySJL=nkxm7Hy-=02uzhYT4+VtaNJrEbep9FO+KPzraR_BZg@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Gustavo Lozano <gustavo.lozano@icann.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/eppext/_MXZAIQ8muCP4XYTBmIfibQ2hc0>
Cc: "nkong@cnnic.cn" <nkong@cnnic.cn>, draft-ietf-eppext-tmch-smd@ietf.org, eppext-chairs@ietf.org, eppext <eppext@ietf.org>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Subject: Re: [eppext] Stephen Farrell's Discuss on draft-ietf-eppext-tmch-smd-04: (with DISCUSS and COMMENT)
X-BeenThere: eppext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: EPPEXT <eppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eppext>, <mailto:eppext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eppext/>
List-Post: <mailto:eppext@ietf.org>
List-Help: <mailto:eppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eppext>, <mailto:eppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 15:17:31 -0000

Gustavo, we need some discussion here to resolve Stephen's issues
(which other ADs are agreeing with), and also Ben's comments and any
others that are out there.  Can you please respond soon?

Barry

On Mon, Feb 15, 2016 at 11:10 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie>; wrote:
> Stephen Farrell has entered the following ballot position for
> draft-ietf-eppext-tmch-smd-04: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-eppext-tmch-smd/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
>
> Section 7 points to [ICANN-TMCH] for signature validation policy
> (I think, not quite sure). I did a quick scan (so I might have
> missed it) of that document and did not find any mention of
> security or signature validation, so what is an implementer
> supposed to do, over and above just checking the cryptographic
> correctness of the XMLDSIG? Note1: I'm not asking that all of
> the details of how to construct a PKI for this functionality be
> documented here, somewhere else is fine, but it doesn't seem to
> be in [ICANN-TMCH] that I can see, so I don't know what I'd have
> to implement, that'd get interop. Note2: I'm also not asking for
> a US-DoD-scale super-huge PKI or RPKI to be specified here,
> something simpler should work.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
> - Please see the secdir review [1] which raises a number of
> significant points (including the DISCUSS above) and which
> hasn't as far as I've seen gotten a response (apologies if I
> missed that).
>
>    [1]
> https://www.ietf.org/mail-archive/web/secdir/current/msg06248.html
>
> - "precudle" nice:-)
>
>