Re: [eppext] Genart LC review draft-ietf-eppext-keyrelay-10

Rik Ribbers <rik.ribbers@sidn.nl> Thu, 26 November 2015 11:51 UTC

Return-Path: <rik.ribbers@sidn.nl>
X-Original-To: eppext@ietfa.amsl.com
Delivered-To: eppext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD1071A1A3C; Thu, 26 Nov 2015 03:51:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.491
X-Spam-Level:
X-Spam-Status: No, score=-0.491 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_NL=0.55, HOST_EQ_NL=1.545, RP_MATCHES_RCVD=-0.585, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EZO7Pxe38V7t; Thu, 26 Nov 2015 03:51:52 -0800 (PST)
Received: from arn2-kamx.sidn.nl (kamx.sidn.nl [IPv6:2a00:d78:0:147:94:198:152:69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 494311A1A3B; Thu, 26 Nov 2015 03:51:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; d=sidn.nl; s=sidn-nl; c=relaxed/relaxed; h=from:to:cc:subject:thread-topic:thread-index:date:message-id:references:in-reply-to:accept-language:content-language:x-ms-has-attach:x-ms-tnef-correlator:x-mailer:x-ms-exchange-messagesentrepresentingtype:x-ms-exchange-transport-fromentityheader:x-originating-ip:content-type:mime-version; bh=XELHrVZfo2CGO4bsjrBa7gHpKWMGsg61sccxyIH8WEE=; b=Oj11rVz2o1aNcLH/YUXdBVpTXE9xv9bez2bchc5MSs+2ZBHz755KYI78dCSYW0NYhMu/3dx6wUkZQmYEDTtkL2J2B7+FWifiRjgQHR95OGDy+jfZxrk8wHPJUcrT9C+kdELjvPnORWyEAvGbLtK0idIxj/Q17RruzLx12jvcioDiUEZEYohGfOrBdZhJbklc4dFQFafR1wgaIASwyD1hmxQrUHBdqqR/v9r9ZR7Z6hDY9Ak+WELAnsmnYSeVRScgG614/gckOaMUQd3EJ1/BpI2xNnaMaBmnmb1KWNZtAnI/E/7/YwYH5FHyJDbIquljTrntndXDKkoUSHR0/fT2yA==
Received: from ka-mbx03.SIDN.local ([192.168.2.179]) by arn2-kamx.sidn.nl with ESMTP id tAQBpobt012242-tAQBpobv012242 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=CAFAIL); Thu, 26 Nov 2015 12:51:50 +0100
Received: from ka-mbx02.SIDN.local (192.168.2.178) by ka-mbx03.SIDN.local (192.168.2.179) with Microsoft SMTP Server (TLS) id 15.0.1130.7; Thu, 26 Nov 2015 12:51:50 +0100
Received: from ka-mbx02.SIDN.local ([fe80::9855:369a:1ca4:6549]) by ka-mbx02.SIDN.local ([fe80::9855:369a:1ca4:6549%13]) with mapi id 15.00.1130.005; Thu, 26 Nov 2015 12:51:50 +0100
From: Rik Ribbers <rik.ribbers@sidn.nl>
To: "jsparks@nostrum.com" <jsparks@nostrum.com>
Thread-Topic: Genart LC review draft-ietf-eppext-keyrelay-10
Thread-Index: AQHRJ8qvUUmoUlt7Lk2D1DGK0P8IvZ6t87+wgAAtkoA=
Date: Thu, 26 Nov 2015 11:51:50 +0000
Message-ID: <B946A895-FCEE-42F5-9C41-90294AF3B6E1@sidn.nl>
References: <56562C04.2060308@nostrum.com> <83211e9673814251ba1c6aad91c6d526@ka-mbx02.SIDN.local>
In-Reply-To: <83211e9673814251ba1c6aad91c6d526@ka-mbx02.SIDN.local>
Accept-Language: nl-NL, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3096.5)
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [192.168.4.164]
Content-Type: multipart/signed; boundary="Apple-Mail=_D76AF497-A2F1-4F02-B0D1-E541C3656902"; protocol="application/pkcs7-signature"; micalg=sha1
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/eppext/oNpeZYc5MLoTBU9Pc20IHgmtP5Y>
Cc: "draft-ietf-eppext-keyrelay@ietf.org" <draft-ietf-eppext-keyrelay@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, Marc Groeneweg <Marc.Groeneweg@sidn.nl>, eppext <eppext@ietf.org>
Subject: Re: [eppext] Genart LC review draft-ietf-eppext-keyrelay-10
X-BeenThere: eppext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: EPPEXT <eppext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/eppext>, <mailto:eppext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/eppext/>
List-Post: <mailto:eppext@ietf.org>
List-Help: <mailto:eppext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/eppext>, <mailto:eppext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2015 11:51:54 -0000

Hello Robert,

Thanks for the feedback, my comments are inline.

Gr,
Rik 

> This is a small nit, but please consider changing the document to address it. The motivation for this extension leans on improving the security of transferring information between registrars. It should be recast as providing better automation and reliability instead. > In practice (and I think in specification), it hinges on passing a password from the registrar of record to the gaining registrar through some unspecified means (though typically through the registrant). That password is required to be placed in the create by the >? > gaining registrar as specified in this document in order for that create to succeed at the registry. While it would be impractical and error-prone, the same channel that was used to hand this password around _could_ be used to pass the keying material this > extension addresses.

My proposal is to change the last sentence of the introduction to emphasise the automation and reliability.

old text:
In this document we define an EPP extension to support and automate this
transaction.

new text:
In this document we define an EPP extension to support automation and a 
reliable transfer of DNSSEC key material. 

> Reading draft-koch-dnsop-operator-change (an informational reference
> currently) helped greatly with understanding this document. That draft expired in 2014. Please be sure it advances, and consider making it a normative reference.
> If it is not going to move forward, consider pulling some of the transfer mechanic recommendations and the definitions of losing/gaining entities into this draft, unless they've already made it into the RFC series somewhere else?

The draft is not going forward. The draft describes one possible solution for changing the DNS operator of a domainname. There are several more options to do this (even without the use of EPP). In that sense it is informative. This document focusses on the EPP protocol syntax. So I’m not in favour of making it a normative reference.

> The security considerations document says a server SHOULD NOT perform any transformation on data under server management when processing a <keyrelay:create> command. Can this point to more detailed discussion somewhere? Why is this not a MUST >NOT? (What are the conditions where violating the SHOULD NOT is the right thing to do? What are the risks a server takes if it performs such a transformation?)

The reason it is in the text is that key relay commands only use the secure, authenticated channel for relaying a DNSSEC key. There is no need for the server to do anything else then put the DNSSEC key material on the poll queue of another client. One of the major problems (or one advantage depending on how you see things) with EPP is that every registry, especially the ccTLDs have their own policies, extensions and local regulations. So making it a MUST NOT can prevent a server from complying with this document in cases where local regulations are not compliant. This also is against the E in EPP; extensible.


> Micro-nit : In section 2.1 where you say "The <expiry> element MUST contain one of the following", consider saying "The <expiry> element MUST contain exactly one of the following”.

Done in the working copy.