IETF Logo Mail Archive

Re: [ire] New version (4) of the spec and new draft on DNRD (1)

Francisco Obispo <fobispo@isc.org> Thu, 13 December 2012 18:32 UTC

Return-Path: <fobispo@isc.org>
X-Original-To: ire@ietfa.amsl.com
Delivered-To: ire@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B8021F8B01 for <ire@ietfa.amsl.com>; Thu, 13 Dec 2012 10:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.333
X-Spam-Level:
X-Spam-Status: No, score=-2.333 tagged_above=-999 required=5 tests=[AWL=0.267, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oK+f4NKrThaO for <ire@ietfa.amsl.com>; Thu, 13 Dec 2012 10:31:59 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 6E51421F8ADA for <ire@ietf.org>; Thu, 13 Dec 2012 10:31:58 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 6F02E5F9B6C; Thu, 13 Dec 2012 18:31:41 +0000 (UTC) (envelope-from fobispo@isc.org)
Received: from [IPv6:2001:4f8:3:64:a47c:70b8:4a3:6de9] (unknown [IPv6:2001:4f8:3:64:a47c:70b8:4a3:6de9]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id DA431216C7B; Thu, 13 Dec 2012 18:31:39 +0000 (UTC) (envelope-from fobispo@isc.org)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Francisco Obispo <fobispo@isc.org>
In-Reply-To: <C41D7AF7FCECBE44940E9477E8E70D7A0D741FBF@BRN1WNEXMBX02.vcorp.ad.vrsn.com>
Date: Thu, 13 Dec 2012 10:31:39 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <C38AE9A5-98BF-4A5B-905D-188CC16415B7@isc.org>
References: <C41D7AF7FCECBE44940E9477E8E70D7A0D741FBF@BRN1WNEXMBX02.vcorp.ad.vrsn.com>
To: "Gould, James" <JGould@verisign.com>
X-Mailer: Apple Mail (2.1499)
Cc: Luis Muñoz <lem@isc.org>, "ire@ietf.org" <ire@ietf.org>
Subject: Re: [ire] New version (4) of the spec and new draft on DNRD (1)
X-BeenThere: ire@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Internet Registration Escrow discussion list." <ire.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ire>, <mailto:ire-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ire>
List-Post: <mailto:ire@ietf.org>
List-Help: <mailto:ire-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ire>, <mailto:ire-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Dec 2012 18:32:00 -0000

On Dec 13, 2012, at 9:42 AM, "Gould, James" <JGould@verisign.com> wrote:

> Your interpretation is different from mine of the EPP specifications.

I find myself in this situation more ofter than I would like, but it is my job to do fine grain review, and you guys have a better view because Verisign played an important role in the authorship of the docs, which is why I come to these lists to try to get clarification to those grey areas.


>  The
> term client is generic, where the reference to the "sponsoring client" in
> the description of <clID> refers to the registrar.  The reference to
> simply "client" in the description of crID and upID can and should refer
> to any client including the actual user.

Yes, but my interpretation is that those fields track 'registrars' not internal users.



> It makes no sense to only return
> the sponsoring client information for the crID and upID fields, since they
> would pretty much almost always match the same value of clID.


Not necessarily, 

1) REGISTRAR_A  creates a domain name (crID and clID = REGISTRAR_A)
2) Domain name is transferred to REGISTRAR_B (clID = REGISTRAR_B crID = REGISTRAR_A)
3) Domain name is updated (upID=REGISTRAR_B)
4) Domain name is transferred to REGISTRAR_C (clID=REGISTRAR_C)

Final state:

clID=REGISTRAR_C
crID=REGISTRAR_A
upID=REGISTRAR_B




>  It's best
> to reference the actual user (Registrar User, Registry User, or whoever)
> actually created or updated the object via any of the supported channels
> (EPP, Registrar Web Tool, CSR Web Tool, Batch, etc.).  I believe you need
> to change the description of the crID and upID fields of the data escrow
> to match that of the EPP specifications.  We can continue to debate our
> interpretation of the EPP specification as it relates to the crID and upID
> elements.  

My design choice would be to keep the changes done by the registry somewhere else and not on these fields since in my opinion, they relate to authorized clients (a registry/system user might belong to a client), so in your example, it is important that 'verisign' did it and not jgould, jgould would be referenced in an audit table as a person acting on behalf of verisign performing a specific transaction in the logs.

Regards,


Francisco Obispo 
Director of Applications and Services - ISC
email: fobispo@isc.org
Phone: +1 650 423 1374 || INOC-DBA *3557* NOC
PGP KeyID = B38DB1BE

v2.23.0 | Report a Bug | By Email