IETF Logo Mail Archive

Re: [ire] New version (4) of the spec and new draft on DNRD (1)

Francisco Obispo <fobispo@isc.org> Wed, 05 December 2012 23:36 UTC

Return-Path: <fobispo@isc.org>
X-Original-To: ire@ietfa.amsl.com
Delivered-To: ire@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23E9521F8C57 for <ire@ietfa.amsl.com>; Wed, 5 Dec 2012 15:36:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2-xx9v6Duqvg for <ire@ietfa.amsl.com>; Wed, 5 Dec 2012 15:36:24 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id B54AA21F8C55 for <ire@ietf.org>; Wed, 5 Dec 2012 15:36:23 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 637B75F9A22; Wed, 5 Dec 2012 23:36:11 +0000 (UTC) (envelope-from fobispo@isc.org)
Received: from dhcp-114.sql1.isc.org (dhcp-114.sql1.isc.org [149.20.50.114]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 9C701216C3D; Wed, 5 Dec 2012 23:36:03 +0000 (UTC) (envelope-from fobispo@isc.org)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
From: Francisco Obispo <fobispo@isc.org>
In-Reply-To: <C41D7AF7FCECBE44940E9477E8E70D7A0D712FB6@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
Date: Wed, 05 Dec 2012 15:35:55 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <D062C644-F36B-4C2E-9875-68ACD1063E7F@isc.org>
References: <C41D7AF7FCECBE44940E9477E8E70D7A0D712FB6@BRN1WNEXMBX01.vcorp.ad.vrsn.com>
To: "Gould, James" <JGould@verisign.com>
X-Mailer: Apple Mail (2.1499)
Cc: Luis Muñoz <lem@isc.org>, ire@ietf.org
Subject: Re: [ire] New version (4) of the spec and new draft on DNRD (1)
X-BeenThere: ire@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Internet Registration Escrow discussion list." <ire.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ire>, <mailto:ire-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ire>
List-Post: <mailto:ire@ietf.org>
List-Help: <mailto:ire-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ire>, <mailto:ire-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Dec 2012 23:36:25 -0000

Hi James,

Now that I've spent a few hours on our implementation, let me add my two cents as well:



On Nov 14, 2012, at 3:06 PM, "Gould, James" <JGould@verisign.com> wrote:

> Gustavo,
> 
> Below is my feedback for draft-arias-noguchi-dnrd-objects-mapping-01:
> 
> 	• High level
> 		• There was support for an <extension> element for each of the objects (domain, host, and contact) in draft-arias-noguchi-registry-data-escrow-02 that never made it into draft-arias-noguchi-dnrd-objects-mapping.  What is the mechanism to include attribute extensions for the objects?
> 	• Domain Object
> 		• Based on feedback to the NNDN Object I suggest adding the following domain object elements:
> 			• <uName> - An OPTIONAL UTF-8 encoded fully qualified name of the IDN domain name object.
> 			• <idn> - An OPTIONAL boolean flag indicating if the domain name object is an IDN domain name object.
> 			• <language> - An OPTIONAL language tag value for an IDN domain name object. The language tag value MUST be one of the <language> elements contained in an <idnTableRef> element
> 			• <variant> - An OPTIONAL boolean flag indicating if the domain name object is an IDN variant domain name object. If the <variant> value is "true" the <originalName> SHOULD be set with the original IDN domain name object.
> 			• <originalName> - An OPTIONAL fully qualified name of the original IDN domain name object related to the variant domain name object. This value SHOULD be set if <variant> is "true".
> 			• <reserved> - An OPTIONAL boolean flag indicating if the domain name object is a reserved domain name object. A reserved domain name object is not registered by a client but by the server to ensure that it can't be registered by a client.



This seems reasonable and it would remove the need to have the NNDN Object.



> 		• <deDate> is not typically a true data element in the SRS since it is calculated by the RGP policies.  There can be other statuses that have additional date policies like other pending statuses (pendingCreate, pendingUpdate, pendingRestore).  It would be better to include a date (created date) that a status was set that matches what is typically included in the data model along with a pending status policy set of elements.  This way it makes it straight forward to create the deposits and consume the deposits.

Agreed, we should remove it!


> 		• <variantGenerator> might not be needed.  If variants are blocked or available only to the registrant of the original IDN then that could be captured in a registry policy descriptor instead of on a per domain basis.  Inclusion of the canonical variant won't be of much use for an EBERO provider, since the EBERO provider would generate the canonical variant using their canonical variant generation function. 


+1



>  
> 	• Host Object
> 		• Should an optional <uName> be supported similar to a <uName> element for the domain object?

Yes

> 		• Should a <parentDomain> element be added?
> 			• An OPTIONAL parent domain name for the subordinate host object.


No, this can be calculated by looking at the labels.


> 		• Could add an <idn> element similar to what I propose for the domain object
> 			• An OPTIONAL boolean flag indicating if the host object is an IDN host object.


We could trigger that with the presence of the uName field above. 


> 	• Contact Object
> 		• The <roid> element is missing from the list of elements
> 		• Registrar contacts çan be different from object contacts since they are typically not provisioned via EPP and they could have types directly assigned to them (admin, tech, billing, legal, icann, abuse, etc.). It would be good to be able to identify which contacts are registrar contacts versus object contacts and support a set of optional registrar contact elements. The registrar contact could be routed to a different data source (e.g. account / registrar database) instead of being included in the registry database directly.  The draft-gould-thippeswamy-dnrd-csv-mapping-01 draft defines some of the registrar contact specific attributes for reference.

I agree with this approach, we in fact have two separate databases, so it makes a lot of sense to me.


> 	• Registrar Object
> 		• It would be good to support a <status> element that could support a single status value like below with an optional name attribute to define the sub-status or the custom status name:
> 			• ok - A normal status value for a registrar object.
> 			• Hold - A restricted status value for a registrar object.
> 			• Terminated - A status for a registrar object that has no remaining access or privileges.
> 			• Custom - A custom status that is defined using the "name" attribute.

Works for me.


> 		• Recommend not reusing the <postalInfo> element of the contact object for the registrar.  I recommend including the  following registrar specific elements:
> 			• <name> - One or two <rdeRegistrar:name> elements that contain the name of the registrar. Two elements are provided so that name information can be provided in both internationlized and localized forms
> 			• <addr> from the contact <postalInfo> element.

+1


> 		• I don't believe there is any need for an <authInfo> element for the registrar object.


Excellent point, in fact, we don't currently store the registrar's password in the clear (it is handled by the database), and since there is already the need to get new certificate requests signed for TLS validation, that is something that can be configured at that time, no need to risk storing passwords in the clear because I'm envisioning that there will be humans involved in getting the registrars on board.


> 		• Add <crID> <upID> elements similar to the other objects.
> 	• NNDN Object 
> 		• Wouldn't it be better to merge the domain object with the NNDN object, since the NNDN object attributes are just additional attributes for domains (e.g. IDN domain)


Yes, lets get rid of it.

Finally, I've been trying to setup the XML Schema Validation, but have found the Schemas to be poorly defined, specially when using complexTypes from EPP objects. Unless I'm missing something, we'll have to re-define the complexTypes in the rde* Schemas, to avoid using the EPP namespaces in the rde* instances.

t/tmp/test_01.xml:1: element name: Schemas validity error : Element '{urn:ietf:params:xml:ns:rdeContact-1.0}name': This element is not expected. Expected is ( {urn:ietf:params:xml:ns:contact-1.0}name ).





Francisco Obispo 
Director of Applications and Services - ISC
email: fobispo@isc.org
Phone: +1 650 423 1374 || INOC-DBA *3557* NOC
PGP KeyID = B38DB1BE

v2.23.0 | Report a Bug | By Email