Re: [ire] Data escrow deposit validation tool

Gustavo Lozano <gustavo.lozano@icann.org> Thu, 21 March 2013 19:11 UTC

Return-Path: <gustavo.lozano@icann.org>
X-Original-To: ire@ietfa.amsl.com
Delivered-To: ire@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 160AA21F8FE8 for <ire@ietfa.amsl.com>; Thu, 21 Mar 2013 12:11:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.283
X-Spam-Level:
X-Spam-Status: No, score=-6.283 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zye0SUTOlkUM for <ire@ietfa.amsl.com>; Thu, 21 Mar 2013 12:11:20 -0700 (PDT)
Received: from EXPFE100-2.exc.icann.org (expfe100-2.exc.icann.org [64.78.22.237]) by ietfa.amsl.com (Postfix) with ESMTP id F099221F8FAC for <ire@ietf.org>; Thu, 21 Mar 2013 12:11:19 -0700 (PDT)
Received: from EXVPMBX100-1.exc.icann.org ([64.78.22.232]) by EXPFE100-2.exc.icann.org ([64.78.22.237]) with mapi; Thu, 21 Mar 2013 12:11:18 -0700
From: Gustavo Lozano <gustavo.lozano@icann.org>
To: "Gould, James" <JGould@verisign.com>, "ire@ietf.org" <ire@ietf.org>
Date: Thu, 21 Mar 2013 12:11:17 -0700
Thread-Topic: [ire] Data escrow deposit validation tool
Thread-Index: Ac4mZ91s4scLXICSQyKRVESpQ+bzyA==
Message-ID: <CD70A7B5.E072%gustavo.lozano@icann.org>
In-Reply-To: <CD6612C6.4ADF7%jgould@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.2.130206
acceptlanguage: en-US
Content-Type: multipart/mixed; boundary="_004_CD70A7B5E072gustavolozanoicannorg_"
MIME-Version: 1.0
Subject: Re: [ire] Data escrow deposit validation tool
X-BeenThere: ire@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Internet Registration Escrow discussion list." <ire.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ire>, <mailto:ire-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ire>
List-Post: <mailto:ire@ietf.org>
List-Help: <mailto:ire-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ire>, <mailto:ire-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2013 19:11:22 -0000

James,

For new gTLDs, the extended verification process has been part of the AGB for a long time.

See Specification 2, Part A, 8, (5):
" (5) If [1] includes a verification process, that will be applied at this step.
If any discrepancy is found in any of the steps, the Deposit will be considered incomplete."

For current gTLDs, several escrow specifications have similar provisions. For example, .org has the following:
"4. Escrow Agent will run a program (to be supplied by ICANN) on the Deposit file (without report) that will ..."

As part of the application for becoming a new gTLD data escrow agent, the prospect escrow agent must implement the extended verification process:
"If this application is approved, Applicant will implement (or use the official ICANN open source developed data escrow deposit testing suite) the extended verification procedure of the data escrow deposit files in less than 30 days after publication by ICANN." (http://newgtlds.icann.org/en/announcements-and-media/announcement-07mar13-en)

ICANN has the responsibility to preserve the security and stability of the DNS, the EBERO program for example is part of this commitment for new gTLDs. The risk of not usable data escrow deposit is a risk worth mitigating. The extended verification process is one of the mitigation strategies for this risk.

As mentioned before, we are willing to contribute to an open source tool to verify the escrow deposits.

Regards,
Gustavo

From: <Gould>, James <JGould@verisign.com<mailto:JGould@verisign.com>>
Date: Wednesday, March 13, 2013 2:35 PM
To: Gustavo Lozano <gustavo.lozano@icann.org<mailto:gustavo.lozano@icann.org>>, "ire@ietf.org<mailto:ire@ietf.org>" <ire@ietf.org<mailto:ire@ietf.org>>
Subject: Re: [ire] Data escrow deposit validation tool

Gustavo,

The "Data escrow agent extended verification" fundamentally changes the responsibilities of a data escrow provider, which can and will increase the cost of the data escrow.  Data escrow providers today are responsible for ensuring the completeness of the deposits and for storing them.  They have no idea of the data content including its syntactic and semantic structure.  Right now the extended validation process is optional in the draft, but if and when it becomes a requirement for the data escrow providers, it would need to be vetted out by the broader community.

If extended validation does become a requirement, then a standardized open source tool is a good idea and is  a minimum requirement to ensure that all data escrow providers execute the same validation.  We may be able to contribute to this effort.

Thanks,

--

JG

[cid:195536F0-7E46-44B2-88AE-82E8B9FEB1E2]

James Gould
Principal Software Engineer
jgould@verisign.com<mailto:jgould@verisign.com>

703-948-3271 (Office)
12061 Bluemont Way
Reston, VA 20190
VerisignInc.com

From: Gustavo Lozano <gustavo.lozano@icann.org<mailto:gustavo.lozano@icann.org>>
Date: Wednesday, March 13, 2013 9:52 AM
To: "ire@ietf.org<mailto:ire@ietf.org>" <ire@ietf.org<mailto:ire@ietf.org>>
Subject: [ire] Data escrow deposit validation tool

Colleagues,

The Internet Draft: http://www.ietf.org/id/draft-arias-noguchi-dnrd-objects-mapping-02.txt, describes a "Data escrow agent extended verification" process.

The data escrow deposits are valuable if they can be used when needed, basically during an emergency.

The creation of an open source data escrow deposit validation tool is an important step to mitigate risks related to the quality of the escrow deposit. This tool could be used by data escrow agents, registries and EBEROs.

Who is interested in participating in the development of such a tool?

Basically, the tool should receive as input a full and optionally several differential deposits. After applying the deltas the tool should perform the tests listed in the draft. The tool should be able to handle deposits of at least several millions of objects.

Regards,
Gustavo