Re: [ire] I-D Action:draft-arias-registry-data-escrow-00.txt
Christopher Browne <cbbrowne@ca.afilias.info> Thu, 28 January 2010 23:48 UTC
Return-Path: <cbbrowne@ca.afilias.info>
X-Original-To: ire@core3.amsl.com
Delivered-To: ire@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D865B3A67D7 for <ire@core3.amsl.com>; Thu, 28 Jan 2010 15:48:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NEm8tNryWfyl for <ire@core3.amsl.com>; Thu, 28 Jan 2010 15:48:40 -0800 (PST)
Received: from tor-gateway.afilias.info (tor-gateway.afilias.info [199.15.87.4]) by core3.amsl.com (Postfix) with ESMTP id 1CB2B3A67BE for <ire@ietf.org>; Thu, 28 Jan 2010 15:48:39 -0800 (PST)
Received: from [10.10.68.46] (helo=dba2.int.libertyrms.com ident=postfix) by tor-gateway.afilias.info with smtp (Exim 4.69) (envelope-from <cbbrowne@ca.afilias.info>) id 1Nae6J-0002g1-86; Thu, 28 Jan 2010 18:48:39 -0500
Received: by dba2.int.libertyrms.com (Postfix, from userid 1000) id 5853186C044; Thu, 28 Jan 2010 18:48:39 -0500 (EST)
From: Christopher Browne <cbbrowne@ca.afilias.info>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Organization: Afilias Canada - Architecture Department
References: <p062408d2c783f85ddcb3@[10.20.30.158]> <20100127153029.GA17938@nic.fr>
Date: Thu, 28 Jan 2010 18:48:39 -0500
In-Reply-To: <20100127153029.GA17938@nic.fr> (Stephane Bortzmeyer's message of "Wed, 27 Jan 2010 16:30:29 +0100")
Message-ID: <877hr1x02w.fsf@dba2.int.libertyrms.com>
User-Agent: Gnus/5.110009 (No Gnus v0.9) XEmacs/21.4.22 (linux)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Cc: ire@ietf.org
Subject: Re: [ire] I-D Action:draft-arias-registry-data-escrow-00.txt
X-BeenThere: ire@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "Internet Registration Escrow discussion list." <ire.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ire>, <mailto:ire-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ire>
List-Post: <mailto:ire@ietf.org>
List-Help: <mailto:ire-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ire>, <mailto:ire-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jan 2010 23:48:42 -0000
Stephane Bortzmeyer <bortzmeyer@nic.fr> writes: > On Mon, Jan 25, 2010 at 05:40:06PM -0800, > by way of Paul Hoffman <Internet-Drafts@ietf.org> wrote > a message of 36 lines which said: > >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> >> Title : Internet Domain Registry Data Escrow specification > > From the discussion that followed, I understand that it is not a real > proposal, just an example of what a standard could look like, in order > to sparkle the discussion. > > If so, thanks, it is an useful document. IMHO, it is also a good > example of what we should NOT do in the future possible Working Group. > > 1) The biggest problem is that it is not policy-independant. A lot of > policy choices are cast in stone in this document. (Personal opinion: > even if it's limited to ICANN's TLD, I find incredible the level of > micro-management exercised by ICANN and the little freedom it leaves > to the registries.) A few examples: the mandatory inclusion of > registrar data (even billing data), the status codes from RFC 5731, > the obligation to escrow the ACE encoding of an IDN instead of the > real Unicode name, the long lists of mandatory attributes in section > 5.1 (what if there is no expiration in the registry?), the lack of > some very important attributes in 5.2 (for instance, for a contact, > whether he is a physical person - and therefore entitled to the data > privacy provisions - or not), etc. I originally wrote a fair chunk of it, and a lot of it remains after a couple of layers of rewrites by others, so I can comment on why some of these things were suggested. Hopefully the perspective seems useful. A number of the criticisms you're pointing at it fall from using EPP-related specs as sources. - Using whatever random status codes anyone might want to use seems a bit too open-ended; - Using those from RFC 5731 as a starting point seemed pretty appropriate. The sets of attributes similarly derive from what's in the RFCs about EPP. I'll decline to quibble about which attributes are "very important" or not - the factor determining their absence is that if they weren't in a normative source such as RFC 4933 (or, I guess, 5733, now), it would have been a leap to propose adding them, so I didn't. It is quite appropriate for this group to consider adding attributes that are agreed to be important. On the provreg list, there's a relevant parallel process going on... There is discussion ongoing as to what sorts of extensions ought to be consolidated into common RFCs, as different registries frequently implement different custom extensions for one thing or another. I would think that to be a proper thing to reference - common escrowed data presumably begins with the sorts of data that are fairly universal ("included in base EPP RFCs" seems like a pretty good measure of that to me), EPP extensions being a natural way to characterize, in a normative fashion, things that are common additions. As for the ACE-versus-Unicode issue, the perspective that I came from was that it was necessary to capture the DNS data in the form in which it will be passed around by BIND and the like, and that form is, at this point, the ASCII-encoded form. This isn't the time to get into detailed debate about the handling of IDN variants and such, but that certainly is an important complication. > 3) The draft goes in very low-level details, even the filename > convention, which is not necessary for interoperability. IETF is about > formats and protocols, not procedures. Similar issue with things like > compression or encryption. I wasn't very comfortable with this portion; when discussing it with some of our operations folks, they were actually keen on putting in even more details relating to error checking, resubmission, and such. At one point, I was seeing something akin to the file version numbers of VMS or ISO9660 emerging, which seemed like *way* too much detail to go into, even if we were embracing a "procedural" perspective. That is definitely inappropriate at the IETF level. But keep in mind that the origin of the document was as a proposal of ICANN policy, and there are therefore things that could be apropos there, even though they aren't appropriate to an IETF protocol process. > 4) There is a discussion of Full vs. Incremental deposits. Before > deciding on a format for incremental deposits, we should search if > they are worth it. In my opinion, for an escrow system, integrity is > the most important thing and it is easier to achive with only full > deposits (if we are worry about performances, we can always use a > mechanism like rsync). Even if we use incremental deposits, rather > than inventing a patch language, we should reuse an existing one (for > instance RFC 5261 if the format is XML). I suspect that there is a partitioning that should be done between protocol and procedure, which might even appropriately cross organizational layers. That is, it could be appropriate to have: a) An IETF protocol describing internals of format, and b) An ICANN document that references the IETF material, which then specifies (or suggests) usage patterns. While I agree that full-versus-incremental is a performance optimization, I would be disappointed if the possible need for awareness of this was pushed out and treated as a purely out-of-band technical mechanism. It may be that recognizing "incremental aspects" at the protocol/format level will not be terribly difficult, and can ease the deployment of technical solutions. When we're at the state of trying to define the work of the working group, it's a bit early to conclude that this should certainly be left out. If I put my "have-done-escrow" hat on for the moment, I'll just comment that I've never actually used "incremental deposit" to improve performance. It hasn't seemed worthwhile. Every time hardware or networks improve, the size of registry that would need "incremental" increases. Perhaps hardware's good enough that it doesn't matter anymore. On the other hand, putting on the "I have seen precedent" hat, ICANN has described escrow processes on several occasions (two of which I examined in a fair bit of detail), and each time they have described escrow, they have included provision for incremental deposits. > 5) There is an obligation to escrow the forbidden names. But they are > not always defined in extension > <http://en.wikipedia.org/wiki/Extensional_definition>, sometimes the > rules are intensional (example: in .FR, the law - not the registry's > rules - forbids registration of the names of the cities, even if > intermixed with dashes so paris.fr and p-a-ris.fr and p-a-r-i-s.fr are > all reserved to the mayor, something you cannot enumerate). There is certainly similarity in this case to the handling of IDN variants, where there are frequently the same pair of possibilities: a) The set of names restricted from registration are discretely enumerable, and a list of "reasonable" size that may be listed in detail b) The set of names restricted are not reasonably enumerable, such that all that is "reasonable" to record is a reference to the algorithm required to compute matches against the set This will surely warrant further discussion. > 6) Some choices even restrict the current rules, without > explanation. For instance, in the DNSSEC section, the public key is > mandatory, while RFC 4310 and RFC 4641 does not force the registrant > to send it to the registry. The ongoing discussion of 4310bis on ietf-provreg indicates that there is some ways to go before that all stabilizes! No doubt the "IRE draft" predates that discussion. -- output = reverse("ofni.sailifa.ac" "@" "enworbbc") Christopher Browne Database Architect Afilias Canada
- [ire] I-D Action:draft-arias-registry-data-escrow… by way of Paul Hoffman
- Re: [ire] I-D Action:draft-arias-registry-data-es… Paul Hoffman
- Re: [ire] I-D Action:draft-arias-registry-data-es… Francisco Arias
- Re: [ire] I-D Action:draft-arias-registry-data-es… Paul Hoffman
- Re: [ire] I-D Action:draft-arias-registry-data-es… Francisco Arias
- Re: [ire] I-D Action:draft-arias-registry-data-es… James M Galvin
- Re: [ire] I-D Action:draft-arias-registry-data-es… James M Galvin
- Re: [ire] I-D Action:draft-arias-registry-data-es… Paul Hoffman
- Re: [ire] I-D Action:draft-arias-registry-data-es… James M Galvin
- Re: [ire] I-D Action:draft-arias-registry-data-es… Jaap Akkerhuis
- Re: [ire] I-D Action:draft-arias-registry-data-es… Edward Lewis
- Re: [ire] I-D Action:draft-arias-registry-data-es… James M Galvin
- Re: [ire] I-D Action:draft-arias-registry-data-es… Francisco Arias
- Re: [ire] I-D Action:draft-arias-registry-data-es… Stephane Bortzmeyer
- Re: [ire] I-D Action:draft-arias-registry-data-es… Edward Lewis
- Re: [ire] I-D Action:draft-arias-registry-data-es… HiroHOTTA
- Re: [ire] I-D Action:draft-arias-registry-data-es… Christopher Browne
- Re: [ire] I-D Action:draft-arias-registry-data-es… James Gould