IETF Logo Mail Archive

Re: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00

James Gould <jgould@verisign.com> Tue, 14 April 2009 13:40 UTC

Return-Path: <owner-ietf-provreg@cafax.se>
X-Original-To: ietfarch-provreg-archive@core3.amsl.com
Delivered-To: ietfarch-provreg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 56F9B3A6BAC for <ietfarch-provreg-archive@core3.amsl.com>; Tue, 14 Apr 2009 06:40:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.135
X-Spam-Level:
X-Spam-Status: No, score=-0.135 tagged_above=-999 required=5 tests=[AWL=0.717, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8qlKvdzHFkaN for <ietfarch-provreg-archive@core3.amsl.com>; Tue, 14 Apr 2009 06:39:58 -0700 (PDT)
Received: from nic.cafax.se (nic.cafax.se [192.71.228.17]) by core3.amsl.com (Postfix) with ESMTP id 340EA3A6A37 for <provreg-archive@ietf.org>; Tue, 14 Apr 2009 06:39:58 -0700 (PDT)
Received: from nic.cafax.se (localhost [127.0.0.1]) by nic.cafax.se (8.13.7/8.12.11) with ESMTP id n3EDRQlo002442 for <ietf-provreg-outgoing@nic.cafax.se>; Tue, 14 Apr 2009 15:27:26 +0200 (MEST)
Received: (from majordom@localhost) by nic.cafax.se (8.13.7/8.12.11/Submit) id n3EDRPAK020298 for ietf-provreg-outgoing; Tue, 14 Apr 2009 15:27:25 +0200 (MEST)
X-Authentication-Warning: nic.cafax.se: majordom set sender to owner-ietf-provreg@cafax.se using -f
Received: from osprey.verisign.com (osprey.verisign.com [216.168.239.75]) by nic.cafax.se (8.13.7/8.12.11) with ESMTP id n3EDROEd016832 for <ietf-provreg@cafax.se>; Tue, 14 Apr 2009 15:27:25 +0200 (MEST)
Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id n3EDIEjF021623 for <ietf-provreg@cafax.se>; Tue, 14 Apr 2009 09:18:14 -0400
Received: from dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Tue, 14 Apr 2009 14:27:23 +0100
Received: from 10.131.29.236 ([10.131.29.236]) by dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) with Microsoft Exchange Server HTTP-DAV ; Tue, 14 Apr 2009 13:27:23 +0000
User-Agent: Microsoft-Entourage/12.15.0.081119
Date: Tue, 14 Apr 2009 09:27:20 -0400
Subject: Re: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00
From: James Gould <jgould@verisign.com>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>, EPP Provreg <ietf-provreg@cafax.se>
Message-ID: <C60A0778.31EB3%jgould@verisign.com>
Thread-Topic: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00
Thread-Index: Acm8NJmzYO33/ZvpQjq+pbJCVGlx1QATEQdWABw02xAABMLdUg==
In-Reply-To: <046F43A8D79C794FA4733814869CDF07029FD729@dul1wnexmb01.vcorp.ad.vrsn.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3322546041_26885414"
X-OriginalArrivalTime: 14 Apr 2009 13:27:23.0755 (UTC) FILETIME=[BEEDE3B0:01C9BD04]
Sender: owner-ietf-provreg@cafax.se
Precedence: bulk

Scott,

I agree since the SSL details are typically handled by the toolkit,
language, or SSL provider with no explicit control by the EPP developer.

-- 


JG 

-------------------------------------------------------
James F. Gould
Principal Software Engineer
VeriSign Naming Services
jgould@verisign.com
Direct: 703.948.3271
Mobile: 703.628.7063

 
21345 Ridgetop Circle
LS2-2-1
Dulles, VA 20166

Notice to Recipient:  This e-mail contains confidential, proprietary and/or
Registry  Sensitive information intended solely for the recipient and, thus
may not be  retransmitted, reproduced or disclosed without the prior written
consent of  VeriSign Naming and Directory Services.  If you have received
this e-mail message in error, please notify the sender immediately by
telephone or reply e-mail and destroy the original message without making a
copy.  Thank you.



From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
Date: Tue, 14 Apr 2009 07:14:58 -0400
To: James Gould <jgould@verisign.com>, EPP Provreg <ietf-provreg@cafax.se>
Subject: RE: [ietf-provreg] AD Review Comments:
draft-hollenbeck-rfc4934bis-00

According to this reference:
 
http://download.java.net/jdk7/docs/technotes/guides/security/jsse/JSSERefGui
de.html
 
it should, but I can't confirm that it does.  I'm reasonably certain that
this is behavior that's typically buried in a toolkit instead of being
implemented by an EPP developer, so perhaps that new text should be removed
from the document.
-Scott- 

 

>  
>  
> 
>  From: Gould, James
> Sent: Monday,  April 13, 2009 5:43 PM
> To: Hollenbeck, Scott; EPP  Provreg
> Subject: Re: [ietf-provreg] AD Review Comments:
> draft-hollenbeck-rfc4934bis-00
> 
>  
> Scott,
> 
> We¹re implementing SSL using JSSE in our  Java EPP SDK, but I¹m not sure if
> JSSE sends a TLS_close_notify alert before  the connection is closed.
> 
> --  
> 
> 
> JG 
> 
> -------------------------------------------------------
> James F. Gould
> Principal Software  Engineer
> VeriSign Naming  Services
> jgould@verisign.com
> Direct:  703.948.3271
> Mobile: 703.628.7063
> 
>  
> 21345 Ridgetop  Circle
> LS2-2-1
> Dulles, VA 20166
> 
> Notice to Recipient:  This e-mail contains confidential, proprietary and/or
> Registry  Sensitive information intended solely for the recipient and,  thus
> may not be  retransmitted, reproduced or disclosed without the prior  written
> consent of  VeriSign Naming and Directory Services.  If  you have received
> this e-mail message in error, please notify the sender  immediately by
> telephone or reply e-mail and destroy the original  message without making a
> copy.  Thank  you.
> 
> 
>  
> 
>  From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
> Date:  Mon, 13 Apr 2009 08:37:25 -0400
> To: EPP Provreg <ietf-provreg@cafax.se>
> Subject:  [ietf-provreg] AD Review Comments:  draft-hollenbeck-rfc4934bis-00
> 
> Some feedback from Alexey on the new TLS  Usage Profile text in 4934bis.
> I now need implementer  feedback.
> 
>>> >>  A client MUST close the associated TLS  connection if the connection
>>> >>  is not expected to deliver any  EPP messages later.  It MUST send a
>>> >>  TLS close_notify  alert before closing the connection.
>>> >>
>> > As an implementor I  remain skeptical that existing implementations do
>> > that. At least I  doubt many IMAP or SMTP servers do that. So maybe you
> 
>> > should check  how existing EPP implementations handle connection
> closure.
> 
> What are  you implementers doing?
> 
>> > I think the text about how to extract and  verify domain information
> from
>> > X.509 certificates is still missing  from your draft. I think that what
> 
>> > Chris wanted you to do and I am  in agreement with him on this.
>> > I see some text on this in Section 8,  but I think it is a bit too
> short.
>> > Check section 2.2.1 of  draft-ietf-sieve-managesieve-09.txt. It
> probably
>> > contains 80% of  what EPP should use.
> 
> Comments, please.  I've sent a note to Alexey  pushing back on this
> because (in my opinion) this puts mandates on client  and server
> certificate validation behavior that don't affect EPP  interoperability.
> If I'm wrong, I'd prefer to cite an existing mature  reference instead of
> cloning text from an unapproved I-D.  Does  anybody know of one?
> 
> -Scott-
> 
>

v2.23.0 | Report a Bug | By Email