Re: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00
James Gould <jgould@verisign.com> Mon, 13 April 2009 22:06 UTC
Return-Path: <owner-ietf-provreg@cafax.se>
X-Original-To: ietfarch-provreg-archive@core3.amsl.com
Delivered-To: ietfarch-provreg-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5CB8A3A6800 for <ietfarch-provreg-archive@core3.amsl.com>; Mon, 13 Apr 2009 15:06:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.104
X-Spam-Level:
X-Spam-Status: No, score=0.104 tagged_above=-999 required=5 tests=[AWL=0.956, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G6nvv3v-tcts for <ietfarch-provreg-archive@core3.amsl.com>; Mon, 13 Apr 2009 15:06:52 -0700 (PDT)
Received: from nic.cafax.se (nic.cafax.se [192.71.228.17]) by core3.amsl.com (Postfix) with ESMTP id 542573A67B1 for <provreg-archive@ietf.org>; Mon, 13 Apr 2009 15:06:51 -0700 (PDT)
Received: from nic.cafax.se (localhost [127.0.0.1]) by nic.cafax.se (8.13.7/8.12.11) with ESMTP id n3DLnivq012724 for <ietf-provreg-outgoing@nic.cafax.se>; Mon, 13 Apr 2009 23:49:44 +0200 (MEST)
Received: (from majordom@localhost) by nic.cafax.se (8.13.7/8.12.11/Submit) id n3DLniBS009863 for ietf-provreg-outgoing; Mon, 13 Apr 2009 23:49:44 +0200 (MEST)
X-Authentication-Warning: nic.cafax.se: majordom set sender to owner-ietf-provreg@cafax.se using -f
Received: from peregrine.verisign.com (peregrine.verisign.com [216.168.239.74]) by nic.cafax.se (8.13.7/8.12.11) with ESMTP id n3DLnh5A005506 for <ietf-provreg@cafax.se>; Mon, 13 Apr 2009 23:49:44 +0200 (MEST)
Received: from dul1wnexcn01.vcorp.ad.vrsn.com (dul1wnexcn01.vcorp.ad.vrsn.com [10.170.12.138]) by peregrine.verisign.com (8.13.6/8.13.4) with ESMTP id n3DLfT6b031155 for <ietf-provreg@cafax.se>; Mon, 13 Apr 2009 17:41:29 -0400
Received: from dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) by dul1wnexcn01.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 13 Apr 2009 17:49:42 -0400
Received: from 10.131.29.236 ([10.131.29.236]) by dul1wnexmb01.vcorp.ad.vrsn.com ([10.170.12.134]) with Microsoft Exchange Server HTTP-DAV ; Mon, 13 Apr 2009 21:43:24 +0000
User-Agent: Microsoft-Entourage/12.15.0.081119
Date: Mon, 13 Apr 2009 17:43:22 -0400
Subject: Re: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00
From: James Gould <jgould@verisign.com>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>, EPP Provreg <ietf-provreg@cafax.se>
Message-ID: <C6092A3A.31E91%jgould@verisign.com>
Thread-Topic: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00
Thread-Index: Acm8NJmzYO33/ZvpQjq+pbJCVGlx1QATEQdW
In-Reply-To: <046F43A8D79C794FA4733814869CDF07029FD625@dul1wnexmb01.vcorp.ad.vrsn.com>
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3322489403_26622019"
X-OriginalArrivalTime: 13 Apr 2009 21:49:42.0559 (UTC) FILETIME=[C0A4AAF0:01C9BC81]
Sender: owner-ietf-provreg@cafax.se
Precedence: bulk
Scott, We¹re implementing SSL using JSSE in our Java EPP SDK, but I¹m not sure if JSSE sends a TLS_close_notify alert before the connection is closed. -- JG ------------------------------------------------------- James F. Gould Principal Software Engineer VeriSign Naming Services jgould@verisign.com Direct: 703.948.3271 Mobile: 703.628.7063 21345 Ridgetop Circle LS2-2-1 Dulles, VA 20166 Notice to Recipient: This e-mail contains confidential, proprietary and/or Registry Sensitive information intended solely for the recipient and, thus may not be retransmitted, reproduced or disclosed without the prior written consent of VeriSign Naming and Directory Services. If you have received this e-mail message in error, please notify the sender immediately by telephone or reply e-mail and destroy the original message without making a copy. Thank you. From: "Hollenbeck, Scott" <shollenbeck@verisign.com> Date: Mon, 13 Apr 2009 08:37:25 -0400 To: EPP Provreg <ietf-provreg@cafax.se> Subject: [ietf-provreg] AD Review Comments: draft-hollenbeck-rfc4934bis-00 Some feedback from Alexey on the new TLS Usage Profile text in 4934bis. I now need implementer feedback. >> A client MUST close the associated TLS connection if the connection >> is not expected to deliver any EPP messages later. It MUST send a >> TLS close_notify alert before closing the connection. >> > As an implementor I remain skeptical that existing implementations do > that. At least I doubt many IMAP or SMTP servers do that. So maybe you > should check how existing EPP implementations handle connection closure. What are you implementers doing? > I think the text about how to extract and verify domain information from > X.509 certificates is still missing from your draft. I think that what > Chris wanted you to do and I am in agreement with him on this. > I see some text on this in Section 8, but I think it is a bit too short. > Check section 2.2.1 of draft-ietf-sieve-managesieve-09.txt. It probably > contains 80% of what EPP should use. Comments, please. I've sent a note to Alexey pushing back on this because (in my opinion) this puts mandates on client and server certificate validation behavior that don't affect EPP interoperability. If I'm wrong, I'd prefer to cite an existing mature reference instead of cloning text from an unapproved I-D. Does anybody know of one? -Scott-
- [ietf-provreg] AD Review Comments: draft-hollenbe… Hollenbeck, Scott
- Re: [ietf-provreg] AD Review Comments: draft-holl… James Gould
- RE: [ietf-provreg] AD Review Comments: draft-holl… Hollenbeck, Scott
- Re: [ietf-provreg] AD Review Comments: draft-holl… Patrick Mevzek
- Re: [ietf-provreg] AD Review Comments: draft-holl… Patrick Mevzek
- Re: [ietf-provreg] AD Review Comments: draft-holl… James Gould