Re: [regext] Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
Warren Kumari <warren@kumari.net> Tue, 31 July 2018 15:30 UTC
Return-Path: <warren@kumari.net>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59FCE130F11 for <regext@ietfa.amsl.com>; Tue, 31 Jul 2018 08:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9V_VGULQzAPO for <regext@ietfa.amsl.com>; Tue, 31 Jul 2018 08:30:39 -0700 (PDT)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE97130F15 for <regext@ietf.org>; Tue, 31 Jul 2018 08:30:37 -0700 (PDT)
Received: by mail-wm0-x229.google.com with SMTP id y9-v6so3622803wma.5 for <regext@ietf.org>; Tue, 31 Jul 2018 08:30:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=1G9mvBZu71sEsiaOdKM9GJ/a17Gt8E70nzgFcU6xBSQ=; b=P2PLM8zBe4ZtGdgHBIHYWkMPtt98TFqJUH4dg6tE8Fy7Ot84mqZdgJ5VLb/NFhXM/Y xEQ8MqrZPbiXRKefP/zWxJ6eBgPndoGP46WeNwUg0PSlWhCdiyaC3vbwfq67OT3eSh0k 3jqNn482W5efWP/QRQKutm3KVsJEhVsRfYmHaScWWd4nR03f89zHJIS2eODmYuP4IHzG +sgh2bOOw3K58+260XaZWxD5VBrGwujntjxYohE5ee61Szehq55I8nCT5qVbnpBwu8Yg hI2M3jp+1KBkeAc7lg9/XoUqz5Z7rJz5rdoUqa70gguRV/x/Vo2MXSkr2SQlP4ShwSR/ OJbg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=1G9mvBZu71sEsiaOdKM9GJ/a17Gt8E70nzgFcU6xBSQ=; b=jwLLA38jUZmcfNjS0u7gh65QstHDR+hatjxXLz1wjwiTdap7b5J0BnfeJy/PhDf55D ISeWcA1HeQI0S9mwMhuyIwF+CAllB7WN8yL38Np92jADUpNu9T4YN3yLbbAonnmOx7fa q/8rYu6X0yRnnvkeMV7zUPY/CLSDtAEQE9VzRtFLTqvi86MOgdK2Wac35brMU5XzkTXD Zg5HAgGVsin3UYiUj9Tp528vFErkPgn8lvZ8Pc556kXZ9IXis6pIjOgQk5HFtLVT0Ek4 voewikya+gcikQYfxQYh2j0XjJn9Gi7oWbkulkG7gjI4NGQt9nr0JF6JLaioWyFjRu++ 0j0Q==
X-Gm-Message-State: AOUpUlHHHQIPRJvcZg8HKnNpOOyI8SwjaRJQVfAdXa5QFb+yXwX5q89m mifRDhvae9nQNb2uyqEou8KX1MuCpUjerqThBOVafg==
X-Google-Smtp-Source: AAOMgpfsRwmB8CNoIKus3pOPS4woIbLprO5MOb40l2sZkMgo4roOTNIb0yQr+0j28A9Wn88sABTsUuFhod2I39zORgU=
X-Received: by 2002:a1c:bb86:: with SMTP id l128-v6mr138683wmf.26.1533051035361; Tue, 31 Jul 2018 08:30:35 -0700 (PDT)
MIME-Version: 1.0
References: <153296860192.827.8824953027965906564.idtracker@ietfa.amsl.com> <fd7b0f69e9c34ae685034b4a1957ecdd@verisign.com>
In-Reply-To: <fd7b0f69e9c34ae685034b4a1957ecdd@verisign.com>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 31 Jul 2018 11:29:59 -0400
Message-ID: <CAHw9_iLwWpB7HtnYqAO=R8ZDX2NgGtppTHii=tRrM8igxzrOrw@mail.gmail.com>
To: "Hollenbeck, Scott" <shollenbeck@verisign.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-regext-rdap-object-tag@ietf.org, jgould@verisign.com, regext-chairs@ietf.org, regext@ietf.org, Tim Chown <tim.chown@jisc.ac.uk>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/0pOUYgB7eULUjo2zYHlJvaVjElY>
Subject: Re: [regext] Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jul 2018 15:30:41 -0000
On Tue, Jul 31, 2018 at 7:07 AM Hollenbeck, Scott <shollenbeck@verisign.com> wrote: > > > -----Original Message----- > > From: Warren Kumari <warren@kumari.net> > > Sent: Monday, July 30, 2018 12:37 PM > > To: The IESG <iesg@ietf.org> > > Cc: draft-ietf-regext-rdap-object-tag@ietf.org; Gould, James > > <jgould@verisign.com>; regext-chairs@ietf.org; Gould, James > > <jgould@verisign.com>; regext@ietf.org; tim.chown@jisc.ac.uk > > Subject: [EXTERNAL] Warren Kumari's No Objection on draft-ietf-regext- > > rdap-object-tag-04: (with COMMENT) > > > > Warren Kumari has entered the following ballot position for > > draft-ietf-regext-rdap-object-tag-04: No Objection > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-object-tag/ > > > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > Thank you for writing this - it solves a useful purpose, and is clear and > > easy to read. > > > > I had 2 comments / questions - please also see Tim Chown'sOpsDir review > > for a useful nit. > > > > Section 2. Object Naming Practice > > The entire 'HYPHEN-MINUS' selection makes me slightly twitchy - the > > argument that it was chosen because it is commonly already used as a > > separator feels like it cuts both ways - the fact that 'Handles can > > themselves contain HYPHEN-MINUS characters' already seems to argue that a > > different separator should have been chosen to minimize the chance of > > collisions / people getting this wrong. I get that the document says "the > > service provider identifier is found following the last HYPHEN-MINUS > > character in the tagged identifier", and would feel more comfortable if > > some of the examples contained more than one hyphen to make this clearer. > > Thanks for the review, Warren. We actually had quite a debate in the WG about the separator character (witness the change log). I could change one of the examples in Section 2 if that would be helpful. Okey dokey - my main concern is if the WG discussed it and selected something; I'm not yet quite so arrogant that I'm sure I know better than the WG :-) I think that having an example with multiple hyphens would be helpful to avoid issues. > > > Section 7. Security Considerations > > 'The transport used to access the IANA registries can be more secure by > > using TLS [RFC5246], which IANA supports.' I'm confused by this sentence > > in the Security Considerations section - more secure than what, not using > > TLS? Why isn't this something like "The transport used to access the IANA > > registries SHOULD (or MUST) be over TLS"? > > Benjamin also had a comment about this text. I proposed this change in my reply to him: > > OLD: > This practice helps to ensure that end users will get RDAP data from an authoritative source using a bootstrap method to find authoritative RDAP servers, reducing the risk of sending queries to non-authoritative sources. > The method has the same security properties as the RDAP protocols themselves. > The transport used to access the IANA registries can be more secure by using TLS [RFC5246], which IANA supports. > > NEW: > This practice uses IANA as a well-known, central trusted authority to provide the property of allowing users to get RDAP data from an authoritative source, reducing the risk of sending queries to non-authoritative sources and divulging query information to unintended parties. Additional privacy protection can be gained by using TLS [RFC5246] to provide data confidentiality when retrieving registry information from IANA. > > Better? I hesitate to say "The transport used to access the IANA registries SHOULD (or MUST) be over TLS" because that's not something the RDAP client controls - it's controlled by IANA's web server (which, in fact, is currently redirecting http connections to https). > I'd think that a SHOULD is fine - I cannot imagine the IANA disabling HTTPS for registries like this, but won't dig in my heels over this... W > Scott -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf
- Re: [regext] Warren Kumari's No Objection on draf… Hollenbeck, Scott
- Re: [regext] Warren Kumari's No Objection on draf… Warren Kumari
- [regext] Warren Kumari's No Objection on draft-ie… Warren Kumari
- Re: [regext] Warren Kumari's No Objection on draf… Hollenbeck, Scott
- Re: [regext] Warren Kumari's No Objection on draf… Benjamin Kaduk
- Re: [regext] Warren Kumari's No Objection on draf… Warren Kumari