IETF Logo Mail Archive

Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-allocation-token-09: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Wed, 15 August 2018 15:23 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9308B130EF1 for <regext@ietfa.amsl.com>; Wed, 15 Aug 2018 08:23:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UsRQKGFT2-kQ for <regext@ietfa.amsl.com>; Wed, 15 Aug 2018 08:23:10 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8ECF128CE4 for <regext@ietf.org>; Wed, 15 Aug 2018 08:23:07 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id n96-v6so1156354lfi.1 for <regext@ietf.org>; Wed, 15 Aug 2018 08:23:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ArBGaihXVV23e/llEqNPF5y6rxzo9cuFP4nrLQcpyzQ=; b=0ykMxXC6fbKyLK24EKGdzW/V0OO9gJ8yeMaj1PBbOLuGt/eDlJ2AVD2fO8swHXulC0 H/RrdhM3DCChdYOMZ68p+MY+nqiLi6+KD1w1KvLPyBk4nWy6w6trHMDfwha3KWn1hEDO RsgD9mxIqAJuvIk13kZCEOsPGcPk+El9x0058kXO2GIlG/p5SM33LkWTjRqeqHPPjfHN 9OQBeHDuda7ekBRcpFwdbFC7Er9tfHgndNMesSuzwnPiDs2Ywsh56HS46r5KLaV2tyjO ElPgFM1FhNP3sAjpAlSrnYdKmh10c0wSeMbMPTZtI6bm1MCEgoyY6cXl+ViuxLdIxkq7 HE8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ArBGaihXVV23e/llEqNPF5y6rxzo9cuFP4nrLQcpyzQ=; b=D/zQGad4aTWsgV8Bd/TwmijrnmVlQzxPHWIxwIVvE8y77A3obYqxchOg+sXWKdErJ0 VRkr/qX5nnjLAcbuh9mz8m0TR3Fa1B+0ROvPOI5CC+Bol9oUIYOKNuoOZX0U9kyWhHIb JVoxTqxSKTkCNHSptUPdvMOVgZtXxZQ29Gr3gH4DdyMth8LHMgZZUJ8sYpXSXrYGD+km xh/clbXFno72iOMi3AgDWYrgkEtiOppl6qG5SRFj8c1btWhmbI4jPn0+Du1gO5XT7gie +3fybmENdg11LYlLj3VDLhlzycY3f3TWYiaBwe//aloSQ+8wPB+E/kx+yCq83g4PoqAk fWMQ==
X-Gm-Message-State: AOUpUlG7DTNy+KlIoJ8UcYkt1o5LIV/WoY0p7yC6dFb+V1dnNjxo1m/R nKpua+hDS2drVbquBW5we4MXSpOOupRKdCdOlDp1jQ==
X-Google-Smtp-Source: AA+uWPx8BT1jjgftEm+/217BAFLMdDns6u4oxPXErvzFMNHEo5NouSWh+fhjYYZV9gABPvnk0aykMdidXEzga/U7NYo=
X-Received: by 2002:a19:b519:: with SMTP id e25-v6mr16491098lff.119.1534346585904; Wed, 15 Aug 2018 08:23:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab3:4091:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 08:22:25 -0700 (PDT)
In-Reply-To: <01B71C4E-09A1-4DC4-AB65-BB3455731D92@verisign.com>
References: <153434174981.14384.10609930535615384823.idtracker@ietfa.amsl.com> <01B71C4E-09A1-4DC4-AB65-BB3455731D92@verisign.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 15 Aug 2018 08:22:25 -0700
Message-ID: <CABcZeBNODeLkGtJ4+zkorL7Cp09K1+avwE57cgV5EcieyJqBjA@mail.gmail.com>
To: "Gould, James" <jgould@verisign.com>
Cc: The IESG <iesg@ietf.org>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, Patrick Mevzek <patrick+ietf@deepcore.org>, "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>, "draft-ietf-regext-allocation-token@ietf.org" <draft-ietf-regext-allocation-token@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000037316c05737ae79e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/1175MpLRRLTkEDURtGdMAsZWv4U>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-allocation-token-09: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 15:23:13 -0000

On Wed, Aug 15, 2018 at 7:42 AM, Gould, James <jgould@verisign.com> wrote:

> Eric,
>
> Thank you for your review and feedback.  I provide responses to your
> feedback below.
>
>
> —
>
> JG
>
>
>
> James Gould
> Distinguished Engineer
> jgould@Verisign.com
>
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
>
> Verisign.com <http://verisigninc.com/>
>
> On 8/15/18, 10:02 AM, "Eric Rescorla" <ekr@rtfm.com> wrote:
>
>     Eric Rescorla has entered the following ballot position for
>     draft-ietf-regext-allocation-token-09: Discuss
>
>     When responding, please keep the subject line intact and reply to all
>     email addresses included in the To and CC lines. (Feel free to cut this
>     introductory paragraph, however.)
>
>
>     Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.
> html
>     for more information about IESG DISCUSS and COMMENT positions.
>
>
>     The document, along with other ballot positions, can be found here:
>     https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token/
>
>
>
>     ----------------------------------------------------------------------
>     DISCUSS:
>     ----------------------------------------------------------------------
>
>     Rich version of this review at:
>     https://mozphab-ietf.devsvcdev.mozaws.net/D3061
>
>
>     These are bearer tokens and therefore I believe transport encryption
>     needs to be required in S 7, not just listed as should (which isn't
>     even normative in this context).
>
> JG - "An Allocation Token should be considered secret information by the
> client and should be protected at rest and in transit." can be changed to
> "An Allocation Token should be considered secret information by the client
> and SHOULD be protected at rest and MUST be protected in transit."
>

Yes, this seems like the minimum.


 ----------------------------------------------------------------------
>     COMMENT:
>     ----------------------------------------------------------------------
>
>     S 3.2.4.
>     >      like [RFC5731], the command MUST contain a child
>     >      <allocationToken:allocationToken> element for the client to be
>     >      authorized to transfer and allocate the object.  The
> authorization
>     >      associated with the Allocation Token is in addition to and does
> not
>     >      replace the authorization mechanism defined for the object's
>     >      <transfer> request command.  If the Allocation Token is invalid
> or
>
>     I'm having trouble processing this statement. Can you explain in more
>     detail what the two access control checks are here.
>
> JG - RFC 5731 includes support for an authorization info
> (<domain:authInfo>) that is an existing credential stored in the server at
> the time of the create command, which can be updated with an update
> command, that is used by the gaining client (registrar) to authorize a
> transfer request.  The registrant should have access to the authorization
> info from their sponsoring registrar to pass to the gaining registrar to
> authorize the transfer request.  The Allocation Token is not meant to
> replace the RFC 5731 authorization info, but is meant as an additional
> credential to authorize the "allocation" of the domain name.  A registry
> may hold premium domain names that have an authorization info value, and
> leverage the transfer command for use in allocation with the use of the
> additional allocation token.  Let me know if you need any additional
> clarification on this.


Why is this just true for transfer and not the other commands?


>     S 7.
>     >      specifications apply to this specification as well.
>     >
>     >      The mapping acts as a conduit for the passing of Allocation
> Tokens
>     >      between a client and a server.  The definition of the Allocation
>     >      Token is defined outside of this mapping.  The following are
> security
>     >      considerations in the definition and use of an Allocation Token:
>
>     Do you want to use normative language here?
>
> JG - Are you requesting normative language such as "The definition of the
> Allocation Token SHOULD be defined outside of this mapping".  There are
> cases when the allocation token is a non-complex string value that does not
> require formal definition, so the normative SHOULD seems most appropriate
> here.  Do you agree?
>

I think you probably want this, yes.




>     S 7.
>     >      3.  An Allocation Token should have a limited life with some
> form of
>     >          expiry in the Allocation Token if generated by a trusted 3rd
>     >          third party, or with a server-side expiry if generated by
> the
>     >          server.
>     >      4.  An Allocation Token should use a strong random value if it
> is
>     >          based on an unsigned code.
>
>     What is an "unsigned code"?
>
> JG - An unsigned code is a non-complex string that the server generates
> and stores with the domain name, which can be later validated during
> allocation.
>

Where can I find a reference for this?

-Ekr

v2.23.0 | Report a Bug | By Email