Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-allocation-token-09: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Wed, 15 August 2018 15:23 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9308B130EF1 for <regext@ietfa.amsl.com>; Wed, 15 Aug 2018 08:23:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.908
X-Spam-Level:
X-Spam-Status: No, score=-1.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UsRQKGFT2-kQ for <regext@ietfa.amsl.com>; Wed, 15 Aug 2018 08:23:10 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A8ECF128CE4 for <regext@ietf.org>; Wed, 15 Aug 2018 08:23:07 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id n96-v6so1156354lfi.1 for <regext@ietf.org>; Wed, 15 Aug 2018 08:23:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ArBGaihXVV23e/llEqNPF5y6rxzo9cuFP4nrLQcpyzQ=; b=0ykMxXC6fbKyLK24EKGdzW/V0OO9gJ8yeMaj1PBbOLuGt/eDlJ2AVD2fO8swHXulC0 H/RrdhM3DCChdYOMZ68p+MY+nqiLi6+KD1w1KvLPyBk4nWy6w6trHMDfwha3KWn1hEDO RsgD9mxIqAJuvIk13kZCEOsPGcPk+El9x0058kXO2GIlG/p5SM33LkWTjRqeqHPPjfHN 9OQBeHDuda7ekBRcpFwdbFC7Er9tfHgndNMesSuzwnPiDs2Ywsh56HS46r5KLaV2tyjO ElPgFM1FhNP3sAjpAlSrnYdKmh10c0wSeMbMPTZtI6bm1MCEgoyY6cXl+ViuxLdIxkq7 HE8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ArBGaihXVV23e/llEqNPF5y6rxzo9cuFP4nrLQcpyzQ=; b=D/zQGad4aTWsgV8Bd/TwmijrnmVlQzxPHWIxwIVvE8y77A3obYqxchOg+sXWKdErJ0 VRkr/qX5nnjLAcbuh9mz8m0TR3Fa1B+0ROvPOI5CC+Bol9oUIYOKNuoOZX0U9kyWhHIb JVoxTqxSKTkCNHSptUPdvMOVgZtXxZQ29Gr3gH4DdyMth8LHMgZZUJ8sYpXSXrYGD+km xh/clbXFno72iOMi3AgDWYrgkEtiOppl6qG5SRFj8c1btWhmbI4jPn0+Du1gO5XT7gie +3fybmENdg11LYlLj3VDLhlzycY3f3TWYiaBwe//aloSQ+8wPB+E/kx+yCq83g4PoqAk fWMQ==
X-Gm-Message-State: AOUpUlG7DTNy+KlIoJ8UcYkt1o5LIV/WoY0p7yC6dFb+V1dnNjxo1m/R nKpua+hDS2drVbquBW5we4MXSpOOupRKdCdOlDp1jQ==
X-Google-Smtp-Source: AA+uWPx8BT1jjgftEm+/217BAFLMdDns6u4oxPXErvzFMNHEo5NouSWh+fhjYYZV9gABPvnk0aykMdidXEzga/U7NYo=
X-Received: by 2002:a19:b519:: with SMTP id e25-v6mr16491098lff.119.1534346585904; Wed, 15 Aug 2018 08:23:05 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:ab3:4091:0:0:0:0:0 with HTTP; Wed, 15 Aug 2018 08:22:25 -0700 (PDT)
In-Reply-To: <01B71C4E-09A1-4DC4-AB65-BB3455731D92@verisign.com>
References: <153434174981.14384.10609930535615384823.idtracker@ietfa.amsl.com> <01B71C4E-09A1-4DC4-AB65-BB3455731D92@verisign.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 15 Aug 2018 08:22:25 -0700
Message-ID: <CABcZeBNODeLkGtJ4+zkorL7Cp09K1+avwE57cgV5EcieyJqBjA@mail.gmail.com>
To: "Gould, James" <jgould@verisign.com>
Cc: The IESG <iesg@ietf.org>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, Patrick Mevzek <patrick+ietf@deepcore.org>, "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>, "draft-ietf-regext-allocation-token@ietf.org" <draft-ietf-regext-allocation-token@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000037316c05737ae79e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/1175MpLRRLTkEDURtGdMAsZWv4U>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-allocation-token-09: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 15:23:13 -0000
On Wed, Aug 15, 2018 at 7:42 AM, Gould, James <jgould@verisign.com> wrote: > Eric, > > Thank you for your review and feedback. I provide responses to your > feedback below. > > > — > > JG > > > > James Gould > Distinguished Engineer > jgould@Verisign.com > > 703-948-3271 > 12061 Bluemont Way > Reston, VA 20190 > > Verisign.com <http://verisigninc.com/> > > On 8/15/18, 10:02 AM, "Eric Rescorla" <ekr@rtfm.com> wrote: > > Eric Rescorla has entered the following ballot position for > draft-ietf-regext-allocation-token-09: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria. > html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Rich version of this review at: > https://mozphab-ietf.devsvcdev.mozaws.net/D3061 > > > These are bearer tokens and therefore I believe transport encryption > needs to be required in S 7, not just listed as should (which isn't > even normative in this context). > > JG - "An Allocation Token should be considered secret information by the > client and should be protected at rest and in transit." can be changed to > "An Allocation Token should be considered secret information by the client > and SHOULD be protected at rest and MUST be protected in transit." > Yes, this seems like the minimum. ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > S 3.2.4. > > like [RFC5731], the command MUST contain a child > > <allocationToken:allocationToken> element for the client to be > > authorized to transfer and allocate the object. The > authorization > > associated with the Allocation Token is in addition to and does > not > > replace the authorization mechanism defined for the object's > > <transfer> request command. If the Allocation Token is invalid > or > > I'm having trouble processing this statement. Can you explain in more > detail what the two access control checks are here. > > JG - RFC 5731 includes support for an authorization info > (<domain:authInfo>) that is an existing credential stored in the server at > the time of the create command, which can be updated with an update > command, that is used by the gaining client (registrar) to authorize a > transfer request. The registrant should have access to the authorization > info from their sponsoring registrar to pass to the gaining registrar to > authorize the transfer request. The Allocation Token is not meant to > replace the RFC 5731 authorization info, but is meant as an additional > credential to authorize the "allocation" of the domain name. A registry > may hold premium domain names that have an authorization info value, and > leverage the transfer command for use in allocation with the use of the > additional allocation token. Let me know if you need any additional > clarification on this. Why is this just true for transfer and not the other commands? > S 7. > > specifications apply to this specification as well. > > > > The mapping acts as a conduit for the passing of Allocation > Tokens > > between a client and a server. The definition of the Allocation > > Token is defined outside of this mapping. The following are > security > > considerations in the definition and use of an Allocation Token: > > Do you want to use normative language here? > > JG - Are you requesting normative language such as "The definition of the > Allocation Token SHOULD be defined outside of this mapping". There are > cases when the allocation token is a non-complex string value that does not > require formal definition, so the normative SHOULD seems most appropriate > here. Do you agree? > I think you probably want this, yes. > S 7. > > 3. An Allocation Token should have a limited life with some > form of > > expiry in the Allocation Token if generated by a trusted 3rd > > third party, or with a server-side expiry if generated by > the > > server. > > 4. An Allocation Token should use a strong random value if it > is > > based on an unsigned code. > > What is an "unsigned code"? > > JG - An unsigned code is a non-complex string that the server generates > and stores with the domain name, which can be later validated during > allocation. > Where can I find a reference for this? -Ekr
- [regext] Eric Rescorla's Discuss on draft-ietf-re… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James