IETF Logo Mail Archive

Re: [regext] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)

"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Mon, 06 August 2018 14:26 UTC

Return-Path: <ietf@kuehlewind.net>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94F38130EEA for <regext@ietfa.amsl.com>; Mon, 6 Aug 2018 07:26:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=ietf@kuehlewind.net header.d=kuehlewind.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Fi8BjuPn0EN for <regext@ietfa.amsl.com>; Mon, 6 Aug 2018 07:26:51 -0700 (PDT)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D109130EE9 for <regext@ietf.org>; Mon, 6 Aug 2018 07:26:49 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kuehlewind.net; b=M0wFuadT7aRUdA1AJAjHjDXOtx1uWa4rczyjQp1b+MJZcFydgM1TzVpi/du6p9ZP85ww4LL1c29pxwD6FkdtYbbNX3nk32qgBF5QhH7HuAauA/yX5iyhBLnfqgzvimpkgMxOWSx/f+9uNjlC8VeiW/Rv/oG6Bud0sl7SsP855Q8=; h=Received:Received:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 2125 invoked from network); 6 Aug 2018 16:20:06 +0200
Received: from mue-88-130-61-218.dsl.tropolys.de (HELO ?192.168.178.24?) (88.130.61.218) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 6 Aug 2018 16:20:06 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <32AED330-D0FD-445C-9999-8AF31FF0E807@verisign.com>
Date: Mon, 06 Aug 2018 16:20:03 +0200
Cc: The IESG <iesg@ietf.org>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, Patrick Mevzek <patrick+ietf@deepcore.org>, "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>, "draft-ietf-regext-allocation-token@ietf.org" <draft-ietf-regext-allocation-token@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <FA75EAD4-85FA-4A40-90AD-53D4B6EFAFE0@kuehlewind.net>
References: <153355638132.26613.6843756928813998023.idtracker@ietfa.amsl.com> <32AED330-D0FD-445C-9999-8AF31FF0E807@verisign.com>
To: "Gould, James" <jgould=40verisign.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.9.1)
X-PPP-Message-ID: <20180806142006.2115.90462@lvps83-169-45-111.dedicated.hosteurope.de>
X-PPP-Vhost: kuehlewind.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/1iZn3wAv8IBlH1vvXlihCTmXAUY>
Subject: Re: [regext] Mirja Kühlewind's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Aug 2018 14:26:53 -0000

Hi James,

thanks for the reply.

> Am 06.08.2018 um 15:47 schrieb Gould, James <jgould=40verisign.com@dmarc.ietf.org>:
> 
> Mirja,
> 
> Thank you for your review and feedback.  My responses are embedded below.
> 
> —
> 
> JG
> 
> 
> 
> James Gould
> Distinguished Engineer
> jgould@Verisign.com
> 
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
> 
> Verisign.com <http://verisigninc.com/> 
> 
> On 8/6/18, 7:53 AM, "Mirja Kühlewind" <ietf@kuehlewind.net> wrote:
> 
>    Mirja Kühlewind has entered the following ballot position for
>    draft-ietf-regext-allocation-token-09: No Objection
> 
>    When responding, please keep the subject line intact and reply to all
>    email addresses included in the To and CC lines. (Feel free to cut this
>    introductory paragraph, however.)
> 
> 
>    Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
>    for more information about IESG DISCUSS and COMMENT positions.
> 
> 
>    The document, along with other ballot positions, can be found here:
>    https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token/
> 
> 
> 
>    ----------------------------------------------------------------------
>    COMMENT:
>    ----------------------------------------------------------------------
> 
>    Two quick questions (and I'm really no expert here, so these questions might be
>    stupid):
> 
>    1) Why should the check return 'unavailable' if the object does not require an
>    Allocation Token but the check is send with an Allocation Token (sec 3.1.1)? Is
>    that obvious to everybody else but me or should that maybe be further explained
>    in the doc? And inline with that, why is it not a MUST to return 'unavailable'
>    if a Token is required but the sent token doesn't match?
> 
> JG - The draft really doesn't discuss the case where the object does not require an Allocation Token and the check command includes the Allocation Token, but it does cover the two cases where the object does require an Allocation Token and the passed  Allocation Token matches (MUST return available) and doesn't match (SHOULD return unavailable).

The text says
"If an object requires an Allocation Token and the Allocation
       Token does not apply to the object or an object does not require
       an Allocation Token, then the server SHOULD return the
	availability status as unavailable (e.g., "avail" attribute is
       "0" or "false“).“

which includes the case where the "object does not require an Allocation Token“…?


>  The check command, per RFC 5731, supports many domain names in a single command, and it provides "a hint that allows a client to anticipate the success or failure of provisioning an object using the <create> command" .  The Allocation Token in draft-ietf-regext-allocation-token is a single value that is applied to all domain names, where we don't want the protocol to be overly strict in defining the availability value.  The most strict policy would be to return all domain names that don't require an Allocation Token or where the Allocation Token doesn't match as unavailable.  Since the Allocation Token may apply to only one of the domain names in the list, the protocol only requires (MUST) the server to return an Allocation Token match as available.  The Allocation Token mismatch is treated as a SHOULD and a non-applicable Allocation Token is undefined to enable server-policy to determine the behavior.  Does this make sense?  

Okay, then the SHOULD makes sense. Eventually provide some more explanation in the draft.

> 
> 
>    2) Why is this mechanism not applied to delete, renew, and update?
> 
> JG - Allocation is when the server assigns the sponsoring client of an object based on the use of an Allocation Token credential, which is not applicable to a delete, a renew, and an update.  The common case for allocation is with the use of the create command and the less common case for allocation is with the use of the transfer command (e.g., transfer from server to sponsoring client).  The draft did initially include support for an extended update that defines a new verb like "allocate", but the WG agreed to remove the extension of the update.

Okay. 

Mirja

>         
> 
>

v2.23.0 | Report a Bug | By Email