Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Thu, 08 November 2018 03:48 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A1A9130EFC for <regext@ietfa.amsl.com>; Wed, 7 Nov 2018 19:48:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0Hmf-7jCjK0I for <regext@ietfa.amsl.com>; Wed, 7 Nov 2018 19:48:09 -0800 (PST)
Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1A37130E2E for <regext@ietf.org>; Wed, 7 Nov 2018 19:48:08 -0800 (PST)
Received: by mail-lf1-x12b.google.com with SMTP id b20so13103674lfa.12 for <regext@ietf.org>; Wed, 07 Nov 2018 19:48:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oxvmTcFjPYdH7rC0pyZ/INB6kiQekimolFBFXI7M9Zw=; b=iiHInudXXOUhw+XOUPY30OO2j3R26rINCQoDxkuz2PTbg2eq3qGZ1PUGON1XJVG7lG uJUWk30B2W5RRbzxWzZDzp2ANlfO+wGqyMhdr7tHVJPNUh6khPRlJNJslu+QSd7HL2xt veC6V6bbboPjepb9yr2IB0ylfh7vam2SrBX2rb7uGNpK0CBXuMFxmpaDaYWfLFtpG2Dx SmGvH9VhjbzqNrcfeBPQ902722uZMxWViV5olya77Hmwpmt3EZ+97lLbFcCF4Gb1rBB7 vIwhwx4gbFxA39Rt6Li0s/92TorTRQ2cXOXfg00DypgLFbxJwXGuSw404vX0JUSYM2VA QNpw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oxvmTcFjPYdH7rC0pyZ/INB6kiQekimolFBFXI7M9Zw=; b=gR+r6BDkmDYHOr/8xNHXCO7loveqaYKHM1Xki4C/4S6ReI927z9DQkrw/oXGcBNk/b 1OorpNeLJlVvDZBnUeyZsMajBgh4IoH6v0fFaNQ5z8HiqbmbPZi/A5guXofG+TmEEETz YIoQkYHq0D+3bo7cLlPJu27JeCkp0jmb6Pj/oRWeiNXYeTEmtl4Lh5QVVngjWH6LCD+A Gup88Vy5qetZhdJ8b2MXyeyGg3crRJDZmMydJtFEHHllxJtO2Ys8CcyWtYcBsRnTUTtt KW75tG1TJUwzSqCGIzlmWxFPt4BNKdfGRJZvEWtIGz6gFiFm43kWLMpiJE8cm8SlddVy r3qg==
X-Gm-Message-State: AGRZ1gJu/QCEQQ0eK97cXsKRnC3WUojXwhKP5qSutELUjXvUgcE6F32v RuQDc3M/PbU8z39OSlVrRGgbVxNcmnesXllxNn5nzg==
X-Google-Smtp-Source: AJdET5fv7PJyvvRPNJHNVa4YywUv51IfkrBwRqIdW4Mh0Qflt0LQpE1bW9nqjZ7mvfGB8wwESOcOWQGIyqLQH0Pnq3Y=
X-Received: by 2002:a19:ca51:: with SMTP id h17mr1547565lfj.126.1541648886882; Wed, 07 Nov 2018 19:48:06 -0800 (PST)
MIME-Version: 1.0
References: <154040431305.6967.8110836894354286749.idtracker@ietfa.amsl.com> <20181025174522837431196@cnnic.cn> <CABcZeBMtZXNJR5oAsb8Do995herP010tShq46N_6JZaZxHtp8A@mail.gmail.com> <20181029161835451937137@cnnic.cn> <CABcZeBO5n1WXmaQAkOYBkhtOi6BJXzdnBWxxyskauHjX1myiug@mail.gmail.com> <2018103110254261670452@cnnic.cn> <20181031032312.GF45914@kduck.kaduk.org> <36DF20D1-5898-4403-9EC2-CAFEE8E38277@verisign.com>
In-Reply-To: <36DF20D1-5898-4403-9EC2-CAFEE8E38277@verisign.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 07 Nov 2018 19:47:30 -0800
Message-ID: <CABcZeBPER9Nn_i-rCWBbgf37TXV11ZcBM37Nrb52toNhg3Se-w@mail.gmail.com>
To: "Gould, James" <jgould@verisign.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, zhoulinlin@cnnic.cn, regext-chairs@ietf.org, pieter.vandepitte@dnsbelgium.be, IESG <iesg@ietf.org>, regext@ietf.org, draft-ietf-regext-org@ietf.org
Content-Type: multipart/alternative; boundary="000000000000457d29057a1f1a0b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/1n4vpAdeYRDQHRfJjwnNIjGEgg4>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2018 03:48:18 -0000
OK, so I think the key point here is that either "clientUpdateProhibites" or "serverUpdateProhibited" will stop both sides from doing updates. So I think what I would say is somewhere: Note that if clientUpdateProhibited is set, the client will not be able to update the object. It will first need to remove that field prior to attempting to update the object. Would that work? -Ekr On Wed, Nov 7, 2018 at 3:39 AM Gould, James <jgould@verisign.com> wrote: > Benjamin, > > > > This seems overly zealous to the point of being harmful. For example, if a > > server sets the status to "ok", a client cannot replace it by > > clientLinkProhibited? > > > > The “ok” status is the default status and not classified as a server > status, since it is not prefixed with “server”. The sentence “A client > MUST NOT alter status values set by the server.” means that the client > cannot set or remove a server status, such as serverUpdateProhibited. I > hope this clarifies what is defined in the EPP RFCs (5730-5733) and > draft-ietf-regext-org. > > > > Thanks, > > > > — > > JG > > > > > > > > James Gould > > Distinguished Engineer > > jgould@Verisign.com > > > > 703-948-3271 > > 12061 Bluemont Way > > Reston, VA 20190 > > > > Verisign.com <http://verisigninc.com/> > > > > On 10/31/18, 10:23 AM, "Benjamin Kaduk" <kaduk@mit.edu> wrote: > > > > Trimming to just one potentially problematic suggestion... > > > > On Wed, Oct 31, 2018 at 10:25:42AM +0800, Linlin Zhou wrote: > > > > > > Linlin Zhou > > > > ---------------------------------------------------------------------- > > > DISCUSS: > > > > ---------------------------------------------------------------------- > > [...] > > > [Linlin] Our proposal is to add the lead-in bolded text to match the > existing EPP RFC's to the Organization mapping. There has been no issues > with the interpretation of the statuses with the EPP RFCs, so it's best to > match them as closely as possible. In section 3.4, > > > > [bold does not work super-well in text/plain mail, but > > https://www.ietf.org/mail-archive/web/regext/current/msg01912.html > can show > > it] > > > > > An organization object MUST always have at least one associated > status > > > value. Status values can be set only by the client that sponsors an > > > organization object and by the server on which the object resides. A > > > client can change the status of an organization object using the EPP > > > <update> command. Each status value MAY be accompanied by a string > > > of human-readable text that describes the rationale for the status > > > applied to the object. > > > > > > A client MUST NOT alter status values set by the server. A server > > > > This seems overly zealous to the point of being harmful. For example, > if a > > server sets the status to "ok", a client cannot replace it by > > clientLinkProhibited? > > > > -Benjamin > > > > > MAY alter or override status values set by a client, subject to > local > > > server policies. The status of an object MAY change as a result of > > > either a client-initiated transform command or an action performed > by > > > a server operator. > > > > > > Status values that can be added or removed by a client are prefixed > > > with "client". Corresponding status values that can be added or > > > removed by a server are prefixed with "server". The "hold" and > > > "terminated" status values are server-managed when the organization > > > has no parent identifier [Section 3.6] and otherwise MAY be client- > > > managed based on server policy. Status values that > > > do not begin with either "client" or "server" are server-managed. > > > > > > Take "clientUpdateProhibited" for example. > > > If status value "clientUpdateProhibited" is set by a client > > > then <update> command is not allowed to perform by a client > > > If status value "clientUpdateProhibited" is removed by a client or a > server > > > then no limitation of performing EPP commands > > > > > > > > > > > > > > >
- [regext] Eric Rescorla's Discuss on draft-ietf-re… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk