Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Thu, 25 October 2018 11:49 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C16130E48 for <regext@ietfa.amsl.com>; Thu, 25 Oct 2018 04:49:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd_30tAw4DNs for <regext@ietfa.amsl.com>; Thu, 25 Oct 2018 04:49:50 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DF311286E3 for <regext@ietf.org>; Thu, 25 Oct 2018 04:49:50 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id d7-v6so6555282lfi.2 for <regext@ietf.org>; Thu, 25 Oct 2018 04:49:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fK1RBHOd3r2px8giVsW4T2Y3v73zaJjN3cLTHaUmJE8=; b=jm1rU1PWPkVNWTrseDPpp+qB9j8+PrAx1d0vnkORQx23vpz1pnJs2zTglf4yWSpygg 2Nsi2ZtmTzYAba/8kB6VH/1BMRigUEmWhgepHyRsAawuk+2yv6nWY8742KVwJNzMIN70 qiqtkZHfzersW/u9ZsJMWQUH+s9n8a7Yi/ZxcMTwOUFoJ0dbiY7RyPUP8aj5X3oKS424 k7MkYYjhmu3zCoJ4y3OlnYfpvQzaZWTpsAXpn69vCqXb5L3MhAmLVe+gLyCSZQ1XXbgu JBfUDC9Kj3deVCGDjWWsLAVITblZ/UVfY0BAijLTVwRqx32RncHa4n5BPDE+eDJ3hsd8 o8Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fK1RBHOd3r2px8giVsW4T2Y3v73zaJjN3cLTHaUmJE8=; b=hkjbxGW9BNi6V+Ot5iNKkO7e2wKN0hGpneZYRAUIl4nLkwEvpcJ6tIPylM28KNFJP8 K0KLox3TdGpeZtojWbOlt5PIdM3v/CZ53tc0fggh6BCMqUAVDEo4mvrEShlq90jpyepv ziNmMubc7AiJ/kmn4kCePVMtLXtqt1Rl+3QStHk0RNxPZN/ML1E/s0vwu3WPsI1Gb45/ CYeZhmPYZVERLTrLOmz6vs553GRNP4GKPacuM51W997RgaI+16WckWSA88jswq4oRk4V PLLQ/atviswyM/jXvA8I8v/mIXwan4qgw8+kSq/pHZvNB89ZsHQxinw8cv+CmR1l9hYs 4xTg==
X-Gm-Message-State: AGRZ1gJOmrXKjWfs12W541Gc/zWcJqKhkwBQB4+UCOyi7et+mbPIDowy rr8cra+z8VavGnoK1jkdGdC87XqZwQfE4gtEd+Tg8Q==
X-Google-Smtp-Source: AJdET5dtvQtu0fGK6PW4MIosVVXWiyf1X7FiXyGvJ7zuXO1bQKlHek7pjg+jaxYAydgvdytsqybSGtAvyXaBo9yRypI=
X-Received: by 2002:a19:5a05:: with SMTP id o5mr1008211lfb.140.1540468187952; Thu, 25 Oct 2018 04:49:47 -0700 (PDT)
MIME-Version: 1.0
References: <154040431305.6967.8110836894354286749.idtracker@ietfa.amsl.com> <20181025174522837431196@cnnic.cn>
In-Reply-To: <20181025174522837431196@cnnic.cn>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 25 Oct 2018 04:49:33 -0700
Message-ID: <CABcZeBMtZXNJR5oAsb8Do995herP010tShq46N_6JZaZxHtp8A@mail.gmail.com>
To: zhoulinlin@cnnic.cn
Cc: IESG <iesg@ietf.org>, regext-chairs@ietf.org, pieter.vandepitte@dnsbelgium.be, draft-ietf-regext-org@ietf.org, regext@ietf.org
Content-Type: multipart/alternative; boundary="000000000000218f0305790c3360"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/APVUce-JS66bAMRnjgtHph_-a6k>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 11:49:54 -0000
On Thu, Oct 25, 2018 at 2:44 AM Linlin Zhou <zhoulinlin@cnnic.cn> wrote: > Dear Eric, > Thanks for your review. Please see my feedbacks below with [Linlin]. > > Regards, > Linlin > ------------------------------ > Linlin Zhou > > > *From:* Eric Rescorla <ekr@rtfm.com> > *Date:* 2018-10-25 02:05 > *To:* The IESG <iesg@ietf.org> > *CC:* regext-chairs <regext-chairs@ietf.org>; Pieter Vandepitte > <pieter.vandepitte@dnsbelgium.be>; draft-ietf-regext-org > <draft-ietf-regext-org@ietf.org>; regext <regext@ietf.org> > *Subject:* [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: > (with DISCUSS and COMMENT) > Eric Rescorla has entered the following ballot position for > draft-ietf-regext-org-11: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-org/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Rich version of this review at: > https://mozphab-ietf.devsvcdev.mozaws.net/D3624 > > > This DISCUSS should be easy to clear. I have noted a few points where > I do not believe that the spec is sufficiently clear to implement. > > DETAIL > S 3.4. > > > > o clientUpdateProhibited, serverUpdateProhibited: Requests to > update > > the object (other than to remove this status) MUST be rejected. > > > > o clientDeleteProhibited, serverDeleteProhibited: Requests to > delete > > the object MUST be rejected. > > How does access control work here? If either of these values are set, > then it must be rejected? > [Linlin] If you mean that clientUpdateProhibited and > serverUpdateProhibited are set, these two statuses can coexist in the > system. "clientUpdateProhibited" is set by the client and > "serverUpdateProhibited" is set by the server. > > That's not what I mean. What I mean is "what is the access control rule that the server is supposed to apply". > > > > S 4.1.2. > > C: <org:id>res1523</org:id> > > C: </org:info> > > C: </info> > > C: <clTRID>ABC-12345</clTRID> > > C: </command> > > C:</epp> > > So I can only <info> one org? > [Linlin] Yes, <info> command supports one org id. > > Ok. > > S 4.1.2. > > > > o One or more <org:status> elements that contain the operational > > status of the organization, as defined in Section 3.4. > > > > o An OPTIONAL <org:parentId> element that contains the identifier > of > > the parent object, as defined in Section 3.6. > > It's not clear to me what's really optional here, because you say > above that it's up to the server but then you label some stuff here as > OPTIONAL > [Linlin] If this sentence makes confusion. How about changing it to "It > is up to the server policy to decide > what optional attributes will be returned of an organization object." or > just remove it? > > I don't know, because I don't understand the semantics you are aiming for. Are the other attributes optional. > > S 3.4. > > rejected. > > > > o linked: The organization object has at least one active > > association with another object. The "linked" status is not > > explicitly set by the client. Servers should provide services to > > determine existing object associations. > > I'm not following this text. It is set by the server? > [Linlin] Yes, it is set by the server. Benjamin's comment will be adopted. > Adding a sentence to clarify. "Other status values that do not begin with > either "client" or "server" are server-managed". > > > S 3.4. > > has been processed for the object, but the action has not been > > completed by the server. Server operators can delay action > > completion for a variety of reasons, such as to allow for human > > review or third-party action. A transform command that is > > processed, but whose requested action is pending, is noted with > > response code 1001. > > Who can set this? > [Linlin] The server can set the error code to 1001 and send the response > to the client. > > Sorry, context got lost. Who can set "pendingCreate"? > S 3.5. > > association with another object. The "linked" status is not > > explicitly set by the client. Servers SHOULD provide services to > > determine existing object associations. > > > > o clientLinkProhibited, serverLinkProhibited: Requests to add new > > links to the role MUST be rejected. > > see above question about access control > [Linlin] If both the clientXXXProhibited and serverXXXProhibited are set, > this situation is permitted. > > Sorry, this is still not clear to me. > > > > S 3.6. > > not defined for the top level reseller, namely the registrar of the > > registry. An N-tier reseller has a parent reseller and at least one > > child reseller. A reseller customer has a parent reseller and no > > child resellers. > > > > Loops MUST be prohibited. For example: if organization A has B as > > Who is this a levy on? The server MUST enforce it? What does it do if > there is an error? > [Linlin] It is up to the servers to manage the organization levels. For > example, if client creates a new organization with parentID, the server > should validate this ID has no loop relation with others. If validation > fails , the server should respond with an error code such as "2305" or > other proper error codes. > > OK, that would be good to explain. > S 4.1.2. > > email address. > > > > o An OPTIONAL <org:url> element that contains the URL to the > website > > of the organization. > > > > o Zero or more OPTIONAL <org:contact> elements that contain > > Isn't 0 and OPTIONAL redundant? > [Linlin] Yes. This will be updated. > > S 4.1.2. > > organization object. Contact object identifiers MUST be known to > > the server before the contact object can be associated with the > > organization object. The required "type" is used to represent > > contact types. The type values include "admin", "tech", > > "billing", "abuse", and "custom". The OPTIONAL "typeName" > > attribute is used to define the name of a "custom" type. > > Are duplicates allowed? > [Linlin] If you mean the org can have two contacts with the same "admin" > type, this is allowed according to the XML schema. > > S 4.2.1. > > status of the organization, as defined in Section 3.4. > > > > o An OPTIONAL <org:parentId> element that contains the identifier > of > > the parent object, as defined in Section 3.6. > > > > o Zero to two <org:postalInfo> elements that contain postal-address > > These rules looks duplicative of <info>. Is there a way to collapse > them? > > S 4.2.5. > > where at least one child element MUST be present: > > > > o An OPTIONAL <org:parentId> element that contains the identifier > of > > the parent object. > > > > o Zero to two <org:postalInfo> elements that contain postal-address > > This also seems duplicative. > [Linlin] Indeed some elements descriptions appear some times in the > document. I'd like to have some explanations here again. > This document borrowed the text structure from RFC5731, RFC5732 and > RFC5733 of EPP. I think the intension of having some duplicated > descriptions is for users' easy reading. When seeing the examples, they do > not have to scroll up and down to find the elements definitions. Some > descriptions are a little different, although <org:postalInfo> elements > appear to be duplicated. Such as, "One or more <org:status> elements" in > <info> response and "Zero or more <org:status> elements" in <create> > command. Of course putting all the elements definitions in a section is a > concise way for the document structure. > > It's much harder for implementors because they don't know how to refactor common code. -Ekr > > _______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext > >
- [regext] Eric Rescorla's Discuss on draft-ietf-re… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk