IETF Logo Mail Archive

Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Thu, 25 October 2018 11:49 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9C16130E48 for <regext@ietfa.amsl.com>; Thu, 25 Oct 2018 04:49:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kd_30tAw4DNs for <regext@ietfa.amsl.com>; Thu, 25 Oct 2018 04:49:50 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1DF311286E3 for <regext@ietf.org>; Thu, 25 Oct 2018 04:49:50 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id d7-v6so6555282lfi.2 for <regext@ietf.org>; Thu, 25 Oct 2018 04:49:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=fK1RBHOd3r2px8giVsW4T2Y3v73zaJjN3cLTHaUmJE8=; b=jm1rU1PWPkVNWTrseDPpp+qB9j8+PrAx1d0vnkORQx23vpz1pnJs2zTglf4yWSpygg 2Nsi2ZtmTzYAba/8kB6VH/1BMRigUEmWhgepHyRsAawuk+2yv6nWY8742KVwJNzMIN70 qiqtkZHfzersW/u9ZsJMWQUH+s9n8a7Yi/ZxcMTwOUFoJ0dbiY7RyPUP8aj5X3oKS424 k7MkYYjhmu3zCoJ4y3OlnYfpvQzaZWTpsAXpn69vCqXb5L3MhAmLVe+gLyCSZQ1XXbgu JBfUDC9Kj3deVCGDjWWsLAVITblZ/UVfY0BAijLTVwRqx32RncHa4n5BPDE+eDJ3hsd8 o8Fw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=fK1RBHOd3r2px8giVsW4T2Y3v73zaJjN3cLTHaUmJE8=; b=hkjbxGW9BNi6V+Ot5iNKkO7e2wKN0hGpneZYRAUIl4nLkwEvpcJ6tIPylM28KNFJP8 K0KLox3TdGpeZtojWbOlt5PIdM3v/CZ53tc0fggh6BCMqUAVDEo4mvrEShlq90jpyepv ziNmMubc7AiJ/kmn4kCePVMtLXtqt1Rl+3QStHk0RNxPZN/ML1E/s0vwu3WPsI1Gb45/ CYeZhmPYZVERLTrLOmz6vs553GRNP4GKPacuM51W997RgaI+16WckWSA88jswq4oRk4V PLLQ/atviswyM/jXvA8I8v/mIXwan4qgw8+kSq/pHZvNB89ZsHQxinw8cv+CmR1l9hYs 4xTg==
X-Gm-Message-State: AGRZ1gJOmrXKjWfs12W541Gc/zWcJqKhkwBQB4+UCOyi7et+mbPIDowy rr8cra+z8VavGnoK1jkdGdC87XqZwQfE4gtEd+Tg8Q==
X-Google-Smtp-Source: AJdET5dtvQtu0fGK6PW4MIosVVXWiyf1X7FiXyGvJ7zuXO1bQKlHek7pjg+jaxYAydgvdytsqybSGtAvyXaBo9yRypI=
X-Received: by 2002:a19:5a05:: with SMTP id o5mr1008211lfb.140.1540468187952; Thu, 25 Oct 2018 04:49:47 -0700 (PDT)
MIME-Version: 1.0
References: <154040431305.6967.8110836894354286749.idtracker@ietfa.amsl.com> <20181025174522837431196@cnnic.cn>
In-Reply-To: <20181025174522837431196@cnnic.cn>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 25 Oct 2018 04:49:33 -0700
Message-ID: <CABcZeBMtZXNJR5oAsb8Do995herP010tShq46N_6JZaZxHtp8A@mail.gmail.com>
To: zhoulinlin@cnnic.cn
Cc: IESG <iesg@ietf.org>, regext-chairs@ietf.org, pieter.vandepitte@dnsbelgium.be, draft-ietf-regext-org@ietf.org, regext@ietf.org
Content-Type: multipart/alternative; boundary="000000000000218f0305790c3360"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/APVUce-JS66bAMRnjgtHph_-a6k>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Oct 2018 11:49:54 -0000

On Thu, Oct 25, 2018 at 2:44 AM Linlin Zhou <zhoulinlin@cnnic.cn> wrote:

> Dear Eric,
> Thanks for your review. Please see my feedbacks below with [Linlin].
>
> Regards,
> Linlin
> ------------------------------
> Linlin Zhou
>
>
> *From:* Eric Rescorla <ekr@rtfm.com>
> *Date:* 2018-10-25 02:05
> *To:* The IESG <iesg@ietf.org>
> *CC:* regext-chairs <regext-chairs@ietf.org>; Pieter Vandepitte
> <pieter.vandepitte@dnsbelgium.be>; draft-ietf-regext-org
> <draft-ietf-regext-org@ietf.org>; regext <regext@ietf.org>
> *Subject:* [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11:
> (with DISCUSS and COMMENT)
> Eric Rescorla has entered the following ballot position for
> draft-ietf-regext-org-11: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-regext-org/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> Rich version of this review at:
> https://mozphab-ietf.devsvcdev.mozaws.net/D3624
>
>
> This DISCUSS should be easy to clear. I have noted a few points where
> I do not believe that the spec is sufficiently clear to implement.
>
> DETAIL
> S 3.4.
> >
> >      o  clientUpdateProhibited, serverUpdateProhibited: Requests to
> update
> >         the object (other than to remove this status) MUST be rejected.
> >
> >      o  clientDeleteProhibited, serverDeleteProhibited: Requests to
> delete
> >         the object MUST be rejected.
>
> How does access control work here? If either of these values are set,
> then it must be rejected?
> [Linlin] If you mean that clientUpdateProhibited and
> serverUpdateProhibited are set, these two statuses can coexist in the
> system. "clientUpdateProhibited" is set by the client and
> "serverUpdateProhibited" is set by the server.
>
>
That's not what I mean. What I mean is "what is the access control rule
that the server is supposed to apply".

>
>
>
> S 4.1.2.
> >      C:        <org:id>res1523</org:id>
> >      C:      </org:info>
> >      C:    </info>
> >      C:    <clTRID>ABC-12345</clTRID>
> >      C:  </command>
> >      C:</epp>
>
> So I can only <info> one org?
> [Linlin] Yes, <info> command supports one org id.
>
>
Ok.


>
> S 4.1.2.
> >
> >      o  One or more <org:status> elements that contain the operational
> >         status of the organization, as defined in Section 3.4.
> >
> >      o  An OPTIONAL <org:parentId> element that contains the identifier
> of
> >         the parent object, as defined in Section 3.6.
>
> It's not clear to me what's really optional here, because you say
> above that it's up to the server but then you label some stuff here as
> OPTIONAL
> [Linlin] If this sentence makes confusion. How about changing it to "It
> is up to the server policy to decide
> what optional attributes will be returned of an organization object." or
> just remove it?
>
>
I don't know, because I don't understand the semantics you are aiming for.
Are the other attributes optional.



>
> S 3.4.
> >         rejected.
> >
> >      o  linked: The organization object has at least one active
> >         association with another object.  The "linked" status is not
> >         explicitly set by the client.  Servers should provide services to
> >         determine existing object associations.
>
> I'm not following this text. It is set by the server?
> [Linlin] Yes, it is set by the server. Benjamin's comment will be adopted.
> Adding a sentence to clarify. "Other status values that do not begin with
> either "client" or "server" are server-managed".
>
>
> S 3.4.
> >         has been processed for the object, but the action has not been
> >         completed by the server.  Server operators can delay action
> >         completion for a variety of reasons, such as to allow for human
> >         review or third-party action.  A transform command that is
> >         processed, but whose requested action is pending, is noted with
> >         response code 1001.
>
> Who can set this?
>  [Linlin] The server can set the error code to 1001 and send the response
> to the client.
>
>
Sorry, context got lost. Who can set "pendingCreate"?



> S 3.5.
> >         association with another object.  The "linked" status is not
> >         explicitly set by the client.  Servers SHOULD provide services to
> >         determine existing object associations.
> >
> >      o  clientLinkProhibited, serverLinkProhibited: Requests to add new
> >         links to the role MUST be rejected.
>
> see above question about access control
> [Linlin] If both the clientXXXProhibited and serverXXXProhibited are set,
> this situation is permitted.
>
>
Sorry, this is still not clear to me.

>
>
>


> S 3.6.
> >      not defined for the top level reseller, namely the registrar of the
> >      registry.  An N-tier reseller has a parent reseller and at least one
> >      child reseller.  A reseller customer has a parent reseller and no
> >      child resellers.
> >
> >      Loops MUST be prohibited.  For example: if organization A has B as
>
> Who is this a levy on? The server MUST enforce it? What does it do if
> there is an error?
>  [Linlin] It is up to the servers to manage the organization levels. For
> example, if client creates a new organization with parentID, the server
> should validate this ID has no loop relation with others. If validation
> fails , the server should respond with an error code such as "2305" or
> other proper error codes.
>
>
OK, that would be good to explain.


> S 4.1.2.
> >         email address.
> >
> >      o  An OPTIONAL <org:url> element that contains the URL to the
> website
> >         of the organization.
> >
> >      o  Zero or more OPTIONAL <org:contact> elements that contain
>
> Isn't 0 and OPTIONAL redundant?
>  [Linlin] Yes. This will be updated.
>
> S 4.1.2.
> >         organization object.  Contact object identifiers MUST be known to
> >         the server before the contact object can be associated with the
> >         organization object.  The required "type" is used to represent
> >         contact types.  The type values include "admin", "tech",
> >         "billing", "abuse", and "custom".  The OPTIONAL "typeName"
> >         attribute is used to define the name of a "custom" type.
>
> Are duplicates allowed?
>  [Linlin] If you mean the org can have two contacts with the same "admin"
> type, this is allowed according to the XML schema.
>
> S 4.2.1.
> >         status of the organization, as defined in Section 3.4.
> >
> >      o  An OPTIONAL <org:parentId> element that contains the identifier
> of
> >         the parent object, as defined in Section 3.6.
> >
> >      o  Zero to two <org:postalInfo> elements that contain postal-address
>
> These rules looks duplicative of <info>. Is there a way to collapse
> them?
>
> S 4.2.5.
> >      where at least one child element MUST be present:
> >
> >      o  An OPTIONAL <org:parentId> element that contains the identifier
> of
> >         the parent object.
> >
> >      o  Zero to two <org:postalInfo> elements that contain postal-address
>
> This also seems duplicative.
> [Linlin] Indeed some elements descriptions appear some times in the
> document. I'd like to have some explanations here again.
> This document borrowed the text structure from RFC5731, RFC5732 and
> RFC5733 of EPP. I think the intension of having some duplicated
> descriptions is for users' easy reading. When seeing the examples, they do
> not have to scroll up and down to find the elements definitions. Some
> descriptions are a little different, although <org:postalInfo> elements
> appear to be duplicated. Such as, "One or more <org:status> elements" in
> <info> response and "Zero or more <org:status> elements" in <create>
> command. Of course putting all the elements definitions in a section is a
> concise way for the document structure.
>
>
It's much harder for implementors because they don't know how to refactor
common code.

-Ekr


>
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext
>
>

v2.23.0 | Report a Bug | By Email