IETF Logo Mail Archive

Re: [regext] WG LAST CALL: draft-ietf-regext-unhandled-namespaces-03

"Gould, James" <jgould@verisign.com> Mon, 19 October 2020 13:31 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BED43A098E for <regext@ietfa.amsl.com>; Mon, 19 Oct 2020 06:31:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BwhRKHfA96QJ for <regext@ietfa.amsl.com>; Mon, 19 Oct 2020 06:31:13 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7BC93A098B for <regext@ietf.org>; Mon, 19 Oct 2020 06:31:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=9180; q=dns/txt; s=VRSN; t=1603114273; h=from:to:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=QCXOpvCFBFK9iX1awu6hVvcfmQsfVIdX13cbWj58XmA=; b=qMG3oBRMlsSaiFw9exTeEMqOx2pJW4sudmt9AcnKDWshMmIt04fUUOx8 xsn7NzVT3kStESgC1Xw8vjhpyKSMJfN6tEI4+TugLgehx1gQvLDUg+P0l O7VxhLs1wE7+YUKRpczroBZY4gznjtT6QgrIykUjanyIQ+npjJA3ep5wS komSkiPL0bGq3KeyURO5hUODNdEow8MMrWS+e3ur4Fv099kYkutf42hEx q5YI04XQ8rmCdcIN62C3cB1FMz491tRVmVqL2Au9H5AV3cusD48vFJ6hS kTf0ilaVa53aetSEhKM7d4wQSqMopjWSFw17gkk5VJFd9+vrJVQG9pOkV Q==;
IronPort-SDR: esBVNYRMCOK4h5lctUmxK3Y99sctjRbXw8C84iTVLFV7PappCHurO+3LXepYsUMU3TXsB3TLgJ HszVuT46BYLOubOaTuz71shFMipCOoWNtnUJR1OMV91/tBA0QEGKkpiINyujNaS9ByBK6zPhFI KgApliII7TG3JS8rnwMD6yUTKng/BKZeaSG9dK7UOkXlThKHFC4wYEfHCUKHsZdUJ8hEc4vbQh 0Dkf9UxOzGVAOne7vMOfGp8z64sCf0uknifuMJSmS9DWYMaJsZUwpQYhSyHlrW3KIBml2XLAar c7s=
X-IronPort-AV: E=Sophos;i="5.77,394,1596499200"; d="scan'208";a="2844106"
IronPort-PHdr: 9a23:Z25t/xUZ4lZ9Vxq91yPkwrzKRyfV8LGtZVwlr6E/grcLSJyIuqrYZRSCtadThVPEFb/W9+hDw7KP9fy5BipfuN3a7TgrS99lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBoKevrB4Xck9q41/yo+53Ufg5EmCexbal9IRmrrwjdrMsbjZZtJqs/yhbCv2dFdflRyW50P1yYggzy5t23/J5t8iRQv+wu+stdWqjkfKo2UKJVAi0+P286+MPkux/DTRCS5nQHSWUZjgBIAwne4x7kWJr6rzb3ufB82CmeOs32UKw0VDG/5KplVBPklCEKPCM//WrKiMJ/kbhbrQqhqRJh3oDUfI+bOvlwfqzfc9waRHZOUMleWCFaHoOzdI4PA/YdMetCrYTwoUYFoxukBQmrAePi0jFEiH7x3a0n1+QuDBnK1xEkEd0UtXTbss71OKkPWu2yzqnIwjLDb+5S2Tjg84XIbA4uoeuNXbJrcMrRxk8vGxnZgVWXrIzoJjWY3fkCvGaH9eRvT/6vi3I5pAFrpDii3sQhh4fUio8UxV7I6yF0zYY6K9C7VkJ1YdqpHYdeui2ENIZ7QcMvTmN0tSskyrAKpYO2cSkKxZkjyRPSafyJfYeO7xn+WuiRJjJ4i2hkeLK5nxuy71avyvf9Vsmv0VZKoSxFktjKtn8RzRDc9s+HSv5l8ki92DaPzBzc6uZeLU8okqrbLoYtwr8umZoPv0TPBCj2mF/5jKOOaEol9fKn6+H/YrXiuJCQLZN7igb7Mqkoh8exAvw4PxATU2SH4+iwyb/u8EPjTLlXjvA7nLPVvZ/eKMgDu6K1HxVZ3psh5hqjFTuqzdsVkHodIF5Yex+KiZXiNUvUL/DiF/i/hkyhkDJsx//bILLsGo7NLn3fkLf5erZ99lJcxBIzzd9B45JUDakMLe/vVEHpqdDXDgc3PQO1zOr7FtlxzJ0eVn6IAq+DKKPeq0WH6f81L+mSfo8VozD9J+I56P7piH81gV4dfa+30psLcH20A+hqL1+EbXfujNoNC3oGswowQeDwh1CPVSZfZ3OoUKI94jE7BpimDYDGRo21gryB0yC7HoBSZm9bEV2MD2nnd5+FW/cXaSKSLclhniYYWrimTo8tzQuuuxPiy7p7MurU/TUVtYrm1NVu+uLTkg0y+iZyD8uAz26NSHt4kX8PRz8zxKp/u1Byyk+f0ahkhPxVDcZT6O1GUggkOp/c0/d3C9HsVQLdcNeFUlGmQs+pAWJ5ctVkiccLS0p6B9ykghvEmSGtBvVdw6SOLJAz7qva03P2Yc16ziCCnOM7glYrUtdnNGC6iOh47QeZT9rTnkqUh7qCdKkA0mjK7mjVnkSUu0QNGiF3TKHJGTg9b07btp6xskHNSKKqBZw5PxFA0s+NLO1Bbdi/3gYOf+vqJNmLOzH5oGy3Hxvdnr4=
X-IPAS-Result: A2H7BAAplI1f/zGZrQpdA4EJg0SBJYE0CoQzkRiDeZdvFyYLAQEBAQEBAQEBCAEfEAQBAQKESAIXgXgmOBMCAwEBCwEBAQUBAQEBAQYDAQEBAoZKDII3Ins9CT0BAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEFAggHTQcxFgEfAQUjETobAgEIGAICEgETAgICMBUQAgQBEoMmAbF/gTKFV4UHgQ4qhmCGcYFCPoERJxyCTT6EJRgXCiYBAoJNM4IsBJNOhzWcdwMHgmqJBItYhhgfhECXPoVSkzGIfhKBY5U6AgQCBAUCFYFrgXtwFTsqAYI+CUcXAg2OKxcUgzqKVnQOJwMCBgEJAQEDCYwED4EkgREBAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 19 Oct 2020 09:31:10 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2106.002; Mon, 19 Oct 2020 09:31:10 -0400
From: "Gould, James" <jgould@verisign.com>
To: "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] WG LAST CALL: draft-ietf-regext-unhandled-namespaces-03
Thread-Index: AQHWpbyiL6cvTJWd/k2IcHWB7mIWQKme7L0A
Date: Mon, 19 Oct 2020 13:31:10 +0000
Message-ID: <75A43B1C-5D7B-4CE6-B126-303B3F34AB35@verisign.com>
References: <04DF4069-4B02-489C-BB6E-94DEB581F862@elistx.com> <1596663b-1d40-44a7-beb4-dd41172dea91@www.fastmail.com>
In-Reply-To: <1596663b-1d40-44a7-beb4-dd41172dea91@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <0FC7460C87DBBB43A1DE4E4F97ACA9A9@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/DJhJxJXMuRhxWCVUN4cgWzDoXw4>
Subject: Re: [regext] WG LAST CALL: draft-ietf-regext-unhandled-namespaces-03
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2020 13:31:14 -0000

Patrick, 

Thank you for your thoughts and feedback.  I provide responses to your feedback embedded below.

-- 

JG



James Gould
Fellow Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/>

On 10/18/20, 10:07 PM, "regext on behalf of Patrick Mevzek" <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote:



    On Fri, Oct 2, 2020, at 15:52, James Galvin wrote:
    > The following working group document is believed to be ready for 
    > submission to the IESG for publication as a standards track document:
    > 
    > https://secure-web.cisco.com/119Z6-9QCgolQ6IIOiTngyTDdKf1s3AaRBIxnoSkXH2U85ZP_AkwLkWZxbHfpOCtj0tOQgqGMA93ErjU_nX7UNe_uUkyJYV_6Do7PdfWfcCAJN7TaogAr1ErpuD8biWr-C7ZDwU0xROsE8h7FxzV3D01y4QmoAeeHGbG50UKbC7oFagBzR2dKXS3hv5-bVdXWwa2fkdW0SIVjPB3nL4n9CL6n1rTU5r0Z7PdqAUhJyS8zLeWg5leNiOHa686p1RLAFGuREUj-R-e-bziJjAlgVw/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-unhandled-namespaces%2F

    This specification will create interoperability problems as drafted.

    Even if the server announces this extension, all current clients not knowing
    about it will have this new behavior forced on them,
    which contradicts what RFC 5730 says (see below).
    So the mechanism should be that the server does not enable this behavior
    until having explicit acknowledgement by the client that it is ok to do so.

    Considering a default opt-in puts all currently existing EPP clients at risk.

JG - draft-ietf-regext-unhandled-namespaces addresses an interoperability issue with the server returning extensions that the client specified is not supported.  The <extValue> element is already a feature supported by RFC 5730, so this is not something "forced on them".  Consider the poll queue scenario, where the server does not know what the client supports when inserting the message, but will only know when the client consumes the message later.  When asking for the poll message, should the server violate RFC 5730 by returning the message that contains an extension the client did not explicitly include in the login services?   draft-ietf-regext-unhandled-namespaces provides an option to return the poll message without violating RFC 5730 based on what's specified in the login services using an existing protocol feature.  This is not a new feature from a protocol perspective that will cause an interoperability issue.  

    Especially since this specification redefines what is in RFC 5730,
    which says:
    Zero or more OPTIONAL <extValue> elements that can be used to
             provide additional error diagnostic information, including:

             *  A <value> element that identifies a client-provided element
                (including XML tag and value) that caused a server error
                condition.

    Note the "client-provided element" and compare to this example
    in the draft:
    S:      <extValue>
    S:        <value>
    S:          <domain:trnData
    S:            xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
    S:            <domain:name>example.com</domain:name>
    S:            <domain:trStatus>pending</domain:trStatus>
    S:            <domain:reID>ClientX</domain:reID>
    S:            <domain:reDate>2000-06-06T22:00:00.0Z</domain:reDate>
    S:            <domain:acID>ClientY</domain:acID>
    S:            <domain:acDate>2000-06-11T22:00:00.0Z</domain:acDate>
    S:            <domain:exDate>2002-09-08T22:00:00.0Z</domain:exDate>
    S:          </domain:trnData>
    S:        </value>


    <domain:trnData> was not client-provided, yet it is in extValue > value node.
    (so an existing client sticking to RFC5730 may see this content and believe
    it has made an error, and not understanding anything about the content
    provided since it is not at all a content coming from it, the client).

    It is also not really a "server error condition".

    The value/extValue of RFC 5730 have been stretched out as of their use
    in so many proprietary extensions, that I do not think it is a good
    idea to have  standard even doing that.

JG - Yes, the <extValue> is not being used for an client-side error condition in this use case and will not return client-side elements.  The <extValue> is being used to indicate what response extensions could not be returned in their standard location due to lack of support by the client.  There is no normative language in RFC 5730 that would prohibit the use of <extValue> for the use case covered in draft-ietf-regext-unhandled-namespaces.   

    Going deeper, it is not even clear if RFC 5730 allows really a return code of
    success but still have value/extValue nodes. There may be nothing at it 
    in the schema, but the text says:

    Success and failure results
       MUST NOT be mixed.
    [..]

    Zero or more OPTIONAL <value> elements [..] that caused a server error condition.

    Zero or more OPTIONAL <extValue> elements that can be used to
             provide additional error diagnostic information

    Note how both nodes are specifically tied to "errors".


    There may be clients out there that will consider value/extValue only for error
    return codes (>=2000) and will get confused when getting back 1000 but with extValue
    as this draft calls for.

JG - RFC 5730 did not envision this case, which is the point with the standardization of draft-ietf-regext-unhandled-namespaces.  This is not an error, so there is no mixing of success and failure results.  draft-ietf-regext-unhandled-namespaces explicitly specifies the use of the <extValue> to address the mismatch of supported client and server extensions.

    Finally,
    It should certainly not be "Best Current Practice".
    It is neither proved to be "best" nor is it "current practice".

JG - Thank you for your feedback on this.  It was agreed to change the draft from a BCP to Standards Track based on a prior thread on the list.  

    -- 
      Patrick Mevzek
      pm@dotandco.com

    _______________________________________________
    regext mailing list
    regext@ietf.org
    https://secure-web.cisco.com/1G70d8BFIRruB1gzgN4-l0VXcLRCOu5-Kkw155RE1urlw78x6COxKBNOVoKRD5d7gZRHjRtEaKwurVioHW6vjLWdedF59tepS4nOgAwDY53YAaaJ99XFQV4erv91A0jcXzvxlQ8_5CTfdCTgDlmfp2ZLEWB4TV4vGQxMh8Mbv6cnyzxKG7quFet4HcdzIgEjBrmnthnBXm8qRmSmXVt1637enoWqaiXOiciCJuraD95qGyU2defRxBMOLuRmsNYUnkIoOE76uJqu0wh_i4FPqfSoc4nDyyfR9DJIgHHU7gYE/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext

v2.23.0 | Report a Bug | By Email