Re: [regext] WG LAST CALL: draft-ietf-regext-unhandled-namespaces-03

"Gould, James" <jgould@verisign.com> Mon, 02 November 2020 15:42 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 017A53A1231 for <regext@ietfa.amsl.com>; Mon, 2 Nov 2020 07:42:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bkdrAAyzGeQk for <regext@ietfa.amsl.com>; Mon, 2 Nov 2020 07:42:35 -0800 (PST)
Received: from mail5.verisign.com (mail5.verisign.com [69.58.187.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B86D73A120C for <regext@ietf.org>; Mon, 2 Nov 2020 07:42:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=4442; q=dns/txt; s=VRSN; t=1604331751; h=from:to:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=pD5OPNIFXzQNa7vv0SPKdl5HPFOGORbH9Gd2c4rt/Vw=; b=UohTcH1WdC7iEmreC+jy8OgwZJ8oqyXy3PictGYbiaY4snITauq3Ww77 ellDs1cel1ngogHhEraFwVerwkPbgHwi/gQKfsmAkifnXylCYVh9P+BC2 Qq33Gmpj6LCOzvzssaOd8vLCyhA2la8r+1O6GBM03kAf3hvJT4E4Rs+3f APPHVe7fpTH/R4Wd3io09RnqB18MrmcrB54dryRtcE34War334pewuZyK NIzFMK3/JdWMvrhXm6OGoUtW2mUtfyerzA5lpQGkUDhkfdd8tfRPXX2uy 49Ok9UmQnGPn293C23L9uv/86BBka1gurG1rBKl2K0LWPcxslzS9jCVD0 g==;
IronPort-SDR: Q8dkvGJWRAuULzv362ho8mSnMuGGkmOAIyzJ5DCaDx3ffZKK8FKTic/Fh/Ee4Ivz873JnfPqcW Tg7P/CBNpt2oah0LB4b01unoPJbFTpdfi3xy+TQLLNi6A4c2PsfQD8btv40Pn5FZp2udZU4dcV x+ohS/PXX9rQW35ddph9ncdy+8LKGw2ir0+k08cD9Toxu5OuzyACS69z7lfAr5AF1PtvrA69JB q7A21cvJIsMldxTAe/tw/PzuKUcalNAH/N1Rgl6AaB0yktkWYJ66KiqY8zVyiisLEaaKdbSgdg oFI=
X-IronPort-AV: E=Sophos;i="5.77,445,1596513600"; d="scan'208";a="3427651"
IronPort-PHdr: 9a23:ftyxqRAlpy7xfCFiWv1CUyQJP3N1i/DPJgcQr6AfoPdwSP37pM+wAkXT6L1XgUPTWs2DsrQY0rWQ6vi5EjFcqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjWwba5wIRmssAndqtQajYRiJ6s+1xDEvmZGd+NKyG1yOFmdhQz85sC+/J5i9yRfpfcs/NNeXKv5Yqo1U6VWACwpPG4p6sLrswLDTRaU6XsHTmoWiBtIDBPb4xz8Q5z8rzH1tut52CmdIM32UbU5Uims4qt3VBPljjoMOjgk+2/Vl8NwlrpWrhK/qRJi347aboKbO/R/fqzBct0VSnFMXtpKWCxEHo+wc5ECAugHMO1Fr4f9vVwOrR6mCAWiBe3vzSJIhnvr0qEizu8vFRvJ3Ak+ENIVvnjfsdL4NKUdUeCy0anIySjMYuhI2Tjj8ojIcwshofCDXbJ2a8be1U4vFwbcg1iWtIfqMC+b2P4XvGiH8+pvS/ivi2g/pg9+pjWi2Mkhh4fVi48UxV3J6Th0zogpKNClSEN2Yt6qHZlfuSyVKYZ6X8MsTm90tSs0yrALu5y2cTYFxZkpxxDSbeGMfYaP4hLmTumRIDF4iWp7eL2hnRay8FOgyuzzVsmy0VZKqDZKnsPQuXAK0hzf8tSISvpm/ki93jaDzRzc6uZBIUwslKrUNYIhwrAqmpoUq0TDESn7k1j1gq+Obkgo5/Sk5/76brjkqJKQLZJ4hwHwP6g0lcGyBfw0PhUSU2SB5Oix1qHv8VfkTLhFjfA6iLTVvZPcKM8GvKC2GRVV3Zwm6xunCjem18kXkmcfIVJefRKHk5DpO1bTIPDkFfu/g0qjkDNsx/3eI7DvHo3DImXDn7n5crhy6lJQxBQpwdBB+51UDasBIOrpVkDrqdPUFAE5Mxavw+bhEtlyyoQeWWeXDq+YNqPdr0OI6/oyL+WQfoMZpTTwJvY/6/LzjXI0l0URcKat0JcPbXC3BPVmI0GXYXr2hdcBFH8HvggxTOztlV2CVSNcam2sX60i/DE7CZmmDYbMRoCrmrCOwCC7HphOamBcFl+MCWvod5mDW/oUcCKSJ9RsnSEDVbi9UYAh0wyhuxP9y7Z9MuXU/SgYv4r51Ndp/+3TiQ0y9TtsAsSHzW6NQH97n2wURzIt3aBwv1B9ylmZ3ah/mfxYGo8b2/QcGB8/HZLb0+V8B9v1HAnGe53BHE6jatmhHTg3Qtk2hdQJZhA5U5+4gx/OzzaCArIJmfqMHpN+uvbG0nf8N9pVynva2u8mlVZwEeVVMmjzzIF46gzfQ8brmkCUjOziIaYT2zPJ+E+dwHCPp0BXVkh7VqCTDiNXXVffsdmsvhCKdLSpE7lyagY=
X-IPAS-Result: A2EzAwA/KKBf/zGZrQpfA4EJgU+DGoE2CoQzkHUmg3uWMoFAPAsBAQEBAQEBAQEIAR8QBAEBAoRIGYFzJjQJDgIDAQELAQEBBQEBAQEBBgMBAQEChk4Mgjciez0NPQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCCAdNB0cBHwEFIxE6BBkBCBgCAhIBEwIEMBUSBAESG4MLAbJGgTKFV4UJgQ4qhmOGcoFCPoE4DBCBUX4+hCYvCiYBAoJNM4IsBJNgpD4DB4JsiQiLXYYkH4RCnSiTSokCEoFklUcCBAIEBQIVgVSCEnAVOyoBgj4JRxcCDZIQilh0DicDAgYBCQEBAwmMBA+BJIERAQE
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 2 Nov 2020 10:42:28 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2106.002; Mon, 2 Nov 2020 10:42:28 -0500
From: "Gould, James" <jgould@verisign.com>
To: "pm@dotandco.com" <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: [regext] WG LAST CALL: draft-ietf-regext-unhandled-namespaces-03
Thread-Index: AQHWsS7FQpuiFX96okemcOUEuEB2GA==
Date: Mon, 02 Nov 2020 15:42:28 +0000
Message-ID: <AFE2C548-57A4-43DB-8268-070C3C24D895@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <DFF9680353A34E44B39B0DD76EF7889B@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/DyQl4Ch1o4WH7HBxLZp_PH_rnzc>
Subject: Re: [regext] WG LAST CALL: draft-ietf-regext-unhandled-namespaces-03
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Nov 2020 15:42:37 -0000

Patrick,

Do you mean it's better to fail the login if the client doesn't support all of the possible EPP extensions supported by the poll queue?  I view that option as being highly impactful to the clients and it would morph a certain set of services as required by the client at login, which does not currently exist in EPP.  The approach taken in draft-ietf-regext-unhandled-namespaces will not impact clients at login, will not cause a poison message in the poll queue, provides an indication that an extension is not supported, and provides the extension to the client in a protocol compliant manner for later processing if desired.  

There has been no indication from the working group of a technical risk with implementing draft-ietf-regext-unhandled-namespaces.  I agreed to add text to explicitly state that draft-ietf-regext-unhandled-namespaces extends the use of the <extValue> element within section 3 "Use of EPP <extValue> for Unhandled Namespace Data", and to add an Implementation Considerations section to cover the recommendation of client and server monitoring to mitigate a client ignoring content returned by the server.

-- 
 
JG



James Gould
Fellow Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/>

On 11/2/20, 10:16 AM, "regext on behalf of Patrick Mevzek" <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote:

    On Tue, Oct 27, 2020, at 10:55, Thomas Corte wrote:
    > If a registry really wants registrars to understand and process their
    > custom poll messages, it can still resort to simply reject the <login>
    > command if it doesn't contain the namespace in question.

    That would certainly have my preference and it has one big bonus attached to it:
    no need of any change in the protocol, no need of any new extension/namespace,
    no need of any new specification.

    Sometimes the best solutions are not the technical ones.

    And it is not so much a stretch: many, but not all, registries mandate a
    "technical accreditation" at the beginning of the relationship with a given registrar.
    Adding a requirement there to support some namespaces is not a big change
    (a registrar is free of course to signal it during login and then just ignore
    those messages if he wants to ignore them, but then the responsibility clearly
    falls on his end and he is in control of his fate because he signaled the namespaces
    at login, without the registry forcing delivery to it of messages with "dubious"
    validity per RFC 5730).

    -- 
      Patrick Mevzek
      pm@dotandco.com

    _______________________________________________
    regext mailing list
    regext@ietf.org
    https://secure-web.cisco.com/1E73rcs2l3iOpYDTtf4HlaAiULSq3R3UdqpRjAi55QTW-RXUeEqWrgJtJdDriw22K3nr_pIqXo325kguNJzfXgsWVhWpk0DOwWVtdVTf30Hn82dNXT4Z2n97-z9SnE-ijPC04qfQvvCuEAh1sYF37hFY24wfhhiHkw-4M52Qtd4y_nwedk3GWSHBTay1c-esqKc8GULE6Gbg-FftXmkyWGwsB_2u9YIo962MahDtgLBC-cfmAE1pB3G4x_UfFpQW2Ma4oLvOL4HgbKxIQ5xD4Q915Y9uxCivhZWiAE36XUuw/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext