Re: [regext] AD review of draft-ietf-regext-unhandled-namespaces-06
Martin Casanova <martin.casanova@switch.ch> Tue, 26 January 2021 16:22 UTC
Return-Path: <martin.casanova@switch.ch>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF0343A040B; Tue, 26 Jan 2021 08:22:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=switch.ch
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qb88IVkf9bX0; Tue, 26 Jan 2021 08:22:37 -0800 (PST)
Received: from mx1.switch.ch (mx1.switch.ch [84.254.110.100]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D7193A003E; Tue, 26 Jan 2021 08:22:36 -0800 (PST)
X-Virus-Scanned: by SpamTitan at switch.ch
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=switch.ch; s=selector1; t=1611678153; bh=4ctstCZWx24zW8k5SskVw8hRJRegKTw15lXBLVbzS2E=; h=Subject:To:CC:References:From:Date:In-Reply-To; b=G0cRJjLb69pdF3yW0s9WY8ESEHtLQHpZBq2urKMOESHzBBvvUxVDOc05z61rzA5b8 GyRqXS4gypTWwTi3ys9Vvw9cjneEICpOc3dnnXmVR8Ls7dpwQqrZZ22Alu1czPqCSq dkQ9VLSK8eqcv8oX2k0CmZrmIKm3VyuyfP8S+1OrwRCsk4kqjYAUr/y9mo/ZYqRIuZ YPpSiHMRiGyNtN6JVIvHJd+pcCicdbhM1uXozRrYOibvbSFbPnY+2bsOdZ9O9gRIau OMfkM/CWkh3Hyi10/OJXrcKpDwF1BnghAMsHyzj2U6moKyHGGXFw8RQwqkut8HoWmJ W61TBGd4HheOQ==
Authentication-Results: mx1.switch.ch; x-trusted-ip=pass
To: Barry Leiba <barryleiba@computer.org>, draft-ietf-regext-unhandled-namespaces.all@ietf.org
CC: regext <regext@ietf.org>
References: <CALaySJ+6atC5oy1OoBFa=HH9bxmuOjayO7Otq=Yg8_m4sBcxkQ@mail.gmail.com>
From: Martin Casanova <martin.casanova@switch.ch>
Message-ID: <6666e47b-41e1-79f3-5424-b3b12bd18141@switch.ch>
Date: Tue, 26 Jan 2021 17:22:23 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0
MIME-Version: 1.0
In-Reply-To: <CALaySJ+6atC5oy1OoBFa=HH9bxmuOjayO7Otq=Yg8_m4sBcxkQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------768F6DEE47B4A1C719DC63C7"
Content-Language: en-US
X-ClientProxiedBy: SWH-S05-EXC3.swd.switch.ch (172.16.60.14) To SWH-S04-EXC2.swd.switch.ch (172.16.60.12)
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/EG1U6OE9cNIJ6MdzK4DrSFXsltw>
Subject: Re: [regext] AD review of draft-ietf-regext-unhandled-namespaces-06
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Jan 2021 16:22:40 -0000
Barry
Thanks for your review. Since James Gould is the main author of this
draft I think it is better if he comments your suggestions.
Nevertheless I try to answer your question about section 3.
RFC 5730 chapter 2.6:
Zero or more OPTIONAL <extValue> elements that can be used to
provide additional error diagnostic information, including:
* A <value> element that identifies a client-provided element
(including XML tag and value) that caused a server error
condition.
The <value> element according to RFC 5730 should be used in a server
error condition. Therefore in responses that have normally a result code
starting with 2xxx like
2004 "Parameter value range error"
2005 "Parameter value syntax error"
2306 "Parameter value policy error"
The intent of draft-ietf-regext-unhandled-namespaces is to redefine the
purpose of the <value> element to be used with successful command
(result code 1xxx) and to use it to return content of the response that
normally would be omitted because the client did not announce the
extension/namespace at client login.
Maybe
XML processing of the <value> element is
disabled in [RFC5730],
could be formulated more precisely explain this eg:
'The original usage of <value> defined in RFC 5730 returning
client-provded elements in unsuccessful command is redefined by this
document as to return unhanlded namespaces'.. or so..
Thanks again and stay healthy.
Martin Casanova
On 22.01.21 20:22, Barry Leiba wrote:
> Thanks for the publication request for this document; here's my AD
> review. None of this is a big thing, just some easy tweaks. It will
> need a revised I-D, though, so I'll set the substate accordingly.
>
> The Abstract goes into more detail than the Abstract needs to or
> should. The Introduction correctly explains the details, but the
> Abstract shouldn’t. I suggest trimming the Abstract thus (but please
> do use your judgment on this):
>
> NEW
> The Extensible Provisioning Protocol (EPP), as defined in RFC 5730,
> includes a method for the client and server to determine the objects
> to be managed during a session and the object extensions to be used
> during a session. The services are identified using namespace URIs,
> and an “unhandled namespace” is one that is associated with a service
> not supported by the client in question. This document defines an
> operational practice that enables the server to return information
> associated with unhandled namespace URIs that is compliant with the
> negotiated services defined in RFC 5730.
> END
>
> — Section 1.1 —
>
> Please use the new BCP 14 boilerplate and add a normative reference to RFC 8174.
>
> Indentation and white space in examples are provided only to
> illustrate element relationships and are not a REQUIRED feature of
> this protocol.
>
> That’s not a BCP 14 usage of “required”, and should be in lower case.
>
> — Section 3 —
>
> XML processing of the <value> element is
> disabled in [RFC5730],
>
> Where and how is this stated in 5730? I can’t find anything, but
> perhaps I just don’t know where to look. It would be good to add a
> section number to the citation.
>
> — Section 8.2 —
>
> Please change the Registrant Name to “IETF” (you may leave the email
> address as it is), as that’s how the IESG prefers to designate it (the
> IETF
>
> — Section 10 —
>
> Nit: make it “This document does not provide…”
>
> That aside, I would be surprised if we don’t get some pushback about
> this section, so maybe we should think about it a bit more. I accept
> that there are likely no security issues raised by this operational
> practice, but it would be good to address that more directly. This is
> proposing that a server return information to a client that indicates
> that the server believes a particular service is not supported by the
> client. You should call that out, and consider whether that could
> expose anything that could be used by an attacker — or that could be
> misused to create an attack. Or, could an attacker do something
> related to this practice that would allow it to disrupt some
> legitimate communication?
>
> The answer to all of that might be “no”, but it would be good to… as
> we used to say in school, show your work.
>
--
SWITCH
Martin Casanova, Domain Applications
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 55, direct +41 44 268 16 25
martin.casanova@switch.ch, www.switch.ch
- [regext] AD review of draft-ietf-regext-unhandled… Barry Leiba
- Re: [regext] AD review of draft-ietf-regext-unhan… Martin Casanova
- Re: [regext] AD review of draft-ietf-regext-unhan… Gould, James
- Re: [regext] AD review of draft-ietf-regext-unhan… Barry Leiba
- Re: [regext] AD review of draft-ietf-regext-unhan… Gould, James