Re: [regext] Ben Campbell's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
Kal Feher <ietf@feherfamily.org> Tue, 02 October 2018 08:56 UTC
Return-Path: <ietf@feherfamily.org>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD51130EEC; Tue, 2 Oct 2018 01:56:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id je9DO417O4kk; Tue, 2 Oct 2018 01:56:35 -0700 (PDT)
Received: from indigo.securenic.net (li90-55.members.linode.com [74.207.248.55]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5ED65130F9F; Tue, 2 Oct 2018 01:56:27 -0700 (PDT)
Received: from localhost (localhost.localdomain [127.0.0.1]) by indigo.securenic.net (Postfix) with ESMTP id E6E9266C9D; Tue, 2 Oct 2018 18:56:24 +1000 (AEST)
X-Virus-Scanned: amavisd-new at securenic.net
Received: from indigo.securenic.net ([127.0.0.1]) by localhost (indigo.securenic.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzyaZlXSqRyV; Tue, 2 Oct 2018 18:56:24 +1000 (AEST)
Received: from kf-mbp.local (c49-177-68-250.eburwd8.vic.optusnet.com.au [49.177.68.250]) by indigo.securenic.net (Postfix) with ESMTPSA id 4428566C88; Tue, 2 Oct 2018 18:56:21 +1000 (AEST)
From: Kal Feher <ietf@feherfamily.org>
References: <153436396360.3118.10744769755327995577.idtracker@ietfa.amsl.com>
Openpgp: preference=signencrypt
Autocrypt: addr=ietf@feherfamily.org; keydata= xsBNBFtz9XEBCAD2uTgg4OvehOlyellLS2prQpjmrMP6eck6Ow40GNZrqsM9XTCF1KRh1XmE qHHSEswbyoHia6mYfXrG/5lHjeisgVK6cqw2CpzyR+i/PhFbqjtiEQsWuiKa72hcW6J95TNL XEBvbcNHIkl1VOCbfKuMhqbtqoEfUWlsPdM/W5Vk/6OboY81VIPxpIws5Db8TIODjBEcKmhe BmkoIcsztHbo+p2uM7B2kyi9MzBFVYMeGF6IQTdinCw7WCBE8Jrmx645oQ/TNGT+//WXXTrU 5wajmHdNEYWa0muT/IhKstvU6K0/fWRfwQaQ4sdKAzJ+/8xu+A7xiPYBJq/7MHcpTIUfABEB AAHNIEthbCBGZWhlciA8aWV0ZkBmZWhlcmZhbWlseS5vcmc+wsCUBBMBCAA+FiEEce3bjehV CDyQmzspY20IgJ75NrcFAltz9XICGwMFCQHhM4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AA CgkQY20IgJ75Nrekgwf/Ubn9ADzWrkcdAx3UAbhpA0SSrnKA5KaZrzDdjQf85nUfw2hWLARs zEyhpgqcPoU6mSAcdUHcmufHPf2ovOpIzHlHNrsDmGbcU1ScLaVBrGcZJ3J9W5SbyJH5Repa bKildHVY5wn/FyB+KTBUD3pJ6VUhVqUvQhfBi3KN0moCfe77W8EpdCOifZ6m6mv8o9/xDArY xLJR9PAJto1wxMz1WznhTz5A7QiMTgHeeh5OYKz79pihUZPUCQY0oxhBDeK+bAtNl7I07vR6 XSqtM4chm6Zr4YV/QeugX8/Xj2OMxnQLqdnnwC8YhwNConEKalW7XEKb962ZS8/jbitkSaFq Vc7ATQRbc/VxAQgAwwHuWHsRk+56J3XACM4H0uZsunNU+Ic1nDQ/eVSLbHoYU3slSk+TbV/Z CV+pzYAJL3aRVDUFIlpeN7M3cmx23kgtIjzL9KdbZYKJ9QdFOrGht1S/iyFApmEWHVOjPegb gnaHzLKyJJGwTofjfhoz2yQG4JidRt11yGpsJ+Yd3FR7NeQiJy8gVmzcnmqBtw18nJstrEmE tIg4QGMgvSw4SfenoQh4S/kTW3aD1fQyFVDr/dhNuWdZom6D8GeOLvcpviLnFtcPyl7w4KuQ zwZPDhDTOt4eY8VKsyPdc3o8K5oL4hIx9IUVioQglxb5SRlLm+ihhUwp78+S0PxfzjBo6wAR AQABwsB8BBgBCAAmFiEEce3bjehVCDyQmzspY20IgJ75NrcFAltz9XECGwwFCQHhM4AACgkQ Y20IgJ75NrfSIQf+KshlrOAryQNJqAb2p+9XGamIHWvk/r6KVSDx16WI3F6VxlPCvnzKcOkM Lo8yBR28065fodAK6FWiK/PGv6wSNm5rXoEdishAtn4aH36hwFsNeQ3t5zbzj8LhuP0wf/xf 1I/5rSY8YSg2eW0/dMRKA+PTjLwlj/6nbVgjf9C3p2GiAPMDl49XVGpb5G8+C0GNarl7CFZz 7T9DVbwFKaM9u/a5ZVky9wZF6HzVxTkxPse28R1XvHfAafnfj+zWfiI8q0i/ALKDUOXxBpLY BGwWeqxIsnl6C4v65nHpGjeRfWwx+Nk8T85fI7aANsbIbmwAbX/hkzRd8tLLftUa2K3gqA==
To: ben@nostrum.com, iesg@ietf.org
Cc: draft-ietf-regext-allocation-token@ietf.org, Patrick Mevzek <patrick+ietf@deepcore.org>, regext-chairs@ietf.org, pm@dotandco.com, regext@ietf.org
Message-ID: <2d831ec5-b1d8-c4d6-05db-84197200798d@feherfamily.org>
Date: Tue, 02 Oct 2018 18:55:56 +1000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.0
MIME-Version: 1.0
In-Reply-To: <153436396360.3118.10744769755327995577.idtracker@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="k6VI0rJn6eBvcgqnKYr7ajG2BIploWfrN"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Ep1tqii2LiJ01BqW9TfuzZMR5qs>
Subject: Re: [regext] Ben Campbell's No Objection on draft-ietf-regext-allocation-token-09: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Oct 2018 08:56:43 -0000
Hello Ben, Please accept the apologies of the authors for not responding earlier. On 16/8/18 6:12 am, Ben Campbell wrote: > Ben Campbell has entered the following ballot position for > draft-ietf-regext-allocation-token-09: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-allocation-token/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Substantive Comments: > > - General: > > As far as I can tell, the document doesn't explain what an Allocation Token > _is_. It talks about how it is used and what it contains, but I'm not sure what > one represents semantically, or how it gets created, destroyed, etc. I see > Section 7 mentions that Allocation Tokens are defined elsewhere; is there > something that can be referenced? If not, would it be reasonable to add a high > level summary to the introduction? KF An allocation token represents the entitlement to exclusively create a registry object (domain name). Generation and format of allocation tokens are currently described by the server operators, for use by clients. These techniques can and do vary by implementation. > §3.1.1: "Availability of allocation.example and allocation2.example > domain names are based on the Allocation Token ’abc123’" > > I'm confused by this, since the example shows a "mismatch" result for > allocation.example. KF I think the confusion stems from two things. Firstly using unavailable responses in the prior examples, which might not be intuitive. Second, the use of a multi domain check. We will publish a revised set of examples and clearer caption text to indicate that "abc123" matches allocation.example. For the multi domain check it will match allocation.example, but not allocation2.example. In addition, a domain check response xml file will now be included in the sample directory of the github repository. > §3.2.1, 2nd paragraph: > > I'm confused by the idea of a token mismatch for an object that has not yet > been created. (Please see my general comment; some discussion of the lifecycle > of allocation tokens would be helpful.) KF the server may contain a paired list of labels (not objects) for which tokens are required and predefined. Alternatively the token itself may be derived from the label via hashing. In either scenario the server will have policy that expects a token to be supplied with the label in order to create the object. The policy may apply to all labels (no object creation without tokens), an enumerated list of labels or the supply of a token may be entirely optional. If a token is supplied in a create command, it must match the label, regardless of the mechanism by which the label and token are paired at the server. > Editorial Comments: > > §1.1, last paragraph: The "REQUIRED" seems like a statement of fact. KF We have followed the conventions used in previous EPP RFCs (RFC 3915,5730 -5733, 8334). > §3.1.1: "If an object requires an Allocation Token and the Allocation > Token does not apply to the object or an object does not require > an Allocation Token..." > That's hard to parse. Please consider separate cases for "required but does not > apply" and "not required". > KF This has been updated in draft 11, but 2. and 3. overlap in that both refer to an object that does not require an Allocation Token. We will make an additional change to remove "or an object does not require an Allocation" from 2. KF We will publish draft-ietf-regext-allocation-token-12 with the changes described in this email. -- Kal Feher Melbourne, Australia