Re: [regext] [Ext] Roman Danyliw's Discuss on draft-ietf-regext-data-escrow-05: (with DISCUSS and COMMENT)

[Gustavo Lozano <gustavo.lozano@icann.org>]

Thank you Roman,

Comments inline prefixed with GL-.

Regards,
Gustavo

On 3/8/20, 15:35, "Roman Danyliw via Datatracker" <noreply@ietf.org> wrote:

    Roman Danyliw has entered the following ballot position for
    draft-ietf-regext-data-escrow-05: Discuss
    
    When responding, please keep the subject line intact and reply to all
    email addresses included in the To and CC lines. (Feel free to cut this
    introductory paragraph, however.)
    
    
    Please refer to https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_iesg_statement_discuss-2Dcriteria.html&d=DwIDaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=VbweciUcwYQpIOZDSxl0ezGd1hGDtd-0BvgAgfmwfE0&m=mZiY3vrtmE8jDSOwutDwyVp05-t7_L16WP_03hPCzqg&s=P9KLpSAcMUTfkhs5glpoL88QP9Ldd32tUFnepFguGWk&e= 
    for more information about IESG DISCUSS and COMMENT positions.
    
    
    The document, along with other ballot positions, can be found here:
    https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dregext-2Ddata-2Descrow_&d=DwIDaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=VbweciUcwYQpIOZDSxl0ezGd1hGDtd-0BvgAgfmwfE0&m=mZiY3vrtmE8jDSOwutDwyVp05-t7_L16WP_03hPCzqg&s=7K3FKE9852x_hU-eH090G1p9WbPh98ULLL0ZfDm8Xcc&e= 
    
    
    
    ----------------------------------------------------------------------
    DISCUSS:
    ----------------------------------------------------------------------
    
    ** Section 6.1.  Please provide a normative reference to XML Schema.

GL- Added in version 06 of the draft, here: https://tools.ietf.org/rfcdiff?url2=draft-ietf-regext-data-escrow-06.txt
    

    ** Section 6.1. The schema defines types “clIDType” and “rrType” but their use
    isn’t explained in the text and they don’t appear to be used in the definition
    of <deposit>.
    
GL- The elements are used in https://tools.ietf.org/html/draft-ietf-regext-dnrd-objects-mapping. The elements are in the schema for backward compatibility. There is a comment in the schema explaining that these are auxiliary elements.

    ** Section 11.  Was a requirement to secure the deposit data at rest
    considered?  The text here suggests that such details needed to be worked out
    individually.  However, Section 9 notes that the whole deposit is likely to be
    confidential.  It would seem best practice to store such sensitive information
    encrypted.
    
GL- The draft describes a format used to interchange information, and it's for the parties to establish the security requirements based on the particular use case. In the gTLD space, legal agreements mandate the security requirements. There are use-cases that may not require any security mechanism at transit and/or rest. For example, a deposit that contains the same information available in the public DNS.
    
    ----------------------------------------------------------------------
    COMMENT:
    ----------------------------------------------------------------------
    
    ** I didn’t follow how this draft fits with EPP or RDAP per the REGEXT charter
    (and neither of these protocols are references).
    
GL- I think that the following text of the charter covers this draft:

The working group may also take on work to develop specifications that
describe the following types of information exchanged between entities
involved in Internet identifier registration that are using the RDAP or
EPP protocols:

...

* Data formats for files exchanged between registration entities that
need insertion in or extraction from EPP or RDAP.

...

    ** Section 5.1. @resend.  How does the registry know the escrow deposit failed
    to increment this attribute and resend?

GL- The draft describes a format used to interchange information, and it's for the parties (i.e., escrow agent and client) to define the signaling mechanisms for their particular implementation.
    
    ** Section 5.1.2.  <version>.  The schema indicates that this should be set to
    1.0, but this isn’t said in the text. 

GL- Added in version 06 of the draft, here: https://tools.ietf.org/rfcdiff?url2=draft-ietf-regext-data-escrow-06.txt

 How should an implementation process a
    version number it doesn’t recognize?

GL- The parties shall define this for their particular use-case.
    

    ** Section 10.  Per “As such, the registry transmitting the data to the escrow
    agent _should_ take all the necessary precautions …”, why isn’t this a “_MUST_
    take all necessary precautions …”?  Under what circumstances would transport
    security not be desirable?

GL- "should" replaced with SHOULD in version 06 of the draft, here: https://tools.ietf.org/rfcdiff?url2=draft-ietf-regext-data-escrow-06.txt