IETF Logo Mail Archive

Re: [regext] EPP Transport Service Discovery

Bill Woodcock <woody@pch.net> Wed, 20 March 2024 07:06 UTC

Return-Path: <woody@pch.net>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53C82C151543 for <regext@ietfa.amsl.com>; Wed, 20 Mar 2024 00:06:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pch.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Nqi866z8Ye7 for <regext@ietfa.amsl.com>; Wed, 20 Mar 2024 00:06:34 -0700 (PDT)
Received: from mail.pch.net (keriomail.pch.net [206.220.231.84]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B69B8C151993 for <regext@ietf.org>; Wed, 20 Mar 2024 00:06:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=pch.net; s=mail; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=jWu/fOSpikS7JwxN0GzGbrwbWm50wsQPlkBemcv5E90=; b=roLBaDWkjUTpq347IawQbtuNCd/g0yY8IueQRHsejJulxd1JaP1HvHhBrCp6TGhGSP+W6LHbp76jL UrReESZl3xR1qwkM6QDR4hgUOCeS2+8AE6N9J56OCXXio0DEB/0E7CGob/z+guXv/oBbclJOOBZS+j Iw63DcCL5m1r2kiyAuNrV7vhqUXKDoCduEHa/FxOTiHXE68SY3RfGP/usyzzjxr4I4mvEJkKCoX1AH 4rq92Vn2vVPaMi3WlOLxPZnhAWYmSaepj9OIqfcHmXI4DN16J9w9CYZ7v67xDcjxQL1LHqNAM4jdRU zR7ov3UT9fKbmWYyc35ObgFhlrGHdRg==
X-Footer: cGNoLm5ldA==
Received: from smtpclient.apple ([2620:171:202:6be4:391d:22b9:94ac:3eb2]) by mail.pch.net (Kerio Connect 9.2.7 patch 3) with ESMTPS (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits)); Wed, 20 Mar 2024 00:06:33 -0700
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (1.0)
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <33DE0A17-6481-462D-A856-18890E3583E6@tucows.com>
Date: Wed, 20 Mar 2024 08:06:13 +0100
Cc: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>, regext@ietf.org
Message-Id: <2CC3B664-650B-4B37-A672-125550B38E1F@pch.net>
References: <33DE0A17-6481-462D-A856-18890E3583E6@tucows.com>
To: Francisco Obispo <fobispo@tucows.com>
X-Mailer: iPhone Mail (21E219)
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/GVMJoFnmzYYxdsoyG9sd2nJjmCU>
Subject: Re: [regext] EPP Transport Service Discovery
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2024 07:06:38 -0000

The. Certificate problem can be dealt with as elsewhere: switch to DANE and stop accepting CA certs. 
    
                -Bill


> On Mar 20, 2024, at 5:33 AM, Francisco Obispo <fobispo@tucows.com> wrote:
> 
> This is a neat idea,
> 
> Is there a reasoning or use case for such need?
> 
> One of the challenges that I see, is that knowing the server address is one thing, but generally clients (registrars) keep the connections open for a long period of time, so the need to reduce the connection speed may not be a big advantage in practice. (if this is the argument)
> 
> Additionally to connect to an EPP server you will need some sort of client credentials and a form of client certificate pinning which is usually negotiated and exchanged out-of-band.
> 
> I am curious to understand the reasoning behind this need
> 
> Best regards,
> 
> Francisco
> 
>> On 19 Mar 2024, at 19:11, Hollenbeck, Scott wrote:
>> 
>> As noted during this morning’s regext session, we need to consider how a client can discover the transport services provided by an EPP server. Opportunistic probing is one method, another is server capability publication using something like an SVCB record that’s published in a DNS zone maintained by the EPP server operator. Perhaps something like this:
>> 
>> epp.example.net.  7200  IN SVCB 3 epp.example.net. (
>> 
>>        alpn="bar" port="700" transport="tcp")
>> 
>> There is no “transport” SvcParamKey currently registered with IANA, but that’s easy to do. I think there’s a draft here that needs to be written.
>> 
>> Scott
> 
> _______________________________________________
> regext mailing list
> regext@ietf.org
> https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email