IETF Logo Mail Archive

Re: [regext] WGLC: draft-ietf-regext-org-02

"Gould, James" <jgould@verisign.com> Fri, 25 May 2018 14:27 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B55A712DA1A for <regext@ietfa.amsl.com>; Fri, 25 May 2018 07:27:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8k4A9QQaCZRg for <regext@ietfa.amsl.com>; Fri, 25 May 2018 07:27:03 -0700 (PDT)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CB2112DA18 for <regext@ietf.org>; Fri, 25 May 2018 07:27:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=45745; q=dns/txt; s=VRSN; t=1527258424; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=W8UZmeXhZMOHGrkLGV1EmddjjA0aL8y08t7wzNEA66E=; b=cDjYMj2PBYnptWuFElhsdEjSwVe3DyzOSbHdnWdqC55KznrmwJtBum+j tzJ/+ZQcuZkK4QAS0roLXCs1Xq3o3bpipBt4F6AXQ+gPgMwLom9CqKhge OvQzXwkQwKyo149KcAUJbiQACrZMlzTQHRlS/2rGqzlM0YkRbiYqICdXv CibO2ueCDBjK4wBf6MZqfOMSFpJfOZpw10tUgkDYoZLxLLXKLm5km/bzd +3jaZdZVq26kKLtRcy2p6CghRm71DeDfSuCzrfRfODe1lfCJUuk12huVP T+r6W1v0jZW6l6+pWHOz+aM9/0mA9JN6ylXcVRSONYcrK7Vem8RpdDMmn A==;
X-IronPort-AV: E=Sophos;i="5.49,440,1520899200"; d="scan'208,217";a="4776069"
IronPort-PHdr: 9a23:kANs2hSz7M9vXgMfx8CuE34itdpsv+yvbD5Q0YIujvd0So/mwa6zYBWN2/xhgRfzUJnB7Loc0qyK6/umATRIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSizexfb1/IA+qoQnNq8IbnZZsJqEtxxXTv3BGYf5WxWRmJVKSmxbz+MK994N9/ipTpvws6ddOXb31cKokQ7NYCi8mM30u683wqRbDVwqP6WACXWgQjxFFHhLK7BD+Xpf2ryv6qu9w0zSUMMHqUbw5Xymp4rx1QxH0ligIKz858HnWisNuiqJbvAmhrAF7z4LNfY2ZKOZycqbbcNgHR2ROQ9xRWjRBDI2icoUPE+QPM+VWr4b/qVQOrAexCga3Cez11jNIg2X70bEg3ukjFwzNwQwuH8gJsHTRtNj5OqYcUeeozKnM0DrPd+5d1zPn54jNbB8huv+AVq93fMrTxkkvEB7FjlGNpoH+ITOayP4Ns2mA7+phWuKvjXQrpB12ojiq38ohjJTCiIwSylDB7yp5wYA1KMWmSEFle96kEYBQtyCVN4twQ8MiRX1ntDwmxb0BvJ63ZCkKx4o7xx7RcfCHdJKI4h3lWe2MIjl4nGpodK+jixqo7EStyOPxWtOp3FtKoCdJiNbBu3ML2hfO8MaIUOF98V2k2TuX0gDT7fxLLl4smKrALp4h3qYwlp0OsUTfBiP2mFv5jKuRdkg85+Wm9/zpbqjmqZGEOIF7ix3yPrk0lsyhHes4NRIOX3CB9eumybLv51P5QK9Rjv0wiKXWrJfaJcEDqq64BQ9azJoj5g6iAzu6ytgUgHsKIVxfdB6aj4XkNUvCLf/7APunhlSjijZrx/TIPr37BZXNK2DOkLXufbZ69k5czBc8wMtB551KELEBIenzWk7+tNzeFBM2Lwu0w+P/BNVnyoweQX6PArOeMK7KsF+H+P4vI+eXaYAPvjb9N/8l5//ojXMjn18debGj3YELZ3CgAvRmP0KZbGL2gtgfHmcFoAU/TPDxhV2DTzFTe3iyU7g75jEhB4L1RbvEE6mrnLuA2m+FE4dNbWBbEF2KWSPpepmKc/4KdCWTJIlnlmpAHYKsRI46yQunqA79zfJfNO3I/SYfsYmr+chp6uvIlBY07nQgFcmS3nGRZ2B5gm1OQCU5ivNRu0t4nx2s1rV8j7gQN9VW6ugDGlM4OpnBy+BSFd3oWxnAcdHPQ1GjFIb1SQotR848loddK312HM+v21Wah3Kn
X-IPAS-Result: A2EGAgAUHAhb/zCZrQpYAx0BAQUBCwGCTkeBEYElCoNtlmmBD5M5gT0XIQMLGAEKC4N4RgIXgho1FwECAQEBAQEBAgEBAoEEDII1JAEOLxwhCAEFAQEBAQEBJgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEIAggHNRIBARkBAQECAQEBGAlLAQMMCwIBCA4qAQkCAgIlCyUCBAESgyICgRtcF6g2ghyEWINpgXwJAYoBPoEPJIJpgxEBAQKBNxEiCwomgjkwgiQCh2KER4EiixQDBgKFaoJWh1Y+iw2HUoIUAoQhglMCAgICBAUCFIFDAYIIcBU7KgGCGAmCFxeDRYRwJIU+bwEMI4t8gS6BGQEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Fri, 25 May 2018 10:27:01 -0400
Received: from BRN1WNEXCAS02.vcorp.ad.vrsn.com (10.173.152.206) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1466.3 via Frontend Transport; Fri, 25 May 2018 10:27:01 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas02.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Fri, 25 May 2018 10:27:01 -0400
From: "Gould, James" <jgould@verisign.com>
To: Antoin Verschuren <ietf@antoin.nl>, Registration Protocols Extensions <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] WGLC: draft-ietf-regext-org-02
Thread-Index: AQHT6SxtFmwLJhW10Uq7HDW8W/3T1aQ51aEAgAHPawCAAeAogIABMAIAgABSC4D//+01gIAB2XgA///ImoA=
Date: Fri, 25 May 2018 14:26:59 +0000
Message-ID: <9BAF21E5-D8BC-4C18-9A72-7A7A99A9EFA0@verisign.com>
References: <80ED56C6-75F7-4DED-927B-E0AB528A71EE@elistx.com> <656C123C-9ECF-434D-948D-4E704ED3E75C@elistx.com> <1526872740.790268.1378875200.662ECDF2@webmail.messagingengine.com> <A9E94F6D-1C51-47C4-B74D-22D40841317C@dnsbelgium.be> <B0F071B4-DF2D-4E46-9002-C7FFAA5DAC25@dnsbelgium.be> <1527140656.2870129.1382989368.51CB4B29@webmail.messagingengine.com> <E200CA5E-FB32-4767-B837-35560EA0EF06@dnsbelgium.be> <DA1F19C3-209A-40B7-A872-21582D25A5A1@verisign.com> <1D86FAEA-9A4D-4BD8-B280-067FFAEB3D54@antoin.nl>
In-Reply-To: <1D86FAEA-9A4D-4BD8-B280-067FFAEB3D54@antoin.nl>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.d.0.180513
x-originating-ip: [10.173.153.48]
Content-Type: multipart/alternative; boundary="_000_9BAF21E5D8BC4C189A727A7A99A9EFA0verisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/KhgcPcUol02SvEayq6-QmtEKIp0>
Subject: Re: [regext] WGLC: draft-ietf-regext-org-02
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 14:27:07 -0000

So my major question is: Can we still remove the <org:role> elements from the organization object and only use the <orgext:id> in the domain objects ? What would it break? Or could we at least have text that this role element can never be set by a random EPP command for an organization but is always set by the Registry? (so an info command would show it, but a create or update could never set it?) Or is this local policy and do we need to give guidance to registries as to why, when and how to set this in a BCP?



Linking organizations to objects without a role loses meaning.  Use of the role is similar to a contact where a domain defines the contact type (role) in the link to the contact.  The difference here that a contact can be used with any role (admin, tech, billing), but an organization may be authorized by the server to act in various roles, where here is the need to control what role linkages can be made to the organization.  The possible set of roles and who has the authority to manage the organization roles is up to server policy.  I believe the “registrar” role is server managed based on the contracts, while the “reseller” and the “privacyproxy” roles would be defined by the client.



—

JG







James Gould

Distinguished Engineer

jgould@Verisign.com



703-948-3271

12061 Bluemont Way

Reston, VA 20190



Verisign.com <http://verisigninc.com/>



On 5/25/18, 9:45 AM, "regext on behalf of Antoin Verschuren" <regext-bounces@ietf.org on behalf of ietf@antoin.nl> wrote:



    Apologies for not having stepped into this discussion before.

    Having to reread all the treads and all changes during WGLC now the WGLC has ended I can understand Patrick’s concerns.

    Since I was one of the many voices changing the reseller drafts into the org drafts I will try to explain my concerns I had at the time.

    I felt I was the only voice in the dessert at the time, but now that I see all the changes, I will try to explain again.

    This is my personal voice, so chair hat off.



    The reason I didn’t support the reseller drafts was twofold:



    1. I saw the need for some registries to give organizations other than the traditional Registrars and Registrants a role in the registration process, but this was not limited to resellers.

    The discussion started because resellers were complaining that their name didn’t show up in the whois for specific registrations, and Registrars were complaining that Registrants of those registrations would call them in stead of their reseller. Registrants simply forgot who they had signed a contract with, so they looked it up in whois. Registrars wanted to list their reseller in whois.

    Appart from resellers, I could see other roles in the future. Working on Keyrelay, and the emerging dnsoperator-to-rrr draft, dns-operators would be another organization registries might want to give special rights to, for example to change NS records or roll DNSKEY material for domains they were responsible for.

    If we were to give every organization role it’s own extension, that could lead to a forrest of organization types each with their own specification.



    2. Coming from way back when we still had only admin-c, tech-c and billing-c contacts (which btw, were often one and the same person, so 1 NIC-handle) and no registrars, I rejected the business marketing thought that an organization IS, and can only be a one of a choice between Registry, Registrar, Registrant, Reseller or DNS-operator. An organization can play a role as Registrar for one registration, but could play the role of a DNS-operator only for another registration. It’s NOT: Once tagged a reseller, always a reseller. For our purpose of registering registrations, the contractual business relationship organizations have between each other is of no matter. We only need to know the role an organization plays for a specific registration.

    Trick question for bonus points: who IS a Registry, Registrar and Registrant for verisign.nl ?



    So we can never "tag” an organization as: This one IS a Registrar, this one IS always a reseller.

    It might be so that an organization can only perform a role as a Registrar for specific registries once he is accredited by ICANN or has signed a registrar agreement with a non gTLD, but that bookkeeping should not be part of EPP. EPP is a provisioning protocol that only administers registrations of Internet identifiers, it is not a CRM system.



    So I share Patricks concern during WGLC regarding:

    ---

    > I guess it's the fact

    > that roles are defined as properties of the organization and at the same

    > time as properties of the link?



    Yes, that is one troublesome point I raised months ago.

    —



    Having said that, I can also understand James reasoning that if any organization could perform any role, why not simplify even more and also administrate Registrars and Registrants as organizations.

    But this leads to the basic bookkeeping challenge of when to give an organization rights to register with the registry system or perform other tasks.

    I assume this is the reason why one would like to tag an organization as "Registrar” for that specific registry only, because that Registry wants to know if that organization has signed a registrar agreement to give registration rights in the registry system. And tag an organization as a reseller to give him f.e. rights to perform info commands for domains.



    So while I understand the tagging of an organization for this purpose, I believe it should not be set through EPP. It’s only the Registry itself that can set this tag internally in the registry system after all the CRM and contract thingies have been verified.



    So my major question is: Can we still remove the <org:role> elements from the organization object and only use the <orgext:id> in the domain objects ? What would it break? Or could we at least have text that this role element can never be set by a random EPP command for an organization but is always set by the Registry? (so an info command would show it, but a create or update could never set it?) Or is this local policy and do we need to give guidance to registries as to why, when and how to set this in a BCP?



    - --

    Antoin Verschuren



    Tweevoren 6, 5672 SB Nuenen, NL

    M: +31 6 37682392













    Op 24 mei 2018, om 15:30 heeft Gould, James <jgould=40verisign.com@dmarc.ietf.org> het volgende geschreven:



    > Pieter,

    >

    > It is interesting that when the drafts came out for resellers there was a lot of discussion on the list and at the working group meetings, but once there was agreement to create the more generic organization drafts, there was very little discussion.  It was pointed out that the organization drafts would be more complex to address a broader set of use cases, but that was the direction received by the working group.  The use case of providing registrar information via EPP was brought up as a reason to define the more generic organization drafts, which I view as the most straight forward and least controversial use case.

    >

    > The question around the roles was raised on the list and discussed on the list, so I'm not sure whether there are any further questions or issues that need to be addressed.  If there are I would like to know what the issues are.

    >

    > Thanks,

    >

    > —

    >

    > JG

    >

    >

    >

    > James Gould

    > Distinguished Engineer

    > jgould@Verisign.com

    >

    > 703-948-3271

    > 12061 Bluemont Way

    > Reston, VA 20190

    >

    > Verisign.com <http://verisigninc.com/>

    >

    > On 5/24/18, 6:38 AM, "regext on behalf of Pieter Vandepitte" <regext-bounces@ietf.org on behalf of pieter.vandepitte@dnsbelgium.be> wrote:

    >

    >    Hi Patrick,

    >

    >    I respect your opinion and my gut feeling says it won't be used for anything else than resellers. But I might be wrong (and history tells me the odds are agains me :-)). I also respect the opinion of others and it's not up to me to assess in depth the needs of other registries, I can only challenge and trust other participants to act truthful. More important to me, the model seems correct and logical, with the others' point of view and needs in the back of my head.

    >    The only thing that bothers me in general (not only for this extension) is the low participation in discussion making it difficult to develop a specification that fits all needs.

    >

    >    I do not agree with you regarding not moving forward. A lot of registries -including the one I work for- are reluctant to implement anything other than RFCs (how many extensions with status Informational in the EPP extensions registry are implemented by more than 1 registry?)

    >    Registrars are not happy with ad hoc extensions and I share their concerns. Moving forward is the necessary step to be able to converge to a single implementation for modelling resellers (and to enable interoperability)

    >

    >    It is certainly not my intention to try to convince you to approve the draft. I will continue my write-up but I will write down your concerns and it's up to others to decide whether the Draft can become a Proposed Standard

    >

    >    Kind regards

    >

    >    Pieter

    >

    >

    >> On 24 May 2018, at 07:44, Patrick Mevzek <pm@dotandco.com> wrote:

    >>

    >> On Wed, May 23, 2018, at 13:36, Pieter Vandepitte wrote:

    >>> @Patrick, did you have time in mean time to catch up? How would you like

    >>> the draft to be changed in order to support it?

    >>

    >> I unfortunately think that I am not convinced by the use case, and I believe that the document could be an I-D referenced on the IANA EPP Extensions registry without the need to become an RFC. Which other registry wish to use it on their systems? And if there is, then for other things than resellers?

    >>

    >> That does not change anything on the WG consensus on the documents, which should proceed on their own pace.

    >>

    >>> I guess it's the fact

    >>> that roles are defined as properties of the organization and at the same

    >>> time as properties of the link?

    >>

    >> Yes, that is one troublesome point I raised months ago.

    >>

    >> --

    >> Patrick Mevzek

    >>

    >> _______________________________________________

    >> regext mailing list

    >> regext@ietf.org

    >> https://www.ietf.org/mailman/listinfo/regext

    >

    >    _______________________________________________

    >    regext mailing list

    >    regext@ietf.org

    >    https://www.ietf.org/mailman/listinfo/regext

    >

    >

    > _______________________________________________

    > regext mailing list

    > regext@ietf.org

    > https://www.ietf.org/mailman/listinfo/regext



    _______________________________________________

    regext mailing list

    regext@ietf.org

    https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email