Re: [regext] Implementations of draft-wisser-registrylock?

Ulrich Wisser <ulrich@wisser.se> Mon, 20 April 2020 13:02 UTC

Return-Path: <ulrich@wisser.se>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 445A63A0BE0 for <regext@ietfa.amsl.com>; Mon, 20 Apr 2020 06:02:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.198
X-Spam-Level:
X-Spam-Status: No, score=-0.198 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wisser.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z_kmMGBLMcKb for <regext@ietfa.amsl.com>; Mon, 20 Apr 2020 06:02:47 -0700 (PDT)
Received: from mail-io1-xd34.google.com (mail-io1-xd34.google.com [IPv6:2607:f8b0:4864:20::d34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E0593A0C69 for <regext@ietf.org>; Mon, 20 Apr 2020 06:02:46 -0700 (PDT)
Received: by mail-io1-xd34.google.com with SMTP id o127so10835793iof.0 for <regext@ietf.org>; Mon, 20 Apr 2020 06:02:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisser.se; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eWmmZFngVegM2eR5qo2dX5AyIjZx658UBrBAh4Tx/Ag=; b=sc1XhEsQbMTu+A7B0MkCjEv6Jmh9ARRwJTTYgxjqS1TVeNlfBlK8Nui0pZ5GuoNNNy A6EIoQxTXzNFNdE7GC3jRmfLra3/IfvI/zko6sPku7C5n0m/CCLwgW/gsCBjjyTTebQ1 sQ1E8Cg2AZpkPtS/OmVnytP/G+JItU6ewcoxOlqrTZwMRt5ukBObUg62KMwf2MqIlind AcyCkEEF0O9DHC+j9N/Pzpq3vu0pmxPM4BcLuw/dsr8dchcuiNXsJcv6J5Vo6Y3p5r+o Bli7z+NIsoqct/HRLqrPpq0KUGUsUGgP2V6PtsMXq1ZPQG03etXvrhRMHvCCmEn6wWsO FVsw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eWmmZFngVegM2eR5qo2dX5AyIjZx658UBrBAh4Tx/Ag=; b=LV7Ezsxd/FEiDzSxePS6ExknUOqUZlRh5XbjAVOTwdVvhBj2brBIdkvBane35NIEK4 jnbr4+nmsjTo+Ej5yZeBPMTwe6CDU/qC8oUEOv2PlEfLRfR5/Vyxx7dtok1pgjxxUHDH yS5PqICpp2j6bg9ttv2dqB6I2j0KD2Nlxo+alJQZcC2TYVbJv9u2ZNlObYwuO7o78gNV /R0srPdHvgK1KhjbmOjaYzUGtBEPbneJ0ExoSkHLiTV6T2Xi6irnHVR9QxKqZ0Zrj7DN ZrClyFqb52+sH5S4/guHt51tVrSKmuJ0SnBDG2zlxztmThG1LcqeKNST99IfBLvuzg7F vXzg==
X-Gm-Message-State: AGi0Pub9S4zMMYEsEd4TcP4OwUsXGnAmvggkfFnCLpmGVmKliAIPkAXq OA9tWmPm7OTp+fP6C4wPYJMuTw6/is5fVqeZ9mQgBQ==
X-Google-Smtp-Source: APiQypKZ/krYWmz8eirgOnZ7d0H20fkNnXtxlA4NM+jBH4hGomBhq2yDzmg1PXVDPnGKd9+zWNcDoPhPfR80S2xvKbY=
X-Received: by 2002:a6b:140e:: with SMTP id 14mr14717236iou.96.1587387765834; Mon, 20 Apr 2020 06:02:45 -0700 (PDT)
MIME-Version: 1.0
References: <19F54F2956911544A32543B8A9BDE075B24192F8@NICS-EXCH2.sbg.nic.at> <20200327094413.73386d66@nbbrfq.loc> <CAJ9-zoWU3JMdvGMRKzOy4HWnZ0wDqO-Z83sNm2qADPNKiX0pBg@mail.gmail.com> <0b5331a907a34efbbfe1cc1873404a7d@verisign.com>
In-Reply-To: <0b5331a907a34efbbfe1cc1873404a7d@verisign.com>
From: Ulrich Wisser <ulrich@wisser.se>
Date: Mon, 20 Apr 2020 15:02:34 +0200
Message-ID: <CAJ9-zoUF=GJmco0KZjYPb1mVkoGynGw5Sa3kc9y6n=W=+9J1Zw@mail.gmail.com>
To: "Hollenbeck, Scott" <shollenbeck=40verisign.com@dmarc.ietf.org>
Cc: "regext@ietf.org" <regext@ietf.org>, "alexander.mayrhofer@nic.at" <alexander.mayrhofer@nic.at>, "rep.dot.nop@gmail.com" <rep.dot.nop@gmail.com>, "Michael.Bauland@knipp.de" <Michael.Bauland@knipp.de>
Content-Type: multipart/alternative; boundary="000000000000e7627905a3b883f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/OOqM9EBrASx8bTNTHYXhoJcpEAY>
Subject: Re: [regext] Implementations of draft-wisser-registrylock?
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2020 13:02:52 -0000

Hi Scott,

thank you, by now you have probably heard about Swedens unusual way to
handle the virus.
Just in case, here is a short reminder:
https://www.tiktok.com/@armandfuego/video/6817369611206479110

We actually do handle registry lock quite similar. We allow enabling it
through the extension, but we support only "outofband".
Our registrars have to login to our registrar portal to temporarily unlock
the domain or to remove registry lock all together.

For the in-band part of the extension to be used safely, we would first
need to come up with an OTP scheme for EPP.
Maybe that is something to work on for the future?

/Ulrich


Am Di., 7. Apr. 2020 um 18:57 Uhr schrieb Hollenbeck, Scott <shollenbeck=
40verisign.com@dmarc.ietf.org>gt;:

> *From:* regext <regext-bounces@ietf.org> *On Behalf Of *Ulrich Wisser
> *Sent:* Tuesday, April 7, 2020 11:28 AM
> *To:* regext@ietf.org
> *Cc:* Alexander Mayrhofer <alexander.mayrhofer@nic.at>at>; Bernhard
> Reutner-Fischer <rep.dot.nop@gmail.com>om>; Michael.Bauland@knipp.de
> *Subject:* [EXTERNAL] Re: [regext] Implementations of
> draft-wisser-registrylock?
>
>
>
> Hi,
>
>
>
> I have made significant changes to the draft.
>
> Many thanks to contributions by Michael Bauland and Bernhard
> Reutner-Fischer.
>
>
>
> Please find the draft at
> https://datatracker.ietf.org/doc/draft-wisser-registrylock/
>
>
>
> And please give it a review.
>
>
>
> If your registry currently offers or will offer registry lock in the
> future I would be interested to hear how this draft fits or doesn't fit
> your business model.
>
>
>
> I hope you’re doing well, Ulrich! The mechanism described in the draft
> isn’t one that Verisign plans to implement. We do offer a registry lock
> service, but it doesn’t use EPP to avoid situations in which a compromised
> registrar/sponsoring client could unlock a domain and make unauthorized
> changes. We support registrar-initiated management of the client* status
> values for registrar locking.
>
>
>
> Scott
>