Re: [regext] Unhandled namespaces IETF 102 flashback
"Gould, James" <jgould@verisign.com> Wed, 17 October 2018 17:53 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 393DA130EDC for <regext@ietfa.amsl.com>; Wed, 17 Oct 2018 10:53:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZYC6YJ0YSlGQ for <regext@ietfa.amsl.com>; Wed, 17 Oct 2018 10:53:01 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C26E8130ECC for <regext@ietf.org>; Wed, 17 Oct 2018 10:53:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=36836; q=dns/txt; s=VRSN; t=1539798780; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=TQzM6QodWXMgtvPvuCD/5OVA04aQJZHRIjfxHPmck7s=; b=hhPMhVj3pskae9mAjFlz8i2byBKyVx4Z0T3ZHGRz6ayogdtfCkbcfMhY ar9lujBE5hrqonIUcocGbWx6za4C878jUHFI5kbD6yp9TQV0zXydkOTWd mdTLLueaNlkHQ4kasZ70zSgcWJTFJam4y2AIAxlxMCW7N3dc6JOOZC74w S1q5XNywFNlHy/K5Z5yhvysDNPWMo/pL33Y7K1ObBEpx331gVIZX6v2Ev kF8SdLs5ejUZujmGrQ+txDKc4u2yMx7xlZlCWPFNAXbzTm8DIKQQbhx+3 Z6Ihb+TX1S+gAgVu8rL49mm58xaEyQ8pdo4oICSkrgnONfETPJ+Knx167 A==;
X-IronPort-AV: E=Sophos;i="5.54,393,1534824000"; d="png'150?scan'150,208,217,150";a="5957801"
IronPort-PHdr: 9a23:fLl54R3CGn3FlXf7smDT+DRfVm0co7zxezQtwd8ZsesWL/XxwZ3uMQTl6Ol3ixeRBMOHs60C07KempujcFRI2YyGvnEGfc4EfD4+ouJSoTYdBtWYA1bwNv/gYn9yNs1DUFh44yPzahANS47xaFLIv3K98yMZFAnhOgppPOT1HZPZg9iq2+yo9JDffwdFiCChbb9uMR67sRjfus4KjIV4N60/0AHJonxGe+RXwWNnO1eelAvi68mz4ZBu7T1et+ou+MBcX6r6eb84TaFDAzQ9L281/szrugLdQgaJ+3ART38ZkhtMAwjC8RH6QpL8uTb0u+ZhxCWXO9D9QLYpUjqg8qhrUgflhicZOTAk7GHZhM9+jKxZrx2vphxw34HbbZqPNPZie6PQZ88WSHBDU8tXSidPApm8b4wKD+cZM+pWro79p0YKrRSjHQWnGefhxSVNhnDoxq023fkqHAbE3AwvGNIOrXDUo8juOacMT++11qjIzS7Cb/NZ3zfx8pTHchckofyVW797bMTfyU4qFwzfj1WQr5ToPy2L2eQXsmib9OtgVe2pi2I9tw5xpT2vyt8yiobXnIIVy0vE9SR2wIYzJN24TlJ0bcS4H5tXsiGWL5B2Q80jQ2F0pCk6yqcKtoK7fCQSyJUnwAPfa+Cac4eT/B3vTvqeITB9hH9jZbmxhA6y/FC9xuHgTMW4zVRHoyRfntXRtn0A2Qbf58eER/dl40utxSyD2x3R5+1YO0w4iKXWJp07zrItlZcfqUrDETH1lUnqiaKbc18r9+us5uv8Z7jrqIGQOJJ1hwz7Kasjns2yDOY9PwUAUWWW+/mz2bv+9kPjWrpKlOc5kqzBvZDfIsQUu7C2DhdO0oYm9xa/FzCm0MkEnXUfLFJKZhaHj4/xNlzTPP72FeqzjFS0njlkxv/KIqDtDo/TLnffl7fhZ65951RGxwUu19xf+YhUCqoHIP7pRkDxs9nYAgc4Mwyy3ennFM1w2p4CVW6VH6OUMq3fvUWV6u8vLeSAfoAYtTXlJ/gg/fHujHs5mVEHfamu2JsacHK4HvthI0WEZXrjn8wMEXkUsQokTezqk1yCUTFVZ3qoQ6084TQ7BJq8DYjfXoCtnKCB3CCjE51TfG9GEEyMEXbud4meR/gDcjmSLdVnkjwDS7iuUZQs1QqgtQ/717poMurU9jcEupLjzNJ1/fHclQku9TxoCMSQy3uNQH97nmwWSD42wLtyoU1jxVef36h0mftYFcZc56ABbgBvf5vV1fB7DZb5UxnIeNCXQX69XdS6CjF3RdJ7i4sLalxhGtPkhRnY1iytHbY9jKOKGJc0tKnciTy5bdxwxHvWyIEggkUoBMxVOifu0rRy+AXDG6bInlmX0aGwevJP8jTK8TLJ4m2TuE0cGCx5VKjeFzhLZETRsND1zl3PVb61CLshdABGzJjReeNxdtT1gAAeF7/YM9PEbjfplg==
X-IPAS-Result: A2EEAAD7dcdb/zCZrQpfAxoBAQEBAQIBAQEBBwIBAQEBgVEFAQEBAQsBgQ2BXYEnCoNriBeOJ4MClAoUgSsXJAgBAwEjC4Q+AheFBTQNDQEDAQEBAQEBAgEBAoEFDII2Ig0ENwUPLwkBMgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAUCQwQBARgBAQEBAwUBCBUCCAEbHCICAgEIEQMBAgYBAQEOAQkHAwICAgUQAQMLDBQJCAIEAQkIAQYIDYMFAYIQpReBLoU6hE8PBYtegUI+gTkfgkyBQYFaAgIYgQsmLQkBFREBAoI5MYImAohTHIU7gVWIFIFghD4DBgKFcgElPoYfhAOCG44HhzyFDIlMAgQCBAUCFIFDgg5wFWUBgkEJgh0MC4MfKIpRAW8NJIkODYEfgR8BAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1531.3; Wed, 17 Oct 2018 13:52:58 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1531.003; Wed, 17 Oct 2018 13:52:58 -0400
From: "Gould, James" <jgould@verisign.com>
To: "martin.casanova@switch.ch" <martin.casanova@switch.ch>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] [regext] Unhandled namespaces IETF 102 flashback
Thread-Index: AQHUZjE2g0XUA54uGkKdyteSq44GGaUjuBcA
Date: Wed, 17 Oct 2018 17:52:58 +0000
Message-ID: <DCF01A04-86B6-43EE-A4C2-5AB872470D6E@verisign.com>
References: <97c69a11-653e-0265-6ec7-5947958f0f5e@switch.ch>
In-Reply-To: <97c69a11-653e-0265-6ec7-5947958f0f5e@switch.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.f.0.180709
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_DCF01A0486B643EEA4C25AB872470D6Everisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/P6pBojuQ8Tf1lKBwUR-3EzT6JYY>
Subject: Re: [regext] Unhandled namespaces IETF 102 flashback
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Oct 2018 17:53:05 -0000
Martin, Thanks for posting the flashback with the statements from the IETF-102 session. I provide my feedback to the statements embedded below. Jim and Antoin, I would like 10 minutes at the REGEXT meeting at IETF-103 to introduce and discuss the newly published draft-gould-casanova-regext-unhandled-namespaces. Since I’m on the topic of the REGEXT agenda, I would also like 10 minutes to introduce and discuss the newly published draft-gould-regext-login-security-policy. Just let me know how much time is available and I’ll accommodate. Thanks, — JG [cid:image001.png@01D255E2.EB933A30] James Gould Distinguished Engineer jgould@Verisign.com 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com<http://verisigninc.com/> From: regext <regext-bounces@ietf.org> on behalf of Martin Casanova <martin.casanova@switch.ch> Date: Wednesday, October 17, 2018 at 11:51 AM To: "regext@ietf.org" <regext@ietf.org> Subject: [EXTERNAL] [regext] Unhandled namespaces IETF 102 flashback Hello I was viewing the discussions about the unhandled namespaces in the last IETF meeting (102 in Montreal) again to reflect a bit more on the topic. starting at minute 46:46 https://www.youtube.com/watch?v=qTJsVCM5Bmo starting at minute 38:40 https://www.youtube.com/watch?v=2g44uJWtB2M I would like to comment 4 statements (analogous) that were made in this session: 1. To make sure the server remains RFC compliant when sending poll messages with extensions it should not accept sessions where the client did not specify all server supported extensions. (Server supported language: ABC, Client only A and B) - This is a rather strict interpretation. Of what I heard, some registries allow the session anyway but use only extensions of the common subset of client login and greeting in their reposes. Other extensions are omitted in responses. Commands of other extensions that the server does not support are answered with 2307 "Unimplemented object service" but for that to happen the session must have been established. Who is handling it this way, lets say for the DNSSec extension? JG – I believe this is much too strict and doesn’t really match what seems to be the intent of the service negotiation in RFC 5730, where the server states what services it supports (are available) and the client states what will be used in the session (selects what it will use). Requiring that the client supports all of the server services is not a workable option. 2. Poll Messages are informational. Nothing important should be sent over this channel. - I think this could hinder the further development of all poll message related extensions. The importance of the whole poll mechanism is undermined by saying that the information in poll messages is anyway only optional to process and not so "important". Maybe we will have even more important stuff to communicate in the future via this channel. (low balance etc.) JG – I find transfer poll messages, low balance poll messages, and server-side changes via the change poll message as pretty important. The poll queue is an important feature of EPP to support in-band communication from the server to the client that should be used for relevant and important information. What would be the appropriate channel for important information? I find EPP as a better option than e-mail. 3. Poll messages could be purged if they were not delivered after a certain time. - This is ok for poll messages as a whole when they are not picked up at all but it does not allow to distinguish between "normal" poll messages and poll messages with extensions. In case you wanted to purge the problematic messages with extensions there are the following problems: - Different queues for messages with different extensions are not foreseen by the RFC's and are also more complicated to implement. What about messages that use 2 extensions of which only one was configured at login ? - An approach with only one queue would have to provide a mechanism to the client to skip unwanted messages, so normal messages are not blocked. This is also not foreseen by the RFC 5730. JG – Yes, poll messages can and do get deleted by the server after a certain period of time, but the point is that clients should be capable of consuming all messages in a timely basis. EPP is an extensible protocol (object and command / response), so every poll message is using an extension of some sort. I don’t see any difference between a “normal” poll message and a poll message with extensions. Having different queues for a client based on the extensions does not scale at all. The poll queue should be a communication channel for an extensible set of messages. Adding the capability of skipping messages and blocked messages is not what is defined in RFC 5730, so I don’t view that as a realistic option. 4. The problem of breaking clients should never occur in production because clients can prepare them selfs in OT&E - Unfortunately there is no standard way for clients to trigger normally "registry initiated" poll messages. There are some ideas to make them testable but all of them are rather work intensive for the registry and the registrar and/or require extensive out of band documentation. A mechanism like described in the draft draft-gould-casanova-regext-unhandled-namespaces helps registrars to cope with new extensions because there is no strict deadline. They prepare their client when they think they have the resources or the need to process the new extensions in an automated way. In the mean time they can be assured that nothing bad happens, no client breaking, no login denied... JG – I don’t believe we should assume that a problem will not occur because registrars prepare against OT&E. This is a protocol question and not a process question, where we have poll messages that need to be delivered to the client that the client explicitly doesn’t support (whole message or a portion of the message). The draft-gould-casanova-regext-unhandled-namespaces draft provides a solution to the protocol question that enables all clients to consume all poll messages, without filtering out information, and in compliance with the current protocol. Thoughts ? Martin --- SWITCH Martin Casanova, Domain Applications Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 55, direct +41 44 268 16 25 martin.casanova@switch.ch<mailto:martin.casanova@switch.ch>, www.switch.ch<http://www.switch.ch> Working for a better digital world
- [regext] Unhandled namespaces IETF 102 flashback Martin Casanova
- Re: [regext] Unhandled namespaces IETF 102 flashb… Thomas Corte (TANGO support)
- Re: [regext] Unhandled namespaces IETF 102 flashb… Gould, James