Re: [regext] Last Call: <draft-ietf-regext-epp-eai-10.txt> (Use of Internationalized Email Addresses in the Extensible Provisioning Protocol (EPP)) to Proposed Standard
"Gould, James" <jgould@verisign.com> Fri, 27 May 2022 12:03 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49E77C1D3C4E; Fri, 27 May 2022 05:03:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q2AiNzBLkg0S; Fri, 27 May 2022 05:03:13 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95A88C1D3C67; Fri, 27 May 2022 05:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=12202; q=dns/txt; s=VRSN; t=1653652994; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=YSCw71WYK0yzszFTKAmuBnptRqIbNJcKNbjdQd3kPfI=; b=VtSL9SlrK3J/p2WW1DLXTOftD3QdDg2POXd+bRIpYChBFGI2BH03r/Qi 3hqo1sUSEetJhpR2ahW7zEHUBlV6L81JdqLuzcN0FeOQOKs7C9Xjm4GVX RK82r/6hjq4Afn4he6P9vRMd819lYnaxh/oWH5nrHf6wvdfkIvG5dR4tB OmxNKo9q09VupoWX5sH1hzVDoBLvAwZdBz47rRa/c30sq9+tX3bIbe2vw eF+sifdtcHkgeC9b04R2fCscOtZVDsQaXpwji5RGR+GnscIM8Vel2tKSR gjlv/qzYh5BFRhNEs+SwRmJYPKw2HK5SO3PzDVWul2aUVuJGmjw/UW5a7 A==;
IronPort-Data: A9a23:qFTDvKzIGQumMV4RUC96t+cRxyrEfRIJ4+MujC+fZmUNrF6WrkUPz WIYWTiAPv3ZNmGhKNEibITg9hwP6JPWydFhQQJkpS00HyNBpPSeCIXCJC8cHc8wwu7rFxs7s ppEOrEsCOhuExcwcz/0auCJQUGRUchkf5KkYAL+EnkZqTRMFWFw0HqPp8Zj2tQy2YXjXFvX0 T/Pi5a31GGNimYc3l08tvrrRCNH5JwebxtB4zTSzdgS1LPvvyF94KA3fMldHFOhKmVgJdNWc s6YpF2P1jiAo0pyUIPNfoHTKSXmSpaKVeSHoiQOB/j62nCurARqukowHKJ0hUu6F1xlNj2+o TlAncXYdOsnAkHDsMggfhgBVBFSAbNp6O/ueWKe8sDP6HSTJhMAw902ZK03Faci3L9IJ0x+r aVeNjsKdAjFju7w3qigTK9ngcFLwMvDZdtZ4y47i2iEVrB6EfgvQI2TjTNc9DU/gd1KEd7Aa tAYcjtgalLLZBgn1lI/Ucxnxrjz3iiXnztwlW+wgKNw5XXp7QlQ65fBbeLLUMGDSpAA9qqfj iecl4jjOTkYM9yZjDuI7nyEhOTM2yj8Xeo6ELSj6rthiVmX7m0eFBNQUkG0ydG7iUm6WN9FA 0MT9iMiobl0/0uuJvHnUhK1sGLBtR4VWsBLO+w39A/LzbDbiy6VHGEKUntAZcAo8dU7SjE6y hqEh8usCDVumLyYVXzb8a2bxRuoNCcYPXMqZCIYQ00C+daLnW0ophjVSI98FqOl1oSwAi/qh TWLt200gPMZl8hSkbuh5laBiDWpznTUcjMICszsdjrNxmtEiESNPuRENXCzAS58Ebuk
IronPort-HdrOrdr: A9a23:8vg/1qAhCls+7D3lHelx55DYdb4zR+YMi2TDsHoBLCC9E/bo9f xG88566faZslgssRIb9uxoUZPoKU80nqQFgrX5U43CYCDW/EWlK4145ZbvznnKC0TFmtJ15O NFf7JlANP9SXp3na/BijWQIpIFzMOc+K6lwd3CyWxgJDsGV4h74xxnBh2gHkp6eQlDCfMCf6 ah2g==
X-IronPort-AV: E=Sophos;i="5.91,255,1647302400"; d="scan'208";a="16127309"
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2375.24; Fri, 27 May 2022 08:03:10 -0400
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) by BRN1WNEX01.vcorp.ad.vrsn.com ([10.173.153.48]) with mapi id 15.01.2375.024; Fri, 27 May 2022 08:03:10 -0400
From: "Gould, James" <jgould@verisign.com>
To: "john-ietf@jck.com" <john-ietf@jck.com>, "last-call@ietf.org" <last-call@ietf.org>
CC: "jkolker@godaddy.com" <jkolker@godaddy.com>, "regext-chairs@ietf.org" <regext-chairs@ietf.org>, "draft-ietf-regext-epp-eai@ietf.org" <draft-ietf-regext-epp-eai@ietf.org>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: Last Call: <draft-ietf-regext-epp-eai-10.txt> (Use of Internationalized Email Addresses in the Extensible Provisioning Protocol (EPP)) to Proposed Standard
Thread-Index: AQHYccG6ubSAc6LGOEGtCP5MaUhOXA==
Date: Fri, 27 May 2022 12:03:08 +0000
Message-ID: <A106614B-9D5F-4074-BEEE-F0415D2BEB5D@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.59.22031300
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <81822EF01966F44A99584B8B29B25F09@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/QbiJGUxXEvTDOJOSt9c6NMEEy28>
Subject: Re: [regext] Last Call: <draft-ietf-regext-epp-eai-10.txt> (Use of Internationalized Email Addresses in the Extensible Provisioning Protocol (EPP)) to Proposed Standard
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2022 12:03:18 -0000
John, Thank you for your review and feedback. My responses are embedded below. -- JG James Gould Fellow Engineer jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com> 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com <http://verisigninc.com/> On 5/26/22, 2:11 PM, "John C Klensin" <john-ietf@jck.com> wrote: --On Thursday, May 26, 2022 08:59 -0700 The IESG <iesg-secretary@ietf.org> wrote: > > The IESG has received a request from the Registration > Protocols Extensions WG (regext) to consider the following > document: - 'Use of Internationalized Email Addresses in the > Extensible > Provisioning Protocol (EPP)' > <draft-ietf-regext-epp-eai-10.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and > solicits final comments on this action. Please send > substantive comments to the last-call@ietf.org mailing lists > by 2022-06-09. Exceptionally, comments may be sent to > iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > This document describes an EPP extension that permits usage > of Internationalized Email Addresses in the EPP protocol > and specifies the terms when it can be used by EPP clients > and servers. The Extensible Provisioning Protocol (EPP), > being developed before appearing the standards for > Internationalized Email Addresses (EAI), does not support > such email addresses. Hi. Several comments after a first and quick look through this document. First, it appears that it is making a more fundamental change to EPP than just allowing for SMTPUTF8 (aka "non-ASCII" or "EAI") addresses local parts. The second paragraph of the Introduction says "A new form of EPP extension, referred to as a Functional Extension, is defined and used..." and Section 4 defines that mechanism. Because there are people who might look at an announcement of Last Call for an internationalization-related extension and say either "someone else will look at those complexities" or "oh, sure, non-ASCII addresses are good", and move on, introduction of that new type of extension should be highlighted in the Abstract and should have been included in the Last Call so as to draw attention from those who are, e.g., concerned about the tradeoffs associated with adding complexity to EPP. It would be helpful to have assurances that the WG carefully considered the idea and definition of a new extension type and any associated tradeoffs independent of the particular requirements of this document. While it might be necessary, complexity and added options do not promote interoperability. It would also be helpful to know whether developing a separate, short, document defining the new extension type so it could conveniently be referenced from this document and other specifications had been considered. Especially if an update or replacement for this document is anticipated, referencing it from other extensions that use the new type invites the tangled problems of whether such a reference to an obsolete or updated document is still appropriate. JG - Support for EAI across a set of existing and future EPP extensions did represent a new extensibility use case was discussed in the working group, along with other options. The intent of the draft is to support EAI with the definition of a functional extension being as a building block to satisfy the requirement. If the use of a functional extension is needed beyond EAI then I agree that a functional extension draft can be created. I don't foresee that need at this point. Second, Section 2, titled "Migrating to Newer Versions of This Extension" strongly implies that a different form of this extension, or a different extension mechanism serving the same purpose is under development (or even further along) and expected to succeed this one. If that is the case, should this specification not be published as Experimental rather than Standards Track (or even, noting Section 7, as "Verisign's Preliminary Mechanism for Use of Internationalized Email Addresses in..." and Informational)? Or, if there is a substantive reason to publish as Standards Track, I believe the document should explain the reasons for doing this now when an update/replacement using a different mechanism is anticipated? Version numbers or not, the way of doing things that seems to be proposed in the document also does not appear to be a good way to promote interoperability. JG - The migrating to new versions section has become common in the EPP extensions (e.g., Section 2 of RFC 9167, Section 2 of RFC 8807, Section 2 of RFC 8748). The draft is solely focused on supporting EAI in EPP that used pointed version numbers (e.g., urn:ietf:params:xml.ns:epp:eai-0.1, urn:ietf:params:xml.ns:epp:eai-0.2, urn:ietf:params:xml.ns:epp:eai-0.3) for draft implementation signaling until after WGLC when the version was changed to urn:ietf:params:xml.ns:epp:eai-1.0. This section is needed to provide guidance as implementations upgrade to version urn:ietf:params:xml.ns:epp:eai-1.0. The standards track is appropriate for the draft. The work is complete and there is no mechanism serving the same purpose under development. Third, with regard to the i18n parts of this: Nit: The last sentence of Section 3, "By applying the syntax rules of [RFC5322], the EPP extensions will change from supporting only ASCII characters to supporting Internationalized characters both in the email address local-part and domain-part." Does not appear to make sense since, as pointed out earlier in that section, the syntax rules of RFC 5322 only allow (a subset of) ASCII characters. Was "[RFC6531]" intended? While the SMTPUTF8 extension is now supported in most popular sender-SMTP ("client") and receiver-SMTP ("server") implementations, comprehensive support in MUAs and other relevant, user-facing, programs and user interface arrangements (including support by humans) is less common (where "comprehensive" includes all scripts and all languages). This document shows no evidence that the WG has considered whether it would be appropriate and should be possible to negotiate script or language-specific use. While that probably has nothing to do with the technical use of the EPP protocol (i.e., computers talking with computers), it could be very important to practical operational use. If nothing else, the document should probably containing appropriate warnings to registrars and/or registries who, for whatever reason, would like to claim better support for those working in languages other than English about possible pitfalls. Similarly, at least because the server-end downgrade mechanisms described in RFC 6857 do not appear to be widely supported and those described in RFC 6858 lose information, it would appear to be useful for this extension to include provisions for an all-ASCII, RFC 5321/5322-conforming, fallback or alternate contact address. I see no way to provide such an address in this spec. There might be other issues as well, but I would strongly encourage the WG to think about the entire system surrounding this protocol extension, including not only EPP clients and servers but registrants and those third parties who legally and appropriately access registry (and, if separate, registrant) databases to access, understand, and use information. For example, nothing in RFC 6530 and the related documents prohibits the use of obscure and archaic scripts as local-part strings but, especially when there are bidi rendering issues involved, such strings can be very difficult to understand, use, or even copy into other contexts. JG - The challenge in the draft is how to apply the non-ASCII email address syntax defined in RFC 6530 to the EPP protocol, which is highlighted in section 3 of the draft. The focus is on the EPP protocol and not non-protocol policy elements. The security considerations section highlights risks that need to be considered. Disclaimer: These comments are those of the author only and should not be confused with an i18ndir review. Neither they nor the document have been discussed on that list. john
- [regext] Last Call: <draft-ietf-regext-epp-eai-10… The IESG
- Re: [regext] Last Call: <draft-ietf-regext-epp-ea… John C Klensin
- Re: [regext] Last Call: <draft-ietf-regext-epp-ea… Gould, James
- Re: [regext] [Last-Call] Last Call: <draft-ietf-r… John C Klensin
- Re: [regext] [Last-Call] Last Call: <draft-ietf-r… Gould, James
- Re: [regext] Last Call: <draft-ietf-regext-epp-ea… Murray S. Kucherawy
- Re: [regext] [Last-Call] Last Call: <draft-ietf-r… John C Klensin