Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Mon, 29 October 2018 13:06 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A93F5130F19 for <regext@ietfa.amsl.com>; Mon, 29 Oct 2018 06:06:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fn0TQ6ze-Sf7 for <regext@ietfa.amsl.com>; Mon, 29 Oct 2018 06:06:43 -0700 (PDT)
Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48503130F13 for <regext@ietf.org>; Mon, 29 Oct 2018 06:06:39 -0700 (PDT)
Received: by mail-lj1-x22a.google.com with SMTP id j4-v6so7684946ljc.12 for <regext@ietf.org>; Mon, 29 Oct 2018 06:06:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a26yDeUHK4jOcovMkQtEO/+c/eL0PQSFVfP73QFJI+s=; b=n+sorJyq0CEEERcqWrhrVePSBXLoBOCVjbVlkb6xtgQHlZG8OQKjahbFV64u8bvYzc xQHLpouWuSjZSrA+xTETqcTLfBZUhaX571ZjyDcWWvGKiMwSQ98mGfdZaAXW6HupiAMn ++NgI2+KlYwPWzufifhU2IS2jELTmLSQGd35iToO1OekbYcH2i3rB0P7meaaKsuxeBqM D7XM+3yV4Q5ixEwAr3gEVMUSkFr6FxnckilSa9ycJY2qXpDqJZ+MMl37qwzxVBQjVagL cwSLb8Q3YfWhVqJJgRiRPy/ckyLkkvKebxeyK2saYTjCH8SC0dWCR3paek8kRq3McUod CVDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a26yDeUHK4jOcovMkQtEO/+c/eL0PQSFVfP73QFJI+s=; b=XPKhIE/Rf+RY7h4qimBDWCrI63acZalRZUup306rEBkV6yHAtFWZmyjRtam3zytn53 xJ3JJW3V8R5W2G0XXkb6JC39ZkGRbv2ZgsvGk4qaDmexZ6PtqGT5OvdLweHs5pNrQ6rz sLoJUXuFSrIDIQricwlhG3Jlkl800+rOlvw2tsokXMWI9NYuR7K57ulWZ2rBkHe8e/1a 4dusqiMF3cX5pBCWeEzvwSBf0XSFEYIlIHOPC+S78CsI6UaVdy/cs8OeqvP2vc8SbB/c 0P4p/lOb9qvQo8EPzcZSap5p1gbbs7V0JX2MPjuxNqP2kWCblUiqw+hnA3fnbfBdR/Ne a/hA==
X-Gm-Message-State: AGRZ1gIqxsBXiKxMkKDn1Znr+ylyOdg83ShZDJidAOd+3cUf44nkDc7F yxi45mtCm1EaDbXGsIQzd2V67VOwCB4EWkShuC/Wmw==
X-Google-Smtp-Source: AJdET5c4FJeagyxIxw2SA+8P5j173Uzk2enwKWajB6RmggZX9Z945aaew31pZbVqffURCix0lYFS8UORiefqyjllijs=
X-Received: by 2002:a2e:5418:: with SMTP id i24-v6mr9436963ljb.51.1540818397330; Mon, 29 Oct 2018 06:06:37 -0700 (PDT)
MIME-Version: 1.0
References: <154040431305.6967.8110836894354286749.idtracker@ietfa.amsl.com> <20181025174522837431196@cnnic.cn> <CABcZeBMtZXNJR5oAsb8Do995herP010tShq46N_6JZaZxHtp8A@mail.gmail.com> <20181029161835451937137@cnnic.cn>
In-Reply-To: <20181029161835451937137@cnnic.cn>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 29 Oct 2018 06:06:00 -0700
Message-ID: <CABcZeBO5n1WXmaQAkOYBkhtOi6BJXzdnBWxxyskauHjX1myiug@mail.gmail.com>
To: zhoulinlin@cnnic.cn
Cc: regext-chairs@ietf.org, pieter.vandepitte@dnsbelgium.be, IESG <iesg@ietf.org>, regext@ietf.org, draft-ietf-regext-org@ietf.org
Content-Type: multipart/alternative; boundary="0000000000003c941805795dbd0e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/QurUPAudDGfAnGlRDM1KcQFi-lM>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 13:06:45 -0000
On Mon, Oct 29, 2018 at 1:17 AM Linlin Zhou <zhoulinlin@cnnic.cn> wrote: > Dear Eric, > Please see my feedbacks inline. I've removed the clarified items. > > Regards, > Linlin > ------------------------------ > Linlin Zhou > > > >> ---------------------------------------------------------------------- >> DISCUSS: >> ---------------------------------------------------------------------- >> >> Rich version of this review at: >> https://mozphab-ietf.devsvcdev.mozaws.net/D3624 >> >> >> This DISCUSS should be easy to clear. I have noted a few points where >> I do not believe that the spec is sufficiently clear to implement. >> >> DETAIL >> S 3.4. >> > >> > o clientUpdateProhibited, serverUpdateProhibited: Requests to >> update >> > the object (other than to remove this status) MUST be rejected. >> > >> > o clientDeleteProhibited, serverDeleteProhibited: Requests to >> delete >> > the object MUST be rejected. >> >> How does access control work here? If either of these values are set, >> then it must be rejected? >> [Linlin] If you mean that clientUpdateProhibited and >> serverUpdateProhibited are set, these two statuses can coexist in the >> system. "clientUpdateProhibited" is set by the client and >> "serverUpdateProhibited" is set by the server. >> >> > That's not what I mean. What I mean is "what is the access control rule > that the server is supposed to apply". > [Linlin] The EPP statuses defined in draft-ietf-regext-org follows the > model used in the other EPP RFC's, including RFC 5731- RFC 5733. The > statuses define the command-level access control rules, where each > supported transform command (update and delete) includes a corresponding > client-settable ("client") and server-settable ("server") that prohibits > execution of the command by the client. The client is allowed make an > update only to remove the "clientUpdateProhibited" status when the > "clientUpdateProhibited" status is set. Client-specific access control > rules (e.g., sponsoring client versus non-sponsoring client) is not defined > by the statuses, but is up to server policy. > > I'm sorry, but this still isn't clear. Can you perhaps send some pseudocode? > >> >> >> >> S 4.1.2. >> > >> > o One or more <org:status> elements that contain the operational >> > status of the organization, as defined in Section 3.4. >> > >> > o An OPTIONAL <org:parentId> element that contains the identifier >> of >> > the parent object, as defined in Section 3.6. >> >> It's not clear to me what's really optional here, because you say >> above that it's up to the server but then you label some stuff here as >> OPTIONAL >> [Linlin] If this sentence makes confusion. How about changing it to "It >> is up to the server policy to decide >> what optional attributes will be returned of an organization object." or >> just remove it? >> >> > I don't know, because I don't understand the semantics you are aiming for. > Are the other attributes optional. > [Linlin] To be consistent with other EPP RFCs, I suggest removing the > sentence "It is up to the server policy to decide what attributes will be > returned of an organization object." > > Does that mean the other attributes are mandatory? If so, you need to say that. > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > >> >> >> >> S 3.4. >> > has been processed for the object, but the action has not been >> > completed by the server. Server operators can delay action >> > completion for a variety of reasons, such as to allow for human >> > review or third-party action. A transform command that is >> > processed, but whose requested action is pending, is noted with >> > response code 1001. >> >> Who can set this? >> [Linlin] The server can set the error code to 1001 and send the response >> to the client. >> >> > Sorry, context got lost. Who can set "pendingCreate"? > [Linlin] PendingCreate or PendingXXX statuses are set by servers. > > Then you should say so in the text. > > >> S 3.5. >> > association with another object. The "linked" status is not >> > explicitly set by the client. Servers SHOULD provide services >> to >> > determine existing object associations. >> > >> > o clientLinkProhibited, serverLinkProhibited: Requests to add new >> > links to the role MUST be rejected. >> >> see above question about access control >> [Linlin] If both the clientXXXProhibited and serverXXXProhibited are set, >> this situation is permitted. >> >> > Sorry, this is still not clear to me. > >> >> >> [Linlin] Please see the above response. > > Sorry, still not clear. > > >> S 4.2.1. >> > status of the organization, as defined in Section 3.4. >> > >> > o An OPTIONAL <org:parentId> element that contains the identifier >> of >> > the parent object, as defined in Section 3.6. >> > >> > o Zero to two <org:postalInfo> elements that contain >> postal-address >> >> These rules looks duplicative of <info>. Is there a way to collapse >> them? >> >> [Linlin] The attributes need to be defined differently for the create > and the info response, since the info response needs to be more flexible > with what is returned based on server policy decisions. Yes, they are the > same elements, but whether they are required or optional may be different > in a create than in a info response. The attributes are duplicated in the > other EPP RFCs (RFC 5731 – 5733) for ease in implementation. Attempting to > collapse the attributes will make it more difficult for implementors and > will not be consistent with the other EPP RFCs. > > This is a comment, not a DISCUSS, so you're free to ignore it, but as someone who as implemented quite a few specifications, I don't agree with the claim that it would make things more difficult for implementors. Implementors want to reuse code and if it's a lot of work to see the difference between two parts of the spec, this leads to mistakes. > > >> S 4.2.5. >> > where at least one child element MUST be present: >> > >> > o An OPTIONAL <org:parentId> element that contains the identifier >> of >> > the parent object.. >> > >> > o Zero to two <org:postalInfo> elements that contain >> postal-address >> >> This also seems duplicative. >> [Linlin] Indeed some elements descriptions appear some times in the >> document. I'd like to have some explanations here again. >> This document borrowed the text structure from RFC5731, RFC5732 and >> RFC5733 of EPP. I think the intension of having some duplicated >> descriptions is for users' easy reading. When seeing the examples, they do >> not have to scroll up and down to find the elements definitions. Some >> descriptions are a little different, although <org:postalInfo> elements >> appear to be duplicated. Such as, "One or more <org:status> elements" in >> <info> response and "Zero or more <org:status> elements" in <create> >> command. Of course putting all the elements definitions in a section is a >> concise way for the document structure. >> >> > It's much harder for implementors because they don't know how to refactor > common code. > [Linlin] Duplicating the attributes is needed to address server policy > differences between create and the info response, to make it easier for > implementors, and to be consistent with the other EPP RFCs (RFC 5731 - RFC > 5733). > > Again, it's *not* easier for implementors. -Ekr > -Ekr > > >> >> _______________________________________________ >> regext mailing list >> regext@ietf.org >> https://www.ietf.org/mailman/listinfo/regext >> >>
- [regext] Eric Rescorla's Discuss on draft-ietf-re… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk