Re: [regext] Internationalized Email Addresses and EPP

"Gould, James" <jgould@verisign.com> Mon, 21 December 2020 13:28 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 025973A1026 for <regext@ietfa.amsl.com>; Mon, 21 Dec 2020 05:28:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BIGNUM_EMAILS=0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nQg0w39KgmE for <regext@ietfa.amsl.com>; Mon, 21 Dec 2020 05:28:08 -0800 (PST)
Received: from mail3.verisign.com (mail3.verisign.com [72.13.63.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93DED3A102A for <regext@ietf.org>; Mon, 21 Dec 2020 05:28:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=61095; q=dns/txt; s=VRSN; t=1608557290; h=from:to:cc:subject:date:message-id:mime-version; bh=0JISo02iPQWWoy+1toy5LP0ezzpbIPO/0Zfmup7dCu0=; b=RYkcT+Uo3/OHk3BeA1VUF2wF+XEeFU5PurhPMkKFi0oakC0FRRgSMKJ/ jQ9BjCRo/0nKGsgTuCeXXwfKWV/s6k9DQWiBxfJ33jYvtS9xIf94Wzz+G R2Hgsan08o3Xw1utPhB3q7ZqWFB69T1HHd1UJ2CYNRAXC8g5zRk4gcqrw hCyGV+T4X7N0Th+ZrswqNtazlRxTzkkphQIV6QZl+wRi3iAvTNAmFYRGv ASm6q6pUqZIkBT6rHdR60phHvzcWUil/ZUM/L9mgxdMPZ9G25D9l3MKWw /tgdnXBycyo8nbheNGnEufqwRbZvDb9A00FVlwXbJkmtFiwzbywUxGI2b g==;
IronPort-SDR: K9Qcgrw0NTERVor/noTIkcGISsfe1bMWR+ASH1RqS/L9pSninbXpbtuq/uYqnA1fbx8//5wguI zsdbykP7rSmGymiy4A5KMoLHw/iJofBp9ErvQkMHYx9yNDKfyHvn7frASbVtas4uW1+qkgUOq7 sLlOzkX/s289FSNyU0J27Er+l58eM8q0Uus3dDNatYPTOmOZq3h0l8sAUyp/Xg/domiHk2fwoQ 8LJBCKjlxbGU9BtwmhArkVVSFVOpXdQ27viOb5+8v2XPizBuqyizvRxbrmycPXnV2dW7y4bmdK 9Is=
X-IronPort-AV: E=Sophos;i="5.78,436,1599523200"; d="scan'208,217";a="4444042"
IronPort-PHdr: =?us-ascii?q?9a23=3AtEkDjxOY8PY0uB15TYkl6mtUPXoX/o7sNwtQ0K?= =?us-ascii?q?IMzox0K/zyoMbcNUDSrc9gkEXOFd2Cra4d1KyM6/qrBTVIyK3CmUhKSIZLWR?= =?us-ascii?q?4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBx?= =?us-ascii?q?rwKxd+KPjrFY7OlcS30P2594HObwlSizexfLF/IA+ooQnNqMUajoRvJrsswR?= =?us-ascii?q?bVv3VEfPhby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPX?= =?us-ascii?q?w7683trhnDUBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RD?= =?us-ascii?q?qv47t3RBLulSwKMSMy/mPKhcxqlK9VoAyvqQFjw4DaY4+aOvt+cb/Sct4BX2?= =?us-ascii?q?VNQsNRWjZdDo6mbYYCCfcKM+ZCr4n6olsDtRWyCwirBOPyzj9Hm2f61rA+3e?= =?us-ascii?q?s7FAHJwhcgE9wTu3nTrtX1O6ASUf2xzKbV1jjDce1Z2S386IjTcxAhrveMUa?= =?us-ascii?q?hsfsrWzEkiDgXIhUifpoL5JT2azPgNs3SF4Op6U+Kik2AppQ9xrDag2sshio?= =?us-ascii?q?nEi40Xx13F9yh0zoY7KcO2RUN1fNKpEpVduz2YOoZ3Qs4sTWFmtSImx7EapZ?= =?us-ascii?q?K3YSgExIohyhXCZfKHdI2I7QjiVOaXOTp4mmxqeKi+hxap8Eigxev8Vsiy0F?= =?us-ascii?q?lWtCZKjt7MtnUV2xPP68iHUedy/kC71TmT0ADT7/lIIUEqmqrHJZ4t2Lkwlo?= =?us-ascii?q?AcsUnFAyT4m132gbeLekk44OSk9ubqb7v8qpOBN4J5hBvyP6sql8CnHOg0Lh?= =?us-ascii?q?ICU3WZ9OigzrHv4EL0TbZQgvErkaTUto3RK94Bqa6jGQBV154u6xO4Dzi7zt?= =?us-ascii?q?sVhWIHLFdZeBKfiIjpJk3OLOj4Dfihh1Ssly9myu3aMLP5H5nCLmDNnrjgcr?= =?us-ascii?q?ph9UJQ0hQzwsxY55JOErENOuj8VVLruNzGFB85KAq0z/z7B9V604MSQWOPAq?= =?us-ascii?q?mHP6POqVKE+/4jL/ORaIIXtjvxMeUp6v7ggHMjllIQebGl3Z4NZ3C5GvRmLV?= =?us-ascii?q?+ZYX3pgtoZE2cKsQ0+TPHuiFKfSjNTeWi9X7g95jEgCYKmAoHDSpqxj7yG2S?= =?us-ascii?q?e3BodWaXxeClCQDXfocJ2JW+sWZyKJI89ujicJWqK9RIA7yB6hqgr6x6BkLu?= =?us-ascii?q?rV5CIYq4jv1MVv6OfLjxE96SR0D9iB02GKV2x0hmYISiQr06B4vUxy0FGD3r?= =?us-ascii?q?VkjPxfD9Bc+/RJUgIiP57G0+N6E8zyWh7GftqRUlapXNqmDi8+T9It2NIOYl?= =?us-ascii?q?hyG8msjhzZ2CqqGbAVxPS3A8l+7qvH3nPZLs10x3vDkqoggkdgX8IFfTm6j7?= =?us-ascii?q?V+/CDaDIfFnkDflKena+IB1XiJvC2byEKCu11RVgJ7VuPOWnVVLh/OqPz14V?= =?us-ascii?q?/LSbOlDvIsNQ4XmuCYLa4fIPLukFFKAL/BMdHTeCj5z2W/AguMypuSYZDrYG?= =?us-ascii?q?QS2mPWD01SwFNbxmqPKQVrXnTpmGnZFjE7TV8=3D?=
X-IPAS-Result: =?us-ascii?q?A2H4BAD+oeBf/zGZrQpfA4N7UoErgTgKhDeRIAODfZEKh?= =?us-ascii?q?UeBLDwLAQEBAQEBAQEBCAEfEAQBAQKBU4J1GYFgJjgTAgMBAQsBAQEFAQEBA?= =?us-ascii?q?QEGAwEBAQKGTgyCOCJ7PQ09AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBBQIIB00HRwEfAQQBGglLCwUNAQguAQkBCQIEMCcEAQ0FG4JoA?= =?us-ascii?q?iEBgX5orhaBMoVYhROBOIZxhT56QYFCPoE4HIFYLlA+hAQFARIBCQIiCwodC?= =?us-ascii?q?QECgk00giwEgVQBaAYpAzQBAw0BBh0SDwETDDgjFTIVBAElAg0BExADAQsEG?= =?us-ascii?q?g+PMTeCd4crnWkDB4J0iSSGc4UIhjAfgyaBLp1ylAmBZhyHEhKBaZFign2BQ?= =?us-ascii?q?AIEAgQFAhaBbYELcHAVOyoBgj4JRxcCDZISiiM1dA4mAwIGAQkBAQMJiFEBD?= =?us-ascii?q?4EkgREBAQ?=
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Mon, 21 Dec 2020 08:28:06 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2106.006; Mon, 21 Dec 2020 08:28:06 -0500
From: "Gould, James" <jgould@verisign.com>
To: "tasic@academ.kiev.ua" <tasic@academ.kiev.ua>, "pm@dotandco.com" <pm@dotandco.com>
CC: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: Re: [regext] Internationalized Email Addresses and EPP
Thread-Index: AQHW150dR5ghlw8IskavRQLMBzkEfw==
Date: Mon, 21 Dec 2020 13:28:06 +0000
Message-ID: <0FAED777-939A-45CE-B34B-EF2ECC19D2B4@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: multipart/alternative; boundary="_000_0FAED777939A45CEB34BEF2ECC19D2B4verisigncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/SePr8ouUw45Y9OccMeolnZOxvas>
Subject: Re: [regext] Internationalized Email Addresses and EPP
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2020 13:28:12 -0000

 I reviewed the Internationalized Email Addresses and EPP discussion on the list in detail.  I want to ensure that the options are clearly covered.  The EAI support options discussed thus far include:

1.       Do you want the EPP standard to support non-ASCII email addresses?
a.       Scott Hollenbeck’s review of the RFC 5322 reference in the EPP RFC 5733 resulted in the reference being appropriate since the EAI documents update the syntax specification found in 5322 *if* you choose to support the EAI SMTP extension.
b.       EAI support in EPP goes beyond EPP RFC 5733, where email addresses are also used in EPP RFC 8543, and additional EPP mapping registered in the EPP Extension Registry (e.g., Email Forwarding Mapping and NameWatch Mapping).
c.       I don’t support this option since EAI applies broader than a single EPP mapping (EPP RFC 5733), updating the RFC 5733 reference doesn’t address it, and EPP has an extensibility mechanism to handle this in a more explicit manner.
2.       Do you want to *extend* EPP to support non-ASCII addresses, as an option for those who implement the extension?
a.       I take the language from Scott Hollenbeck to support creating an EPP extension for EAI:
                                                                           i.      “The right way to tackle this is to create an EPP extension to allow EPP clients and servers to support EAI. That extension would need to include normative references to the  EAI RFCs, and it would need to allow internationalized email addresses in any EPP fields, including other extensions, that currently carry email addresses.”
b.       Extension options discussed on the list from least explicit to most explicit:
                                                                           i.      Define an Operational Practice (Alex Mayrhofer’s option 4)
1.       “Option 4 would be to not add an extension or a XML namespace for signaling and to return a 2306 error when EAi is not supported.”
2.       Alex’s proposal may be that it’s up to server-policy how to handle it with returning a 2306 error as a proposed choice.  Putting support for EAI into the camp of server-policy will make it a challenge for registrars since the registries can and most likely will make different server-policy decisions with no signaling to the client.  At a minimum, an operational policy should be defined with an XML namespace that signals support for the operational practice.
                                                                         ii.      EAI Support Based on Greeting and Login Services (session-level support for EAI)
1.       This option defines an operational practice and uses an XML namespace in the EPP greeting and login services to signal support within an individual EPP session.  All objects for all TLDs supported by the server would implicitly support EAI for the email elements.  With this option, there is no way to differentiate which TLDs and which objects within the TLDs support EAI.  This is very straight forward to implement, but I believe is far too course grain to provide meaning.
                                                                       iii.      EAI Support with Marker Extension Element (object-level support for EAI)
1.       This option defines an extension that is applied on a per-object basis.  A client can explicitly define that the email address for an object supports EAI and the server can explicitly define whether EAI is supported for that object.  There may be EPP object mappings that support multiple email elements, so this option implicitly defines the email elements that supports EAI on a per-objects basis.  I don’t believe there are any existing EPP object mappings that have an issue with use of a marker element.
                                                                       iv.      EAI Support with Placeholder Text and new Email Element (element-level support for EAI)
1.       This option defines an extension that is applied on an element basis, where the placeholder text defines the element explicitly.  This is the approach currently defined by draft-belyavskiy-epp-eai-02.  Since the existing EPP object mappings don’t have an issue with implicitly indicating the EAI element of an object, the Marker Extension Element looks to be a simpler option.

There was discussion on the list related to whether a EAI element should be returned to a client that does not support the EAI extension.  This comes down to an unhandled namespace problem that is defined by draft-ietf-regext-unhandled-namespaces; although in this case it applies to a field within a supported namespace (e.g., contact email element in EPP RFC 5733).  There are existing EPP object mappings (e.g., Contact, Organization, Email Forwarding, NameWatch) that have a mix of requiring the email address in the info response, so you can’t universally specify that the email element will not be returned to a client that doesn’t support EAI.  draft-ietf-regext-unhandled-namespaces can be used to indicate that the extension is not supported as a signal to the client, but the question is what to do with the required email element value.  One option is to return the value that is non-deterministic and the other option is to return a placeholder value (“[EAI-ADDRESS]”) that will be deterministic since “[EAI-ADDRESS]” is clearly not a valid e-mail address.  Both options should include an indication that EAI is not supported by the client via draft-ietf-regext-unhandled-namespaces.  I generally prefer to be deterministic, but providing the signal via draft-ietf-regext-unhandled-namespaces may be good enough.

Based on the feedback from the working group, I believe the best option is 2.b.iii “EAI Support with Marker Extension Element”.  We can cover in the draft how to handle the clients that don’t support EAI in a Implementation Considerations section.



--



JG







James Gould

Fellow Engineer

jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>



703-948-3271

12061 Bluemont Way

Reston, VA 20190



Verisign.com <http://verisigninc.com/>



On 11/24/20, 1:57 PM, "regext on behalf of Taras Heichenko" <regext-bounces@ietf.org on behalf of tasic@academ.kiev.ua> wrote:





    > On 24 Nov 2020, at 19:56, Patrick Mevzek <pm@dotandco.com> wrote:

    >

    > On Tue, Nov 24, 2020, at 12:35, Taras Heichenko wrote:

    >> First of all, registry does not force anything. It gives the

    >> possibility that registrars

    >> can use.

    >

    > ... which then forces all other registrars to have to support that possibility,

    > except if the registry offers a way for registrars not wanting it to be able

    > to opt-out from it.

    > A registry is a shared data storage, in one simplified view. If registrar X

    > has the "possibility" to enter data there that registrar Y has no way to handle,

    > this means pretty much everyone is forced to upgrade in order to handle the new data.

    > Or just stop using that shared datastore.

    >

    > Again, I think the purpose is to find a solution that could work

    > for any registry (so trying not to just create things for the benefit

    > of a sole actor, even if that happens too often to my taste), and any registrar,

    > including those that do not want to support that new feature, even if you personally

    > believe that all registrars should support it.

    >

    > We can talk endlessly about a specific registry and a specific problem.

    > But I guess that if ones wants to have something akin to an RFC at least some

    > work is needed to include other actors in the play even if finally the specification

    > won't be used by more than one actor. Otherwise it can just be published as an I-D

    > or Informational RFC I guess, for just notification, and there is a little for the

    > working group to discuss (if the initial specification is not open to changes).



    You ask strange questions. There are DB with data that my interface does not support.

    How can I work with the DB under such circumstances? Really I do not have an answer

    to this question. It looks like "I wand use email but I do not want my software to correspond

    RFC 5322. What should I do?"



    >

    >> But if there are users that want to use non-ASCII email then

    >> registrars

    >> and registries should give the ability to use such addresses to the

    >> users. (At least

    >> if we say about universal acceptance). So whether EAI would be

    >> implemented by

    >> extension or in the main <email> field it will bring all registrars to

    >> the EAI implementation.

    >

    > That "either" might need only a couple of electrons in an email, but both options need

    > a non trivial amount of work: either designing a proper extension (without plays

    > on placeholders or things like that), or just doing "EPP v2" if you want to change

    > the "email" definition, and then good luck to make everyone switch to that.

    > (and if there is anytime a work towards EPP v2 there are other problems far

    > more pressing to fix there than just email).

    >

    >> "it will bring all registrars to the EAI implementation."

    >

    > I will let you believe that then, but 1) the IETF is not the protocol or policy police

    > even if the perfect solution is designed there is no guarantee anyone will use it

    > and



    I know what is IETF. But I dislike the approach: we made some standard from our

    heads and now you can do with it whatever you want. And I saw here thoughts that

    differ from yours from the people that are working in this area. What are we going to do?



    Maybe it is too early to adopt such a standard and we should wait until usage of non-ASCII

    email on the Internet would be more defined.



    From my point of view, the extension does not give any advantages. It makes the protocol

    more complicated and gives nothing back.





    > 2) a non technical problem can not be solved by a technical solution, no matter what

    > you will do here, each registrar has its own business case and can decide, from its

    > own point of view, if he wants to do that or not (and hence go up to not carrying the

    > TLD at all if there is no other solution). Which means that the registry has

    > to force by non technical means (aka: contracts) if it wants that behavior

    > (exactly like ICANN contracts mandates implementation of specific RFCs by registries

    > and registrars) or offer proper solutions for registrars not wanting to do it.

    > We can discuss here only the second part, if there is a change in current specifications

    > that allows nicely registrars wanting the feature and registrars not wanting the feature

    > to continue to work.

    >

    > (also, you might be slightly forgetting the "transition" period. Even if registry X

    > says "ok in 6 months all email is EAI compatible, go fix your systems dear registrars",

    > and no matter what delay you give, it will be too short for some)

    >

    > Look at DNSSEC and IPv6 for similar cases of "but everyone should be doing that,

    > it is even mandated by contracts" vs the sore reality of "yeah it kinda works at

    > some places but certainly not everywhere".

    >

    > I think it is better to stick to proposal and see how they work.

    > Another options is to first document the problem and constraints space, and then

    > in a separate document offer a solution.

    > Making everyone first agreeing exactly on what problems need to be solved

    > can frame discussions efficiently.

    >

    > --

    >  Patrick Mevzek

    >  pm@dotandco.com

    >

    > _______________________________________________

    > regext mailing list

    > regext@ietf.org

    > https://secure-web.cisco.com/1CTt8nOMG99IqphFt7XQvrwshCktjtLvNq_NrApuvQgDbeD0AC-sf41PcRBFC3tkK1CGOwYbeMkRsfeqiwzJ0XXLnnoUwRY9zF74PibtIJG6pKkI9L1fBmBvHohQ_4fp6EItQQ6QOcgdYgenY0tA3vH4JNp0YXlRaJ-YEygStgyeVhYVagew8DH2NSsKzZaX7FtP9kZaqTJyLH4mdOUAK07Eg6jKSa1rF_ocwlmBh6Vy93Z16dVHRbOk-n47KbZz9adUz6tERG3KJRLJhxcoM0qsnsY2Dr3eJo3tfm8ZmCH0/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext



    --

    Taras Heichenko

    tasic@academ.kiev.ua











    _______________________________________________

    regext mailing list

    regext@ietf.org

    https://secure-web.cisco.com/1CTt8nOMG99IqphFt7XQvrwshCktjtLvNq_NrApuvQgDbeD0AC-sf41PcRBFC3tkK1CGOwYbeMkRsfeqiwzJ0XXLnnoUwRY9zF74PibtIJG6pKkI9L1fBmBvHohQ_4fp6EItQQ6QOcgdYgenY0tA3vH4JNp0YXlRaJ-YEygStgyeVhYVagew8DH2NSsKzZaX7FtP9kZaqTJyLH4mdOUAK07Eg6jKSa1rF_ocwlmBh6Vy93Z16dVHRbOk-n47KbZz9adUz6tERG3KJRLJhxcoM0qsnsY2Dr3eJo3tfm8ZmCH0/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext