[regext] Benjamin Kaduk's No Objection on draft-ietf-regext-org-11: (with COMMENT)

[Benjamin Kaduk <kaduk@mit.edu>]

Benjamin Kaduk has entered the following ballot position for
draft-ietf-regext-org-11: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-regext-org/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Some of the element descriptions (e.g., <org:postalInfo>) appear to be
duplicated in several places and are also rather long in prose form.  Is
there value in attempting to consolidate the structural definition to a
single place in the document and just refer to that structure from the
places where it can appear?

Section 1

   There are many entities, such as registrars, resellers, DNS service
   operators, or privacy proxies involved in the domain registration
   business.  These kind of entities have not been formally defined as
   an object in EPP which will be specified as "organization" in this
   document.

nit: run-on sentence.  I suggest:
   These kind of entities have not been formally defined as having
   an object in EPP. This document provides a way to specify them as
   "organization" entities.

Section 2

   The XML namespace prefix "org" is used, but implementations MUST NOT
   depend on it and instead employ a proper namespace-aware XML parser
   and serializer to interpret and output the XML documents.

I suggest mentioning more explicitly that "org" is used in the examples as
shorthand for the full namespace "urn:ietf:params:xml:ns:epp:org-1.0";
draft-ietf-regext-allocation-token would be a fine example to look at.

Section 3.4

   Status values that can be added or removed by a client are prefixed
   with "client".  Corresponding status values that can be added or
   removed by a server are prefixed with "server".  The "hold" and
   "terminated" status values are server-managed when the organization
   has no parent identifier [Section 3.6] and otherwise MAY be client-
   managed based on server policy.

The list/descriptions that follows shows several that don't start with
"client"/"server", including some not mentioned here.  Are we supposed to
assume that these "unprefixed" values are also server-managed?

   o  ok: This is the normal status value for an object that has no
      pending operations or prohibitions.  This value is set and removed
      by the server as other status values are added or removed.

I guess this is intended to be parsed as "(pending operations) or
(prohibitions)", but could also be parsed as "pending (operations or
prohibitions)".  Perhaps "operations pending or active prohibitions" is
less prone to misreading.

In general, the sort of "all combinations are permitted, except for these
restrictions" approach taken here can lead to some non-sensical
combinations, if insufficient care is taken by the document authors.  I did
not attempt to validate all possible combinations, but do note that (e.g.)
we make statements about "linked" in combination with "ok" and
"client/serverLinkProhibited", but not about "linked" in combination with
"terminated" or several other status values.  The first of those cases
serves as a limitation on "ok", and the second would seem to be intended to
clarify that an apparent conflict of status is permissible, and so it may
well be okay to leave as the default ("everything goes") for other
combinations, but I hope that the WG has done a careful analysis here.
It may also be useful to list what considerations were used in this
analysis, in case there is ever a need to add a new status value (in which
case the analyses would need to be performed anew for the added value(s)).

Section 3.4

(Same comment as above re "pending operations or prohibitions")

Section 3.6

   Take a reseller organization, for example, the parent identifier is
   not defined for the top level reseller, namely the registrar of the
   registry.  [...]

nit: this also looks like a run-on sentence; I'd suggest something like
"The case of reseller organizations provides an example.  The parent
identifier is not defined [...]"

   Loops MUST be prohibited.  For example: if organization A has B as
   its parent identifier, organization B should not have organization A
   as its parent identifier.  The same is true for larger loops
   involving three or more organizations.

I'd suggest s/should not/cannot/

Section 4.1.1

   In addition to the standard EPP command elements, the <check> command
   MUST contain an <org:check> element.  This element or its ancestor
   element MUST identify the organization namespace.  [...]

"the organization namespace" is perhaps ambiguous; am I correct in
inferring that this refers to the full "urn:ietf:params:xml:ns:epp:org-1.0"
namespace value as assigned to the "org" short name?  (I'll refrain from
repeating this comment every time it applies.)

Section 4.1.2

The <org:addr> restrictions seem somewhat contrived/artificially
restricted; for example, there are postal addresses in the US with no
associated city.  Whether an organization would want to use such an address
as its contact location is another question, but I don't have a clear model
of what sort of constraints are intended to be applied by this element.

Section 4.2.1

Just to check my understanding, the <org:creData> contains only a short
list of fields because the server is required to either respect the various
<org:role>, <org:postalInfo>, etc. in the <org:create> request or to return
an error?  That is, the client would not need to immediately perform an
<info> query to confirm the status of the organization object at the
server.

Section 4.2.2

Is there value in an example of the 2305-error response?

Section 4.2.5

The elements in <org:add>/<org:rem> vs. <org:chg> seem to be disjoint sets;
what factors went into deciding to split them this way?

Section 4.3

             The status of the corresponding object MUST clearly reflect
   processing of the pending action.  [...]

It's not entirely clear how this sentence is to be interpreted.  From
context, I assume that the intent is that <info> queries and similar must
report that the appropriate pendingFoo status values, but a literal reading
would seem to have this sentence be a requirement that the server change
what it reports for the object status, once the action is actually taken.
(Which is also something desired, but arguably already required by other
text.)

   The status of the organization object after returning this response
   MUST include "pendingCreate".  The server operator reviews the
   request offline, and informs the client of the outcome of the review
   either by queuing a service message for retrieval via the <poll>
   command or by using an out-of-band mechanism to inform the client of
   the request.

I don't think the "either" is appropriate; the earlier text *requires* the
service message, and allows for additional optional notification
mechanisms.

(side question: what's the mnemonic for "pan" in "panData"?  "pending
action"?  Ah, the full schema suggests "pending action notification".
Also, why is the top-level a "pan" prefix but the children just "pa"?)

Section 7.3.1

   Registrant Name: For Standards Track RFCs, state "IESG".  For others,
   give the name of the responsible party.

Just to clarify, is the intended behavior for non-standards-track
IETF-stream RFCs that the registrant is one of the RFC authors?  I could
see a case that "IESG" would work for all IETF-stream documents, not just
standards-track ones.

   Registrant Contact Information: an email address, postal address, or
   some other information to be used to contact the registrant.

Perhaps a side note, but postal address in particular has come up
frequently in GDPR discussions, with the question of whether it is either
needed or useful.

Section 9

This document is pretty boring from the security perspective (to be clear:
that is a good thing!).  The only thing that came to mind is that in one of
the examples, we show the client asking for <org:id>s of res1523, re1523,
and just 1523.  Only "re1523" was in use, indicating that the other two
would be free for new allcations.  In some contexts this kind of "very
similar looking" identifier can be problematic, especially when a human is
called upon to verify or compare the value(s).  From what I understand of
EPP usage, that doesn't seem likely to be a concern here, but I mention it
in case my understanding is incorrect or incomplete.