Re: [regext] Stephen Farrell's Discuss on draft-ietf-eppext-keyrelay-12: (with DISCUSS and COMMENT)
Ulrich Wisser <ulrich@wisser.se> Wed, 16 November 2016 07:03 UTC
Return-Path: <ulrich@wisser.se>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD6E12948C for <regext@ietfa.amsl.com>; Tue, 15 Nov 2016 23:03:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wisser-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qVRIWkNNg-7j for <regext@ietfa.amsl.com>; Tue, 15 Nov 2016 23:03:08 -0800 (PST)
Received: from mail-wm0-x229.google.com (mail-wm0-x229.google.com [IPv6:2a00:1450:400c:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 970F412967F for <regext@ietf.org>; Tue, 15 Nov 2016 23:03:05 -0800 (PST)
Received: by mail-wm0-x229.google.com with SMTP id t79so51321958wmt.0 for <regext@ietf.org>; Tue, 15 Nov 2016 23:03:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisser-se.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=aHNvYQLFkCpOrfk/1VKYkvMH+4kpUdvRYENqOUVUr8U=; b=okkzj8ODIJH1cP9IXW6zmiEuQkeYWwCTBGTP7e8BDqDTyxrEkbOkP3W4SO2eAs4SQu Ado3ucrqSVKYscjiFjW0w5KyBmWyy3WgkjSNMzSKkCUXf1t8z7Smy0eAt+DJ4d6LKZ8Z WtLkEJXQfWQ2WZ+zfgjEiGlqFlCDPWob8U4PEKTuJ2+GQI7q7TE9K3E/IhnG2RVJuFtJ 5CZGI4XpzfcEv7Cq4gZMbIV2dz9fXWWRL0G2ZglTvCoTPAieWzXltreEALbpebxLmy/P BtIEnftZSN0D2E7ExS5kJlNllreTOWDHq8omeXSddBIc8cIqgSBTwYPuVl0G6es40F6Y lFFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=aHNvYQLFkCpOrfk/1VKYkvMH+4kpUdvRYENqOUVUr8U=; b=fFk3nMPVveFHa18kDxvAeaYhrD70OAoygQhflwiOV7tWVrl+ZVQ7c8oRqETT96pIbO dcm2tWRAlRk941zsO5YOg2t1ne1E/7YQJIFidzjGg5/gSiFQIhgD2pk5dm7QSYiYraVn mznFLLjRv0jTnIOer/HhjVYv3l2JtGhYV7f2xXr8rW24QJzxWQBnqg5RObhWXrpPlO6e Qmijacge+1CvXDlUPCs1E2ov8Ci+dawcK4WZPSw1ZB75Zc+1DiRtwBZP3AZaIfK9QJaS ZfEAvC5GFBPDvPVVsdhLojIVbvrdA8Vf5d2EcVzpeEQDYamCszuBHSyx2FP+5jln361D G/lQ==
X-Gm-Message-State: ABUngvdt2LqadqHIfGoeL9NpYcItZxpUMvC9TAy/kelWpMQ3fEv3PC00TTLXDLJ0c+5Heu59NyMmH0wOL5VtEA==
X-Received: by 10.194.26.170 with SMTP id m10mr752225wjg.152.1479279783851; Tue, 15 Nov 2016 23:03:03 -0800 (PST)
MIME-Version: 1.0
References: <147877667162.2254.3308122162993302915.idtracker@ietfa.amsl.com>
In-Reply-To: <147877667162.2254.3308122162993302915.idtracker@ietfa.amsl.com>
From: Ulrich Wisser <ulrich@wisser.se>
Date: Wed, 16 Nov 2016 07:02:53 +0000
Message-ID: <CAJ9-zoUiVXuu_XSfFHp7r=XJu7-W-m69_CDfG=wv1kCP5sL2FQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b6245e60a6940054165aa44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/TKb9xeG4rm9Hfv6L2iLE3JLAa9c>
Cc: regext-chairs@ietf.org, draft-ietf-eppext-keyrelay@ietf.org, regext@ietf.org
Subject: Re: [regext] Stephen Farrell's Discuss on draft-ietf-eppext-keyrelay-12: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Nov 2016 07:03:13 -0000
Hi! Yesterday at the DNSOP meeting some IPR issues came up. At that meeting the AD and IAB told us explicitly that we can not discuss the IPR. Today I had a short talk with Andrew Sullivan about the IPR and he confirmed that we are not supposed to discuss the IPR. The IPR is only meant to allow us to make an informed decision. The IPR was filed long before we went to LC. It was mentioned on the list and in f2f meetings. So we can believe that the wg participants knew about the IPR when they agreed that the document is ready for publication. What more should the wg have done? /Ulrich Stephen Farrell <stephen.farrell@cs.tcd.ie> schrieb am Do., 10. Nov. 2016 um 20:17 Uhr: > Stephen Farrell has entered the following ballot position for > draft-ietf-eppext-keyrelay-12: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-eppext-keyrelay/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > (1) The IPR declaration says that license terms will be available > "later." As things stand, I don't understand how the WG can have > made an informed decision in that case. I looked at the archive > and saw essentially no discussion, other than the announcement. I > also looked at the application and it's not crystal clear to me at > least that none of the claims are relevant. The shepherd write-up > also doesn't help me, but of course there may have been discussion > in a f2f meeting that is documented in minutes or something - I've > not checked for such, or I may have missed out on some list > traffic. Anyway, the DISCUSS is to ask did I miss stuff and if not > how can WG participants have rationally considered an IPR > declaration if the licensing information will only arrive "later" > after the document is approved to become an RFC? (Note: If I am > explicitly told that this was considered and participants were ok > with the declaration even as-is, then I'll clear.) > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > OLD COMMENTS and cleared-DISCUSS point below. (There's > no need to read beyond here:-) > > (2) So I can see at least two ways in which this kind of thing can > be done and you don't clearly say which this supports. Option (a) > would be for the gaining DNS operator to provide new public keys > to the losing operator for inclusion before a transfer so that > continuity is maintained during the transfer. Option (b) would be > where the KSK private material is not known by either > operator, but e.g. by the registrant. In the case of option (b) > the DNSKEY would be transferred from the losing to the gaining DNS > operator. (And the arrow in Figure 1 would be in the other > direction.) I think you need to be clear about which of these > cases is actually being supported and about the overall sequence > of events needed. (If you tell me that you really want to do > whatever is in draft-koch, then that's fine but then this draft is > probably premature and draft-koch would need to be a normative > ref.) > > - I think I'm missing an overview of EPP here. The intro could > maybe do with a short para, and/or a pointer to something general. > (Ah, I get it in section 3 - the ref to 5730 might be better in > the intro.) > > - general: I think it'd be better to talk about public key values > and not "key material" as the latter is often used to describe > secret/private values which aren't at issue here. (Or else > I'm mis-reading stuff:-) > > - nit, p8: s/previously send/previously sent/ > > - Section 6: I'm surprised that you don't recommend or even note > that the gaining registrar/dns operator should be able to check > that the DNSKEY value it sees in XML is or is not the same as one > that is published in the DNS and verifiable there. Wouldn't that > kind of cross check be useful? > > > -- Ulrich Wisser ulrich@wisser.se
- [regext] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [regext] Stephen Farrell's Discuss on draft-i… Ulrich Wisser
- Re: [regext] Stephen Farrell's Discuss on draft-i… Alissa Cooper