Re: [regext] CALL FOR ADOPTION: draft-gould-casanova-regext-unhandled-namespaces

"Gould, James" <jgould@verisign.com> Tue, 28 January 2020 18:36 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE340120128 for <regext@ietfa.amsl.com>; Tue, 28 Jan 2020 10:36:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zihqJNRUUKkN for <regext@ietfa.amsl.com>; Tue, 28 Jan 2020 10:36:39 -0800 (PST)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3239512011D for <regext@ietf.org>; Tue, 28 Jan 2020 10:36:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=10872; q=dns/txt; s=VRSN; t=1580236601; h=from:to:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=v7ppqP21CIIFBRqRBI3ug2H2f7EOpT9KLAy3fcVFTHw=; b=pEhGeJ+j4kzF2UOPranq+IIRJys335xGLWbL6p/TTtPlTQ/er7fgwqMz i1p8CTB5wPPBUAEoinAsD23MI6hPp2LYTZLJrujrVcoXCb10VdIY5aqzQ kW4gxaaESNIJK1baDkSnKlEmn/5EZq2LITOP5g6pqpQxoffkBPGnRIB5K uXRaZypurlWmw4QtbCRf7JCbxfRajpfSGNbCt2Hvg2b+uX3NM8zhPxur3 YSPIpsuk4X0TnmojlVt/c9rwCSiAdrd18ZI/uzCIp1GULZIp4otL9B1Sv 18B9MfCceuvkbR1NenN3IXcU5qSVwYRD+wo1dVAQBRK5S40fGKf5JAy4N Q==;
IronPort-SDR: l2cGT7esguIFBbRDj2oZv6lBycTmPKTPmfWfOeREqjmuNc2MK/lHaqmfVVAa1WNnO/g/cfSWE7 h+yILl64GNhfpQf7FTwpPmjIbMHmVI0iyv39qo3yCYx7fXaTJBG/gE5Ee5D+zLJs4ieoIHMvGU E96TcrwkGkPqAlpjZI5uJTR3ktmgQaUGy43ZtD7OtBw4lWgt8Ci1B/sKtrApUyMCV/2dLb2CPU 6YuAJv8ATVufYTFU0EhDmgHtzKireSFH66tQ/n60go6o9zTsB6SWh2PUw31+UmwC0lYEMADzPf gi0=
X-IronPort-AV: E=Sophos;i="5.70,374,1574121600"; d="scan'208";a="617725"
IronPort-PHdr: =?us-ascii?q?9a23=3AGCMHhhyhACRTa2PXCy+O+j09IxM/srCxBDY+r6?= =?us-ascii?q?Qd0uoTL/ad9pjvdHbS+e9qxAeQG9mCt7Qf16GP6/CoGTRZp8rY6zZaKN0Efi?= =?us-ascii?q?RGoP1epxYnDs+BBB+zB9/RRAt+Iv5/UkR49WqwK0lfFZW2TVTTpnqv8WxaQU?= =?us-ascii?q?2nZkJ6KevvB4Hdkdm82fys9J3PeQVIgye2ba9vIBmsogjdq8YbjZFsJ6s+xR?= =?us-ascii?q?fFv2dEdudLzm9sOV6fggzw68it8JNt6Shcp+4t+8tdWqjmYqo0SqBVAi47OG?= =?us-ascii?q?4v/s3rshfDTQqL5nQCV2gdjwRFDQvY4hzkR5n9qiT1uPZz1ymcJs32UKs7WS?= =?us-ascii?q?++4KdxSR/nkzkIOjgk+2zKkMNwjaZboBW8pxxjxoPffY+YOOZicq7bYNgXXn?= =?us-ascii?q?RKUNpPWCNdA4O8d4oPAPQHPeZEtIn2ul8CoQKjCQWwGO/jzzlFjWL006Inye?= =?us-ascii?q?QsCQHI0hI9EdISvnrar9v1O6UcXuC00KbGwjrMYuhK2Tjm7YjEbgwtrOuOUL?= =?us-ascii?q?92bMHfyVMvFwTAjliIp4DrPjSV1vkJs2eG9+ZrSOahhHQiqw5vuTijyNonh4?= =?us-ascii?q?7LhoIazVDE6CF5z5suKN2mVkF7e9+kEIBRtyGVMYt6WN8tQ2ZtuCsjzLANpJ?= =?us-ascii?q?C1fC8PyJs9xh7fbeSKc5aW7RL5VeaROjZ4hH1jeLK+gRa97VKsxfH7VsmxyF?= =?us-ascii?q?pKrzRKksXCtnwX0BzT8MeHR/1g9UmiwTaCzx3f5v1eLUwpl6fWJYQtzqMwm5?= =?us-ascii?q?cdq0jOESz7lF3rgKOKbEko5+ql5/j9brn7qZKRNJV4hhz9P6g2lMywH+c1Ph?= =?us-ascii?q?QLUmWe4+ux17nu8lb8TbhEkPE5j6jUvZXBKskfp6O0AQpY34gt5hu9Ejir1s?= =?us-ascii?q?kTk2MdI1JfYh2HipDkO1TJIP/lE/iym0+skDJ3x/DeOb3hH4nNImDDkLj/eb?= =?us-ascii?q?Z97FZRxRcvw95H+p5bCqkPLv3yVUPtqdDUFAE5PBCzw+b9ENVxzJkRVn+VDq?= =?us-ascii?q?+HKqPSqlmI6vgzLOmLYY8ZoDf9K/476P7ylXI1hEMRcbO00ZYVZn20BOlqLk?= =?us-ascii?q?WXbHb2jdoMEn8Gvg8kQ+zrjF2CXyRTZ3G3X68k5DE7B4WmDZrHRo+wm7GBwj?= =?us-ascii?q?m0HodXZmBdC1CMHnHoe5+YVPcLbSKeOtVhnSAcVbi9V48h0gmjtBf/y7d8M+?= =?us-ascii?q?XU/TEYuojl1Ndo++LTkgs++iBzD8SYy2uNVX17nnsURz8q26ByuVZ9xUmM0a?= =?us-ascii?q?dmjP1YCcde5/JXXQcmO57Q1et6C8r9WlGJQtDccF+6WNStAnkUQ8wjztxGN1?= =?us-ascii?q?54M9mlkhnF0yGtRbQSkurPTNYu/63Rz2TZJsthxTDBzqZrxw08T8RCJXGOh6?= =?us-ascii?q?Nj+U7UHYGfwGuDkKP/P4sbwSrBsC+hxG+DpwsQBAx/VrjBUVgBa1HXttX24A?= =?us-ascii?q?XJSLr4WudvCRdI1cPXcvgCUdbul1gTAa67YNk=3D?=
X-IPAS-Result: =?us-ascii?q?A2FJAgDZfjBe/zCZrQpiAxwBAQEBAQcBAREBBAQBAYF7g?= =?us-ascii?q?X2BGIExCoQKkT6DbpcOFx0ICQEBAQEBAQEBAQcBGA0KAQECg3lFAheCNDgTA?= =?us-ascii?q?gMBAQsBAQEEAQEBAQEFAwEBAQKGIAyCOykBaS8JOQEBAQEBAQEBAQEBAQEBA?= =?us-ascii?q?QEBAQEBAQEBAQEBAQEBAQEBAQEBAQUCCAc0GQc1EgEBHQEBAQECAQEBGwYRO?= =?us-ascii?q?hsCAQgOCgICEgETAgICJQsVEAIEAQkJgyYBglsvrTx1gTKKO4EOKow4gUI+g?= =?us-ascii?q?Tgggkw+gmQBAQIBgUoWFwoLGwECgkYygiwEkFGPU480AweCOYdCiVeFOYJIe?= =?us-ascii?q?Jc8jmCBAEqGCmgokikCBAIEBQIVgWmBe3AVOyoBgkEJRxgNjikXFW8BDII/h?= =?us-ascii?q?RSFP3QOJIs9D4EiMV8BAQ?=
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1779.2; Tue, 28 Jan 2020 13:36:10 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%5]) with mapi id 15.01.1779.002; Tue, 28 Jan 2020 13:36:10 -0500
From: "Gould, James" <jgould@verisign.com>
To: Patrick Mevzek <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] CALL FOR ADOPTION: draft-gould-casanova-regext-unhandled-namespaces
Thread-Index: AQHV1aorUw6f0Mz8wEOJzJ4HiQcDFqgASwcAgABZ3ID//8NsAA==
Date: Tue, 28 Jan 2020 18:36:10 +0000
Message-ID: <95DB25F4-5C93-42F1-AB9C-D2ABF5B7FA15@verisign.com>
References: <7498F6EF-3BDD-4FEE-B30E-53BDCB3B9B8D@antoin.nl> <94998f24-4736-47f9-9da7-d0653d1f0676@www.fastmail.com> <BD597A01-7394-4FA7-B6E6-24DEEC56DE70@verisign.com> <27f5f218-74ed-4082-aea5-ea7775a80ea4@www.fastmail.com>
In-Reply-To: <27f5f218-74ed-4082-aea5-ea7775a80ea4@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.10.12.200112
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-ID: <FF67DB737777904ABBCE5E655CF8B924@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/VEywfrQLqrkShNPaVGLfqtDerB0>
Subject: Re: [regext] CALL FOR ADOPTION: draft-gould-casanova-regext-unhandled-namespaces
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jan 2020 18:36:42 -0000

Patrick,

My comments are embedded below.

-- 
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/>

On 1/28/20, 12:13 PM, "regext on behalf of Patrick Mevzek" <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote:

    On Tue, Jan 28, 2020, at 11:51, Gould, James wrote:
    > JG - This topic came up with the introduction of a new poll message 
    > with the Change Poll Message in https://tools.ietf.org/html/rfc8590.  
    
    But the problem existed far before it (and it didn't bother, for
    good or bad reasons)
    
    One case among others (putting aside the problem of transfers for domains with attached DNSSEC configuration):
    
    - registrarA has domainX with secDNS data
    - registrarB transfers the domain; registrarB login to EPP server DOES NOT include
    secDNS-1.1 as it is optional
    - registrarB does a domain:info, now what to expect in reply?
    Should it include the secDNS part or not?

JG - No, according to the RFC 5730 (based on the login services), and RFC 5910 (based on the text in section 2), the server should not include the secDNS information.  draft-gould-casanova-regext-unhandled-namespaces provides an option for the server to return the information that will not break registrarB by returning something that registrarB does not support, per the login services.


    This is the whole debate, and the problem is not trivial.
    Notifications are just a specific case among the whole problem
    (which is truly more just about feature negotiation at session beginning).
    
    Notifications are asynchronous. They can be produced at time T1 where
    registrar was having an EPP session where extension X1 was negotiated, but
    the message can be retrieved far later, at time T2, where registrar has
    another EPP session where that extension was not used. Now, the notification
    needs to be processed in some way because it blocks all the queue
    otherwise.

JG - Yes, you are correct.  Should the registry return the poll message that registrar at T2 clearly does not support, which represents a poison message if the client is unable to process it?   The poison message scenario is addressed by implementing draft-gould-casanova-regext-unhandled-namespaces. 
    
    > It's primarily an issue associated with the poll queue, where it's 
    > unclear how the server can introduce a new poll message without 
    > breaking the protocol.
    
    The problem is ABSOLUTELY NOT just tied to poll messages. I would prefer
    all parts of the problem to be addressed, OR at the very least if not
    possible then the document clearly mentioning it deals only with part
    of the problem and leaves the rest for sometimes later/somewhere else.
    But in my mind that lowers its usefulness.

JG - draft-gould-casanova-regext-unhandled-namespaces does address both general EPP responses in section 4 (https://tools.ietf.org/html/draft-gould-casanova-regext-unhandled-namespaces-00#section-4 ) and poll messages in section 5 (https://tools.ietf.org/html/draft-gould-casanova-regext-unhandled-namespaces-00#section-5).  What I meant was that the poll queue was the primary issue that triggered creating draft-gould-casanova-regext-unhandled-namespaces, but we did address both cases.  Let me know whether anything is missing. 
    
    >     However, as discussed previously, in its current form this draft 
    > will
    >     introduce interoperability problems[1], so this just exchanges one 
    > problem with another.
    >     
    >     So I am mildly convinced work is required, and mildly unconvinced that
    >     the draft as it stands completely address the issue.
    >     
    >     [1] TL;DR: a registrar has no way to automatically discover
    >     a registry is using the mechanism outlined in this document,
    >     as not announced in the greeting part.
    > 
    > JG - draft-gould-casanova-regext-unhandled-namespaces addresses a 
    > protocol and subsequently an interoperability issue,
    
    (that no one took care to document or even raise on the mailing list
    for like 16 years...)
    
    > since the server 
    > will be capable of fully honoring the services the client includes in 
    > the login command.  I'm not sure how a practice that fully follows the 
    > EPP RFCs and fully honors the client login services will introduce an 
    > interoperability problem based on the lack of discoverability of the 
    > practice in the greeting.  
    
    Again: because the client has no way to know if the registry it is talking
    to right now, implements this "extension" or not. So it has no way of knowing
    what to do with the <extValue> it gets (if it should start to parse them,
    if it should start to be worried to get extValue content when it didn't have
    any in the "past", etc.)
    (and no, parsing of "reason" node does not count as discoverability)
    And clients, are clients to multiple registries. They have to accommodate all
    of them, even if they do their internal hall of fame/shame based on their
    preferences, they still have to accommodate if they want to do business...

JG - If signaling is important for the client with the server's implementation of a BCP such as draft-gould-casanova-regext-unhandled-namespaces and draft-gould-regext-secure-authinfo-transfer, how about defining a namespace URI for the BCP which can be used in an <extURI> element in the greeting by the server and in the login command by the client.  In the case of draft-gould-casanova-regext-unhandled-namespaces, inclusion or exclusion of the URI in the login command services would not change anything for the server.  Does the definition of a namespace URI for a BCP draft that is included in an <extURI> element of the greeting services and login services make sense to you?
    
    I am sure you can imagine that not all registries will implement it even
    if it becomes a full fledged RFC, so
    registrars have to discriminate. If they can not, they have to do heuristics.
    This makes the current situation more fragile, and hence poses an interoperability
    problem (and will, in my view, lessen the probability that many registries
    will implement it, feeling that the status quo - again not worrisome enough
    for 16 years for anyone to work on that before - while not perfect is certainly
    good enough and not worse than what is proposed in the draft).
    
    If you say: big deal, registrars can just ignore the <extValue> content in that case
    then: why even bothering sending it?

JG - It's more important to send it for a poll message so that information is not lost and the poll message can be safely acknowledged.  Cases like returning secDNS can be done via the <extValue> content, based on draft-gould-casanova-regext-unhandled-namespaces, instead of a server deciding not returning it.  The content is not expected to be automatically parsed and processed, but the existence of an <extValue> element in the response should signal the client that they may need to add support for an extension that the server does support.  It may be the case that the client does support the extension, but their login services is incorrect, so the <extValue> element would signal the client that they need to update their login services.  
    
    I will leave it at that for now, and see further discussions if the
    draft is adopted by the working group.
    
    -- 
      Patrick Mevzek
      pm@dotandco.com
    
    _______________________________________________
    regext mailing list
    regext@ietf.org
    https://www.ietf.org/mailman/listinfo/regext