IETF Logo Mail Archive

Re: [regext] EAI in EPP from a registrar point of view

"Hollenbeck, Scott" <shollenbeck@verisign.com> Fri, 20 November 2020 11:18 UTC

Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B1FC3A1393 for <regext@ietfa.amsl.com>; Fri, 20 Nov 2020 03:18:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pZt_UZUfHUZU for <regext@ietfa.amsl.com>; Fri, 20 Nov 2020 03:18:14 -0800 (PST)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDF733A138C for <regext@ietf.org>; Fri, 20 Nov 2020 03:18:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=5140; q=dns/txt; s=VRSN; t=1605871095; h=from:to:cc:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=VxqdZK/IkVpmch9JbmzCx5uWjCkcn2UKr6+pH4trFoQ=; b=qhPaTatQERHJEHZ2bTUuDWq0jIOHNfSY9Igu2vz8B8hOmD9tYp3lMKWO gBkDaV6un77tZ6ObV+qZ77VsWkNAUzWVgTEzPcqeITQQsXi8cDjHRB2mB g/jkOumMa2Pgh2sXw64FwM5b/fUAXnUhdhF7wM9pkt18YyDHMEoacK3Sh jxaBNGEsOePRAj95sO0uwVmEOXumjxPl7rfBBQ8kkcQFDlYPylkpwxdSc NW4UDcJVFFj4E8WPzxFZ0VDBf35BjgnkZk7XfLJ02dbCStPHz4TgVIG/5 fAU4LatuMQPyfNtdxu+K1zK+S4Ap3dU0uGEvR90kbXOBHINd78ho961Mp g==;
IronPort-SDR: +/CkJitzkhD08d+KG05X6VULrIVrIpPp9wAkgFfBOkL11IT/xUzxxk2HTugCDPYqNfj6R8EYWx eX0RGSH8wcdrVMlAQ48XFJ/NmkBmZlz3c4WIN8ChifK9uBEkjufy7vx837VrZvcZtQU+5RUCeG l4VJ7yZEmuazQG1661TmPpBgJ52jOtauIiMFz/e4EZJ2IhYn5N2KeffZw4yZ0YUbMWMZjdAv/r ZRED86ZaCpJlcBzE2rSD/0f5jWChcy1M6QgpL3kZ83OY1IOT0MDGVFrZLbkTZBepjAkouj2+Gt 73o=
X-IronPort-AV: E=Sophos;i="5.78,356,1599523200"; d="scan'208";a="4171741"
IronPort-PHdr: 9a23:4xXAzBVrKGoC/3DC10ONigSytW/V8LGtZVwlr6E/grcLSJyIuqrYbROFt8tkgFKBZ4jH8fUM07OQ7/m/HzVcud3b6zgrS99lb1c9k8IYnggtUoauKHbQC7rUVRE8B9lIT1R//nu2YgB/Ecf6YEDO8DXptWZBUhrwOhBoKevrB4Xck9q41/yo+53Ufg5EmCexbal9IRmrrwjdrNQajIR+Jqo+1BfErGZDdvhLy29vOV+dhQv36N2q/J5k/SRQuvYh+NBFXK7nYak2TqFWASo/PWwt68LlqRfMTQ2U5nsBSWoWiQZHAxLE7B7hQJj8tDbxu/dn1ymbOc32Sq00WSin4qx2RhLklDsLOjgk+2zRl8d+jr9UoAi5qhJ/3YDafZ2VOvR9cKPTf9waRHZOUMleWCFaHoO8dokPA/YdMepEsYXwoUYFoxukBQmrAePi0jFEiH3x3a0+1+QuDwfG0xc+EN0Ss3TYtMj+OroOXuCy0KnI0TvPZO5R1Dfm6IjIdRQhofWSUrJ2asXe11UgFwDeg1WOt4PlJTKV1v8Ms2iU6epsT/6gi2kiqwxopDWk28gjhJXTiI0P1lDE6Tt2wJwzJdCgVUN2Yd6pHYdOuiyYKoZ7RswvTnxntiomzrAKpYO3cDQExZop2hPSaPOKf5SU7hzjVOidPTl2iXBrdr+hgxu/7U6twfD/WMmsyFtGszZJnsPRun0P2RHf8NWLR/tz80u71juC1Bjf5vxYLUwuiKbWKYItzqQtmpccsknPBDL6lUbwgaSLbEsr4PKo5P7iYrj+o5+cMJJ7hR/mP6Q1n8y/Hfw4Mg8TX2iH4ei81KPs/Un+QLhSk/A4jrHXvI3aKsoDqaC2AhNZ3ps55xahEzim184YnWEdIF1fZR2LlZbpO0vVIPD+F/uwn1OskDJzy/DHOL3uHInNI2DenLv9Z7px9kxRxQQpwdxC559ZBKsNLf3wV0PpsdzXFB45Mwi6w+b9D9V905sTWXmPAq+eNKPStUGH5uQ0LOaSeIAVuy3wK+Y76P70jH85gl4dfaav3ZcNdH+4GfFmL12DYXXwmtcBDXsKvg0mQez2klKCSj9TaGqpUq0m+j40Ep+pApnGRoy3g7yB3Tm0HoNMamBbEF+GCW3oeJmcW/cQdCKSJddskiYaWriuVYAg2g2uuRT7y7V5MurU9DcUtZX51Nh6tKXvkkR46TVvDs+12mqEQ2xx2GAJSiFwwak16Rhhw0yC2oBxiPVUGNkV5PJETEEnPMiP4fZ9DoW4egXFetqPQlutQZHuOjo2Us57i4sVY0F5H9ikhB3I3AK0DqUUjL2EAto/9aeKjCu5HNp013uTjPpptFIhWMYabWA=
X-IPAS-Result: A2EdBQAvpbdf/zCZrQpiHgEBCxIMQIYjCpVcmkaBaAsBAQEBAQEBAQEIAS8EAQGBVYJ1AoItJjgTAgMBAQsBAQEFAQEBAQEGAwEBAQKGTwuCNyKDdgEBAQEDDiwrFAwEAgEIEQQBAQEWAQcQMh0IAgQKBAUIsgo8dIE0hVeFAIE4jVuBQj6BEYMSPoN/CgESAQlgAoUsBJAeqBwDB4JulHmGGSuhfZNXgWWdN4FAAgQCBAUCFYFrgQtwcIM5UBcCDY4rF41xNXQ3AgYKAQEDCYwCAgMMgSSBEQEB
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 20 Nov 2020 06:18:12 -0500
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.2106.002; Fri, 20 Nov 2020 06:18:12 -0500
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "tasic@academ.kiev.ua" <tasic@academ.kiev.ua>
CC: "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] EAI in EPP from a registrar point of view
Thread-Index: AQHWvrQQmvIJJqRlqE6DiAkdt/CJ36nQdSTwgAC2zgD//67hwA==
Date: Fri, 20 Nov 2020 11:18:12 +0000
Message-ID: <ccba89a963434c569685a3623dcd2f23@verisign.com>
References: <CADqLbz+VPXYAgrCQY9g-0_vuUxioY7H6GApt4ek2u3gJHXqMPg@mail.gmail.com> <b1b6d23d272f4540aee047911992093b@verisign.com> <24320259-8CB2-404A-8C5E-AC9B02E1A8FE@academ.kiev.ua> <2fab0d51b573476d886fd93803a46f5e@verisign.com> <07B00DB7-4B46-43CF-A107-EE371166AFEC@academ.kiev.ua>
In-Reply-To: <07B00DB7-4B46-43CF-A107-EE371166AFEC@academ.kiev.ua>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/XMWgmjTA2V15LahB5OaS4Yl5QW4>
Subject: Re: [regext] EAI in EPP from a registrar point of view
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Nov 2020 11:18:15 -0000

> -----Original Message-----
> From: Taras Heichenko <tasic@academ.kiev.ua>
> Sent: Friday, November 20, 2020 5:49 AM
> To: Hollenbeck, Scott <shollenbeck@verisign.com>
> Cc: regext@ietf.org
> Subject: [EXTERNAL] Re: [regext] EAI in EPP from a registrar point of view
>
> Caution: This email originated from outside the organization. Do not click 
> links
> or open attachments unless you recognize the sender and know the content
> is safe.
>
>
> > On 20 Nov 2020, at 07:04, Hollenbeck, Scott <shollenbeck@verisign.com>
> wrote:
> >
>
> [skip]
>
> >> Let's compare the pros and contras of both
> >> (1)
> >> + allows implementation by minimum changes in the software. It is
> >> + enough
> >> to change the rule which checks email addresses.
> >
> > I disagree with this completely. A new version of 5733 means a new XML
> namespace, which means that every single implementation of 5733 is
> affected.
>
> I did not say that it is possible to avoid software modification. But 
> changing
> namespace and adding a chank of code to process new extension differ a lot
> by the amount of work.

Right - it's a lot MORE work.

> [skip again]
>
> >>
> >> (2)
> >> + wittingly it is not mandatory by design causes less bureaucratic
> >> + work with RFC documents (there is no need to obsolete any RFC, just
> >> + accept new one with the extension)
> >> - causes much more software modification. Even if a registrar does
> >> not work with this extension it must make modifications to its code
> >> to parse responses to <check> or <info> commands with the possible
> >> extension. In case (1) there would be just symbols in the wrong encoding
> (if even).
> >
> > A registrar/client that does not negotiate use of the extension should not
> receive internationalized email addresses in any response. If that happens,
> the server is doing something wrong.
>
> Ok. Let's imagine the case. There is a contact in a registry with a 
> non-ASCII
> email address.
> A registrar connects to the registry by EPP. Registrar does not support the 
> EAI
> extension and it asks the registry info about the Contact object with a non-
> ASCII address. What is going next?

How did that contact object get populated if the registrar doesn't support the 
capability? It might be possible in the case of a domain transfer. That's 
something we need to think about.

> [and skip again]
>
> >>
> >> I think that (1) has a more positive balance than (2). I disagree
> >> with the proposed document and the design suggested by it. I think
> >> that non-ASCII email addresses should use the same <email> field as
> >> ASCII addresses and whether registry allows or denies such addresses
> >> must be defined in the registry documentation.
> >
> > "non-ASCII email addresses should use the same <email> field as ASCII
> addresses" sounds reasonable to me, assuming that this is negotiated at
> login time. I believe this is the approach taken by SMTP when use of the
> OPTIONAL EAI extension is negotiated.
>
> May I ask you to explain in a few words why the negotiation at login time is
> so important? I try to explain my point of view. Every registry has a
> predefined set of registrars that connect to it by EPP. Every registrar has 
> a
> predefined set of registries to connect with. There are many different
> registries in the world with nuances in the EPP implementation. It does not
> mean that registries should have different EPP implementation for each
> registry but at least they must have a set of rules for the EPP with every
> registry. And this set of rules is not built on-the-fly. It is not an SMTP 
> protocol
> when there is no predefined set of peers and protocol must be very simple
> and clear to be supported by all the participants. The EPP protocol is 
> already
> far beyond the SMTP by complexity.
> And registrars do not connect to the registries without appropriately
> preparing the software. So any negotiation at login time has a very formal
> meaning for this protocol. Maybe I am wrong I just explain my point of view
> from almost nine years in one of the ccTLD.

Login negotiation is CRITICAL because that's where the client and the server 
agree on the set of services and capabilities that will be used during the 
session. Registrars cannot assume that every registry supports the same 
services, and registries cannot assume that every registrar supports all the 
services they offer. DNSSEC (DS record provisioning) is a tangible example. 
It's not supported by all registrars.

For what it's worth, I'm not new to this, either. I respect your point of 
view, and I can appreciate that we might have different operational 
experiences. Let's figure out how we can add this capability in a way that 
minimizes the impact on all involved. That's what I designed the EPP extension 
mechanism for - to provide a lightweight, opt-in way to add new features 
without having to change the core protocol.

Scott

v2.23.0 | Report a Bug | By Email