[regext] Benjamin Kaduk's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
"Hollenbeck, Scott" <shollenbeck@verisign.com> Mon, 30 July 2018 14:29 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FC211310DC; Mon, 30 Jul 2018 07:29:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com header.b=BKTQfPY7; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=verisign.com header.b=KjThAXv7
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7rbonwtWtJyS; Mon, 30 Jul 2018 07:29:05 -0700 (PDT)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BD721310D9; Mon, 30 Jul 2018 07:29:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=6180; q=dns/txt; s=VRSN; t=1532960944; h=from:to:cc:date:message-id:references:in-reply-to: resent-from:content-transfer-encoding:mime-version: subject; bh=28GFtBywkj7aLeEYQatNJrckkSac3dzosl0pmurbxeU=; b=BKTQfPY7VeFhxHs1dA2OnEnxVzalfXFbzaNegWFwP9sivsbpeN+7c3EK QLWrcZjPrEDTMlbC9PErSwKRrqL36ZGmJTBMOteXV3X5NetTAyoJn2Z2k zOXVVOVpwzmOtuiQKaJr7Xu65uFGCse3SJFznkmQD0AjTLVl9moE5TARn lER+2Dy/4flIJ+Xc/i/waV1p3yQCqFyOklvsMs9kMHWaBPW9A7TjINQJ7 UNTZGN/AA4tgPSz71QaHf23AeReGtOLiP5KlGRYMOlEoCBSZpayA+5wUo QbcGoG9uoBPd6h3igRVHi29ypFYrdsDhssIFzKolUSQrdfDjLDFuHdBEk Q==;
X-IronPort-AV: E=Sophos;i="5.51,422,1526342400"; d="scan'208";a="7321178"
IronPort-PHdr: 9a23:fz9TEBOinrA+bhQEiLMl6mtUPXoX/o7sNwtQ0KIMzox0K/75o8bcNUDSrc9gkEXOFd2Cra4c1ayO6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fcbglUhTexe69+IAmrpgjNq8cahpdvJLwswRXTuHtIfOpWxWJsJV2Nmhv3+9m98p1+/SlOovwt78FPX7n0cKQ+VrxYES8pM3sp683xtBnMVhWA630BWWgLiBVIAgzF7BbnXpfttybxq+Rw1DWGMcDwULs5Qiqp4bt1RxD0iScHLz85/3/Risxsl6JQvRatqwViz4LIfI2ZMfxzdb7fc9wHX2pMRsZfWTJcDIOgYYUBDOQBMuRZr4bhqFUBogCzBRW3C+Pt1jNEmmP60K883u88EQ/GxgsgH9cWvXjartv1M6MSUeSrw6nO1jrMce9Z2TTl5IPVbx4uvfaMXa5sccbf1EIiEBjFjlWXqYzhOzOayOINvHOF4OV8VuKikHAnpB9rojiu3ccsi4bJhoQPxl/Y8iV5xZ84KNulQ0B1Zt6kFYFftyCcN4ZuQ8MtWXpntDw9yr0ctp63ZCkKx4o7xx7RcfCHdJKI4h3lWe2MIjl4nGpodK+jixqo7EStyOPxWtOp3FtKoCdJiNbBu3QV2xDO9sSLUOZx80W91TqVygze5eJJLVopmafYM5IhzKA/m5kPvUnGGyL7mln5gLOMeUgh5+Sn9/job7Dmq5CBKYB0hATzP6AzlcOiH+s1NBUFUXKB9uSmzrLj+FX0QLBNjvIrjKbUqIvaJcEHpq6hBA9Vz5oj5w6/Dzi41NQYmmEKIU9ZdhyfkoTmO0nALv/5AvujnVigiilryOzBPr37GpXBNGLMn6r7cbZj8U5c0wwzwcpD6JJTD7ENOPPzWknvu9zEFhI1LhC4z/z6BNh/2I4SQ3+DD6+XPa/IvlKF4vojI+yWa48UvDb9JeIl5/nrjXIhgl8dfa6p3Z8TaH+mGPRpOFuWbmbvgtoaD2cFoBA+TO3xiF2DXj5TYWy+UL475jE+EI6mF5vMRpixgLyd2ye2Bp5WaXpbBVCREnflbICEW/YQaC6IPMBujyEEX6C7S4A9zRGuqBP6y71/I+rV5CIYrp3j2cN05+LNiREy+yZ4D8OH02GCV2t0hH8HRycq3KBjpkxw0kqM0bJijPxWCdxf/vJJXRkmNZ7S1uB6Ec79Wg3fcdaGVFaqW8+mDiwrQdIp2tMOZF1yG9e8gR/fwyqmGqMVmKaEBJEv86LTwWTxJ8hnx3bBzqkhgEEsQtFTOm2+mq5/6w/TCpbTk0qHmKala6sd3DLU+GifzWqBpkBYUBRrUajeXHAQeFfWrdrj6kPFVb+uBqwtMhFdxs6aNqtKdtrpgE1cRPj9N9TRfW2wm3urCBaJ2LyMcITqd38a3CXHB0hX2zwUqDzJNgEyGySJpmPCSjFiCB2lKxfv+OVjq1u+T1Nywg2XOQkpnfW09wUarf2RV/1V2agL921p/zR5B1mV3t/KBZyHvQU3L4tGZtZoqndA0WbUsQZwNZ/kZ5tpgUICOUwjpEPp0xF6DI9NmssCsn4wzRFzJqTe21REIWDLlavsM6HafzGhtCukbLTbjxSHiI6b
X-IPAS-Result: A2HgAADoD19b/zGZrQpRCg4MAQEBAQECAQEBAQgBAQEBhDGBJwqDdJZPgy4OkimBKxckCyMLhD4CF4MeNxUBAgEBAQEBAQIBAQKBBQyCNSQBDi8cLwgBBQEBAQEBASYBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBCAIPIxISAQEYAQECAgEjEQwBASoNAQQHBAIBGQQBAQMCHwcCAgIwFQgIAgQBDQUIgxmBdxeqKm6BLoJ0AQEFh0YDBYELhmCBLoFCPoEShi0BAQECAYEqAQcLAQmDF4JVh3iSGgMGAoYVgmaGMoFQhBqIJgGKUIRYQoImAgQCBAUCFIFXgQRYEQhwgwUBATKCGTSDNIUUhQQ6bwGNEoEfgRsBAQ
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Mon, 30 Jul 2018 10:29:02 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1466.003; Mon, 30 Jul 2018 10:29:02 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "'kaduk@mit.edu'" <kaduk@mit.edu>, "'iesg@ietf.org'" <iesg@ietf.org>
CC: "'draft-ietf-regext-rdap-object-tag@ietf.org'" <draft-ietf-regext-rdap-object-tag@ietf.org>, "'regext-chairs@ietf.org'" <regext-chairs@ietf.org>, "Gould, James" <jgould@verisign.com>, "'regext@ietf.org'" <regext@ietf.org>
Thread-Topic: [EXTERNAL] RE: Benjamin Kaduk's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
Thread-Index: AQHUKAVDGmadcEdGiUi00lIsDYN2dw==
Date: Mon, 30 Jul 2018 14:29:02 +0000
Message-ID: <adec3bc5daa44c4db99afd97b8d1e5a1@verisign.com>
References: <153271389685.32575.14236059863408474169.idtracker@ietfa.amsl.com>
In-Reply-To: <153271389685.32575.14236059863408474169.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
x-ironport-av: E=Sophos; i="5.51,422,1526342400"; d="p7m'?scan'208"; a="5339498"
dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8352; q=dns/txt; s=VRSN; t=1532955611; h=from:to:cc:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=LW2YJBnj8OWgOYeOi3zYaz80wBgupWNZPePSFulE3sI=; b=KjThAXv7wZ9QSNo4Jx2oSKBNCoRo/9SvUxfWLv6i54Etd5EwXqEI5KTE QcZolawC5DM2GJBFtl/EGey3/UTEDEeXpfztjLip0rRg/yqcQtTzNIRR0 PeW6ZEtjhgEhMblENz5kPn57WUN1DN3613JdI8U8gNOJYuhKQ0fhenLk8 e0KnRpvDwFo4jLAQb04q1ckJtQUIOdgIqxS6l//NHIHBYFYx5nJUUg69Z hhlVYYvVLhZ7dpUOlzxvt3Jst75nZRWvUPIwMmQ9uZozaKNfKLBFu68HA JDirCWGX2Aej+UxLBOVT03JPrctXw4B64GrHFN7utzALF1I76br9o7Ino Q==;
x-ironport-anti-spam-result: A0HVAADJCl9bgCzGHwRbDg4BAQEEAQEKAQGCelGBZSgKmDaFO5NiKhEIAy6EPgKDEyE3FQECAQEBAQEBAgEBAhABAQkNCQgnJQgEgjUkAQ5LLwgBMgEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCD0cBARkCAQMSIgwBATcBDwIBCEYCKgYlAgQBDQ0GFIJ/gX8BAgIBnkABi3mCHIJ0AQEFgSyGEwcIh2uBFxeBQj6EJIpUmhIDBgKDZYFZiW+BQgGMTpIQAgQCBAUCFIEjNIF1cIM5ghk0gzSKGDpvjjKBGwEB
x-ironport-anti-spam-filtered: true
x-original-to: xfilter-draft-ietf-regext-rdap-object-tag@ietfa.amsl.com
delivered-to: xfilter-draft-ietf-regext-rdap-object-tag@ietfa.amsl.com
x-virus-scanned: amavisd-new at amsl.com
Resent-From: alias-bounces@ietf.org
x-ms-exchange-messagesentrepresentingtype: 1
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Resent-Message-Id: <20180730142904.9BD721310D9@ietfa.amsl.com>
Resent-Date: Mon, 30 Jul 2018 07:29:04 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Xg7TQsO-ox8F7XdaBvY46ZKD1s8>
Subject: [regext] Benjamin Kaduk's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2018 14:29:08 -0000
(My email client sometimes does unexpected things with message encryption. Sending again with plaintext assured...) > -----Original Message----- > From: Benjamin Kaduk <kaduk@mit.edu> > Sent: Friday, July 27, 2018 1:52 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-regext-rdap-object-tag@ietf.org; Gould, James > <jgould@verisign.com>; regext-chairs@ietf.org; Gould, James > <jgould@verisign.com>; regext@ietf.org > Subject: [EXTERNAL] Benjamin Kaduk's No Objection on draft-ietf-regext- > rdap-object-tag-04: (with COMMENT) > > Benjamin Kaduk has entered the following ballot position for > draft-ietf-regext-rdap-object-tag-04: No Objection > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-object-tag/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I was a little surprised to see that this document targets BCP status, not > Proposed Standard. Was there much discussion of this question in the WG? > > Section 2 > > Service provider tags are concatenated to the end of RDAP query > object identifiers to unambiguously identify the authoritative server > > It seems like it is the combination of concatenation of the service > provider tag, and the use of the rdap_objectTag_level_0 rdapConformance > attribute that provides the unambiguous property; I would like to see this > caveat made more clear here. Thanks for the review, Benjamin. The rdapConformance attribute doesn't do anything to identify the authoritative server. It's a clue to the client that the server has implemented this particular practice. > Also, per https://www.iab.org/2016/11/07/iab-statement-on-ipv6/, please > consider using IPv6 addresses in the examples. The example copied into this document comes directly from Section 5.3 of RFC 7483. I'd prefer to keep it as-is to maintain consistency with that cited reference. > Section 5.1 > > Are all provided URLs supposed to be functionally different? If not, how > do we tell which ones do what? Practice thus far in the RDAP bootstrap registries has been to register http and https URLs. The scheme of the URL identifies the functional difference. > Section 7 > > Perhaps note that it is using IANA as a well-known central trusted > authority in order to provide the property of allowing users to get RDAP > data from an authoritative source? Sure, OK. > [...] The method has the same security > properties as the RDAP protocols themselves. The transport used to > access the IANA registries can be more secure by using TLS [RFC5246], > which IANA supports. > > Well, I don't know that "the same as" is quite right, especially given the > following sentence. The composed chain of "talk to iana, talk to referred > RDAP server" depends both on the security of the connection to the RDAP > server and that of the connection to IANA; it seems prudent to note that > if TLS is used for the RDAP connection, TLS should also be used when > talking to IANA, or even that TLS should always be used when talking to > IANA. OK, how about this text? OLD: This practice helps to ensure that end users will get RDAP data from an authoritative source using a bootstrap method to find authoritative RDAP servers, reducing the risk of sending queries to non-authoritative sources. The method has the same security properties as the RDAP protocols themselves. The transport used to access the IANA registries can be more secure by using TLS [RFC5246], which IANA supports. NEW: This practice uses IANA as a well-known, central trusted authority to provide the property of allowing users to get RDAP data from an authoritative source, reducing the risk of sending queries to non-authoritative sources and divulging query information to unintended parties. Additional privacy protection can be gained by using TLS [RFC5246] to provide data confidentiality when retrieving registry information from IANA. Scott
- Re: [regext] Benjamin Kaduk's No Objection on dra… Hollenbeck, Scott
- Re: [regext] Benjamin Kaduk's No Objection on dra… Benjamin Kaduk
- [regext] Benjamin Kaduk's No Objection on draft-i… Benjamin Kaduk
- Re: [regext] Benjamin Kaduk's No Objection on dra… Hollenbeck, Scott
- [regext] Benjamin Kaduk's No Objection on draft-i… Hollenbeck, Scott
- Re: [regext] Benjamin Kaduk's No Objection on dra… Hollenbeck, Scott
- Re: [regext] Benjamin Kaduk's No Objection on dra… Benjamin Kaduk