[regext] Roman Danyliw's Discuss on draft-ietf-regext-data-escrow-05: (with DISCUSS and COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Sun, 08 March 2020 22:35 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: regext@ietf.org
Delivered-To: regext@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 442B53A0956; Sun, 8 Mar 2020 15:35:52 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-regext-data-escrow@ietf.org, regext-chairs@ietf.org, regext@ietf.org, James Gould <jgould@verisign.com>, jgould@verisign.com
X-Test-IDTracker: no
X-IETF-IDTracker: 6.120.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <158370695225.6735.13200718369022557320@ietfa.amsl.com>
Date: Sun, 08 Mar 2020 15:35:52 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/ZCxYxWCtxtjM-oCix8Is4_WeE1s>
Subject: [regext] Roman Danyliw's Discuss on draft-ietf-regext-data-escrow-05: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 Mar 2020 22:35:53 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-regext-data-escrow-05: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-regext-data-escrow/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

** Section 6.1.  Please provide a normative reference to XML Schema.

** Section 6.1. The schema defines types “clIDType” and “rrType” but their use
isn’t explained in the text and they don’t appear to be used in the definition
of <deposit>.

** Section 11.  Was a requirement to secure the deposit data at rest
considered?  The text here suggests that such details needed to be worked out
individually.  However, Section 9 notes that the whole deposit is likely to be
confidential.  It would seem best practice to store such sensitive information
encrypted.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

** I didn’t follow how this draft fits with EPP or RDAP per the REGEXT charter
(and neither of these protocols are references).

** Section 5.1. @resend.  How does the registry know the escrow deposit failed
to increment this attribute and resend?

** Section 5.1.2.  <version>.  The schema indicates that this should be set to
1.0, but this isn’t said in the text.  How should an implementation process a
version number it doesn’t recognize?

** Section 10.  Per “As such, the registry transmitting the data to the escrow
agent _should_ take all the necessary precautions …”, why isn’t this a “_MUST_
take all necessary precautions …”?  Under what circumstances would transport
security not be desirable?