Re: [regext] Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
"Hollenbeck, Scott" <shollenbeck@verisign.com> Wed, 01 August 2018 12:53 UTC
Return-Path: <shollenbeck@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD500130E78; Wed, 1 Aug 2018 05:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XcMcEuZjCc7B; Wed, 1 Aug 2018 05:53:01 -0700 (PDT)
Received: from mail4.verisign.com (mail4.verisign.com [69.58.187.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B119130E71; Wed, 1 Aug 2018 05:53:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=7370; q=dns/txt; s=VRSN; t=1533127981; h=from:to:cc:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=cGGhXT0Tef3NHshkPnSowCJgJJjgXey3ew+d5+ahS4A=; b=Wg5XgV+0Nc5PAmTnfeDReIrr07eQTcZXQFKoDST/sT8NwCoTptt2R3j1 /phTHJWPb7mGYLkurSj7btEHVbYXrR1xgDYQ0wKe4RUWd5SF0Rth0ujJh vEcs+kfrc9mQcqamRv4aHvX9Z2iYRN6Zi9HNS0tvpDIV0KZqVeYYN2I+4 qCzNtnU4/drbBn4gLvoLPYdPtylCWuOoQQBX5A0yWtSXv9DEW1oOJHDQu HhlqmHzF8iGKl++d6tJgBU4BFVPnDPK3AdqvxXA2KQo/fmWTZKRMXdPfd aF90GF77JsqwfXAsoOcd1MGtSJvyGy5oDSTai6AKJ3uDFlszWf+yWToZr Q==;
X-IronPort-AV: E=Sophos;i="5.51,431,1526356800"; d="scan'208";a="5356824"
IronPort-PHdr: 9a23:8fdBnBL4CKIk+IqC49mcpTZWNBhigK39O0sv0rFitYgXKPr4rarrMEGX3/hxlliBBdydt6oazbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlJiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0vRz+s87lkRwPpiCcfNj427mfXitBrjKlGpB6tvgFzz5LIbI2QMvd1Y6HTcs4ARWdZXshfSTFPAp+yYYUMAeoOP+dYoJXyqVQBtha+GRKjBOHzxjNUmnP736s32PkhHwHc2wwgGsoDvHrWotXyMKcSVf66zK/Twjrdc/xW2i/x45XVfB89pvGMQa5wfcTMwkQoDAPFjlKQqYjhPzyL0OQCqHaU4PZjVe+0lW4otRtxojm0xscthYnJgJgZxUzD9SV82Ys4I8CzRkB8Yd6hCpRQtieaOpN2QsM+X2FooD06xqcHuZGmZCQKyYooxwLRa/CddIiI+B3jWeCMKjl7nHJoYK+ziwqo/US9yODxWNO43EtKoydLiNXBuXMA2wTO5sSbUPdx40Ws1SqV2wzO5exJIlo4mbfYJpI5zL4/iJkevVjGEyLzmkj5kLOaeV8h9+S19+vofrDrq5+BOIBqhAHzN6AjldGiDusmNAUFQnKV9v6m1LL5+E30WLBKjvornabHqJ3aPsEbprKhAw9Sz4Yj9w6zDze439QcmnkKNE9Idg6fgYT0O17AOP/2Avajj1ixijtr2ezJPrr7ApXVNHTMiqrucaxj605G0wozy8pT6I5TCrEEOP7zW0nxu8LEDhIhLgC43/zrBMh/244QQ26DH6+UPa3IvVKH5e8jO+yMa5UUuDb5Jfgl/fnujXohlF8Gfamp2p8XaHSmEfRgOEqWf2bjgtQaHGcUoAU+Vu3qiEaDUT5cYXa+Rb4z5jY+CI6+F4fMWpitgKCd3Ce8BpBXaHpJCkqWEXj2cYWJQPQMaD+XIsB7iDwEVKKtS4k/2hGyrAX60aZoLvLI+i0EspLuzNl16PPIlRE97jF0DtqS032DT21umWMIXTA21rhloUNh0leDzbR4g/tAGNNO/fNGSAk6NYLFw+x7Fd/yRgzBcs6TSFm4TdWpHz4wTs4oz98UfklyAc2iggnE3yWxAb8aiaCEBIAt/qLAxXfxKN1wy3fY26k9gVkqWMxPNXephqRn7QjcG5bJk1mFl6atbakcxjDC9GidwmuBoEFUSRJ/UaXfUnAefEvWts/05kLcQL+yB7QrKAxBydSNKqFScN3mkU1GROv/ONTZe2+xgXm/BRmWybKDcIrnYGQd0zvBCEgKiQwT+myGNQcmDCe7v23eFCBuFU7oY0707el+qXa7QlUowAGKaE1g2by19wUXhfydUPMcwqgItz09pDluAVa93IGeN93V7UV+db9GbNUV40pC3HjY8QpwItPqZ/R9j0QEfgJfvF7r3g92TINNjZ55gmktyV84CaWc1F5HfT6T3tS4AbbQNnW4tES0a6nS3lzY2tud+Y8R5e45sFTsukeiEU90oCYv6MVcz3bJvsaCNwEVS5+kFx9vrxU=
X-IPAS-Result: A2GiBADzq2Fb/zCZrQpbGgEBAQEBAgEBAQEIAQEBAYQxgScKg3WWUYMuDpIwgWYLIwuEPgIXg0o4FAECAQEBAQEBAgEBAoEFDII1JAEOLxw9AQEBAQEBJwEBAQEBASMCRCwBAQEBAyMROA0MBAIBCBEEAQEBAgIfBwICAjAVCAgCBA4FCIMZgg6wOYEuilMFgQuIFIFCPoESgxKDGwIBAgGBKgESAQktgmqCVQKHWiGSIwMGAoYXiRuBUIQegnKFOYpYh0MCBAIEBQIUgViBA1gRCHCDOYJNiEiFPm8BjTKBH4EbAQE
Received: from BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Wed, 1 Aug 2018 08:52:59 -0400
Received: from BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde]) by BRN1WNEX02.vcorp.ad.vrsn.com ([fe80::7c0a:1cc:5def:9dde%4]) with mapi id 15.01.1466.003; Wed, 1 Aug 2018 08:52:59 -0400
From: "Hollenbeck, Scott" <shollenbeck@verisign.com>
To: "'warren@kumari.net'" <warren@kumari.net>
CC: "'iesg@ietf.org'" <iesg@ietf.org>, "'draft-ietf-regext-rdap-object-tag@ietf.org'" <draft-ietf-regext-rdap-object-tag@ietf.org>, "Gould, James" <jgould@verisign.com>, "'regext-chairs@ietf.org'" <regext-chairs@ietf.org>, "'regext@ietf.org'" <regext@ietf.org>, "'tim.chown@jisc.ac.uk'" <tim.chown@jisc.ac.uk>
Thread-Topic: [EXTERNAL] Re: Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
Thread-Index: AQHUKONuNbZwnffwKkqq4yn6KGogbKSq2xLg
Date: Wed, 01 Aug 2018 12:52:59 +0000
Message-ID: <607dd51353db4cb39fa83c344e991576@verisign.com>
References: <153296860192.827.8824953027965906564.idtracker@ietfa.amsl.com> <fd7b0f69e9c34ae685034b4a1957ecdd@verisign.com> <CAHw9_iLwWpB7HtnYqAO=R8ZDX2NgGtppTHii=tRrM8igxzrOrw@mail.gmail.com>
In-Reply-To: <CAHw9_iLwWpB7HtnYqAO=R8ZDX2NgGtppTHii=tRrM8igxzrOrw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/cXBUN429mA-p1B5kz579AUt4evc>
Subject: Re: [regext] Warren Kumari's No Objection on draft-ietf-regext-rdap-object-tag-04: (with COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Aug 2018 12:53:04 -0000
> -----Original Message----- > From: Warren Kumari <warren@kumari.net> > Sent: Tuesday, July 31, 2018 11:30 AM > To: Hollenbeck, Scott <shollenbeck@verisign.com> > Cc: The IESG <iesg@ietf.org>; draft-ietf-regext-rdap-object-tag@ietf.org; > Gould, James <jgould@verisign.com>; regext-chairs@ietf.org; > regext@ietf.org; Tim Chown <tim.chown@jisc.ac.uk> > Subject: [EXTERNAL] Re: Warren Kumari's No Objection on draft-ietf-regext- > rdap-object-tag-04: (with COMMENT) > > On Tue, Jul 31, 2018 at 7:07 AM Hollenbeck, Scott > <shollenbeck@verisign.com> wrote: > > > > > -----Original Message----- > > > From: Warren Kumari <warren@kumari.net> > > > Sent: Monday, July 30, 2018 12:37 PM > > > To: The IESG <iesg@ietf.org> > > > Cc: draft-ietf-regext-rdap-object-tag@ietf.org; Gould, James > > > <jgould@verisign.com>; regext-chairs@ietf.org; Gould, James > > > <jgould@verisign.com>; regext@ietf.org; tim.chown@jisc.ac.uk > > > Subject: [EXTERNAL] Warren Kumari's No Objection on > > > draft-ietf-regext- > > > rdap-object-tag-04: (with COMMENT) > > > > > > Warren Kumari has entered the following ballot position for > > > draft-ietf-regext-rdap-object-tag-04: No Objection > > > > > > When responding, please keep the subject line intact and reply to > > > all email addresses included in the To and CC lines. (Feel free to > > > cut this introductory paragraph, however.) > > > > > > > > > Please refer to > > > https://www.ietf.org/iesg/statement/discuss-criteria.html > > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > > > > The document, along with other ballot positions, can be found here: > > > https://datatracker.ietf.org/doc/draft-ietf-regext-rdap-object-tag/ > > > > > > > > > > > > -------------------------------------------------------------------- > > > -- > > > COMMENT: > > > -------------------------------------------------------------------- > > > -- > > > > > > Thank you for writing this - it solves a useful purpose, and is > > > clear and easy to read. > > > > > > I had 2 comments / questions - please also see Tim Chown'sOpsDir > > > review for a useful nit. > > > > > > Section 2. Object Naming Practice > > > The entire 'HYPHEN-MINUS' selection makes me slightly twitchy - the > > > argument that it was chosen because it is commonly already used as a > > > separator feels like it cuts both ways - the fact that 'Handles can > > > themselves contain HYPHEN-MINUS characters' already seems to argue > > > that a different separator should have been chosen to minimize the > > > chance of collisions / people getting this wrong. I get that the > > > document says "the service provider identifier is found following > > > the last HYPHEN-MINUS character in the tagged identifier", and would > > > feel more comfortable if some of the examples contained more than one > hyphen to make this clearer. > > > > Thanks for the review, Warren. We actually had quite a debate in the WG > about the separator character (witness the change log). I could change one > of the examples in Section 2 if that would be helpful. > > Okey dokey - my main concern is if the WG discussed it and selected > something; I'm not yet quite so arrogant that I'm sure I know better than > the WG :-) I think that having an example with multiple hyphens would be > helpful to avoid issues. > > > > > > Section 7. Security Considerations > > > 'The transport used to access the IANA registries can be more secure > > > by using TLS [RFC5246], which IANA supports.' I'm confused by this > > > sentence in the Security Considerations section - more secure than > > > what, not using TLS? Why isn't this something like "The transport > > > used to access the IANA registries SHOULD (or MUST) be over TLS"? > > > > Benjamin also had a comment about this text. I proposed this change in > my reply to him: > > > > OLD: > > This practice helps to ensure that end users will get RDAP data from an > authoritative source using a bootstrap method to find authoritative RDAP > servers, reducing the risk of sending queries to non-authoritative > sources. > > The method has the same security properties as the RDAP protocols > themselves. > > The transport used to access the IANA registries can be more secure by > using TLS [RFC5246], which IANA supports. > > > > NEW: > > This practice uses IANA as a well-known, central trusted authority to > provide the property of allowing users to get RDAP data from an > authoritative source, reducing the risk of sending queries to non- > authoritative sources and divulging query information to unintended > parties. Additional privacy protection can be gained by using TLS > [RFC5246] to provide data confidentiality when retrieving registry > information from IANA. > > > > Better? I hesitate to say "The transport used to access the IANA > registries SHOULD (or MUST) be over TLS" because that's not something the > RDAP client controls - it's controlled by IANA's web server (which, in > fact, is currently redirecting http connections to https). > > > > I'd think that a SHOULD is fine - I cannot imagine the IANA disabling > HTTPS for registries like this, but won't dig in my heels over this... Warren, Benjamin proposed new text in his last note. I'll use his text if that's OK with you. Scott
- Re: [regext] Warren Kumari's No Objection on draf… Hollenbeck, Scott
- Re: [regext] Warren Kumari's No Objection on draf… Warren Kumari
- [regext] Warren Kumari's No Objection on draft-ie… Warren Kumari
- Re: [regext] Warren Kumari's No Objection on draf… Hollenbeck, Scott
- Re: [regext] Warren Kumari's No Objection on draf… Benjamin Kaduk
- Re: [regext] Warren Kumari's No Objection on draf… Warren Kumari