Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
"James Galvin" <galvin@elistx.com> Fri, 04 May 2018 13:31 UTC
Return-Path: <galvin@elistx.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE92412706D for <regext@ietfa.amsl.com>; Fri, 4 May 2018 06:31:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=elistx-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K0ADtv9waTjp for <regext@ietfa.amsl.com>; Fri, 4 May 2018 06:31:44 -0700 (PDT)
Received: from mail-qt0-x235.google.com (mail-qt0-x235.google.com [IPv6:2607:f8b0:400d:c0d::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32B1F126FB3 for <regext@ietf.org>; Fri, 4 May 2018 06:31:44 -0700 (PDT)
Received: by mail-qt0-x235.google.com with SMTP id h2-v6so27309904qtp.7 for <regext@ietf.org>; Fri, 04 May 2018 06:31:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=elistx-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:embedded-html; bh=sKIONdE46snyd09VJ/N+ErTONpBFnoLEII+KNQqEml8=; b=jB1Nlzs+yFJrgJl6ixiuPU5mIVPOpUJ/LaqCF/8CsWgadMsreGHwvXdTVVMFmzSNJU f2Cjr1FpFGleE0asdi12Fq6TLEetHZlWGVINZ+jLPSx7VDlQ/uV0NuQPQpSkDuvKPQoJ Q2O4yD98mP+SoHDwIjsFywDxlo+B9T/jFadC8yQOUlTBeIo9UsljuPTzWIcOtxlSKd2g 5x830Rj9JDclC7ITIR5ZZf7hoRWcqjGLEzaJFAfrANeycRFquvFLlAC+40e0eiAehbXt uT9qi5QTYPakpBBr+xxd73+jr9g6TbKiWSmVQKR0dlFdZcgFUEv4EgUvTU+LYr1J4Hzd JUtQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding:embedded-html; bh=sKIONdE46snyd09VJ/N+ErTONpBFnoLEII+KNQqEml8=; b=JeYLDt6RFdy0D+AhMWbEDi0jJG0Dtft1uUjWrTWdEC587Yn0Al2wlMLQcGg8sGosy+ 62S0j5UMqLRBmEuP+496I0I9Z35mBTipHFItE/gxCBgFZR4mkmMwzIvimwJG719JPbOF 10+T0tpg0Tv27RES3l4O+jpFfrN0fRUcvSPf9H6nFBTs4CYHSPjsDRjMZGsT2fBZDPtE /FTHGrWMGYIYGf5F4I9YTKU6nTX0Vodw2R2k87jscABHND4L7ymisHUyMiXbvhkKQXVE TXcyXlMV3GfUUWhZLvE0lduVYjIYyOQiwrNX1hmad2y+s2jPfjFXx3Bhu7IwONkSF6FC nqGw==
X-Gm-Message-State: ALQs6tAVlKzq6gsfV1QinvHwmCJ5bapM0LEhcAmYo4xoB/kiasfMneEM UHHy3JNoonM7QmBcRXxDFgXVfw==
X-Google-Smtp-Source: AB8JxZqPG68HP9+btbA/g7pokaEIQh0gFm/cg2klsf7fWtByMH3aX9EWo2QC2TugtgCZpMT2tN47ig==
X-Received: by 2002:a0c:b897:: with SMTP id y23-v6mr11262546qvf.188.1525440703205; Fri, 04 May 2018 06:31:43 -0700 (PDT)
Received: from [10.0.0.103] ([2601:154:c200:10:61ca:aef2:62c5:36ff]) by smtp.googlemail.com with ESMTPSA id v14-v6sm9649990qto.72.2018.05.04.06.31.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 04 May 2018 06:31:42 -0700 (PDT)
From: James Galvin <galvin@elistx.com>
To: "Gould, James" <jgould@verisign.com>
Cc: Patrick Mevzek <pm@dotandco.com>, regext@ietf.org
Date: Fri, 04 May 2018 09:31:50 -0400
X-Mailer: MailMate (1.11.2r5479)
Message-ID: <CF701CA2-F63A-4573-AB87-68E3AB30C635@elistx.com>
In-Reply-To: <48889EC8-FF2C-4CF3-B5E1-9DC5482E06E9@verisign.com>
References: <3266784A-E663-4465-8ABF-A3305B83C253@verisign.com> <e7916b75-1555-14e3-43bc-644059cd68f0@switch.ch> <605AC23F-D7B3-4A37-876E-45EC8E6BEEB8@verisign.com> <84309e91-dbe9-8865-fd06-528266aa93e7@switch.ch> <FAFB62AE-C0D1-4D74-888C-00C632D73211@verisign.com> <1522912361.3587146.1327243736.6AB5A07D@webmail.messagingengine.com> <58605AC6-A8B3-4428-A71E-580E6BC01EFF@verisign.com> <1524032366.3941888.1341940112.7D43F230@webmail.messagingengine.com> <BEC1040F-25C7-4F52-BB94-1F55BFA4C1C7@verisign.com> <1524203922.4022062.1344535160.39F0C10F@webmail.messagingengine.com> <83479150-4E98-452F-B27B-BD286AA18C1B@verisign.com> <1524425212.2370983.1346768616.2A2DE208@webmail.messagingengine.com> <48889EC8-FF2C-4CF3-B5E1-9DC5482E06E9@verisign.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="=_MailMate_4F872405-1BB3-4385-B52E-28DAA9249543_="
Content-Transfer-Encoding: 8bit
Embedded-HTML: [{"HTML":[1854, 15045], "plain":[475, 9603], "uuid":"3464A4E3-49A3-4146-83EB-231D1B52440A"}]
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/g7oi_moUSAVOA1WqCbSJSxl3ZAM>
Subject: Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2018 13:31:48 -0000
The chairs would appreciate a suggestion from those in this discussion as to what you would like to do next? The change-poll document has been in WGLC that has now expired. However, you have identified a technical issue but you have not been clear as to whether you want a change in the existing document or you want a new work item for the working group? What would you propose? What do others think? Antoin and Jim On 23 Apr 2018, at 9:27, Gould, James wrote: > Patrick, > > > > This may be an excellent topic for a working session at the next IETF. > It would be great to hear opinions from others on this topic, since > there is obviously a gap in the interpretation of the greeting and > login services as it relates to responses (command responses and poll > response) provided by the server. > > > > Your description still leaves out a case, that I cannot prove to be > the dominant one but that is certainly not a negligible one: the > client receives the message, DOES NOT validate it per XML schema, DOES > NOT parse it, and just stores it (as is or with a simple > transformation to any other serialization format, an operation that > does not need to know about the schema nor the content at all) for out > of band later examination, and ACKs it in EPP to be able to fetch the > next one. > > > > How can the client ack the message if it doesn’t at least parse it > for the message id? An EPP client should frame the responses per RFC > 5734 and will most likely parse the response to determine the result > of the command and in the case of a poll message parse the message id > to send the subsequent poll ack. The client could use regular > expressions to extract the information or could do a validating DOM > parse and object unmarshalling to have something easier to work with. > There is no way for the server to know the capabilities of the client > other than using the login services. Both sets of clients can be > fully supported if the server honors the login services sent by the > client. If the client wants to retrieve everything from the server > for later processing, then the client can simply mirror the greeting > services into the login services. Clients that do unmarshall > responses, will most likely use marshalling factories that will be > used to dynamically create the login services. This way the server > will not send a response that the client does not support and will not > break the client. > > > > As for "A client would need to proactively deal with the > > unexpected if the server does not honor the login services of the > > client.", I think this is already the case for many registries, and > since a long time, so clients had to deal with that already. It is far > from a new hypothetical problem. > > > > Just because servers have been sending unsolicited extensions to > clients does not make it correct or appropriate from a protocol > perspective. I believe we have examples of EPP extensions (RFC 5910 > and draft-ietf-regext-epp-fees) that includes language related to what > the server should or should not due based on the client login > services, so this should be understood. I believe where it is not > well understood is the handling of poll messages, which would be the > point in creating a new draft. > > > > > > If the registrar logs in without the secDNS extension, to use a "core" > example, and if it does a domain:info on a domain name which has > secDNS info (because it is one of his own domain for which he put > DNSSEC material with it before but right now in this particular > session it did not use the secDNS extension at login, or maybe less > contrived before a transfer he does a domain:info with the associated > authInfo on a domain name it does not sponsor) > > then what should the registry do? Send the secDNS part of the > domain:info or not? > > I believe not sending it creates more harm than benefits, even if the > registrar did not specify it at login, but clearly this is the core > point of our disagreement. > > > > The registry should not return the secDNS extension in the domain info > response for a client that does support secDNS-1.0 (RFC 4310) or > secDNS-1.1 (RFC 5910) according to section 2 of RFC 5910 > (https://tools.ietf.org/html/rfc5910#page-4). There is similar > language in the Registry Fee Extension related to inclusion of the fee > extension in the command response (e.g., “does include elements in > the response, when the extension has been selected during a <login> > command”). The login services explicitly provide the object and > command / response extensions supported by the client along with their > versions, so why would the server not honor those services to > determine if and what version of an extension to return to a client? > The exchange of the server services in the greeting and the client > services in the login allow the client and server to negotiate what > extensions are supported on both sides. Inclusion of an extension > outside of the negotiated services should result with an error on the > server side and the server should not return an unsupported extension > back in a response. The server does not know the capabilities of the > client, where sending an unsolicitated extension may result in a > client-side failure in the case for a validating client or a client > that unmarshalls the response. > > > > — > > JG > > > > > > > > James Gould > > Distinguished Engineer > > jgould@Verisign.com > > > > 703-948-3271 > > 12061 Bluemont Way > > Reston, VA 20190 > > > > Verisign.com <http://verisigninc.com/> > > On 4/22/18, 3:27 PM, "regext on behalf of Patrick Mevzek" > <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote: > > > > On Fri, Apr 20, 2018, at 16:06, Gould, James wrote: > > > Thank you for the detailed description of your reasoning. I > will leave > > > it that we disagree on the purpose of the login services, the > need for > > > the server to honor the login services for poll messaging, and > the > > > impacts in returning unsupported responses or response > extensions to > > > clients. > > > > Ok. > > > > > On the impact, there are two elements to consider including > > > first the XML parser in validating a response against the XML > schemas, > > > and second is the unmarshalling of the XML to a representative > object. > > > A client could disable the XML parser validation and move along > to the > > > unmarshalling step. In the unmarshalling step the client would > need to > > > deal with receipt of unsupported content. The client could > throw an > > > exception because the XML (e.g., DOM tree) could not be > unmarshalled, > > > ignore the unsupported content, or come up with some other > > > representation of the unsupported content (e.g., convert to list > of XML > > > blobs or DOM objects). A client would need to proactively deal > with the > > > unexpected if the server does not honor the login services of > the > > > client. > > > > Your description still leaves out a case, that I can not prove to > be the dominant one but that is certainly not a negligible one: the > client receives the message, DOES NOT validate it per XML schema, DOES > NOT parse it, and just stores it (as is or with a simple > transformation to any other serialization format, an operation that > does not need to know about the schema nor the content at all) for out > of band later examination, and ACKs it in EPP to be able to fetch the > next one. > > > > In this case, there are absolutely none of the problem you expose: > > the registry has no extra work to do, the registrar has no extra > work to do to understand messages in unknown namespaces, registrar is > not blocked at all for any new namespace introduced, the registrar has > no problem if the registry message does not validate per its own XML > schema, the registrar does not have to be proactive it can deal with > new cases and problems later, etc. > > I really fail to see the drawbacks but of course anyone is free to > do differently and stick to validate and parse everything in band in > real time. > > > > As for "A client would need to proactively deal with the > > unexpected if the server does not honor the login services of the > > client.", I think this is already the case for many registries, > and since a long time, so clients had to deal with that already. It is > far from a new hypothetical problem. > > > > > Since this is not a problem unique to > draft-ietf-regext-change-poll, I > > > agree that it's best suited to be addressed in a separate > Internet Draft > > > that addresses service-aware EPP poll messaging. > > > > I agree this should be a separate draft, to become eventually an > Informational Standard or a Best Practice depending on its content. > > > > > Is there interest in such a draft by the working group? > > > > I am interested by the subject but disagree on the offered > solution. > > > > Also, it may be useful to be able (as difficult as it may be) to > understand a little more on the current situation, and to see how > registries currently handle this problem. > > > > Note that this happens very early and not only from poll messages. > > If the registrar logs in without the secDNS extension, to use a > "core" example, and if it does a domain:info on a domain name which > has secDNS info (because it is one of his own domain for which he put > DNSSEC material with it before but right now in this particular > session it did not use the secDNS extension at login, or maybe less > contrived before a transfer he does a domain:info with the associated > authInfo on a domain name it does not sponsor) > > then what should the registry do? Send the secDNS part of the > domain:info or not? > > I believe not sending it creates more harm than benefits, even if > the registrar did not specify it at login, but clearly this is the > core point of our disagreement. > > > > -- > > Patrick Mevzek > > pm@dotandco.com > > > > _______________________________________________ > > regext mailing list > > regext@ietf.org > > https://www.ietf.org/mailman/listinfo/regext > _______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext
- [regext] Poll messages with unhandled namespaces … Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- [regext] I-D Action: draft-ietf-regext-change-pol… internet-drafts
- Re: [regext] I-D Action: draft-ietf-regext-change… Gould, James
- Re: [regext] I-D Action: draft-ietf-regext-change… Martin Casanova
- Re: [regext] I-D Action: draft-ietf-regext-change… Gould, James
- Re: [regext] I-D Action: draft-ietf-regext-change… Martin Casanova
- Re: [regext] I-D Action: draft-ietf-regext-change… Gould, James
- Re: [regext] I-D Action: draft-ietf-regext-change… Patrick Mevzek
- Re: [regext] I-D Action: draft-ietf-regext-change… Gould, James
- [regext] Poll messages with unhandled namespaces … Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… James Galvin
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Roger D Carney
- Re: [regext] Poll messages with unhandled namespa… Pieter Vandepitte
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Thomas Corte
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Thomas Corte
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Gould, James
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Patrick Mevzek
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Jody Kolker
- Re: [regext] Poll messages with unhandled namespa… Ulrich Wisser
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Ulrich Wisser
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova
- Re: [regext] Poll messages with unhandled namespa… Ulrich Wisser
- Re: [regext] Poll messages with unhandled namespa… Martin Casanova