[regext] How to handle Domain Info Command with empty authinfo/pw tag in command?
Martin Casanova <martin.casanova@switch.ch> Thu, 19 December 2019 09:04 UTC
Return-Path: <martin.casanova@switch.ch>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DD1A1201E3 for <regext@ietfa.amsl.com>; Thu, 19 Dec 2019 01:04:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u58QkE55zJOy for <regext@ietfa.amsl.com>; Thu, 19 Dec 2019 01:04:30 -0800 (PST)
Received: from mailg210.ethz.ch (mailg210.ethz.ch [IPv6:2001:67c:10ec:5606::21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B0B21201DC for <regext@ietf.org>; Thu, 19 Dec 2019 01:04:30 -0800 (PST)
Received: from mailm212.d.ethz.ch (2001:67c:10ec:5603::26) by mailg210.ethz.ch (2001:67c:10ec:5606::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Thu, 19 Dec 2019 10:04:25 +0100
Received: from [130.59.18.153] (130.59.18.153) by mailm212.d.ethz.ch (2001:67c:10ec:5603::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1847.3; Thu, 19 Dec 2019 10:04:28 +0100
From: Martin Casanova <martin.casanova@switch.ch>
Openpgp: preference=signencrypt
Autocrypt: addr=martin.casanova@switch.ch; keydata= mQINBFlbSjkBEAD39YaduVH9oaorO8mSfO71wTy+AZpBp2g+VbM5vuwOXkETrJpK+ZrEThoM IdGwRmmF9Cw4m6mcSheXjcZUzLMKgxDPsHMVoNPNKnEHWNd986nTWXwjcPV1QPxmarHuC6iO dPT7JSqrHFWMjcHEEWleivYC71OUj3eMyyd1r7TYzMjhvsuDfKH8y3yyuAE/xuawG/04CmZL NvNP1HkKhmjuOkP/kWR/3ql2YdwuNsLeXMZjIKpMSlaQ66F/EoAjV753Atyf11hBz1qnunPZ 4oho8BX1y2H+Y/rbpDYV+SwXJuJoO61uV7FjfjRTPC2afb+S2VK/k5SLAABriBnpAULlWPv1 Nxsmstqcwa2jE2m1ff21sQHVXmZuAbMJPAcnnVcadsTLiOZRkYnAM4UIwzFTooqGOsK2AzQB r/9v7GqTBKrrF16dp6fdl0V3kvK1R8YC8D6MpmjaDgnyN19c+7bykRhtwA3jDd70Br+Pl3br d/F0sHuGZmwCB3L4cbEV0JcLIzDupQJf0RSGe5O7yWtunfBkkLiA3jnF7rGFn4HkVrpEyPcv KvPOHf3w2k3FZ7LuLAVfLSHVKOSM9t8aameyrzBWrYvyLy6tt2hDcvnCvISc3zbJhh1Gx5SE mP/nBN6LLbaBDOs/ka/JrxJkfDRLncZwEad6MoV+lB7X9VqzawARAQABtCtNYXJ0aW4gQ2Fz YW5vdmEgPG1hcnRpbi5jYXNhbm92YUBzd2l0Y2guY2g+iQI9BBMBCAAnBQJZW0o5AhsjBQkJ ZgGABQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEBPFMLRFaPmYsKUP/36w44IU8zih/5YO FFFKf7R/2xJwKWs6TgQvnVcC6KsNmTMh1781/joVpQUfxLwPDvL+/BLeFQLENsDtQMado7/X SY12Ms/9gN4xqxGVJ+69CrlMzCXx+p6AyZW/6Qnf5fpgnqN0XePJpvW5ebcdJ371JBwYPvPv v8tdtc7j/hxwuTHJb6hYnrjAIrvrjI9zDy2D/D6ssTf7h6fTv64YdLiV302Lk3Lufxob14ES 8EQL12U6ks/8vRdrsmT3Cqk+oLJS5PR0uonK6V1BgYbLkYYdRxd/cGmM1ZFzOsuhIg5hWNj2 D/Ww/sC74olET1FnM3Gk14hOa3xZSVdnv73rHFHsK3mxUOISQknS8iDZSRvhXhxuzhmlUskg lxeW3t7AAEtGi1KlnjUyj4Hg7M9bp/AOGROj8MAZzv05lFfOYHr/r1gn55JUhxJEsS0kYo6A HFHWbmFzhfCWz4JKzdthbOp+BCc9n2W9BA0NCPMfAU0ehHmuokQwuu5BV32masxWGZRo8aey mJl7L4PBT9QHdOLxeS7Wc0rXnDM2izVeUxJghwU50lI8TbuqBKw8gsqSX60XtJ+dYJLrIAht 5+GRydWsyHtuxVl3PBSOiheu9eZF2xUWunI31dC3SETxZ9LF+CxSw43Mzfz/m4LZ0b1YRFsh uwzzXQbXG7DPZC1cT4H+uQINBFlbSjkBEADFvVH7fsJNKqAGyvCr2rmlSKwkg64mx8w8STIL K0iO6hQu7pd06I3Hogub4s2ju67rgw0NS3xeSjP7QdSAbyYoknMXP+K5uRkBp2A+tiBo9ubo JIDLRrU4mrdBuavm6TMrdPNKWIWugQnrsT5yewD2QS7zK7p7gVHUhXGmWRZN0Kl34r3+nyJo tGYnFDwZufJ2+w7IDNoEF9PFXgPQW2J47j9U7D5nV/Ac3lJKWI5JAA1AMQ1/RkoVRevz4fEL fG/fZw84mtxMT8nImeJ/WZ7P2UGmF7dueZkZmLvrPZYEKoBn6hONktzxF0uZ7RpyWMKdtZD8 s5UR2Ohx45/2wYNyCOrAzb02pf0OSf1peQKnEic+vTi3fqcrdOGAQIdJq6CxnVBpq9lAQb3h 7Ikakx9Mj8Jd3u17gdYdqZezdwq5lXbEU1RkF7ZEgtP1k5aDbE+d3UT3QMnrvIyl0htrqEpd 5CX7yn6XOsFXa3NDu6XuV/aBf+Tb+l0P8eF6e1w4Mx28lBlomkSjj/YzP0176C1ZsztmkIDj RWkpzD5SCzYdNHc64mAP1PT6BBK64idRJlqn/RKolCsKk0DZ3aWfOEiBYFgvDgkFYQFx7rCb Ai1SBP4dW7vsnJ8fJHmfGEj2tR5fDibh/DiJPpzQb3hsT5fdxNAK1x5I2bz+34yfGKfQPQAR AQABiQIlBBgBCAAPBQJZW0o5AhsMBQkJZgGAAAoJEBPFMLRFaPmYAuYP/iTrc+4hpu2f4AHR 7GqlcYKrSWY1p34yzIESlRU4FuSQZR8OS6HvcMoS8iVdgro3+LNzOde9DOaO4ISqlopu8fTC /SbpizxKejTCPmcJeAOyvZpVYsALLyt+CGOkEID36u5v2uVfFGMjfm82bOLlrsV96yovSAnH cffobAAL9jDgClfReXlMbkvshPqBI5KGI3LOpX0zQxkuKvb+t4QQj6HJJqGwJtCzVhx7e3uk HIltbpFCYzXj/MqjlLOQjHK03XWFn7+d6/1bu6ptvYKRIpI51ZgEIQxTrdc7X2gU9dvmTHk6 DMoAJsX8j/rjA6pjIGmkmNf5EaSvzt+U48TqKYCws3gYu2zmSRVgzRD7vWVop1CKt4OBgvKi 5kO5nF3teksvJXw5qERv8mDf4NSxkocJHlkDzR7UZOJRZb4fVMRPx5jRsS2nh3YhH//05/Wd QnFM4hkMKy0Q7M0Bw+TieuTJXEmSBgdLcscXY1ElEnlfO10x3R6CHgzUHI32WbmV9r2CdOG4 qaUd5tC9IFV3dfdyhLA+fl6AurMmhrM0THhQ04T19htKPanuIJenVfsb3Tdwna0txwWQtlAE JYZQ3eYAun42DOXl5VwWEiWeipKYuoK/qvn8UurQoKSu3RrckWJZiKgpHi3R8vfcTvAOkyKc VAZcZu9m6I6DIgR9WXEy
To: "regext@ietf.org" <regext@ietf.org>
Message-ID: <d17d88d0-e9db-9416-1917-dc992fcd2d3a@switch.ch>
Date: Thu, 19 Dec 2019 10:04:28 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
X-Originating-IP: [130.59.18.153]
X-ClientProxiedBy: mailm211.d.ethz.ch (2001:67c:10ec:5603::25) To mailm212.d.ethz.ch (2001:67c:10ec:5603::26)
X-TM-SNTS-SMTP: F02168C32B7EFD6B2CC15FA2C579204DB30A34B6F6193C4E592CF920DD230C492000:8
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/hDZZZuljVMIPlZ4pzwDH0qSLMQ4>
Subject: [regext] How to handle Domain Info Command with empty authinfo/pw tag in command?
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 09:04:34 -0000
Hello I was hoping for some input of the community about an implementation decision for the Domain Info Command/Response when it comes to the optional <domain:authInfo> associated with the domain object. RFC-5731 about <domain:authInfo>: ... If this element is not provided or if the authorization information is invalid, server policy determines if the command is rejected or if response information will be returned to the client. 1. In case the <authinfo><pw> element is delivered but not correct (no match or not set on domain) we will return a Code 2202 to inform. (sponsoring client or not) 2. In case an empty tag is given (<authinfo><pw/></authinfo>) we are wondering if: Option 1: always Response Code 1000 should be returned Option 2: Only answer with 1000 when there is NO authinfo/pw set on the domain (kind of confirming it) and otherwise 2202 considering an empty tag as invalid authorization information delivered. I think maybe option 2 may be better because that way a registrar could check if an <authinfo> is set or not even without knowing it. After all, the registry could have set or deleted <authinfo> without noticing the registrar. However many clients seem to send <authinfo><pw/></authinfo> just about always and they would need to adjust. I have to mention that our Domain Info response will never include the actual <authinfo> since we only store a hash of it for security reasons. A Domain Info Command with the <authinfo> Element entirely omitted will always be answered with 1000. Thanks and merry X-Mas! Martin Casanova --- SWITCH Martin Casanova, Domain Applications Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 55, direct +41 44 268 16 25 martin.casanova@switch.ch, www.switch.ch Working for a better digital world
- [regext] How to handle Domain Info Command with e… Martin Casanova
- Re: [regext] How to handle Domain Info Command wi… Hollenbeck, Scott
- Re: [regext] How to handle Domain Info Command wi… Gould, James
- Re: [regext] How to handle Domain Info Command wi… Martin Casanova
- Re: [regext] How to handle Domain Info Command wi… Martin Casanova
- Re: [regext] How to handle Domain Info Command wi… Patrick Mevzek
- Re: [regext] How to handle Domain Info Command wi… Patrick Mevzek
- Re: [regext] How to handle Domain Info Command wi… Gould, James
- Re: [regext] How to handle Domain Info Command wi… Gould, James
- Re: [regext] How to handle Domain Info Command wi… Patrick Mevzek
- Re: [regext] How to handle Domain Info Command wi… Hollenbeck, Scott
- Re: [regext] How to handle Domain Info Command wi… Martin Casanova
- Re: [regext] How to handle Domain Info Command wi… Patrick Mevzek
- Re: [regext] How to handle Domain Info Command wi… Patrick Mevzek
- Re: [regext] How to handle Domain Info Command wi… Hollenbeck, Scott