IETF Logo Mail Archive

Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)

Martin Casanova <martin.casanova@switch.ch> Mon, 16 July 2018 19:48 UTC

Return-Path: <martin.casanova@switch.ch>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 37E1E130DED for <regext@ietfa.amsl.com>; Mon, 16 Jul 2018 12:48:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.92
X-Spam-Level:
X-Spam-Status: No, score=-6.92 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H7YMzr2NP08b for <regext@ietfa.amsl.com>; Mon, 16 Jul 2018 12:48:11 -0700 (PDT)
Received: from edge20.ethz.ch (edge20.ethz.ch [82.130.99.26]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BEDB9130E13 for <regext@ietf.org>; Mon, 16 Jul 2018 12:48:10 -0700 (PDT)
Received: from CAS11.d.ethz.ch (172.31.38.211) by edge20.ethz.ch (82.130.99.26) with Microsoft SMTP Server (TLS) id 14.3.399.0; Mon, 16 Jul 2018 21:47:59 +0200
Received: from MBX117.d.ethz.ch ([fe80::c1d4:d225:fabf:1974]) by CAS11.d.ethz.ch ([fe80::ecc9:4e2d:b26b:1614%10]) with mapi id 14.03.0399.000; Mon, 16 Jul 2018 21:47:57 +0200
From: Martin Casanova <martin.casanova@switch.ch>
To: Patrick Mevzek <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
Thread-Index: AQHUHTNotpG9+B/9cUSp3AL8UrA7TKSSNdqU///lwoCAACMrxg==
Date: Mon, 16 Jul 2018 19:47:56 +0000
Message-ID: <76E9BFB72652A04F93B1151E087E53380262AB1C@MBX117.d.ethz.ch>
References: <1490ED7C-1EB9-4ABB-AA42-508A27FDAF12@verisign.com> <1531765917.597855.1442619128.1D29C36A@webmail.messagingengine.com> <76E9BFB72652A04F93B1151E087E53380262AB04@MBX117.d.ethz.ch>, <1531769565.613001.1442688136.452E4B0D@webmail.messagingengine.com>
In-Reply-To: <1531769565.613001.1442688136.452E4B0D@webmail.messagingengine.com>
Accept-Language: de-CH, en-US
Content-Language: de-CH
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [129.132.139.34]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/mXo54EgibH7Vokv6x-9elifkTKU>
Subject: Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Jul 2018 19:48:14 -0000

See my comment below..

________________________________________
Von: regext [regext-bounces@ietf.org]&quot; im Auftrag von &quot;Patrick Mevzek [pm@dotandco.com]
Gesendet: Montag, 16. Juli 2018 21:32
An: regext@ietf.org
Betreff: Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)

On Mon, Jul 16, 2018, at 21:08, Martin Casanova wrote:
> To be clear the domain info response will be sent just without the
> DNSSec part. Therefore a not DNSSec interested registrar will just not
> see the DNSSec configuration but all the rest of the domain info
> resData. I don't see a problem with that.

Here is the problem as already exposed: you may have registrars that do not want to deal
with DNSSEC on a philosophical principle. They may want to specifically not try to
transfer a currently DNSSEC enabled domain to them, because they know it will break
resolution and they do not want to handle the customer saying that they broke
the domain.

M: The Registrar does not need to check the domain with domain info in order to check if he is allowed to to do or not.
M: If he is not than we will prevent it (see next comment)

Besides using the DNS, in your case, this registrar has no way to know in advance
that the transfer will be a problem. And I suspect telling them 'Please be DNSSEC
accredited with us and login with secDNS extension' will fall on a deaf ear.

M: No we never told such a thing to a registrar. However we do put in the manual that a DNSSec Domain can only be transfered to a DNSSec enabled Registrar (up to now at least)

> In case he is DNSSec enabled but still logs in without this extension he
> will get a failure with error message similar to  “Not allowed to
> transfer DNSSec Domain” when trying to transfer a DNSSec domain to him.

What happens for a non-DNSSEC enabled registrar (and hence not using secDNS on login)
when he tries to transfer to him a DNSSEC-enabled domain?
Is this refused?

M: Exactly. Through the transitive relation that we prevent him to start a DNSSec enabled session and a non enabled session will never authorize an incoming transfer of a DNSSec domain.


Also to leave the discussion on track, this DNSSEC part of domain:info response was only
one example of the same problem ("unhandled namespaces") outside of the poll messages,
because I think the problem is global and we should tackle it globally (or not at all
and leave it at the current status quo).

M: Thats exactly what we should discuss in a minute :)


--
  Patrick Mevzek

Martin


_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email