Re: [regext] WG LAST CALL: draft-ietf-regext-epp-registry-maintenance-09
"Gould, James" <jgould@verisign.com> Thu, 14 January 2021 14:40 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 304283A1512 for <regext@ietfa.amsl.com>; Thu, 14 Jan 2021 06:40:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYiZqlksRFJd for <regext@ietfa.amsl.com>; Thu, 14 Jan 2021 06:40:38 -0800 (PST)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7C853A1304 for <regext@ietf.org>; Thu, 14 Jan 2021 06:40:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=63498; q=dns/txt; s=VRSN; t=1610635238; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=94i6q+wdE6Wd4698qaIFNxBdmX7b8U7HJKbHNmgG/dc=; b=mH6J4GJbYdkLQOHPYi+a8up2Mb9gmU06biE9eLqMSGdncuk4VwdH0L0q QmKw+fLyx4xPTvDs3yYcNVFCJGbBQ1gHizr34sMjhh9XBdcIAN4ufaMxw gEc26KWqtUayhtSrCSrnIiX//LtZHn0XyHG4dc+rqsH6RflptuY25GAmU vHzDyrkC2MdaMyt01PankTlvmxal0GyuDrXw7UCz6XJrZEE+vYH/3UXvD 2soj8Q60++vBP+dbhVBwo4wqDEpD+6fJThU0KSuoLQVNx1SmC265FZnXl iy2El1KaAm/q74kLCLmWNpI3zpKln2jL8PmCuhkFi9kOejMEJKNxWoAA4 A==;
IronPort-SDR: 8I4yxkL2XYbMew2TxnAr3aGntLKcvOJd2fzAZsf/sTZqNmFu8u0qgbDF8B7cDENivfS9vIjKT/ bGzlGl/rnwTOH8SzyUSwLr46/h8njCXNnZnlR7M2Z3gu7KeJJbOkBhjSNz33K4YRKHcijFLAp8 XPR/unfqyxoXUGbBbeiprrL4PjoIq2HFVKO4jnexo+BYM0ANkeVqaLrQy7pB/BRLVl1lpwxw/y TSgqcZabsksyILouz0HejXHO5qEfsXA5ovwYFyVbIPLZVHsKwvPpJSZausY1WJSIxSWRG+buex NVI=
X-IronPort-AV: E=Sophos;i="5.79,347,1602561600"; d="png'150?scan'150,208,217,150";a="4679795"
IronPort-PHdr: 9a23:3ICd1BcqG+/pv8w7s927RmgElGMj4u6mDksu8pMizoh2WeGdxc26YhCN2/xhgRfzUJnB7Loc0qyK6vGmATRLuMnJ8ChbNsAVCFld0YRetjdjKfbNMVf8Iv/uYn5yN+V5f3ghwUuGN1NIEt31fVzYry76xzcTHhLiKVg9fbytScbdgMutyu+95YDYbRlWizqhe7NyKwi9oRnMusUMjoZuN6I8xgHVrndUdOha2GFlLk+Xkxrg+8u85pFu/zlStv4768JMTaD2dLkkQLJFCzgrL3o779DxuxnZSguP6HocUmEInRdNHgPI8hL0UIrvvyXjruZy1zWUMsPwTbAvRDSt9LxrRwPyiCcGLDE27mfagdFtga1BoRKhoxt/w5PIYIyQKfFzcL/Rcc8cSGFcWMtaSi5PDZ6mb4YXD+QPI/tWr5XzqVUNoxuxBwejBOLzxTBHnXL2x7E20+E7HA3axgEtHdQDu2nUotXvM6cSVPi4wKfJwzXEcvNW3Sry5JDVeR4lu/6MWKx/cdHfxUIyEA7FjFqQqYv4PzORy+sAqHab4PR6VeKukG4nqg5xoj61ysgwjYnJg5sYx1bZ/ip23Ig7P8e3SFJnYdG6CptQsTmXOpV5T88+XWxkpjg3xLIbtJO1ciYEx5opyhHDZvCbcoWE/hLtWeWRLzp8i39ofK+zigiu/UWk1OHxVde43VVLoydDj9LCuHcN1xnJ5ciGTPtw5lmh1iiV1wDS8eFEIE80lazaK54n3rE8jIYcsUPGHiPuhEr2jbSWeVkj+uSy9+vnZbDmqoedN4BqlgH+PL4imsulAeQ3NAUFQmuV+fyk2bH+4UH1WqhGg/84n6XDrZzXJcoWqrS2DgJRyoov9gqzAy273NkagXULNk9JdR2EgoTzJl3DI/b1BuqljVu2ijdk3fXGM6XkApXKM3fMjq/sfa14605A0Aozys1f545MBrEBPv3zXkjxucTFAxElKwK43uboBs1y2IwfRW6DHLWVML3Ovl+P/OIvO/OAa5UItzrnNfgl/eXujXkjlVABeqmp2IMbaHG+Hvt4P0WUeWfgjssbHWsXvAczQvbmhECCXDNdfXq/UKYx6ik+CI28DIfDQo6tgKaG3Ce+BpBWZG9GCleREXfsaoqJQOkMZzyIIs9giTwEVLehS4k72R6ysw/6zqJrLvDI9S0AqZLjyN916vXSlR4s6Tx0Ad+Q3HuLT2FomWMIRjk20Lp5oUx50l2Dy7R3g+REFdxP4PNESh06OoDTz+NkBNHyRhnMftaXR1a6TNWqGzYxTsg+w4xGX0EoUdSvkh7r1iy2BL4T0bqPTtRg86/A0VD4Idp6ynCA0q13yxFsWMZAOH26rq9y6waVAJTG2Q3NjauleLQA9C/A6GnFynCB6hJ2Sgl1BO/qWm0bag+ej93861iIB+usBrM6Ngdp18OYK7BLZduvhlJDEqSwcO/Can68zj/jTS2DwamBOdLn
X-IPAS-Result: A2EZBQBwVwBg/zGZrQpfAxwBAQEBAQEHAQESAQEEBAEBgg+BI1OBK4E5CoQ1jnuCVAODF2aLE4tEgSw8BAcBAQEBAQEBAQEEAQMBHxAEAQEChEgCF4FYJjgTAgMBAQsBAQEFAQEBAQEGAwEBAQKGTgyCOCJ7PQ09AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBBQIIB00HRwEBHQEBAQEDBQEUCQIIAUAbAgEGAhEDAQIGAQEBDQsBCQICAgUQAQ4MHQgCBAERAQYIgxgBlwmbEnaBMoRAAYEYhHcQgTiDLINIAYE+hQBBgUI+gREnHIJWPoN3Ly8JAR4IMoIfNIIsBIFLCQERKS8GYAQNBx4JFgEBIDBARwoIFgEBAQ4UBTgPj0ODL4czKYErkF6DHIcWgREDB4J3h0gCgWSMKIYUH4MqOnaIf5JOgj+SKIFwggeHFRKBbJEzKg8DAYQ/AgQCBAUCFoElSIF7cBU7KgGCPglHFwINji0Xg06KWHQOJgMCBgEJAQEDCY0XgREBAQ
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX02.vcorp.ad.vrsn.com (10.173.153.49) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Thu, 14 Jan 2021 09:40:35 -0500
Received: from BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d]) by BRN1WNEX01.vcorp.ad.vrsn.com ([fe80::a89b:32d6:b967:337d%4]) with mapi id 15.01.2106.006; Thu, 14 Jan 2021 09:40:35 -0500
From: "Gould, James" <jgould@verisign.com>
To: "ietf@antoin.nl" <ietf@antoin.nl>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [regext] WG LAST CALL: draft-ietf-regext-epp-registry-maintenance-09
Thread-Index: AQHW5Pp8qyVQP8stK0ifFfVqq0BxnaonPHqA
Date: Thu, 14 Jan 2021 14:40:35 +0000
Message-ID: <9D88CD3E-D11A-4F11-A460-61E6560897A7@verisign.com>
References: <89CE4034-34A7-4AD6-81A8-A6F6FC1D6840@verisign.com>
In-Reply-To: <89CE4034-34A7-4AD6-81A8-A6F6FC1D6840@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.41.20091302
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_9D88CD3ED11A4F11A46061E6560897A7verisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/nXBlqgQQZfEmAK4ZEPTrQfdS6sY>
Subject: Re: [regext] WG LAST CALL: draft-ietf-regext-epp-registry-maintenance-09
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2021 14:40:41 -0000
I completed the action item to see how existing registrar notices map to the elements defined in this section. There was a sidebar with the draft editors that I want to ensure gets on the record. I want to thank the draft editors with being so responsive. Most of the identified gaps have been addressed in draft-ietf-regext-epp-registry-maintenance-10. Below is the list of gaps and the status of each gap:
1. The name of the maintenance is missing
* This change was incorporated into draft-ietf-regext-epp-registry-maintenance-10.
* The <maint:id> element included an optional “msg” attribute that had the purpose of representing the human-readable name of the maintenance; although it was referred to as human-readable description. My recommendation was to change the attribute from “msg” to “name” and to revise the description to reflect the purpose by changing “description” to “name”.
2. The type of the maintenance is missing
* This change was incorporated into draft-ietf-regext-epp-registry-maintenance-10.
* There are maintenance types included in some of the registry agreements that should be included in the notice. The types are inconsistent, so my recommendation was to add an optional token element for the type.
3. Need for a formatted HTML description, since notices currently include formatted HTML content.
* We did not come to agreement on this item, so this remains an open gap.
* The <maint:description> element is of type “string” and can support plain or HTML text. The HTML text would use XML escaping, but that is not an issue for the producer or consumer of the notification when using an XML Transformer and XML Parser. My recommendation was to add a “type” attribute to the <maint:description> element with the enumerated values of “plain” and “html”, with a default value of “plain”. The use of MIME came up, but I believe that may be too broad to address the gap. I believe that the description should support either plain text or formatted HTML text. The use of the link in the <maint:detail> element should not be a requirement to provide a formatted description for the maintenance. I view the <maint:detail> element as useful when linking to binary content, since the text description (plain or formatted) should be supported by the <maint:description> element directly.
4. The impact element values of “full” and “partial” are a little unclear.
* No action required unless clarification needs to be made explicit in the draft.
* The deployments are typically handled via either bringing down the VIP, which would match “full”, or handled via a rolling deployment, which may match “partial”. The reply from the editors was “If the system is completely offline, then it is “full”. If it is a rolling update, then it is “partial”.” I’m fine based on the clarification, but I’m unsure whether this needs to be made explicit in the draft for clarification down the line.
5. How to signal the maintenance of an entire system versus the maintenance of an individual or set of TLDs on the system
* We did not come to agreement on this item, so this remains an open issue that requires feedback from the WG.
* The maintenance object includes the <maint:impact> element with “full” or “partial”, where based on #4 above “full” means that the system is completely offline, and there is the list of <maint:tld> elements signaling which TLDs are part of the maintenance. If there is a registry system that supports 10 TLDs and only “.example” is being maintained and will be offline. This means that the VIP is up but a TLD on the system will be unavailable. The assumption is that the <maint:impact> element would be set to “full” and there would be an “example” <maint:tld> element. If the system takes a maintenance and the VIP is down, then one option is to set the <maint:impact> element to “full” and include all of the TLDs in the list of <maint:tld> element. One issue is that the TLDs should only include the TLDs that the client is authorized to access, so the client would not know whether it’s all of the TLDs supported by the system. My recommendation to signal that the system is down is to set the <maint:impact> to “full” and to have no <maint:tlds> element, which means all TLDs. If the absence of a <maint:tlds> element signals all TLDs or that the maintenance is at the system-level, then we should revise the description to be explicit about this. Should there be a new element, such as an empty <maint:system> element as a choice with the <maint:tlds> element to explicitly signal a system-level maintenance versus a TLD-level maintenance? The side effect of not being explicit is that implementers will take different, inconsistent ways of signaling a system-level maintenance. Adding a <maint:system> element is most explicit, so that would be my preference.
6. Support for courtesy (e.g., 2 weeks, 1 week, 2 days, 1 day prior to maintenance) notices and maintenance end notices.
* This change was incorporated into draft-ietf-regext-epp-registry-maintenance-10.
* There currently exists courtesy notices that provide reminders for a maintenance and doesn’t reflect a change in the maintenance. There is also an end maintenance notice that marks that end of the maintenance and doesn’t reflect a change in the maintenance. The recommendation was to include the “courtesy” and “end” types to the <maint:pollType> element enumerated list with the associated descriptions.
The gaps that are open or require additional consideration include gap #3 “Need for a formatted HTML description”, gap #4 “The impact element values of “full” and “partial” are a little unclear”, and gap #5 “How to signal the maintenance of an entire system versus the maintenance of an individual or set of TLDs on the system”. I include my preferences embedded above.
Thanks,
--
JG
[cid:image001.png@01D6EA59.4EEAD4D0]
James Gould
Fellow Engineer
jgould@Verisign.com<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
703-948-3271
12061 Bluemont Way
Reston, VA 20190
Verisign.com<http://verisigninc.com/>
From: James Gould <jgould@verisign.com>
Date: Thursday, January 7, 2021 at 8:39 AM
To: "ietf@antoin.nl" <ietf@antoin.nl>, "regext@ietf.org" <regext@ietf.org>
Subject: Re: [regext] WG LAST CALL: draft-ietf-regext-epp-registry-maintenance-09
Antoin,
I was surprised to see draft-ietf-regext-epp-registry-maintenance move to WGLC based on the work that has been progressing on the mailing list, so at this point I can’t support publication of the document. The document editors have addressed my prior feedback. Upon a fresh review, below is my feedback:
1. Upon the draft passing WGLC, the version should be updated to “maintenance-1.0”. This change should not happen now.
2. Section 3.3 “Maintenance Elements”
a. I’m taking the action item to see how the existing registrar notices map to the elements defined in this section. The registrar notices are free-form currently, but there is some consistency of structure that needs to be evaluated against the formal structure defined in draft-ietf-regext-epp-registry-maintenance. I anticipate changes to the elements in Section 3.3 “Maintenance Elements” coming out of this mapping exercise.
3. Section 4.1.3 “EPP <info> Command”
a. Nit – Change “either <maint:id>” to “either the <maint:id> child element” and change “or <maint:list> child element” to “or the <maint:list> child element”.
4. Section 7 “Security Considerations”
a. It would be worthwhile to consider the security associated with what maintenance information to return back to the client. A registry access point may return maintenance information for many top-level domains (or registry zones), where the client has authorization to access a subset of top-level domains. My recommendation is to define the considerations that take into account authorization of the client. For example:
i. “A server MUST only provide maintenance information for clients that are authorized. If a client queries for a maintenance identifier, per section 4.1.3.1 “Info Maintenance Item”, that it’s not authorized to access, the server MUST return an EPP error result code of 2201 [RFC5730]. The list of top-level domains or registry zones returned in the “Info Maintenance Item” response SHOULD be filtered based on the top-level domains or registry zones the client is authorized. Authorization of poll messages is done at the time of poll message insertion and not at the time of poll message consumption.”
ii. The poll message use case is a corner case, but I believe it’s important to cover it.
5. Section 9 “References”
a. I believe that draft-ietf-regext-unhandled-namespaces would need to move into the Normative References since it’s referenced in a normative sentence.
--
JG
James Gould
Fellow Engineer
jgould@Verisign.com <applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgould@Verisign.com>
703-948-3271
12061 Bluemont Way
Reston, VA 20190
Verisign.com <http://verisigninc.com/>
On 1/4/21, 9:40 AM, "regext on behalf of Antoin Verschuren" <regext-bounces@ietf.org on behalf of ietf@antoin.nl> wrote:
The following working group document is believed to be ready for submission to the IESG for publication as a standards track document:
https://secure-web.cisco.com/18eaw5Rc7eRHLW7NT557WL-OEIuRsuRZfA7LKp3BJ8CRDnwUbnkSep_2VLycXzaOvmv49tji_vZXkav_WSa0LDImf7iVSPHuVnheksrC-Z4yjC-TCdX06-Lys-gkODiVilrOZp1WOmoSapmIw9J5pD0-c_UpkQYAeekRFAzwm17KphqdWz9cW1VprZlDOloub5pH3QB11p7XdAbJQOs_f-_NiiPLxZDEVHyLx2QvUBtzvazi50NwL3TPdpF2dVgB7vFSXzLopwYOp3mnMp-e1dw/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-epp-registry-maintenance%2F
This WG last call will end at close of business, Monday, 18 Januari 2021.
Please review this document and indicate your support (a simple “+1” is sufficient) or concerns with the publication of this document by replying to this message on the list.
The document shepherd for this document is James Galvin.
Regards,
Antoin and Jim
_______________________________________________
regext mailing list
regext@ietf.org
https://secure-web.cisco.com/1CE4ls-J9vyi17Z5wA242rs-KkkAsctHnLiGKkA_kgQavoiXTstq55sAh91oQYVV3zS33dzM8y3GY1nYLN4gSGgjfS09ccNXbUlpHFZUgbKtUIvuU45KQpfmOn-jqJA_nGG3Bfz4IRazNKf73lHiol397BADwass3Bi3_isz7AZ066VdhCChq6fGBvIuMmp-d-elI3ur-dS4rOm7bxi21gHhBvucBpJV6ajYIeoANmEpcOT0grGvxyqHJhTTHLr9bUv34eF1HxM1l-LBv3jiguZli7S0kkBSRiHe6IGjd7Hg/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext
- [regext] WG LAST CALL: draft-ietf-regext-epp-regi… Antoin Verschuren
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Tobias Sattler
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Jody Kolker
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Gould, James
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Gould, James
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Antoin Verschuren
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Antoin Verschuren
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Quoc@registry.godaddy
- Re: [regext] WG LAST CALL: draft-ietf-regext-epp-… Gould, James