IETF Logo Mail Archive

Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)

"Gould, James" <jgould@verisign.com> Mon, 21 May 2018 14:15 UTC

Return-Path: <jgould@verisign.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8027312711D for <regext@ietfa.amsl.com>; Mon, 21 May 2018 07:15:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.301
X-Spam-Level:
X-Spam-Status: No, score=-4.301 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C8QfdNum-Ha9 for <regext@ietfa.amsl.com>; Mon, 21 May 2018 07:15:28 -0700 (PDT)
Received: from mail2.verisign.com (mail2.verisign.com [72.13.63.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64B8912711E for <regext@ietf.org>; Mon, 21 May 2018 07:15:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=8260; q=dns/txt; s=VRSN; t=1526912128; h=from:to:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version:subject; bh=MCJoEd/v7d1OExMEbT8P35PGVFj8UIC5VEuTQU14Yv8=; b=X6a83GXaUFfwbudq+Ae1DCTV689wXdy8JkrEwINW5lcJLLvouaUwe/Bm 4rC6l54QTi/CITyRUrkVClDwk1+XsdgFk50RNjT0I8SvOsK/Hq5BuMPJO ZZRfMho5kD5MCTmYx55xONTbXbT4uC9WAzf60Kqhb+nTTOMzrQ2QONsKR 6zvuEy0OrrT2/GmAda7jibogmNw7NL+++Hoo3ZQKXSNpDBgJCPNyeJtJu Bb2LK+uwcrSerVesjoPGBvvGvkYBntHx6zWcRsywnpnNKJk1IbDWuysw8 XBwkpH/FZrox4WNJ8CP24cgGQPA3BmVGP9Qqh7Z6zXxDS1dsOPEQ9cW6c w==;
X-IronPort-AV: E=Sophos;i="5.49,426,1520899200"; d="scan'208";a="4463764"
IronPort-PHdr: 9a23:/BwAzh/WnASHWv9uRHKM819IXTAuvvDOBiVQ1KB20e0cTK2v8tzYMVDF4r011RmVBd6ds6oMotGVmpioYXYH75eFvSJKW713fDhBt/8rmRc9CtWOE0zxIa2iRSU7GMNfSA0tpCnjYgBaF8nkelLdvGC54yIMFRXjLwp1Ifn+FpLPg8it2O2+55Pebx9UiDahfLh/MAi4oQLNu8cMnIBsMLwxyhzHontJf+RZ22ZlLk+Nkhj/+8m94odt/zxftPw9+cFAV776f7kjQrxDEDsmKWE169b1uhTFUACC+2ETUmQSkhpPHgjF8BT3VYr/vyfmquZw3jSRMNboRr4oRzut86ZrSAfpiCgZMT457HrXgdF0gK5CvR6tuwBzz4vSbYqINvRxY7ndcMsaS2RfQ8hRSyJPDICyb4QNAeUBPPpXoYbyqFYVsRuxHgysCP/zxjJShHL727Ax3eQ7EQHB2QwtB9wCvnXTrNXoMKcdTPi5x7TMwzrZavNZxyz95IbVeR0mo/GMUrVwcdfVyUYyDA7FkEufqZbkPzOO1+QNvG6b4/B8WuKojm4qsgd8qSWhyMcrj4nGnIMVylbc+CVn3ok1P9y4SFV6Yd6rFptQtieaOJdsTsw+RGFovT42yrwYtp6ncigG0pMnxwTQa/GBboOG4QrjWf6MLTtknn5pZbCyihio/US9yuDxWNO43VlJoydDj9LCrGoC1wbJ5ciCUvZ9+0Ch1iuR2A3L8eFEJFw0lbLcK5483r48jpoTvlrHHi/xgEj7kbOYeF059ueo8+rpbbTpqoOBO4NulAHxLqMumtanAegiKAcBQnKX+fqm1L34+031WqlFjvozkqXBsZDaI9oUprKhDgNIzoov8QuzAjWo3dgCgHUKLFxIdAiIgoXqI13OJer3Dfa7g1SiijdrwPXGM6XjApXCKXjDjbPhcqtm5k5C1gUz19Ff54lVCrEOJvL/QFP+tNvdDhMhKQy73/7nCMlh1oMZQW+PGqqZPbjPvl+P+uIgOe+Ma5IJtzb6MfQq+/nujXohk18HYaapxYcXaGy/Hvl+OUWWf3XsjckOEGcWpQc+TfLliEGMUTJJYHayRa08tXkHD9eeBJvZR4uuyJmMwjW2HdUCfmVuBleQGHHkfILCUPAJPmbaaNVsnTEUSZCgRpMvkxa0u0Wyn6BqIefE5gUZuI7tkt9v6LuAuws18Gk+IMOA123JB0N9m24TDXdi3q94vEhx4kmOy6ljgvNeU9dU4qUaAU8BKZfAwrkiWJjJUQXbc4LMEQ7+Tw==
X-IPAS-Result: A2GrAAAl1AJb/zCZrQpSBwMcAQEBBAEBCgEBgxQEgQyBJQqDa4gEjkshgQ+TNoE9Fx0HCxgLC4N4RgIagiA0GAECAQEBAQEBAgEBAoEEDII1JAEOLxwhCAEFAQEBAQEBJwEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAc1EgEBGAEBAQECAQEBIRE6GwIBCA4KAgISAQwHAgICJQsVEAIEARKDIgKBdxenFoIciD+CDwkBf4kBPoEyDIJdgxEBAYE1FRYXCiYBAYI3MIIkAodihD2MLQMGAoVohS2Edz6GDoR6iV0ChnECAgICBAUCFIElHIILcBU7KgGCGAmCFxcRaQEIgkKFFIU+bw0jjT4CAwoegQGBGAEB
Received: from BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1466.3; Mon, 21 May 2018 10:15:26 -0400
Received: from BRN1WNEXCHM01.vcorp.ad.vrsn.com (10.173.152.255) by BRN1WNEX01.vcorp.ad.vrsn.com (10.173.153.48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.1466.3 via Frontend Transport; Mon, 21 May 2018 10:15:26 -0400
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by BRN1WNEXCHM01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Mon, 21 May 2018 10:15:26 -0400
From: "Gould, James" <jgould@verisign.com>
To: Patrick Mevzek <pm@dotandco.com>, "regext@ietf.org" <regext@ietf.org>
Thread-Topic: [EXTERNAL] Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
Thread-Index: AQHT49WnnwTzyLEBw0SOW88aL7whS6QmKzqAgBPD7QCAAGWAgA==
Date: Mon, 21 May 2018 14:15:26 +0000
Message-ID: <F9BD7DC9-8472-438E-BDDD-8658A0D0A841@verisign.com>
References: <3266784A-E663-4465-8ABF-A3305B83C253@verisign.com> <e7916b75-1555-14e3-43bc-644059cd68f0@switch.ch> <605AC23F-D7B3-4A37-876E-45EC8E6BEEB8@verisign.com> <84309e91-dbe9-8865-fd06-528266aa93e7@switch.ch> <FAFB62AE-C0D1-4D74-888C-00C632D73211@verisign.com> <1522912361.3587146.1327243736.6AB5A07D@webmail.messagingengine.com> <58605AC6-A8B3-4428-A71E-580E6BC01EFF@verisign.com> <1524032366.3941888.1341940112.7D43F230@webmail.messagingengine.com> <BEC1040F-25C7-4F52-BB94-1F55BFA4C1C7@verisign.com> <1524203922.4022062.1344535160.39F0C10F@webmail.messagingengine.com> <83479150-4E98-452F-B27B-BD286AA18C1B@verisign.com> <1524425212.2370983.1346768616.2A2DE208@webmail.messagingengine.com> <48889EC8-FF2C-4CF3-B5E1-9DC5482E06E9@verisign.com> <CF701CA2-F63A-4573-AB87-68E3AB30C635@elistx.com> <5743B914-A1C7-426C-B0AA-515A3AEB5C72@verisign.com> <CY4PR02MB254962B12D6D196EACE492AEB1860@CY4PR02MB2549.namprd02.prod.outlook.com> <8A5C829F-BB67-4BA2-8E3E-5A4002D7D2CA@dnsbelgium.be> <1526875928.815044.1378899224.71EFB177@webmail.messagingengine.com>
In-Reply-To: <1526875928.815044.1378899224.71EFB177@webmail.messagingengine.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.d.0.180513
x-originating-ip: [10.173.153.48]
Content-Type: text/plain; charset="utf-8"
Content-ID: <98F6EA27420FB54C9B9D7A23CB17BB13@verisign.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/ohj7SXT1u7M1IERPsoepf7OBd8A>
Subject: Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 May 2018 14:15:30 -0000

Patrick,

I believe the goal here is to discuss the protocol itself and not deal with the registry or registrar policies that conflict with it.  

The EPP greeting per RFC 5730 "identifies the services supported by the server".  The EPP login command services per RFC 5730 includes "<objURI> elements that contain URIs representing the objects to be managed during the session" and "MAY contain one or more <extURI> elements that identify objects extensions to be used during the session".  I don't view the services included in the greeting or the login command as information, but used to negotiate the object and extension services to be used by the client and server during the session.  The client must not pass services that the server does not support based on the EPP greeting services, and the server must not pass services that the client does not support based on the login command services.  With this in place, the server can make decisions on what it will return the client based on what the client support.  There should be no assumption that clients can receive and consume responses that include services that the client did not include in the login services.  A client that is capable of accepting every possible services in the response can simply mirror the greeting services in the login services.  Clients that are only capable of supporting a subset of the services should reflect that in the login services.  If we come to agreement on the meaning of the greeting and login services then we can move onto the question of handling poll messages that contain services that may not be supported by a client.
  
—
 
JG



James Gould
Distinguished Engineer
jgould@Verisign.com

703-948-3271
12061 Bluemont Way
Reston, VA 20190

Verisign.com <http://verisigninc.com/> 

On 5/21/18, 12:12 AM, "regext on behalf of Patrick Mevzek" <regext-bounces@ietf.org on behalf of pm@dotandco.com> wrote:

    On Tue, May 8, 2018, at 16:21, Pieter Vandepitte wrote:
    > There's no such thing as a client which all 
    > of a sudden must support or handle new extensions. 
    
    Probably because the intersection of
    "clients validating absolutely all EPP frames received by registry"
    and
    "clients using blindly all extensions as announced by registry on greeting"
    is nil.
    
    However you may not have seen this case or not have been in one, but, for having been in one, I know it exists case where the registry says: at day X you can not connect anymore to the EPP server if you do not use on login namespace X and are prepared to receive messages with it.
    
    Then you are just resolving the problem we discuss by moving it into business-land: saying to the registrars to upgrade and thinking that you then can send messages with the new extensions because you are sure they will be able to handle it because they selected it on login...
    Maybe they instead just did a quick change to alter the login (specially if it the case of just one extension going from version A to B) and did not bother implementing things further than that
    
    > The client says it 
    > does not understand it, 
    
    That is not exactly the meaning I read from the login part. I am more reading it "I will not deal with this extension, I will not use it in my messages". See my following messages for an example.
    
    > 2. The purpose of the server's greeting service and the client's login 
    > services: 
    > 
    > It's not a negotiate. It's informational, and in case of the login svcs 
    > it's a kind request to only "talk the languages" of the supported 
    > extensions. Should a server return an error when it receives a request 
    > containing extensions it does understand, but which are not mentioned by 
    > the client? No, even not for extensions it does not understand.
    
    We are now talking about the opposite case (what messages from the client should the server accept) and here I disagree with you: the client clearly designates at login which namespaces it want to handle, so the server should never accept messages with other namespaces from the client. This is also being conservative and helps defeat errors in the client. I know at least one registry server behaving exactly like that.
    
    > 3. Validating clients: clients should be permissive in what they accept. 
    > A client must interpret the server's response as good as possible (i.e. 
    > ignoring XSD violations, use of non-supported schema's, ...).
    > 
    > What about poll responses potentially containing extensions not 
    > supported by the client? Because of (3) that should not be a problem, 
    > but since in my opinion a server should be conservative (to be able to 
    > serve both validating and non-validating clients), it should send the 
    > response in another way.
    
    This opens a new complete can of worms. Some registries send then emails, others give messages by HTTPS connections, etc.
    Many things outside of EPP since I believe that based on the constraints you pose there is noway to resolve that inside EPP.
    
    And BTW being liberal here does not impact negatively validating clients: when seeing a namespace, they can validate it conforms to a schema even if they do not really care of its content and do not use it.
    
    > This is in my opinion a task for the working 
    > group. (Top of mind suggestion: encode part of the response which is not 
    > understood as a CDATA block)
    
    I am in general completely against the idea of encapsulating one formatting inside another, as the idea was already suggested (changing the pure textual message by adding some formatting in it). Hence I would really not think that using a CDATA block is a good idea.
    
    -- 
      Patrick Mevzek
    
    _______________________________________________
    regext mailing list
    regext@ietf.org
    https://www.ietf.org/mailman/listinfo/regext

v2.23.0 | Report a Bug | By Email