Re: [regext] Secdir Last Call assignment: draft-ietf-regext-change-poll
"Valery Smyslov" <valery@smyslov.net> Mon, 29 October 2018 14:20 UTC
Return-Path: <valery@smyslov.net>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BB68130F4D; Mon, 29 Oct 2018 07:20:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id foeejNe3nLBL; Mon, 29 Oct 2018 07:20:50 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FF39130F52; Mon, 29 Oct 2018 07:20:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:In-Reply-To:References:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=IH3Csz6NR9gMlUTeSjp9PscAY7Jzzmo03JhEHoiydAs=; b=050Ob6uMFNFYwErcBVF8T7ARc1 D6Dag+IQrJ6N+YSh6BoI4ClmfJ6CBJ941m+x+j4NrWnoFwVSmrJjoQzTOCxvAi8hBKN5KUugDGF58 bPBLSlrJw+gRgEFyQypEPZrkwTDiGqD21K/QCVVGFF0NWssMAsPzVfS4aWmF8PYyrLB8fI82w55QS Ce6w1cFVJR7j0TTDGF6uYjnnu1uQh2tdiJrHqhC5W4WhQXCR/24pb4cqPOOsUjMvi17pYawUypxx+ FDsTS1U07/1hE3+rJvMMyWw3C5CJeYzWFq2UTxzpPKvWCC1ZRnUH073g/YaCHVgpt2TXB4nWEVgQf mue7QL3A==;
Received: from [82.138.51.4] (port=49486 helo=buildpc) by direct.host-care.com with esmtpsa (TLSv1:ECDHE-RSA-AES256-SHA:256) (Exim 4.91) (envelope-from <valery@smyslov.net>) id 1gH8PO-0007dl-Mf; Mon, 29 Oct 2018 10:20:47 -0400
From: Valery Smyslov <valery@smyslov.net>
To: "'Gould, James'" <jgould=40verisign.com@dmarc.ietf.org>, secdir@ietf.org
Cc: draft-ietf-regext-change-poll.all@ietf.org, ietf@ietf.org, regext@ietf.org
References: <04a001d46f8c$3fd204e0$bf760ea0$@smyslov.net> <89648AE8-724C-4814-9826-FD28C8CBD652@verisign.com>
In-Reply-To: <89648AE8-724C-4814-9826-FD28C8CBD652@verisign.com>
Date: Mon, 29 Oct 2018 17:20:28 +0300
Message-ID: <04a101d46f92$8cb5f3b0$a621db10$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Content-Language: ru
Thread-Index: AQII0fAx4acx+8pUzkGjGvBMP9n4CwKvge2ipLgA21A=
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/t5KDT5yLnVLsmFlXl29LU2qlA5U>
Subject: Re: [regext] Secdir Last Call assignment: draft-ietf-regext-change-poll
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Oct 2018 14:20:53 -0000
Hi James,
thank you for clarification. I presume all these things are clear for those who are familiar with EPP,
and probably most of potential readers of this document fall into this category, but if you can add short
explanation for the others it would be great.
Regards,
Valery Smyslov.
> Thank you for the review and feedback. I can understand the confusion if you're not familiar with the EPP
> protocol. I attempt to clarify things below.
>
> The info command and the poll command are different commands, but where the confusion lies is with the
> response. A poll response can be any EPP response, since the information for a poll response is built into the
> general EPP response with the <msgQ> element (section 2.6 of RFC 5730), so any EPP response "has a"
> relationship with the poll queue information. A concrete EPP response, which in this case is an info response,
> extends ("is a" relationship) the EPP general response, so a concrete EPP response can be used in the response
> to an EPP command or an EPP poll command. In the case of the draft-ietf-regext-change-poll, it specifies the
> use of the info response of other EPP objects (e.g., domain in RFC 5731, host in RFC 5732, or contact in RFC
> 5733) with the Change Poll Extension that defines the server-side operation meta-data of what, when, who,
> and why. A concrete example is the server adding a server status on a domain name, as defined in RFC 5731,
> where it can insert an EPP poll message in the form of a domain info response that includes the added server
> status, with the poll message <msgQ> element populated, and with the Change Poll Extension added. The
> responses of draft-ietf-regext-change-poll are associated with poll responses, where the concrete poll
> responses used are info responses with the Change Poll extension. A client would request the poll message
> using the EPP RFC 5730 poll command and would receive the poll message in the form of an info response,
> with the poll queue information included, and with the Change Poll extension.
>
> I hope this helps.
>
> Thanks,
>
> —
>
> JG
>
>
>
> James Gould
> Distinguished Engineer
> jgould@Verisign.com
>
> 703-948-3271
> 12061 Bluemont Way
> Reston, VA 20190
>
> Verisign.com <http://verisigninc.com/>
>
> On 10/29/18, 9:36 AM, "Valery Smyslov" <valery@smyslov.net> wrote:
>
> Reviewer: Valery Smyslov
> Review result: Ready with Nits
>
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
>
> This draft defines an extension for an Extensible Provisioning Protocol (EPP, RFC 5730)
> that allows servers to notify clients about operations which were not
> initiated by clients, but which modify state of client-sponsored objects.
>
> The extension is defined using standard EPP mechanism for adding extensions,
> so Security Considerations from RFC 5730 are applied and no new ones are added.
> Keeping long message queues consume server resources and can
> potentially be a surface for DoS attack, however as far as I understand
> unauthorized entities cannot cause server to perform actions resulted in
> operations on other clients' objects, so it seems that it is not a security issue here.
> Nevertheless adding a few words that it is not a security issue would be helpful.
>
> General comment not related to security. It seems to me that the protocol description
> is inconsistent. The Introduction Section states, that this extension only extends
> the response to the EPP <poll> command. However, Section 3 of this specification,
> which describes the EPP Command Mapping, extends only the response
> to the EPP <info> command with poll message, and the <poll> command is not mentioned
> there at all. I'm not familiar with the EPP protocol, but I believe that <info> and <poll>
> are different commands, so unless I've missed something, it seems that the protocol
> description is inconsistent (or incomplete). Since it is not related to security,
> I think the document is Ready (from security perspective), but this inconsistency
> must either be fixed or some clarification be provided.
>
>
>
- [regext] Secdir Last Call assignment: draft-ietf-… Valery Smyslov
- Re: [regext] Secdir Last Call assignment: draft-i… Gould, James
- Re: [regext] Secdir Last Call assignment: draft-i… Valery Smyslov