[regext] AD Review: draft-ietf-regext-allocation-token-08
Adam Roach <adam@nostrum.com> Sat, 14 July 2018 19:34 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F197F130DF4 for <regext@ietfa.amsl.com>; Sat, 14 Jul 2018 12:34:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Level:
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgSXq-jHXuXj for <regext@ietfa.amsl.com>; Sat, 14 Jul 2018 12:34:11 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E32AB130DDC for <regext@ietf.org>; Sat, 14 Jul 2018 12:34:11 -0700 (PDT)
Received: from dhcp-9259.meeting.ietf.org (dhcp-9259.meeting.ietf.org [31.133.146.89]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id w6EJXtFY091415 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <regext@ietf.org>; Sat, 14 Jul 2018 14:33:56 -0500 (CDT) (envelope-from adam@nostrum.com)
To: Registration Protocols Extensions <regext@ietf.org>
From: Adam Roach <adam@nostrum.com>
Message-ID: <503c9544-7580-f441-12f9-78d92694fbec@nostrum.com>
Date: Sat, 14 Jul 2018 15:33:54 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/t5hMzFzt6JX_Iwg0RiOl8_DrduM>
Subject: [regext] AD Review: draft-ietf-regext-allocation-token-08
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Jul 2018 19:34:14 -0000
This is my AD review for draft-ietf-regext-allocation-token. Based on what I see, this document is ready to go to IETF last call. The comments below should be handled at the same time as any IETF last call comments. I'd like to start by thanking everyone who worked on this document. Despite the relatively large number of comments, the document is in good shape. --------------------------------------------------------------------------- Abstract: > This document describes an Extensible Provisioning Protocol (EPP) > extension for including an Allocation Token in query and transform > commands. Nit: set "query" and "transform" off in some way (e.g., using quotation marks) --------------------------------------------------------------------------- §1.1: > The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", > "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this > document are to be interpreted as described in RFC 2119 [RFC2119]. Please update to use the boilerplate from RFC 8174. --------------------------------------------------------------------------- §1.1: > "allocationToken-1.0" is used as an abbreviation for > "urn:ietf:params:xml:ns:allocationToken-1.0". This doesn't appear to be true. I would suggest removing this sentence. --------------------------------------------------------------------------- §2.1: > The Allocation Token is a simple XML "token" type. The exact format > of the Allocation Token is up to server policy. The server MUST have > the Allocation Token for each object to match against the Allocation > Token passed by the client to authorize the allocation of the object. "...server MUST have..." is a bit confusing here. It seems that the token could itself be a signed assertion that the server could simply validate, rather than keeping a local copy, which is what "MUST have" would seem to imply. --------------------------------------------------------------------------- §3.1.1: > This extension allow clients to check the availability of an object > with an Allocation Token, as described in Section 2.1. Nit: "allows" --------------------------------------------------------------------------- §3.1.1: > Example <check> command for the example.tld domain name using the > <allocationToken:allocationToken> extension with the allocation token of 'abc123': The domain "example.tld" is not reserved for use in examples and is subject to allocation for use in the future. Please use one of the domains reserved by RFC 2026 for this purpose. This comment applies to several other locations in the document, including a few that use "example2.tld". I would suggest using "example.org" and "example.net" for these purposes. --------------------------------------------------------------------------- §3.1.2: > If the client is authorized to receive the > Allocation Token, but there is no Allocation Token associated with > the object, the server MUST return an EPP error result code of 2303 > object referencing the <allocationToken:info> element. I can't parse this sentence -- I think there must be some words missing between "2302" and "object." --------------------------------------------------------------------------- §3.1.3: > This extension does not add any elements to the EPP <transfer> query > command or <transfer> query response described in the [RFC5730]. Nit: remove "the" before "[RFC5730]". --------------------------------------------------------------------------- §3.2.4: > If the Allocation Token does not apply > to the object, the server MUST return an EPP error result code of > 2201. I'm not certain whether this is intended to apply when: (a) The object requires a Token, but this is the wrong one, (b) The object does not require a Token, but one has been supplied, or (c) Both Please update the text to make it clear which case(s) this is intended to cover. --------------------------------------------------------------------------- §5.1 (XML Namespace): > Registration request for the allocationToken XML schema: It's a bit confusing to register a schema in a section titled "XML Namespace." I suggest splitting this off into its own section titled something like "XML Schema." --------------------------------------------------------------------------- §7: > 6. An Allocation Token should is signed XML should be encoded (e.g., > base64) to mitigate server validation issues. I'm having a hard time parsing this sentence. Please rephrase to be clearer. Also, please informatively cite RFC 4648 for Base 64. --------------------------------------------------------------------------- /a
- [regext] AD Review: draft-ietf-regext-allocation-… Adam Roach
- Re: [regext] AD Review: draft-ietf-regext-allocat… Gould, James
- Re: [regext] AD Review: draft-ietf-regext-allocat… Hollenbeck, Scott
- Re: [regext] AD Review: draft-ietf-regext-allocat… Gould, James