IETF Logo Mail Archive

Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)

Patrick Mevzek <pm@dotandco.com> Sun, 22 April 2018 19:27 UTC

Return-Path: <pm@dotandco.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C61D2126CB6 for <regext@ietfa.amsl.com>; Sun, 22 Apr 2018 12:27:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dotandco.com header.b=WqsmDTai; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=aeIWyNcd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rlPbD8y3IU18 for <regext@ietfa.amsl.com>; Sun, 22 Apr 2018 12:27:03 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FDE1126CBF for <regext@ietf.org>; Sun, 22 Apr 2018 12:26:53 -0700 (PDT)
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id C1F4D21AC5 for <regext@ietf.org>; Sun, 22 Apr 2018 15:26:52 -0400 (EDT)
Received: from web3 ([10.202.2.213]) by compute3.internal (MEProxy); Sun, 22 Apr 2018 15:26:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dotandco.com; h= content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=PJAy3EJAwN0EGjiRYZdZtzUqKuxsD EhWJC8jObsN8j4=; b=WqsmDTaidSbgn7MzkDOEdVK0XRIApevLb5KC05hxIBnXu 5Mx4zmDB/+rR4MumYmXXYLbkKSdvtCy1SN7335vP8UyLvmZKTuVmtBkr0+EfOPzd vAzm+KiK/JbfZrV9TRNYKHvH0z733AAHbq4pkwlCIl4lFZxerHjT2vWtZpFKhi9A CToInW1KKDfIbUJhsGPgczmHJVoVdSFpZt0+1ESalC+nFy8A5rS/YBskpBbwFVnV tCCvdLlN6KXpiSQx902oewuzHW/cTIvwnfX5I6KWx3aeJkFzG0fvqCFaENUGOoTb vZXKEzTF9vJHaHbasMXRS+FJC/VAQKiiqEuJpkNTA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=PJAy3E JAwN0EGjiRYZdZtzUqKuxsDEhWJC8jObsN8j4=; b=aeIWyNcdpzIy0/1htPFq3K 0auWWK/AhVQJWoBDltEArF1VKRVPBxmW+K5ON/5fkCcxrLjcxH5FNHM0lNwNYpYH ze3GL9TI8DWGr724zRhKNqbHpvKBH2F1ZoG/05iavxOd2vYHF86umGRldtIDda9i SOaAY157mfsFgi+WKEqLubNMBwxWbEKkOEiN20VAGPSC0MOGm+rmS/utec00t0QM FZ57dCpBxZZESnhSVKVLdCZMyAQ3JHNzd3rTC3EEyyXhpxBiViN7sTUF/LPgWxgK vGkZwLbAJqpm2LZEZtiWkgfD3xFTXqshNpxGJXOACAydUy5bnGjDDoxEq8SuWFZQ ==
X-ME-Sender: <xms:_OHcWkQ20hnLF9VAiKZbh6eprq21UJuvQ5Nz8O82ca_TF6dfBaJDZnHB1ZE>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 5DEB89E379; Sun, 22 Apr 2018 15:26:52 -0400 (EDT)
Message-Id: <1524425212.2370983.1346768616.2A2DE208@webmail.messagingengine.com>
From: Patrick Mevzek <pm@dotandco.com>
To: regext@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-f3006b89
Date: Sun, 22 Apr 2018 21:26:52 +0200
References: <3266784A-E663-4465-8ABF-A3305B83C253@verisign.com> <e7916b75-1555-14e3-43bc-644059cd68f0@switch.ch> <605AC23F-D7B3-4A37-876E-45EC8E6BEEB8@verisign.com> <84309e91-dbe9-8865-fd06-528266aa93e7@switch.ch> <FAFB62AE-C0D1-4D74-888C-00C632D73211@verisign.com> <1522912361.3587146.1327243736.6AB5A07D@webmail.messagingengine.com> <58605AC6-A8B3-4428-A71E-580E6BC01EFF@verisign.com> <1524032366.3941888.1341940112.7D43F230@webmail.messagingengine.com> <BEC1040F-25C7-4F52-BB94-1F55BFA4C1C7@verisign.com> <1524203922.4022062.1344535160.39F0C10F@webmail.messagingengine.com> <83479150-4E98-452F-B27B-BD286AA18C1B@verisign.com>
In-Reply-To: <83479150-4E98-452F-B27B-BD286AA18C1B@verisign.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/tAdH9HEV1eJJ2QP-IDHrOG7sSEs>
Subject: Re: [regext] Poll messages with unhandled namespaces (was Re: I-D Action: draft-ietf-regext-change-poll-07.txt)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Apr 2018 19:27:06 -0000

On Fri, Apr 20, 2018, at 16:06, Gould, James wrote:
> Thank you for the detailed description of your reasoning.  I will leave 
> it that we disagree on the purpose of the login services, the need for 
> the server to honor the login services for poll messaging, and the 
> impacts in returning unsupported responses or response extensions to 
> clients.

Ok.

> On the impact, there are two elements to consider including 
> first the XML parser in validating a response against the XML schemas, 
> and second is the unmarshalling of the XML to a representative object.  
> A client could disable the XML parser validation and move along to the 
> unmarshalling step.  In the unmarshalling step the client would need to 
> deal with receipt of unsupported content.  The client could throw an 
> exception because the XML (e.g., DOM tree) could not be unmarshalled, 
> ignore the unsupported content, or come up with some other 
> representation of the unsupported content (e.g., convert to list of XML 
> blobs or DOM objects).  A client would need to proactively deal with the 
> unexpected if the server does not honor the login services of the 
> client. 

Your description still leaves out a case, that I can not prove to be the dominant one but that is certainly not a negligible one: the client receives the message, DOES NOT validate it per XML schema, DOES NOT parse it, and just stores it (as is or with a simple transformation to any other serialization format, an operation that does not need to know about the schema nor the content at all) for out of band later examination, and ACKs it in EPP to be able to fetch the next one.

In this case, there are absolutely none of the problem you expose:
the registry has no extra work to do, the registrar has no extra work to do to understand messages in unknown namespaces, registrar is not blocked at all for any new namespace introduced, the registrar has no problem if the registry message does not validate per its own XML schema, the registrar does not have to be proactive it can deal with new cases and problems later, etc.
I really fail to see the drawbacks but of course anyone is free to do differently and stick to validate and parse everything in band in real time.

As for "A client would need to proactively deal with the 
unexpected if the server does not honor the login services of the 
client.", I think this is already the case for many registries, and since a long time, so clients had to deal with that already. It is far from a new hypothetical problem.

> Since this is not a problem unique to draft-ietf-regext-change-poll, I 
> agree that it's best suited to be addressed in a separate Internet Draft 
> that addresses service-aware EPP poll messaging.

I agree this should be a separate draft, to become eventually an Informational Standard or a Best Practice depending on its content.

> Is there interest in such a draft by the working group?  

I am interested by the subject but disagree on the offered solution.

Also, it may be useful to be able (as difficult as it may be) to understand a little more on the current situation, and to see how registries currently handle this problem.

Note that this happens very early and not only from poll messages.
If the registrar logs in without the secDNS extension, to use a "core" example, and if it does a domain:info on a domain name which has secDNS info (because it is one of his own domain for which he put DNSSEC material with it before but right now in this particular session it did not use the secDNS extension at login, or maybe less contrived before a transfer he does a domain:info with the associated authInfo on a domain name it does not sponsor)
then what should the registry do? Send the secDNS part of the domain:info or not?
I believe not sending it creates more harm than benefits, even if the registrar did not specify it at login, but clearly this is the core point of our disagreement.

-- 
  Patrick Mevzek
  pm@dotandco.com

v2.23.0 | Report a Bug | By Email