IETF Logo Mail Archive

Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Wed, 31 October 2018 03:24 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 066A6130DD2 for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 20:24:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kga7rVZHkPfC for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 20:24:08 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF1E12872C for <regext@ietf.org>; Tue, 30 Oct 2018 20:24:08 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id i26so6220275lfc.0 for <regext@ietf.org>; Tue, 30 Oct 2018 20:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o63mnEqC4LqzE/+ifjtpJfGGoiAgiZ/l9N16EudD5Ns=; b=Wey+UCe0/sJylfOJmXLktlQpi29d6Zejx79tuWeP07bQnxxU7HBxJFKKFS1srbwIlP gQClTChHmqLPecCXGniL0yyYlz4TMcBiP5asYs8FpJ/GgHzVULJLbYwWELS6gsxRTAa6 g9HYRankWhn/wKi9byJmhPJ9vTERyptdTCxP1l39SL2EKfY6evrIb0L5UkJvkRF7kSK5 9OqAAgse0hoqoFnUcVeVojy/Bk+zac0k4/qjqLgdSfdSpd+UCNR7Q7SvvGTlbXxdzGcs Mvf9WDqydC8t7CCUuXTwbiZ3mToe95qljM5URcbUAYTbzQjNCuFYmKv1sVra3XK4/1XT lqCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o63mnEqC4LqzE/+ifjtpJfGGoiAgiZ/l9N16EudD5Ns=; b=Hz953rWOGkndQel7Z/fqQBEeKwbGDVzj/Zm2+f7upfOoE0RtPn5l5F5c+aJvX4WkDx qWyb8P6pqC/A0TBlvzw0yDPaFkSh/5Xmtp1Z6ymcXdV9iMopmIBjQ2zrJtw3a4S+MkXd 8PM+++sHaK+/CScT1QlXbY0ZHy18xUXP88ItDpKXwSykYArooh1IOnr2Vc5agbh8gW9i NxPHXvHPbo+9e3hJUD9ns9cJ+NjTDq4MA10/mzA2+kXsFivrBOB9usuB9ucSapmEPBp/ vJpih+ABcfhj3z1Q32qdzqRfrdM+kHyx/l4quEAHzr4YgsF/Qdx9iu9GYFdMhW4CeZuQ fPbg==
X-Gm-Message-State: AGRZ1gI8HCcD1mG0h6xjLHq9bKb/y6gCuxNhiKTRyeKEv04lBB7Q8kjv BI9gwkTHBUkexmhPCdi/Y3LzODRb+gkIHTCGvFt1PQ==
X-Google-Smtp-Source: AJdET5d9WrkIownesXO6+RzIP0ed/fnbMCyzqhGeXUR7ezYlwq821Rjb9O8VsUjMHbLTE8/F9Vpx+DsIojEnvw4vS88=
X-Received: by 2002:a19:54d7:: with SMTP id b84mr625934lfl.131.1540956246096; Tue, 30 Oct 2018 20:24:06 -0700 (PDT)
MIME-Version: 1.0
References: <154040431305.6967.8110836894354286749.idtracker@ietfa.amsl.com> <20181025174522837431196@cnnic.cn> <CABcZeBMtZXNJR5oAsb8Do995herP010tShq46N_6JZaZxHtp8A@mail.gmail.com> <20181029161835451937137@cnnic.cn> <CABcZeBO5n1WXmaQAkOYBkhtOi6BJXzdnBWxxyskauHjX1myiug@mail.gmail.com> <2018103110254261670452@cnnic.cn>
In-Reply-To: <2018103110254261670452@cnnic.cn>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 30 Oct 2018 20:23:27 -0700
Message-ID: <CABcZeBPYGmRU5Ft9PPp6_j78+dArg64KCMR8ah_wc7bcuBBOFA@mail.gmail.com>
To: zhoulinlin@cnnic.cn
Cc: regext-chairs@ietf.org, pieter.vandepitte@dnsbelgium.be, IESG <iesg@ietf.org>, regext@ietf.org, draft-ietf-regext-org@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a9d59f05797dd5e5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/w_ixgjsbulftmup9vRF8uCm4-o8>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 03:24:12 -0000

On Tue, Oct 30, 2018 at 7:25 PM Linlin Zhou <zhoulinlin@cnnic.cn> wrote:

> Dear Eric,
> Please see my feedbaks below.
>
> Regards,
> Linlin
> ------------------------------
> Linlin Zhou
>
> ----------------------------------------------------------------------
>>> DISCUSS:
>>> ----------------------------------------------------------------------
>>>
>>> Rich version of this review at:
>>> https://mozphab-ietf.devsvcdev.mozaws.net/D3624
>>>
>>>
>>> This DISCUSS should be easy to clear. I have noted a few points where
>>> I do not believe that the spec is sufficiently clear to implement.
>>>
>>> DETAIL
>>> S 3.4.
>>> >
>>> >      o  clientUpdateProhibited, serverUpdateProhibited: Requests to
>>> update
>>> >         the object (other than to remove this status) MUST be rejected.
>>> >
>>> >      o  clientDeleteProhibited, serverDeleteProhibited: Requests to
>>> delete
>>> >         the object MUST be rejected.
>>>
>>> How does access control work here? If either of these values are set,
>>> then it must be rejected?
>>> [Linlin] If you mean that clientUpdateProhibited and
>>> serverUpdateProhibited are set, these two statuses can coexist in the
>>> system. "clientUpdateProhibited" is set by the client and
>>> "serverUpdateProhibited" is set by the server.
>>>
>>>
>> That's not what I mean. What I mean is "what is the access control rule
>> that the server is supposed to apply".
>> [Linlin] The EPP statuses defined in draft-ietf-regext-org follows the
>> model used in the other EPP RFC's, including RFC 5731- RFC 5733. The
>> statuses define the command-level access control rules, where each
>> supported transform command (update and delete) includes a corresponding
>> client-settable ("client") and server-settable ("server") that prohibits
>> execution of the command by the client. The client is allowed make an
>> update only to remove the "clientUpdateProhibited" status when the
>> "clientUpdateProhibited" status is set. Client-specific access control
>> rules (e.g., sponsoring client versus non-sponsoring client) is not defined
>> by the statuses, but is up to server policy.
>>
>>
> I'm sorry, but this still isn't clear. Can you perhaps send some
> pseudocode?
> [Linlin] Our proposal is to add the lead-in bolded text to match the
> existing EPP RFC's to the Organization mapping. There has been no issues
> with the interpretation of the statuses with the EPP RFCs, so it's best to
> match them as closely as possible. In section 3.4,
>
> An organization object MUST always have at least one associated status
> value.
>
>
>
>
> *Status values can be set only by the client that sponsors an organization
> object and by the server on which the object resides. A client can change
> the status of an organization object using the EPP <update> command. Each
> status value MAY be accompanied by a string of human-readable text that
> describes the rationale for the status applied to the object. *
>
>
>
>
>
> *A client MUST NOT alter status values set by the server. A server MAY
> alter or override status values set by a client, subject to local server
> policies. The status of an object MAY change as a result of either a
> client-initiated transform command or an action performed by a server
> operator.*
>
> Status values that can be added or removed by a client are prefixed
> with "client". Corresponding status values that can be added or
> removed by a server are prefixed with "server". The "hold" and
> "terminated" status values are server-managed when the organization
> has no parent identifier [Section 3.6] and otherwise MAY be client-
> managed based on server policy. *S**tatus values that *
> * do not begin with either "client" or "server" are server-managed.*
>
> Take "clientUpdateProhibited" for example.
> If status value "clientUpdateProhibited" is set by a client
> then <update> command is not allowed to perform by a client
> If status value "clientUpdateProhibited" is removed by a client or a
> server
> then no limitation of performing EPP commands
>
>
I think we are talking past each other. The question I am asking is what is
the access control algorithm for changing other values depending on whether
{client,server}UpdateProhibited is set.

-Ekr


>
>>>
>>>
>>>
>>> S 4.1.2.
>>> >
>>> >      o  One or more <org:status> elements that contain the operational
>>> >         status of the organization, as defined in Section 3.4.
>>> >
>>> >      o  An OPTIONAL <org:parentId> element that contains the
>>> identifier of
>>> >         the parent object, as defined in Section 3.6.
>>>
>>> It's not clear to me what's really optional here, because you say
>>> above that it's up to the server but then you label some stuff here as
>>> OPTIONAL
>>> [Linlin] If this sentence makes confusion. How about changing it to "It
>>> is up to the server policy to decide
>>> what optional attributes will be returned of an organization object."
>>> or just remove it?
>>>
>>>
>> I don't know, because I don't understand the semantics you are aiming
>> for. Are the other attributes optional.
>> [Linlin] To be consistent with other EPP RFCs, I suggest removing the
>> sentence "It is up to the server policy to decide what attributes will
>> be returned of an organization object."
>>
>>
> Does that mean the other attributes are mandatory? If so, you need to say
> that.
> [Linlin] Yes, thank you.
> If the element can appear once, the keyword "OPTIONAL" is used to specify
> it as an optional element.
> If the element can appear multiple times, the word "zero" is used to
> specify it as an optional element.
> Other elements are mandatory.
>
>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>>>
>>>
>>>
>>> S 3.4.
>>> >         has been processed for the object, but the action has not been
>>> >         completed by the server.  Server operators can delay action
>>> >         completion for a variety of reasons, such as to allow for human
>>> >         review or third-party action.  A transform command that is
>>> >         processed, but whose requested action is pending, is noted with
>>> >         response code 1001.
>>>
>>> Who can set this?
>>>  [Linlin] The server can set the error code to 1001 and send the
>>> response to the client.
>>>
>>>
>> Sorry, context got lost. Who can set "pendingCreate"?
>> [Linlin] PendingCreate or PendingXXX statuses are set by servers.
>>
>>
> Then you should say so in the text.
> [Linlin] Yes. Please see the above updated text in section 3.4. "Status
> values that
> do not begin with either "client" or "server" are server-managed."
>
>>
>>
>>> S 3.5.
>>> >         association with another object.  The "linked" status is not
>>> >         explicitly set by the client.  Servers SHOULD provide services
>>> to
>>> >         determine existing object associations.
>>> >
>>> >      o  clientLinkProhibited, serverLinkProhibited: Requests to add new
>>> >         links to the role MUST be rejected.
>>>
>>> see above question about access control
>>> [Linlin] If both the clientXXXProhibited and serverXXXProhibited are
>>> set, this situation is permitted.
>>>
>>>
>> Sorry, this is still not clear to me.
>>
>>>
>>>
>>> [Linlin] Please see the above response.
>>
>>
> Sorry, still not clear.
> [Linlin] Please see the first issue feedback.
>
>>
>>
>>> S 4.2.1.
>>> >         status of the organization, as defined in Section 3.4.
>>> >
>>> >      o  An OPTIONAL <org:parentId> element that contains the
>>> identifier of
>>> >         the parent object, as defined in Section 3.6.
>>> >
>>> >      o  Zero to two <org:postalInfo> elements that contain
>>> postal-address
>>>
>>> These rules looks duplicative of <info>. Is there a way to collapse
>>> them?
>>>
>>> [Linlin] The attributes need to be defined differently for the create
>> and the info response, since the info response needs to be more flexible
>> with what is returned based on server policy decisions. Yes, they are the
>> same elements, but whether they are required or optional may be different
>> in a create than in a info response. The attributes are duplicated in the
>> other EPP RFCs (RFC 5731 – 5733) for ease in implementation. Attempting to
>> collapse the attributes will make it more difficult for implementors and
>> will not be consistent with the other EPP RFCs.
>>
>>
> This is a comment, not a DISCUSS, so you're free to ignore it, but as
> someone who as implemented quite a few specifications, I don't agree with
> the claim that it would make things more difficult for implementors.
> Implementors want to reuse code and if it's a lot of work to see the
> difference between two parts of the spec, this leads to mistakes.
>
>>
>>
>>> S 4.2.5.
>>> >      where at least one child element MUST be present:
>>> >
>>> >      o  An OPTIONAL <org:parentId> element that contains the
>>> identifier of
>>> >         the parent object...
>>> >
>>> >      o  Zero to two <org:postalInfo> elements that contain
>>> postal-address
>>>
>>> This also seems duplicative.
>>> [Linlin] Indeed some elements descriptions appear some times in the
>>> document. I'd like to have some explanations here again.
>>> This document borrowed the text structure from RFC5731, RFC5732 and
>>> RFC5733 of EPP. I think the intension of having some duplicated
>>> descriptions is for users' easy reading. When seeing the examples, they do
>>> not have to scroll up and down to find the elements definitions. Some
>>> descriptions are a little different, although <org:postalInfo> elements
>>> appear to be duplicated. Such as, "One or more <org:status> elements" in
>>> <info> response and "Zero or more <org:status> elements" in <create>
>>> command. Of course putting all the elements definitions in a section is a
>>> concise way for the document structure.
>>>
>>>
>> It's much harder for implementors because they don't know how to refactor
>> common code.
>> [Linlin] Duplicating the attributes is needed to address server policy
>> differences between create and the info response, to make it easier for
>> implementors, and to be consistent with the other EPP RFCs (RFC 5731 - RFC
>> 5733).
>>
>>
> Again, it's *not* easier for implementors
> [Linlin] We want to have this document match what has been done in the
> other EPP RFCs. People always feel convenient with the existing patterns.
> As implementers of the EPP RFCs, they have been familiar with the EPP
> spcifications for years and we believe that it makes things easier for
> implementers.
>
> -Ekr
>
>>

v2.23.0 | Report a Bug | By Email