Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Wed, 31 October 2018 03:24 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 066A6130DD2 for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 20:24:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kga7rVZHkPfC for <regext@ietfa.amsl.com>; Tue, 30 Oct 2018 20:24:08 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FF1E12872C for <regext@ietf.org>; Tue, 30 Oct 2018 20:24:08 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id i26so6220275lfc.0 for <regext@ietf.org>; Tue, 30 Oct 2018 20:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o63mnEqC4LqzE/+ifjtpJfGGoiAgiZ/l9N16EudD5Ns=; b=Wey+UCe0/sJylfOJmXLktlQpi29d6Zejx79tuWeP07bQnxxU7HBxJFKKFS1srbwIlP gQClTChHmqLPecCXGniL0yyYlz4TMcBiP5asYs8FpJ/GgHzVULJLbYwWELS6gsxRTAa6 g9HYRankWhn/wKi9byJmhPJ9vTERyptdTCxP1l39SL2EKfY6evrIb0L5UkJvkRF7kSK5 9OqAAgse0hoqoFnUcVeVojy/Bk+zac0k4/qjqLgdSfdSpd+UCNR7Q7SvvGTlbXxdzGcs Mvf9WDqydC8t7CCUuXTwbiZ3mToe95qljM5URcbUAYTbzQjNCuFYmKv1sVra3XK4/1XT lqCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o63mnEqC4LqzE/+ifjtpJfGGoiAgiZ/l9N16EudD5Ns=; b=Hz953rWOGkndQel7Z/fqQBEeKwbGDVzj/Zm2+f7upfOoE0RtPn5l5F5c+aJvX4WkDx qWyb8P6pqC/A0TBlvzw0yDPaFkSh/5Xmtp1Z6ymcXdV9iMopmIBjQ2zrJtw3a4S+MkXd 8PM+++sHaK+/CScT1QlXbY0ZHy18xUXP88ItDpKXwSykYArooh1IOnr2Vc5agbh8gW9i NxPHXvHPbo+9e3hJUD9ns9cJ+NjTDq4MA10/mzA2+kXsFivrBOB9usuB9ucSapmEPBp/ vJpih+ABcfhj3z1Q32qdzqRfrdM+kHyx/l4quEAHzr4YgsF/Qdx9iu9GYFdMhW4CeZuQ fPbg==
X-Gm-Message-State: AGRZ1gI8HCcD1mG0h6xjLHq9bKb/y6gCuxNhiKTRyeKEv04lBB7Q8kjv BI9gwkTHBUkexmhPCdi/Y3LzODRb+gkIHTCGvFt1PQ==
X-Google-Smtp-Source: AJdET5d9WrkIownesXO6+RzIP0ed/fnbMCyzqhGeXUR7ezYlwq821Rjb9O8VsUjMHbLTE8/F9Vpx+DsIojEnvw4vS88=
X-Received: by 2002:a19:54d7:: with SMTP id b84mr625934lfl.131.1540956246096; Tue, 30 Oct 2018 20:24:06 -0700 (PDT)
MIME-Version: 1.0
References: <154040431305.6967.8110836894354286749.idtracker@ietfa.amsl.com> <20181025174522837431196@cnnic.cn> <CABcZeBMtZXNJR5oAsb8Do995herP010tShq46N_6JZaZxHtp8A@mail.gmail.com> <20181029161835451937137@cnnic.cn> <CABcZeBO5n1WXmaQAkOYBkhtOi6BJXzdnBWxxyskauHjX1myiug@mail.gmail.com> <2018103110254261670452@cnnic.cn>
In-Reply-To: <2018103110254261670452@cnnic.cn>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 30 Oct 2018 20:23:27 -0700
Message-ID: <CABcZeBPYGmRU5Ft9PPp6_j78+dArg64KCMR8ah_wc7bcuBBOFA@mail.gmail.com>
To: zhoulinlin@cnnic.cn
Cc: regext-chairs@ietf.org, pieter.vandepitte@dnsbelgium.be, IESG <iesg@ietf.org>, regext@ietf.org, draft-ietf-regext-org@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a9d59f05797dd5e5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/w_ixgjsbulftmup9vRF8uCm4-o8>
Subject: Re: [regext] Eric Rescorla's Discuss on draft-ietf-regext-org-11: (with DISCUSS and COMMENT)
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Oct 2018 03:24:12 -0000
On Tue, Oct 30, 2018 at 7:25 PM Linlin Zhou <zhoulinlin@cnnic.cn> wrote: > Dear Eric, > Please see my feedbaks below. > > Regards, > Linlin > ------------------------------ > Linlin Zhou > > ---------------------------------------------------------------------- >>> DISCUSS: >>> ---------------------------------------------------------------------- >>> >>> Rich version of this review at: >>> https://mozphab-ietf.devsvcdev.mozaws.net/D3624 >>> >>> >>> This DISCUSS should be easy to clear. I have noted a few points where >>> I do not believe that the spec is sufficiently clear to implement. >>> >>> DETAIL >>> S 3.4. >>> > >>> > o clientUpdateProhibited, serverUpdateProhibited: Requests to >>> update >>> > the object (other than to remove this status) MUST be rejected. >>> > >>> > o clientDeleteProhibited, serverDeleteProhibited: Requests to >>> delete >>> > the object MUST be rejected. >>> >>> How does access control work here? If either of these values are set, >>> then it must be rejected? >>> [Linlin] If you mean that clientUpdateProhibited and >>> serverUpdateProhibited are set, these two statuses can coexist in the >>> system. "clientUpdateProhibited" is set by the client and >>> "serverUpdateProhibited" is set by the server. >>> >>> >> That's not what I mean. What I mean is "what is the access control rule >> that the server is supposed to apply". >> [Linlin] The EPP statuses defined in draft-ietf-regext-org follows the >> model used in the other EPP RFC's, including RFC 5731- RFC 5733. The >> statuses define the command-level access control rules, where each >> supported transform command (update and delete) includes a corresponding >> client-settable ("client") and server-settable ("server") that prohibits >> execution of the command by the client. The client is allowed make an >> update only to remove the "clientUpdateProhibited" status when the >> "clientUpdateProhibited" status is set. Client-specific access control >> rules (e.g., sponsoring client versus non-sponsoring client) is not defined >> by the statuses, but is up to server policy. >> >> > I'm sorry, but this still isn't clear. Can you perhaps send some > pseudocode? > [Linlin] Our proposal is to add the lead-in bolded text to match the > existing EPP RFC's to the Organization mapping. There has been no issues > with the interpretation of the statuses with the EPP RFCs, so it's best to > match them as closely as possible. In section 3.4, > > An organization object MUST always have at least one associated status > value. > > > > > *Status values can be set only by the client that sponsors an organization > object and by the server on which the object resides. A client can change > the status of an organization object using the EPP <update> command. Each > status value MAY be accompanied by a string of human-readable text that > describes the rationale for the status applied to the object. * > > > > > > *A client MUST NOT alter status values set by the server. A server MAY > alter or override status values set by a client, subject to local server > policies. The status of an object MAY change as a result of either a > client-initiated transform command or an action performed by a server > operator.* > > Status values that can be added or removed by a client are prefixed > with "client". Corresponding status values that can be added or > removed by a server are prefixed with "server". The "hold" and > "terminated" status values are server-managed when the organization > has no parent identifier [Section 3.6] and otherwise MAY be client- > managed based on server policy. *S**tatus values that * > * do not begin with either "client" or "server" are server-managed.* > > Take "clientUpdateProhibited" for example. > If status value "clientUpdateProhibited" is set by a client > then <update> command is not allowed to perform by a client > If status value "clientUpdateProhibited" is removed by a client or a > server > then no limitation of performing EPP commands > > I think we are talking past each other. The question I am asking is what is the access control algorithm for changing other values depending on whether {client,server}UpdateProhibited is set. -Ekr > >>> >>> >>> >>> S 4.1.2. >>> > >>> > o One or more <org:status> elements that contain the operational >>> > status of the organization, as defined in Section 3.4. >>> > >>> > o An OPTIONAL <org:parentId> element that contains the >>> identifier of >>> > the parent object, as defined in Section 3.6. >>> >>> It's not clear to me what's really optional here, because you say >>> above that it's up to the server but then you label some stuff here as >>> OPTIONAL >>> [Linlin] If this sentence makes confusion. How about changing it to "It >>> is up to the server policy to decide >>> what optional attributes will be returned of an organization object." >>> or just remove it? >>> >>> >> I don't know, because I don't understand the semantics you are aiming >> for. Are the other attributes optional. >> [Linlin] To be consistent with other EPP RFCs, I suggest removing the >> sentence "It is up to the server policy to decide what attributes will >> be returned of an organization object." >> >> > Does that mean the other attributes are mandatory? If so, you need to say > that. > [Linlin] Yes, thank you. > If the element can appear once, the keyword "OPTIONAL" is used to specify > it as an optional element. > If the element can appear multiple times, the word "zero" is used to > specify it as an optional element. > Other elements are mandatory. > > >> >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >>> >>> >>> >>> S 3.4. >>> > has been processed for the object, but the action has not been >>> > completed by the server. Server operators can delay action >>> > completion for a variety of reasons, such as to allow for human >>> > review or third-party action. A transform command that is >>> > processed, but whose requested action is pending, is noted with >>> > response code 1001. >>> >>> Who can set this? >>> [Linlin] The server can set the error code to 1001 and send the >>> response to the client. >>> >>> >> Sorry, context got lost. Who can set "pendingCreate"? >> [Linlin] PendingCreate or PendingXXX statuses are set by servers. >> >> > Then you should say so in the text. > [Linlin] Yes. Please see the above updated text in section 3.4. "Status > values that > do not begin with either "client" or "server" are server-managed." > >> >> >>> S 3.5. >>> > association with another object. The "linked" status is not >>> > explicitly set by the client. Servers SHOULD provide services >>> to >>> > determine existing object associations. >>> > >>> > o clientLinkProhibited, serverLinkProhibited: Requests to add new >>> > links to the role MUST be rejected. >>> >>> see above question about access control >>> [Linlin] If both the clientXXXProhibited and serverXXXProhibited are >>> set, this situation is permitted. >>> >>> >> Sorry, this is still not clear to me. >> >>> >>> >>> [Linlin] Please see the above response. >> >> > Sorry, still not clear. > [Linlin] Please see the first issue feedback. > >> >> >>> S 4.2.1. >>> > status of the organization, as defined in Section 3.4. >>> > >>> > o An OPTIONAL <org:parentId> element that contains the >>> identifier of >>> > the parent object, as defined in Section 3.6. >>> > >>> > o Zero to two <org:postalInfo> elements that contain >>> postal-address >>> >>> These rules looks duplicative of <info>. Is there a way to collapse >>> them? >>> >>> [Linlin] The attributes need to be defined differently for the create >> and the info response, since the info response needs to be more flexible >> with what is returned based on server policy decisions. Yes, they are the >> same elements, but whether they are required or optional may be different >> in a create than in a info response. The attributes are duplicated in the >> other EPP RFCs (RFC 5731 – 5733) for ease in implementation. Attempting to >> collapse the attributes will make it more difficult for implementors and >> will not be consistent with the other EPP RFCs. >> >> > This is a comment, not a DISCUSS, so you're free to ignore it, but as > someone who as implemented quite a few specifications, I don't agree with > the claim that it would make things more difficult for implementors. > Implementors want to reuse code and if it's a lot of work to see the > difference between two parts of the spec, this leads to mistakes. > >> >> >>> S 4.2.5. >>> > where at least one child element MUST be present: >>> > >>> > o An OPTIONAL <org:parentId> element that contains the >>> identifier of >>> > the parent object... >>> > >>> > o Zero to two <org:postalInfo> elements that contain >>> postal-address >>> >>> This also seems duplicative. >>> [Linlin] Indeed some elements descriptions appear some times in the >>> document. I'd like to have some explanations here again. >>> This document borrowed the text structure from RFC5731, RFC5732 and >>> RFC5733 of EPP. I think the intension of having some duplicated >>> descriptions is for users' easy reading. When seeing the examples, they do >>> not have to scroll up and down to find the elements definitions. Some >>> descriptions are a little different, although <org:postalInfo> elements >>> appear to be duplicated. Such as, "One or more <org:status> elements" in >>> <info> response and "Zero or more <org:status> elements" in <create> >>> command. Of course putting all the elements definitions in a section is a >>> concise way for the document structure. >>> >>> >> It's much harder for implementors because they don't know how to refactor >> common code. >> [Linlin] Duplicating the attributes is needed to address server policy >> differences between create and the info response, to make it easier for >> implementors, and to be consistent with the other EPP RFCs (RFC 5731 - RFC >> 5733). >> >> > Again, it's *not* easier for implementors > [Linlin] We want to have this document match what has been done in the > other EPP RFCs. People always feel convenient with the existing patterns. > As implementers of the EPP RFCs, they have been familiar with the EPP > spcifications for years and we believe that it makes things easier for > implementers. > > -Ekr > >>
- [regext] Eric Rescorla's Discuss on draft-ietf-re… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Linlin Zhou
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Gould, James
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Eric Rescorla
- Re: [regext] Eric Rescorla's Discuss on draft-iet… Benjamin Kaduk