[regext] Re: [Ext] Secdir last call review of draft-ietf-regext-epp-ttl-15
Orie Steele <orie@transmute.industries> Mon, 16 September 2024 17:47 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65341C14CF0C for <regext@ietfa.amsl.com>; Mon, 16 Sep 2024 10:47:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.085
X-Spam-Level:
X-Spam-Status: No, score=-2.085 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IeHnZcXosqED for <regext@ietfa.amsl.com>; Mon, 16 Sep 2024 10:47:14 -0700 (PDT)
Received: from mail-pf1-x42a.google.com (mail-pf1-x42a.google.com [IPv6:2607:f8b0:4864:20::42a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C201C151524 for <regext@ietf.org>; Mon, 16 Sep 2024 10:47:14 -0700 (PDT)
Received: by mail-pf1-x42a.google.com with SMTP id d2e1a72fcca58-7193010d386so2997272b3a.1 for <regext@ietf.org>; Mon, 16 Sep 2024 10:47:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; t=1726508834; x=1727113634; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=aJAIOaMvHEhVdlTq4X0cd/UXhkrIJwAn/zfekIa3FF0=; b=RRWbNNNscHiNkh1xhCkvQjCLdmrj0sLtTBsLkuvBf4gadVtMqbOLR5i7A0IzKTkiOu fL9Vh9P4OXT3cy6ai4Enf2eYQN9/Ox6C+zgVqIFdrZNUuBieiCVKO2RJIhDZNz2/MAfU VrT1uLLA3/LP/p1xtTyhhgoOBF4/amOtTYaMtBIjOTunrTxnatGMIB3bUKA/I3wrhOWt G5rT5ufQ6Lr59memH1GiLamFaYPcHPgZQXR2qKyhdF1tshIoemRKbsshdSAx9eC1t/pF ERg5pQ3CAGdIXYF4TR2dxeFYnXd5+Jd/oGCbc/CL4Lv+BwtQUkOPk4jvZMYyaPlKyA7V zdPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1726508834; x=1727113634; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aJAIOaMvHEhVdlTq4X0cd/UXhkrIJwAn/zfekIa3FF0=; b=helZisZ7O+BVxS7mZDo2TJ54Vok3kwQBO8bayC0S0JI14nCWGYFzeDD3b5k7p0Ck3I j5h+gk6ipR40gZBvLesKj1AoJZjhldyRXCBwF7tHuW2P4whIF9k+CXgCH+Ss6PH3G71H 3ZFHby61h4XwX/NxIwqZ7yefymnVJytOrtbHOaHEDaMeXnPHS4e5MBEFiFFWyFS+TJtP fr79srnhMWjNtYRExniMMygxHidYv8iXL1iDmptXVS5CQHDsc2L9p9OtEqk+MDu6Mts2 btIwpwnyMN/gj3jDCBaN8l9P7gMauz9wmELNcwjOaTu6LlTVudpyp4WFyUUrX42OYvnJ QlpQ==
X-Forwarded-Encrypted: i=1; AJvYcCViavz2/2kb+yky7mg5BNwMYQT/DFf8XZFmS3GJGXz5qQ/4NGn4O3TltdOvnnCOiigCgEKS1RQ=@ietf.org
X-Gm-Message-State: AOJu0Yytr4+ey+ET02gnMq2lom5855kf6W7HYeMNPU69fnnE6aFDzmnq ze76eQStedU3bIuN0EXN/Jezds9yDpKnETrReljYxnAYwstZ5tsXuQeg+qI3EBHuHzZQKA00c5C ktTPNpZfKag8VMgh63LkqT8BKPGEc1LldrSmU5Q==
X-Google-Smtp-Source: AGHT+IE+x0OhrCB2RAo9hIaxk9SHSpBXQpcUjaPYQG+4ZVMQXALMVj4jBaLWO0ZNTObhxwZF9UJhww6C3ZtL/nKgjcM=
X-Received: by 2002:aa7:88d4:0:b0:70d:2693:d215 with SMTP id d2e1a72fcca58-71936a5e771mr18720434b3a.16.1726508833281; Mon, 16 Sep 2024 10:47:13 -0700 (PDT)
MIME-Version: 1.0
References: <172368109802.1105358.10586154866409358806@dt-datatracker-6df4c9dcf5-t2x2k> <76830A89-543A-404E-9314-99F37B3BEB28@icann.org>
In-Reply-To: <76830A89-543A-404E-9314-99F37B3BEB28@icann.org>
From: Orie Steele <orie@transmute.industries>
Date: Mon, 16 Sep 2024 12:47:02 -0500
Message-ID: <CAN8C-_LV1H7ZMnQydkSEw4+yFGNFsna2vPqQm=jxht1Jna8fSg@mail.gmail.com>
To: Gavin Brown <gavin.brown@icann.org>
Content-Type: multipart/alternative; boundary="000000000000b5b7d106224029f4"
Message-ID-Hash: GQU26WBNBSHKQC2TYOBNPC4BBZ746HYK
X-Message-ID-Hash: GQU26WBNBSHKQC2TYOBNPC4BBZ746HYK
X-MailFrom: orie@transmute.industries
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-regext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Wes Hardaker <wjhns1@hardakers.net>, "secdir@ietf.org" <secdir@ietf.org>, "draft-ietf-regext-epp-ttl.all@ietf.org" <draft-ietf-regext-epp-ttl.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>, "regext@ietf.org" <regext@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [regext] Re: [Ext] Secdir last call review of draft-ietf-regext-epp-ttl-15
List-Id: Registration Protocols Extensions Working Group <regext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/yyMrLsnnp2j40QMwF0q-F6FBV9g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Owner: <mailto:regext-owner@ietf.org>
List-Post: <mailto:regext@ietf.org>
List-Subscribe: <mailto:regext-join@ietf.org>
List-Unsubscribe: <mailto:regext-leave@ietf.org>
Wes, Thanks for your review, I believe Gavin has addressed your comments, however he has also asked you some questions. Please let me know if you have further comments, I am preparing ballot text for this document. Regards, OS, ART AD On Mon, Sep 2, 2024 at 9:57 AM Gavin Brown <gavin.brown@icann.org> wrote: > Hi Wes, apologies for the delay, I was on PTO. My responses below. > > > On 15 Aug 2024, at 01:18, Wes Hardaker via Datatracker <noreply@ietf.org> > wrote: > > > > Reviewer: Wes Hardaker > > Review result: Has Nits > > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. These comments were written primarily for the benefit of the > > security area directors. Document editors and WG chairs should treat > > these comments just like any other last call comments. > > > > A note about my background: I'm very familiar with the DNS, moderately > > with EPP concepts, and not an expert on XML. > > > > The summary of the review is: ready with a few minor comments/nits > > > > Over all: well written, clear and easy to read document. Thank you. > > > > The biggest issue: > > > > - Did the WG discuss whether or not a client should be able to check > > generally how long a server will make use of a new TTL value? It's > > clear that the server can change it at any point, but that makes it > > very hard for a client to actually manage their records in a way > > where the TTL change point can be ideally depended upon. If I'm > > rolling a key and desire a 4 hour TTL in order to do so properly, > > but the server decides to switch back to a longer one 2 hours later > > that's a real problem and will cause large issues operationally. > > That was not discussed explicitly. The document describes a policy > discovery mechanism (see Section 2.1.1.2) which allows clients to learnt > the min/default/max values, but it does not provide a way to discover > if/when a server might reset a non-default value. > > EPP would not be particularly well-suited to provide this information, as > the audience for such information would be much wider than just EPP client > operators. However, the RDAP extension (see draft-brown-rdap-ttl-extension, > which I plan to bring to regext once this document is published) does > provide a way for a registry to publish its policy in a way that is > discoverable for all interested parties, not just those who can connect to > its EPP server. > > > Furthermore, what if the policy changes after a client has set their > > value. So if I set it to 4 hours because the policy is 30 minutes > > to 12 hours and then shortly after I set my TTL the server decides > > the new minimum value is 24 hours, what happens? > > The document does not address this and therefore it would be up to the > server operator to decide. They might decide to clobber the client-assigned > value, or honour it temporarily or permanently. > > Policy changes will almost certainly only happen infrequently, and the > omission was intentional on my point. Do you feel it warrants some > discussion in the document? > > > Comments and Nits: > > > > - the introduction could use a few more words describing that this > > document really only is applying to parent/child relationships. > > EPP is only ever used in that specific context. To add clarity, I will > change "domain name provisioning system" in the first sentence of the > introduction to "domain name registry system" to avoid any confusion. > > > - In the bottom of 1.1 there is a discussion about the ttl prefix > > being used in examples. It would add some clarity to specifically > > talk about the name space reference that the string should actually > > point to, like the rest of the examples already do. > > The text in this section is boilerplate that is present in almost all > EPP-related RFCs, going back to RFC 3730. > > > - Section 1.2.1 says that elements MAY have the following > > attributes.... but the reality is that the following list contains a > > bunch of REQUIRED, MUST, MUST NOT and MAY requirements. I'd argue > > this MAY should actually be dropped and left to each of the > > sub-bullets for exactness instead. Something like "the following > > attributes, depending on whether it appears in a command or response > > frame, can appear:" > > I will downgrade the "MAY" to "may". > > > - I note that there is no generic statement about what to do when any > > required elements are missing. Specifically, servers should always > > return "2306 Parameter value policy" error when any required field > > is missing or invalid. This should probably be added in section 3 > > generically, where the rest of the section may be specifically > > stating specific cases but should otherwise be used as a generic > > error message. > > RFC 5730 provides the 2003 "Required parameter missing" error code. > > > - It's unclear if the min parameter is allowed to equal to the max > > parameter. It's clearly stated that default can be equal to min and > > max, but it would be nice to state clearly that min can, in fact, be > > equal to max as well. > > If a server policy set min=max, then only that value could ever be > specified, and this extension would serve no function. > > > - In 1.2.1.1 there is no upper bound on the TTL value, which surprises > > me. I think it should match the DNS spec and I think it's indicated > > it might be in the XML requirements (I didn't check). > > The schema sets the maximum. > > > - In general it seems that the common terminology of > > "registry/registrar/registrant" is avoided (which is fine by me) but > > there are a few instances (eg 1.2.1.2 bullet #3). I may be > > misreading the intention to shy away from this terminology though. > > I'll change "registry" to "server". > > > - I'd suggest moving the examples in 1.2.1.3 after the 1.3 section > > since the examples include a info reference (in 1.2.1.3.2). > > That makes sense, will do. > > > - I'd suggest tests that validate the XML if one is not already in place. > > All XML instances are validated as part of the document generation worklow. > > > - In the XML the clID and crID are both frequently "ClientX" -- I wanted > > to verify that this value is the right example value for both fields > > It's an arbitary string, but is used throughout the base RFC series and > many subsequent documents. > > > - I note the DELEG example reference in the 2.2.2, which made me smile > > (full disclosure: I was a DELEG BOF chair). > > DELEG was top of mind when making sure this extension was future-proof. > > > - You might mention in the security considerations that an account > > compromise would lead to an attacker changing the NS/glue addresses > > and then setting a max length TTL to keep the real client from a > > swift recovery. > > That's a good suggestion, thanks. > > I'll upload a new version shortly! > > G. > > -- > Gavin Brown > Principal Engineer, Global Domains & Strategy > Internet Corporation for Assigned Names and Numbers (ICANN) > > https://www.icann.org > > -- ORIE STEELE Chief Technology Officer www.transmute.industries <https://transmute.industries>
- [regext] Secdir last call review of draft-ietf-re… Wes Hardaker via Datatracker
- [regext] Re: [Ext] Secdir last call review of dra… Gavin Brown
- [regext] Re: [Ext] Secdir last call review of dra… Orie Steele
- [regext] Re: [Ext] Secdir last call review of dra… Wes Hardaker
- [regext] Re: [Ext] Secdir last call review of dra… Gavin Brown
- [regext] Re: [Ext] Secdir last call review of dra… Gavin Brown