Re: [secdir] SECDIR review of draft-ietf-regext-launchphase
"Gould, James" <jgould@verisign.com> Wed, 08 November 2017 14:15 UTC
Return-Path: <jgould@verisign.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E981126FDC; Wed, 8 Nov 2017 06:15:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A6XLSK5pJJt0; Wed, 8 Nov 2017 06:15:44 -0800 (PST)
Received: from mail1.verisign.com (mail1.verisign.com [72.13.63.30]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8E595126D45; Wed, 8 Nov 2017 06:15:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=23742; q=dns/txt; s=VRSN; t=1510150543; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=9NkGWLDF2GZRBxEjt6sLs/XSl+XtR4ECrsW9NmcP5Qo=; b=EUsuQvm8M6U+rKnk9lbfr5OPHz5/uyHK4ijU/X7WHhbpSPQ7PpHH5xNs osVFRpL15MqNAR6Y7h4EmOs1L0X0hmGTsD3shL1HFLXnAiJ/ukFoaN/L4 4fpJZn0SRHuCpJcYhAC8OP4FYy10h64fbvO1+O4dA2vU0WCa5RuRM0ILh H7M97MkG6Itk5+5bnXygLn08s3vBidOSXWEiHSFiCrg8Mj//v2C23SW2J 5D8XZe/im8cBcr/8oGLZijMI8Dkc3f+x6sp2dlH8dSyUCk310lxLxzDDj IiD3ZzF344tsFua7iMA3B0WUYuTcJSTwd6ySXAOX7GPbXUlssl1nXJNyY g==;
X-IronPort-AV: E=Sophos;i="5.44,364,1505779200"; d="png'150?scan'150,208,217,150";a="5124720"
IronPort-PHdr: 9a23:tD/WkR9vFZyIiP9uRHKM819IXTAuvvDOBiVQ1KB+0e8XIJqq85mqBkHD//Il1AaPBtSLraocw8Pt8InYEVQa5piAtH1QOLdtbDQizfssogo7HcSeAlf6JvO5JwYzHcBFSUM3tyrjaRsdF8nxfUDdrWOv5jAOBBr/KRB1JuPoEYLOksi7ze6/9pnQbglSmDaxfa55IQmrownWqsQYm5ZpJLwryhvOrHtIeuBWyn1tKFmOgRvy5dq+8YB6/ShItP0v68BPUaPhf6QlVrNYFygpM3o05MLwqxbOSxaE62YGXWUXlhpIBBXF7A3/U5zsvCb2qvZx1S+HNsDtU7s6RSqt4LtqSB/wiScIKTg58H3MisdtiK5XuQ+tqwBjz4LRZoyeKfhwcb7Hfd4CRWRPQNtfVzBPDI2/YYsADeQOPedEoIbyvFYOtweyBQy2Ce/z0DJFhHn71rA63eQ7FgHG2RQtE9wPvnTTsdX1MLodXfiox6fM1zrDau1Z2Szz5IPVdR0ho/6MXbVtccrV1EYiDB3FgUuKqYzkJDOV1+sNs26B4+V8UuKvjncqpgdsqTahwccsj5PGhoMTyl3c6yV23pw1JdyjSE56bt6kFoFcuD2dN4tzWs8iXX9nuDw7yr0duJ67cy4KyJUhxxHDcfCIb4+I4hflWe2MIjl4nGpodK+jixqo7EStyOPxWtOp3FtKoCdJiMfAu38N2hDL98SLVuFx8lqj1DqTzQzf9+5JLEMumabGKJMsxKM7mIAJvkTZBCD2nV37jKqRdko55Oel8//nYrD6pp+EMI90lx3+PrwumsOhBeQ4NRADUHOB+eS6ybHj+UL4QLBQgf03lqnZt43aJdgHqqKnGQNVzJgs6wy+Dze90dQYkn8HIEhZdxKAiojlI1DOIPbmAvejm1mgjStny+rbMrDjDJjBNGXPnbfvcLpn9UJRxwo+wcha551OC7EBJPzzWlX2tNzdFhI5MQO0w+H6CNV5y4wTQnyPDbGDMKPTql+I5+0vI++WaIAJvzb9LuAp5+Tygn8hhV8dYa6p0IMMaH+mAvtpPkSZYWD3j9cAD2gKogQ+QPbtiF2YXj5Zf2yyUL4k5jEnFIKmCp/ORoGzj7ya0ye2BZxWaX5aClCCC3vocJ+EW/gUYiKIPsBhiiAEVaSmS4I5yB6urhX1y7R7LubN+y0Xq47j1NZs6+3Jix4y+iJ7DsuB022US2F7hH4IRzkq06B/uUx9yk2M0bNmjPBCD9NT4/dJXxw7NZHC0+x6Bcr+WgXbfteGUFymWMmpASktTtItxN8De0J9G9KkjhDd3iqlH7wVm6aKBJMq7qLc0WP8J8l4y3nc1akhi0MqTddINW2j1eZD8F34B5TIiA29kKC0dK8flHrJ82GdzGGN+kBVTABYXqDMXHRZbUzT+5CxrE/YRrGyTLUqLgUE08ONJ7tWL9ngkFNNRO/jMc/TJWu1n0+xCAqGgLSWY8CiL2kH1SvBTUkJjw5W53uJOBgiQyOovmTVDCRuHEniJUro9cF/pW+1CEguwFfOJwdg2qG60h8YmfLaTOkclPpQuSo6pB11EUqzmdXMBIzE70B6ca5QYMkV4Vpb2yTerQM3dsi7Iqtuh0Q2cglrsQXpzRohWatals1/5lwt0Q5+beq62VZMbHnQiZL/PaDTJkHs8QqucK/Z3BfV19PAqfRH0+gxt1i25FLhLUEl6XgyloANi3Y=
X-IPAS-Result: A2F4AQCTEANa//WZrQpaAxsBAQEBAwEBAQkBAQGCREKBEoEVB4N2m0CCfoVXj0VDBwECH4UcAhqFJRQBAQEBAQEBAQEBAoEQgjgkAQ1HIQUBMQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQgCCAdBAQEYAQEBAQIBBQEdAggBUAsCAQgNBAMBAgYBAQEiAgICBRABCQUMHQgCBAERAQYIiX0DDallgicmhyENg0gBAQEBAQEBAQEBAQEBAQEBAQEBAQEOD4Mwg1yBaCmDAYJrghQtCQEmgk4xgjIFkWGPfDcGAoZkAYEAiB6HbZBEjGg6iFICBAsCGQGBOTZkgS96FXYBgjYJhFZ3iwyBEQEBAQ
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout02.verisign.com (8.13.8/8.13.8) with ESMTP id vA8EFfiY013960 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Wed, 8 Nov 2017 09:15:41 -0500
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0301.000; Wed, 8 Nov 2017 09:15:40 -0500
From: "Gould, James" <jgould@verisign.com>
To: Chris Lonvick <lonvick.ietf@gmail.com>, "draft-ietf-regext-launchphase.all@ietf.org" <draft-ietf-regext-launchphase.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: [EXTERNAL] SECDIR review of draft-ietf-regext-launchphase
Thread-Index: AQHTVJKxCXr/kImkrE6FdroWCcJjY6MKjwAA
Date: Wed, 08 Nov 2017 14:15:40 +0000
Message-ID: <BD24D362-F2F5-4D9A-AB25-CB746CA759BF@verisign.com>
References: <59FC4BC7.2040707@gmail.com>
In-Reply-To: <59FC4BC7.2040707@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.1f.0.170216
x-originating-ip: [10.170.148.18]
Content-Type: multipart/related; boundary="_004_BD24D362F2F54D9AAB25CB746CA759BFverisigncom_"; type="multipart/alternative"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/CNL4tEJLhmk4A29deOJy8zqolUI>
Subject: Re: [secdir] SECDIR review of draft-ietf-regext-launchphase
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 14:15:46 -0000
Chris, Thank you for the review and feedback. I respond to you feedback below: > I found in the section of Conventions Used in this Document, several XML terms are defined with each containing an addendum similar to, "The XML namespace prefix [xxx] is used, but implementations MUST NOT depend on it and instead employ a proper namespace-aware XML parser and serializer > to interpret and output the XML documents." I think that it would be appropriate to have a summary statement covering these in the Security Considerations section. The statement related to the XML namespace prefix is not security related but is an XML best practice for interoperability. The XML namespace prefixes chosen (“launch”, “smd”, “mark”) in the draft are for illustration purposes only and must not be statically defined dependencies in the implementations to ensure that the clients can chose XML namespace prefixes for the commands that may not match the draft and that will be supported by the server. The same holds true for the server being able to chose XML namespace prefixes for the responses that may not match the draft that will be supported by the client. Thanks, — JG [id:image001.png@01D255E2.EB933A30] James Gould Distinguished Engineer jgould@Verisign.com 703-948-3271 12061 Bluemont Way Reston, VA 20190 Verisign.com<http://verisigninc.com/> From: Chris Lonvick <lonvick.ietf@gmail.com> Date: Friday, November 3, 2017 at 6:58 AM To: "draft-ietf-regext-launchphase.all@ietf.org" <draft-ietf-regext-launchphase.all@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org> Subject: [EXTERNAL] SECDIR review of draft-ietf-regext-launchphase Resent-From: <alias-bounces@ietf.org> Resent-To: James Gould <jgould@verisign.com>, Wil Tan <wil@cloudregistry.net>, Gavin Brown <gavin.brown@centralnic.com>, <ietf@antoin.nl>, <galvin@elistx.com>, <ben@nostrum.com>, <adam@nostrum.com>, <aamelnikov@fastmail.fm>, Ulrich Wisser <ulrich@wisser.se>, <ulrich@wisser.se> Resent-Date: Friday, November 3, 2017 at 6:58 AM Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The summary of the review is Ready with Nits. The abstract describes the specification as: This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of domain name registrations and applications during the launch of a domain name registry. I am not familiar with this line of work. In my review, I found in the section of Conventions Used in this Document, several XML terms are defined with each containing an addendum similar to, "The XML namespace prefix [xxx] is used, but implementations MUST NOT depend on it and instead employ a proper namespace-aware XML parser and serializer to interpret and output the XML documents." I think that it would be appropriate to have a summary statement covering these in the Security Considerations section. The Security Considerations section appears appropriate for the contents and normative references. Regards, Chris
- [secdir] SECDIR review of draft-ietf-regext-launc… Chris Lonvick
- Re: [secdir] SECDIR review of draft-ietf-regext-l… Gould, James