Martin, you also have to consider client identification and authorization when trying to determine an appropriate response code. I can see returning result code 1000 to a sponsoring registrar who omits the authInfo, but a request from a non-sponsoring registrar who omits the authInfo should produce a 2201 response code. A 2202 would make sense for a non-sponsoring registrar who provides invalid authInfo.
Scott > -----Original Message----- > From: regext <regext-boun...@ietf.org> On Behalf Of Martin Casanova > Sent: Thursday, December 19, 2019 4:04 AM > To: regext@ietf.org > Subject: [EXTERNAL] [regext] How to handle Domain Info Command with > empty authinfo/pw tag in command? > > Hello > > I was hoping for some input of the community about an implementation > decision for the Domain Info Command/Response when it comes to the > optional <domain:authInfo> associated with the domain object. > > RFC-5731 about <domain:authInfo>: ... If this element is not provided or if > the authorization information is invalid, server policy > determines if the command is rejected or if response information will be > returned to the client. > > 1. > In case the <authinfo><pw> element is delivered but not correct (no match > or not set on domain) we will return a Code 2202 to inform. > (sponsoring client or not) > > 2. > In case an empty tag is given (<authinfo><pw/></authinfo>) we are > wondering if: > Option 1: always Response Code 1000 should be returned Option 2: Only > answer with 1000 when there is NO authinfo/pw set on the domain (kind of > confirming it) and otherwise 2202 considering an empty tag as invalid > authorization information delivered. > > > I think maybe option 2 may be better because that way a registrar could > check if an <authinfo> is set or not even without knowing it. > After all, the registry could have set or deleted <authinfo> without noticing > the registrar. However many clients seem to send > <authinfo><pw/></authinfo> just about always and they would need to > adjust. > > I have to mention that our Domain Info response will never include the actual > <authinfo> since we only store a hash of it for security reasons. > A Domain Info Command with the <authinfo> Element entirely omitted will > always be answered with 1000. > > Thanks and merry X-Mas! > > Martin Casanova > > --- > SWITCH > Martin Casanova, Domain Applications > Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 55, > direct +41 44 268 16 25 martin.casan...@switch.ch, www.switch.ch > > Working for a better digital world > > > _______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
