Re: [regext] WG LAST CALL: draft-ietf-regext-epp-registry-maintenance-09

Thu, 07 Jan 2021 05:39:31 -0800 

Antoin,



I was surprised to see draft-ietf-regext-epp-registry-maintenance move to WGLC 
based on the work that has been progressing on the mailing list, so at this 
point I can’t support publication of the document.  The document editors have 
addressed my prior feedback.  Upon a fresh review, below is my feedback:



  1.  Upon the draft passing WGLC, the version should be updated to 
“maintenance-1.0”.  This change should not happen now.
  2.  Section 3.3 “Maintenance Elements”
     *   I’m taking the action item to see how the existing registrar notices 
map to the elements defined in this section.  The registrar notices are 
free-form currently, but there is some consistency of structure that needs to 
be evaluated against the formal structure defined in 
draft-ietf-regext-epp-registry-maintenance.  I anticipate changes to the 
elements in Section 3.3 “Maintenance Elements” coming out of this mapping 
exercise.
  3.  Section 4.1.3 “EPP <info> Command”
     *   Nit – Change “either <maint:id>” to “either the <maint:id> child 
element” and change “or <maint:list> child element” to “or the <maint:list> 
child element”.
  4.  Section 7 “Security Considerations”
     *   It would be worthwhile to consider the security associated with what 
maintenance information to return back to the client.  A registry access point 
may return maintenance information for many top-level domains (or registry 
zones), where the client has authorization to access a subset of top-level 
domains.  My recommendation is to define the considerations that take into 
account authorization of the client.  For example:

                                                               i.      “A 
server MUST only provide maintenance information for clients that are 
authorized.  If a client queries for a maintenance identifier, per section 
4.1.3.1 “Info Maintenance Item”, that it’s not authorized to access, the server 
MUST return an EPP error result code of 2201 [RFC5730].  The list of top-level 
domains or registry zones returned in the “Info Maintenance Item” response 
SHOULD be filtered based on the top-level domains or registry zones the client 
is authorized.  Authorization of poll messages is done at the time of poll 
message insertion and not at the time of poll message consumption.”

                                                             ii.      The poll 
message use case is a corner case, but I believe it’s important to cover it.

  1.  Section 9 “References”
     *   I believe that draft-ietf-regext-unhandled-namespaces would need to 
move into the Normative References since it’s referenced in a normative 
sentence.



--



JG







James Gould

Fellow Engineer

jgo...@verisign.com 
<applewebdata://13890C55-AAE8-4BF3-A6CE-B4BA42740803/jgo...@verisign.com>



703-948-3271

12061 Bluemont Way

Reston, VA 20190



Verisign.com <http://verisigninc.com/>



On 1/4/21, 9:40 AM, "regext on behalf of Antoin Verschuren" 
<regext-boun...@ietf.org on behalf of i...@antoin.nl> wrote:



    The following working group document is believed to be ready for submission 
to the IESG for publication as a standards track document:



    
https://secure-web.cisco.com/18eaw5Rc7eRHLW7NT557WL-OEIuRsuRZfA7LKp3BJ8CRDnwUbnkSep_2VLycXzaOvmv49tji_vZXkav_WSa0LDImf7iVSPHuVnheksrC-Z4yjC-TCdX06-Lys-gkODiVilrOZp1WOmoSapmIw9J5pD0-c_UpkQYAeekRFAzwm17KphqdWz9cW1VprZlDOloub5pH3QB11p7XdAbJQOs_f-_NiiPLxZDEVHyLx2QvUBtzvazi50NwL3TPdpF2dVgB7vFSXzLopwYOp3mnMp-e1dw/https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-epp-registry-maintenance%2F



    This WG last call will end at close of business, Monday, 18 Januari 2021.



    Please review this document and indicate your support (a simple “+1” is 
sufficient) or concerns with the publication of this document by replying to 
this message on the list.



    The document shepherd for this document is James Galvin.



    Regards,



    Antoin and Jim

    _______________________________________________

    regext mailing list

    regext@ietf.org

    
https://secure-web.cisco.com/1CE4ls-J9vyi17Z5wA242rs-KkkAsctHnLiGKkA_kgQavoiXTstq55sAh91oQYVV3zS33dzM8y3GY1nYLN4gSGgjfS09ccNXbUlpHFZUgbKtUIvuU45KQpfmOn-jqJA_nGG3Bfz4IRazNKf73lHiol397BADwass3Bi3_isz7AZ066VdhCChq6fGBvIuMmp-d-elI3ur-dS4rOm7bxi21gHhBvucBpJV6ajYIeoANmEpcOT0grGvxyqHJhTTHLr9bUv34eF1HxM1l-LBv3jiguZli7S0kkBSRiHe6IGjd7Hg/https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fregext

_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext

Reply via email to