To:
ietf-provreg@cafax.se
Cc:
Edward Lewis <edlewis@arin.net>
From:
Edward Lewis <edlewis@arin.net>
Date:
Fri, 2 May 2003 11:10:53 -0400
Sender:
owner-ietf-provreg@cafax.se
Subject:
[ietf-provreg] For the archives, full minutes of the meeting in SF
For one reason or another, the minutes for the SF meeting have taken
a long time to appear. The Jabber logs were used for the official
minutes that were due two weeks ago. In the "better late than never"
category, here are the other minutes taken by Kim Davies. This is
the first posting of them, please take time to review them to see if
1) they are accurate and 2) if there are questions about the
discussions.
- - - -
IETF 56 - Provisioning Registry Protcol (provreg)
Administrivia:
- Chairs: Ed Lewis (EL) and Jaap Akkerhuis (JA)
- Scribe: Kim Davies; Jabber: Andrew Newton
Agenda Bashing:
- Agenda has been revised recently due to recent developments.
- For bull session, need to firstly identify what needs to be
solved - work out what the IESG comment means - and also address
the concerns people have about building to that requirement.
State of the Group:
- Group hinged on one issue that is causing many problems.
- Answers to IESG comments
- www.cafax.se/ietf-provreg/maillist/2003-03/msg00067.html
- Core Documents (proposed standards):
- EPP
- EPP Contact Mapping
- EPP Domain Name Mapping
- EPP Host Mapping
- EPP Transport over TCP
- Remainign Document (informational):
- Guidelines for Extending the Extensible Provisiong Protocol
- Other documents exist as individual submissions, not working group
candidates now.
- Nothing stops experimentation.
- Why are documents being discouraged? Track record is that
no documents has gathered general interest in some time.
- Aim to shutdown the group once core documents and 1 informational
document is published.
- Milestones:
- March 2003: Respond to IESG Comments, Submit Guidelines for
extending EPP.
- April 2003: Decision on Alternative Transports
- Likely to drop the remaining for September/October 2003
(Perform interoperability tests, submit reports and revised
specifications to IESG). If people really want to do this,
to bring documents to Draft Standard, could reconvene later.
- Rick Wesson (RW): Should we be evaluating extensions?
- EL: The track record is that nothing has come along that
was a good example of what we want to do. If someone wants
to do something themselves there is no interoperability
considerations - so why would the WG need to look at it.
Also - we have not seen any drafts to describe them.
- Scott Hollenbeck: Some of the extensions I have seen are not
of interest to this WG, but of interest to others.
- RW: We should have the opportunity to discuss it.
- EL: We haven't seen a reason to justify the groups existence
based on what has come in. We dont want to have the group
constituted based on what may or may not come. Any extensions
so far have not needed WG review.
- RW: So the only way an extension gets documents is through an
individual submission?
- EL: Yes, we have to see enough support from the group to
bring it in to the group.
- AN: If it is being published as informational it could just
go directly to the RFC Editor.
- John Klensin: Are you going to address I18N issues or just assume
everything is IDNA?
- SH: If the issues are significant enough to warrant protocol
changes that is suitable for an extension. The protocol already
supports Unicode.
Privacy "bull" session:
- Ted Hardie: I believe I can represent Randy Bush and Patrick
Faltstrom's opinions on this. Scott has explained each IESG
comment and its resolution. I believe Allison's comments have
been resolved by these. I believe you are correct that the one
remaining issue is the privacy issue raised by Randy Bush.
"Why do domain/contact/.. not have granular information about
privacy?" The suggestion was making the existing DCP element
mandatory. I quoted this to Randy. All we are talking about
is the registry-registrar part of it. DCP handles the registry
telling the registrar the privacy policy of the registry. It
is inheriting parts from EPP. In that case, when the registry
and registrar have agreed on the way privacy is that if the
registrant expresses privacy concerns to the registrar, the
registrar evaluates the preference against the registry policy
and if they dont match rejects the registration.
Randy has said, OK, lets assume the registry handles these
preferences and the registrar passes through the registrants
privacy needs as expressed. He would like to see a standard
mechanism available so the registrant and registry can make
that decision too.
This is not a mechanism that must be turned on, it just needs to exist
in the protocol. He put it as per-element granularity for social data.
The way I put this to Scott accidentally implied a particular syntax,
which was wrong. He believes the protocol needs the registry and
registrar to agree that it is the registry who will handle the
decision rather than the registrar.
Is that clear?
- Rich Shockey: Everyone would like to do this but it adds
complication. It could require a rewrite of contracts between
registries and registrars, and registries and ICANN. A protocol
burden being placed on registries and registrars that may not be
able to be accomplished in a legal environment.
- TH: I get no sense that this needs to be turned on in any
bilateral agreement. If they can't do it, it does not need
to be turned on. By creating a protocol mechanism, you believe
it is going to imply something about the R-R relationship?
- EL: We are being asked to make the protocol allow to do this?
- RB: It must be mandatory to implement, optional to use.
- RW: If these things were used today, it would violate our ICANN
contracts.
- RB: That is your problem.
- RW: I agree we need to ignore these things and move it through. It is
up to ICANN to mandate it.
- RS: We want to do the right thing. When it is mandatory to implement
and optional to use that is relatively OK. But what happens if the
registrar sends the flags "do not use" and we ignore that, that
causes a rat hole. If we dont accept the data it is a rejection of
the registration which we cant do either.
- JK: With all due respect I think this is a red herring. If
we accept this is true. If you think it is a contract problem
then you should not accept registrations with the wrong bits.
- EL: One of the questions I have here for the IESG was about laws and
protocols. This is the first time I have seen this argument clearly.
I didn't see now the issue was anything more than privacy.
- RB: Our job as protocol designers is simply to make sure the
mechanisms are there.
- TH: One thing I have inferred from Randy. We dont want to get into
silly states where one party sends one state, and another sends
another; and we dont want a sitation of arbiting the intersection.
In a particular R-R mapping, only one is in use, so a registry using
a DCP model can drop the request on the floor if it doesn't match.
You can either use DND or DCP. I can then take my individual privacy
policies and figure if they match it.
- RB: Yes, there are many aspects of this protocol where if you
dont like it you can throw it away.
- TH: We had said DCP was mandatory. If they have made the decision to
have the registry forward the information, if they use that can they
not use DCP?
- RB: DCP is aggregated DND in one sense.
- TH: DCP is the glob that expresses privacy policy.
- EL: DNP? Do not publish?
- EL: Should it be per session?
- RW: I have a real problem that we have to educate the ADs on these
topics. As an implementor I have a particular view I would like to
express with AD's negotiating their position before I express my
point of view. I would like the DNP as a per object container, not
per session.
- RS: I consider this only applying to social information - personal
information. I would make it explicit that we are referring to this.
- SH: I had some conversations with patrick to get clarification on
this information. He said we cant narrow this down to social
information as that is a policy decision. SO it needs to be
supported for all elements.. IP addresses etc.
- RB: Are there any grey areas?
- SH: Not that we know about.
- RW: Talking about silly states. If someone marks their IP address
as do-not-disclose, it should just return an error.
- Edmon Chung: How does one disclose for what it can not be disclosed?
- TH: A registrar talking to a registry needs to know about that
bilaterial exchange.
- George Michaelson: Randy is making a case for work being done to the
protocol, and we are discussing policy issues. These areas are at right
angles. Implement the feature, and pursue the social policy issues
later. If we don't support it we are making a policy decision we don't
want to support this behaviour.
- RS: The adverse argument, if the feature is implemented, our
courts might read that the feature is there and not being uses
implies a behaviour. If it is there implies a kind of mandatory
use. This is a rat-hole of legal issues.
- EL: One of my questions before I saw this as a technical problem,
it seems as if we are engineering to legal requirements. Some people
falt it this way. I think it is clear now with this situation is
we are trying to shift where an algorithm decision is made.
- RB: We just want to give a protocol mechanism to allow people to
do this. In different cultures it can be handled differently.
- RS: I have to play Lessig - Code is Law at some times. What we do
has legal implications we have to live with.
The fact it is mandatory to implement, lawyers will start to sue on
these kinds of things.
- EL: I know enough about the law to know that I know nothing.
We are here as engineers. We should stick to that and not worry
about the law unless we know there is an empirical reason not to
do this.
- RW: I agree with RS there are legal trickle down problems, but I want
to bring this back tot he technical. I want to see a proposal on how
to do this. I want to do this on a per-registration basis. I dont know
if they can be submitted on a per update basis. Per object I would like
to describe what bits get set on each element. The legal issues will
get us nowhere.
- TH: You do not need to wait for the privacy draft from Blaze. My
presumption is the protocol mechanism will allow expressing preference
to the registry. Once it is reviewed by the IESG who had issue with
this, it should move forward as this was the only outstanding issue.
- EL: People seem to think this is a reasonable issue to solve.
- Janusz Sientiewicz: There seems to be little support for "mandatory
to implement, optional to use". Many support DCP per session. Any
practical server implementation will only support a very limited
subset for privacy options. There is cost in implementing things
that are only optional. Why should everyone be burdened with the
cost that no-one will use.
- EL: If it turns out no-one uses this feature, it will go away if
we go to Draft Standard. We want to stop debating about this and
start testing it. We can't wait for the perfect protocol - we need
to test and refine.
- JK: Looking at this from another perspective, ignoring the IESG.
The likelihood of someone making a law against this protocol is somewhere
near zero. The likelihood of a law that says you can't have this
protocol without privacy issues, is very high given world events.
So the make this mandatory to implement, optional to use is very
pragmatic. So I disagree with RS.
- RS: Extensions.
- JK: No, for interoperability it needs to be in the core.
- RS: I have strong objection to the fact the IESG has mandated that
this has been done. I would rather this have been a core extensions
that is mandatory to implement.
- TH: I am not a lawyer, and I think this is an engineering question.
I want to make sure the room has a common understanding of the eng.
requirement that has been expressed. I want to check there is no
confusion on the expectation here. Can we get a hum? Are we looking
for a protocol mech. that allows a registrar to express to a registry
at a binary level, a do-not-publish or do-not-disclose that applies
on a per element basis - however it is done syntactically?
- GW: It could be done per session though.
- EL: The question is not yet complete...
- TH: My understanding is, A mechanism to allow the registrar to tell
the registry on a per element basis which elements it requires not
be distributed or published. It doesn't mean it is syntactically on
a per element.
- JS: I want us to define privacy here, we should define which elements
on the protocol level.
- RW: There are different requirements... registry enforcement,
registrar enforcement, per session, per object. We need a solution
that suits all.
- SH: I think one of the previous proposals already meets all the
requirements expressed. [[so no extra work is needed]]
- GM: I think we should enumerate which elements for which we consider
the constraints should apply to identify what we consider to be the
social data.
- EC: Why can't this be in extensions?
- EL: Procedurally, if we use extensions, we delay things. Plus the
IESG would not accept it.
- EL: Rick's request was something concrete to supply to the list.
- RW: We dont have a concrete problem statement.
- EL: OK:
Want to allow "movement of enforcement point" between
the registry and registrar. It should be mandatory to
implement and option to use, and allow granularity of
meta-data. It should be per element or per session.
- RW: Another req. is that it could be expressed on a per object
or per session basis.
- SH: What does that mean? When a registrar creates a session they
express parameters for the entire session. In my experience,
no-one will want to express "every object i manipulate in this
session i dont want you to publish"
- RW: strike per session.
- GM: It is only "per element" that qualifies as a social element.
- RW: per object? per element? per facet? per value?
- SH: See www.cafax.se/ietf-provreg/maillist/2002-12/asg00093.html
and www.cafax.se/ietf-provreg/maillist/2002-12/msg00102.html
Extensions Document:
- EL: Something the working group asked for a while ago. People trying to
write extensions would come to Scott and asked if it was right. There
was no guidance on how to do an extension to EPP. A few weeks short
of 6 months ago. no other comments.
Host Objects:
- EL: The one thing discussed with me in the last few weeks is the host
objects. Hopefully someone with an issue with these will say something
here. Scott thinks this problem is solved if you think of EPP in a
different way. The other thing I hope to hear here is an explanation
of EPP requiring host objects is causing people problems in doing
registration. In Apricot I saw someone stand up and say what bad things
EPP does to them. Hopefully someone can speak to what they said.
Does anyone want to volunteer information about this recent discussion?
- RW: What discussion?
- Suzanne Woolf: We have expressions of concern from some registries.
They should express them.
- Frederico Neves (.br): What is the real reason to have a host object? It
is only because of the historical model of gTLDs?
- SH: I'll admit it started because it is the model I am familiar with.
We have talked about this at great length on the list. I know .DE
does this a little differently. There are bulk operations that typically
happen in some registries that makes the object model much more
efficient. That is why they are still there. Such as address changes,
name changes.
- FN: If you talk about address changes, you are only talking about
glue records. You are only talking domains where the ns is under
that domain. This is the only place. I only see host objects here
handling host name changes. I see problems with registries with
different security models. We saw on the mailing list many times
people wondering about hostname registration by registries that dont
have authority of the tld of that host. This is a security problem
to have this data in your database. How do you authenticate this
information to be put in your database and how do you know the
people putting this information in your database is actually
responsible or authoritative for this infomation. We know that
there is a lot of deadlocks in this dfatabase because of this
problems. I am just trying to point that enforicng this in the
protocol it is probably maintaing a model that is causing
problems in the past.
- SH: If I want to delegate a domain to ns1.foo.bar, whether I refer
to that as an object or a name has no security problems.
- Jorg Bauer: There are good reasons to use object, but there are reasons
not to do it. We are talking here about a default mapping. It just
defined an environment to set up a regitry. the problem comes with
an old registry that have special policies. alot of these registries
dont fit in this model, so they have to make a decision to either
create new basic object and define them, or working with extensions,
or a mixture. i think this leads us nowhere. everytime we have
this discussion we get nowhere.
- RW: We made a decision and we knew the implications. One problem we
have is we cant delete a host object because it is being used by
other domains. That is part of the trade-off. We could structure
EPP to allow either/or... we could solve this with either functionality
if we choose to go down that road. There is tradeoff with moth ways.
I don't see that we cant figure out a way to integreate both, but
what i hear is people are upset or disgruntled about using this,
but they don't see either... a complete change. we have to do one
or another.
- EL: Document that is was a design choice and the rationale
- RW: Need to find a way, now that we have more use cases, to allow
these other uses.
- EL: People come in late in the case, and dont want to rock the boat.
- SH: Check the archives, discussed in the past with a proposal.
It allows either/or. It was shot down on the list.
- ??: another interesting thing in Australia.. we weren't using host
objects and we are now. epp in encouraging a move to a uniform model.
- FN: we have to write extensions to support something so basic like
do a delegation. this is a protocol for domain delegations. this is
a problem.
- EL: I was hoping to hear from Joe Abley who had a good list.
Other obstacles to Proposed Standard:
- There are a bunch of issues, like ROID, I haven't listed. Anyone
want to speak about that. If not, we will just pass over this.
This is one of the issues. Another issue from RW was the last
verified in Atlanta we dicded to add as an extension.
- RW: You say concensus and only one proposed that.
- EL: Well there were a few. It fit the extensions solution. Now
instead of arguing about the process. Is there anything you want
to say about that to make us change our name?
- RW: I will be a good person.
- EL: Any other topics? We have the privacy stuff, and a better idea
of the problem but not optimistic that we have a solution. If that
works we have the proposed standard documents. SO I am grovelling
for any other reasons to have something else said about the docs?
If not, we're done.
OK, so we are done. Thanks for showing up.
Actions are to take privacy problem to mailing list. I will send
out a summary.
RW: Succinctly state the problem in 3-4 sentences when sent to the
list, indented a few spaces.
Message will go out early next week, when I get home. After a week
after that, will send out solutions. Period of a month? Well before
Vienna.
- SH: What to do with the _09 draft? The queue was closed. That makes
the DCP mandatory. I hear today that is not where we are going and
there is no risk of expiry
- RW: and people implement these drafts if he says DCP is mandatory it
will end up in implementations.
- EL: That question should go to the mailing list. some people said
if the IESG agrees to this they agree. as that is not enough we
have to reask this.
- RW: We can say now we know this does not fulfil their requirements.
Nothing is going to change that statement.
- EL: I admit I wasn't thinking that way during the discussion.
- TH: If you are expecting implementations that might do the wrong
thing then we should probably hold off.
- EL: OK.
End of Meeting.
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis +1-703-227-9854
ARIN Research Engineer
It's true, my last college class really was "Introduction to Ada."