To:
ietf-provreg@cafax.se
From:
Patrick Mevzek <provreg@contact.dotandco.com>
Date:
Wed, 10 Dec 2008 02:16:41 +0100
Content-Disposition:
inline
In-Reply-To:
<C5640F44.2FB26%jgould@verisign.com>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mutt/1.5.13 (2006-08-11)
Subject:
Re: [ietf-provreg] DNSSEC EPP Extension (RFC 4310) Usability Question
James Gould <jgould@verisign.com> 2008-12-09 18:29 > In reviewing the DNSSEC EPP Extension (RFC 4310) I noticed one usability > issue that I would like to get feedback from the existing implementations of > the extension. > > The specification allows adding (<secDNS:add>), removing (<secDNS:rem>), and > changing (<secDNS:chg>) DS data, but according to the XML schema they canšt > be done at the same time. Below is from the RFC 4210 XML schema for the > <secDNS:update>: As others have said I think the whole "issue" is the same for all update operations on various objects, not only DNSkey materials. I think that by allowing more flexibility with all operations possible at the same time, it only create confusion with no big benefit at the end. Specifically, I think the most frequent use case for DNS material would be to add *OR* remove a key, and not at the same time if we are after smooth transitions. Change of a key detail may be useful but should not happen too often in practice. So having only either one add or one chg or one rem block in a domain:update for DNSkey material seem fine to me, and I would not be in favor of mixing. I also observe (without hard numbers) that use cases depend on object types. I would say that for status values it seems more logical to have mainly add and rem operations (and again probably very few with add and rem together in a single call), where for nameservers the chg operation may be more frequent (even if not possible by core EPP RFCs, it is done by some registries). As for contact, I would say that it derives a lot from the fact that very few registries seem to allow really multiple contacts of the same type, and if they do I think very few registrars use that feature. Hence in that case add or rem operations are probably the more logical one for contacts during domain update. For me, no mix at all would be the simpler case, both on registry side and registrar side: that way there is nothing to think about what will happen if we do add+rem at the same type for the same info (otherwise it depends on registry policies and in some case it will be a noop as add+rem will be seen as opposite, where sometimes in other registries or other cases it will be a removal since it comes last), and registrars still have all power to do what they want, they just, if really needed, do multiple domain:update calls one after the following and each one with either an add, a rem or a chg. And this can be encapsulated on their side as a global operation in an higher API. I also observe that, for the same object types, some registries allow *only* chg, others allow *only* add and/or rem and some allow all 3 ... which create even more confusion. -- Patrick Mevzek