To:
James Gould <jgould@verisign.com>
CC:
EPP Provreg <ietf-provreg@cafax.se>
From:
Klaus Malorny <Klaus.Malorny@knipp.de>
Date:
Fri, 18 Dec 2009 10:38:42 +0100
In-Reply-To:
<C74C2CD9.36509%jgould@verisign.com>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.1.5) Gecko/20091216 Shredder/3.0.1pre
Subject:
Re: [ietf-provreg] draft-gould-rfc4310bis-01.txt Submitted for Review
On 14/12/09 23:56, James Gould wrote:
> All,
>
> I submitted 01 of the draft. The official draft is available at the URL
> below:
>
> http://www.ietf.org/id/draft-gould-rfc4310bis-01.txt
>
> [...]
>
> Please provide me with any feedback that you have via the list or
> privately.
>
> Thanks,
>
Hi James,
thank you for your work. Unfortunately, I did not find time earlier to review
the -00/-01 drafts, but here are my comments on the -01 draft (minor issues mostly):
- - 8< - -
section 3.
The server MUST support use of one specification form consistently.
What does "consistency" mean in this context? This is a bit too vague for me.
Shall it be possible to use one form for one domain, and the other form for
another domain at the same instance?
section 4.1.2.
While the XML schema and the wording "one or more ...dsData...|...keyData...
elements" implies the following, maybe it is worth to mention that if a domain
does not have and DS or key data at all, the <secDNS:infData> element MUST not
be included.
section 4.2.1.
same issue as 4.1.2. regarding the inclusion of <secDNS:create>.
section 4.2.5.
The EPP <update> command provides a transform operation that allows a
client to modify the attributes of a domain object. In addition to
the EPP command elements described in the EPP domain mapping, the
command MUST contain an <extension> element. The <extension> element
MUST contain a child <secDNS:update> element that identifies the
extension namespace and the location of the extension schema.
This implies that the extension element would have to be provided even in the
case that the client does not intend to update the DNSSEC related data at all.
In my humble opinion, this should not be the case, although the schema does
allow an empty transformation regarding DNSSEC data.
(<secDNS:rem> section)
<secDNS:dsData> element is used to uniquely define the DS record to
remove by using all four elements <secDNS:keyTag>, <secDNS:alg>,
<secDNS:digestType>, and <secDNS:digest> that is guaranteed to be
unique.
<secDNS:keyData> element is used to uniquely define the key data to
remove along with the associated DS data. There can be more then one
DS record created for each key, so removing a key could remove more
then one DS record.
I would prefer if -- similar as for the dsData element -- the elements would be
mentioned that are relevant for the identification, i.e. <flags>, <protocol>,
<alg>, <pubkey> (excluding <maxSigLife>)
As Scott Hollenbeck recently clarified that the order in the XML document
implies the execution order of the various changes contained in a request, I
suggest to change the order of the <add> and <rem> element so that the <rem>
element comes first. This would allow a client to change the <maxSigLife> value
for a single entry using the <rem>/<add> scheme.
section 5/section 7:
I discovered that the schema uses the same XML namespace as RFC 4310. I am not
familiar with the policies of XML namespaces at the IETF, but I wonder whether
there is a need to use a different XML namespace, since we considerably changed
the schema (despite the fact that it should be backward compatible).
- - 8< - -
Regards,
Klaus
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software. For (Un-)subscription and similar details
send "help" to ietf-provreg-request@cafax.se