To:
James Gould <jgould@verisign.com>
cc:
EPP Provreg <ietf-provreg@cafax.se>
From:
Bernie Hoeneisen <bernie@ietf.hoeneisen.ch>
Date:
Sun, 21 Feb 2010 21:43:31 +0100 (CET)
In-Reply-To:
<C7A6EAFB.37899%jgould@verisign.com>
Sender:
owner-ietf-provreg@cafax.se
User-Agent:
Alpine 2.00 (DEB 1167 2008-08-23)
Subject:
Re: [ietf-provreg] draft-gould-rfc4310bis-05.txt Submitted forReview
Hi James, Thanks for your clarifications! I guess I now understand, what you intend to accomplish with the 3rd bullet point that I misunderstood. It looks like this can easily be resolved on editorial level. How about to clear out the 3rd bullet point as follows (proposal): 3. Response to EPP <domain:info> Command The version of <secDNS:infData> to be returned by the server in the response to a <domain:info> command SHOULD depend on the <extURI> elements (indicating the secDNS extension) the client included in the EPP <login> command using the following mapping: - Return secDNS-1.1 <secDNS:infData> if urn:ietf:params:xml:ns:secDNS-1.1 was included as an <extURI> in the EPP <login> command. - Return secDNS-1.0 <secDNS:infData> if urn:ietf:params:xml:ns:secDNS-1.0 but not urn:ietf:params:xml:ns:secDNS-1.1 was included as an <extURI> in the EPP <login> command. - Don't return any <secDNS:infData> element if neither urn:ietf:params:xml:ns:secDNS-1.0 nor urn:ietf:params:xml:ns:secDNS-1.1 was included as an <extURI> in the EPP <login> command. ---- Abd some more editorial feedback (not directly related to our recent discussion): * I suggest to add an explicit statement about deprecation (somewhere in the Introduction, e.g. shortly before section 1.1). It could be something along the lines of: This document obsoletes RFC 4310; thus secDNS-1.1 as defined in this document deprecates secDNS-1.0 [RFC 4310]. * The introduction of Section "2. Migrating from RFC 4310" could be rewritten as follows (proposal): This section includes implementation recommendations that a server SHOULD follow to help clients migrate from secDNS-1.0 [RFC 4310] to secDNS-1.1 as defined in this document * I suggest to add a recommendation for EPP clients e.g. (proposal): As this document deprecates RFC 4310, clients supporting both version secDNS-1.0 [RFC 4310] and secDNS-1.1 (as defined in this document) SHOULD only use secDNS-1.1, if the server announced support for secDNS-1.1 in the greeting. * Maybe define secDNS-1.0 and secDNS-1.1 in section 1.1 as an abbreviation for urn:ietf:params:xml:ns:secDNS-1.(0|1) --- Have a nice evening! cheers, Bernie On Sun, 21 Feb 2010, James Gould wrote: > Bernie, > > >> The implementation note did not state anything about the contents of the > >> greeting of the server > > > > That's what I said. Therefore the greeting might be different from login > > response (s. below in my original email). > > Ok, let’s try to walk through a use case, where the server does support both 1.0 and 1.1 per item #1 in section 2 “Migrating from RFC 4310”. > The server should include both urn:ietf:params:xml:ns:secDNS-1.0 and urn:ietf:params:xml:ns:secDNS-1.1 in the greeting per RFC 5730. The > client can submit the same or a subset of the services presented by the server greeting in the login. Item #3 of section 2 “Migrating from > RFC 4310” addresses the secDNS:infData that should be returned based on what the client presents in the EPP login. Let’s go through the > items within #3 of section 2 “Migrating from RFC 4310” one-by-one: > > 1. Client includes urn:ietf:params:xml:ns:secDNS-1.1 in the EPP login. If urn:ietf:params:xml:ns:secDNS-1.0 in the EPP login is also > included it doesn’t matter since the server should return urn:ietf:params:xml:ns:secDNS-1.1 of the secDNS:infData. > 2. Client only includes urn:ietf:params:xml:ns:secDNS-1.0 in the EPP login, which means that the client does not support > urn:ietf:params:xml:ns:secDNS-1.1 and therefore the server should return urn:ietf:params:xml:ns:secDNS-1.0 of the secDNS:infData. > 3. Client does not include either urn:ietf:params:xml:ns:secDNS-1.0 or urn:ietf:params:xml:ns:secDNS-1.1 in the EPP login, which means that > the client doesn’t support secDNS at all. In this case the server should not include secDNS:infData. Nothing is being hidden here, > since secDNS is optional and the server is complying with the services that the client included in the EPP login. > > >> doing any kind of hiding of supported extensions. > > > > As I understand the hiding happens at login response (as it is defined now > > in draft-gould-rfc4310bis-05). > > I’m not sure what hiding that you’re referring to with the EPP login. There is nothing new here and there should be no hiding of anything > in either the EPP greeting or login. > > > >> It is assumed without having to restate it that the server MUST support > >> RFC 5730. > > > > As I said, the proposal is compliant with RFC 5730, however it might > > cause pain to implementors. > > This is the case where the clients and servers are properly following the greeting and EPP login semantics defined in RFC 5730 so this > should not be new or complicated. The EPP greeting should include all of the services supported by the server, which still holds. The EPP > login should include all of the services that are supported by the client, which still holds. Section 2 “Migrating from RFC 4310” simply > provides a recommended approach to dealing with a mix of client and server support for secDNS. There is certainly more work on the server > side to support both urn:ietf:params:xml:ns:secDNS-1.0 and urn:ietf:params:xml:ns:secDNS-1.1 in parallel, but the added work should be > expected. > > -- > > > JG > > ------------------------------------------------------- > James F. Gould > Principal Software Engineer > VeriSign Naming Services > jgould@verisign.com > Direct: 703.948.3271 > Mobile: 703.628.7063 > > > 21345 Ridgetop Circle > LS2-2-1 > Dulles, VA 20166 > > Notice to Recipient: This e-mail contains confidential, proprietary and/or Registry Sensitive information intended solely for the > recipient and, thus may not be retransmitted, reproduced or disclosed without the prior written consent of VeriSign Naming and Directory > Services. If you have received this e-mail message in error, please notify the sender immediately by telephone or reply e-mail and > destroy the original message without making a copy. Thank you. > > > _____________________________________________________________________________________________________________________________________ > From: <bernie@ietf.hoeneisen.ch> > Date: Sun, 21 Feb 2010 13:03:31 -0500 > To: James Gould <jgould@verisign.com> > Cc: EPP Provreg <ietf-provreg@cafax.se> > Subject: Re: [ietf-provreg] draft-gould-rfc4310bis-05.txt Submitted for Review > > Hi James, > > On Sun, 21 Feb 2010, Gould, James wrote: > > > The implementation note did not state anything about the contents of the > > greeting of the server > > That's what I said. Therefore the greeting might be different from login > response (s. below in my original email). > > > doing any kind of hiding of supported extensions. > > As I understand the hiding happens at login response (as it is defined now > in draft-gould-rfc4310bis-05). > > > The point of the note was to address how the server will handle clients > > that support 1.0, 1.1, or both. > > I understand this, and it's good to have this section about transition > considerations. > > > It is assumed without having to restate it that the server MUST support > > RFC 5730. > > As I said, the proposal is compliant with RFC 5730, however it might > cause pain to implementors. > > cheers, > Bernie > > > > > ----- Original Message ----- > > From: Bernie Hoeneisen <bernie@ietf.hoeneisen.ch> > > To: Gould, James > > Cc: EPP Provreg <ietf-provreg@cafax.se> > > Sent: Sun Feb 21 12:14:38 2010 > > Subject: Re: [ietf-provreg] draft-gould-rfc4310bis-05.txt Submitted for Review > > > > Hi James > > > > Thanks for the update! > > > > Concerning the transition considerations: > > > > 3. The version of <secDNS:infData> to return for a domain info > > command SHOULD be defined by the secDNS extURI's included in the > > EPP login services using the following mapping: > > [...] > > > > - This does not specify the behavior of Hello & Greeting (RFC 5730, > > 2.3/2.4), where extensions are queried too. This might lead to > > inconsistencies in the extension announcements of an EPP server. > > > > - Furthermore I consider it a bad idea, if EPP servers hide extensions > > from EPP clients. While such behavior is not prohibited by RFC 5730, it > > potentially introduces inconsistencies in the feature negotiation process. > > > > - The text (as it is) leads to confusion among implementors. > > > > For these reasons, I suggest to replace the 3rd bullet point by a > > recommendation, that the EPP client SHOULD always use 1.1, if mutually > > supported by EPP server and client (or sth similar). > > (The EPP server should always be honest about his supported extensions.) > > > > cheers, > > Bernie > > > > > > On Wed, 17 Feb 2010, James Gould wrote: > > > > > All, > > > > > > I submitted http://www.ietf.org/id/draft-gould-rfc4310bis-05.txt which includes the feedback that I received so far. I included an open > > > question on the inclusion of the ttl element to the AD for guidance. Please let me know if you have any feedback to the latest draft. > > > > > > Thanks, > > > > > > -- > > > > > > > > > JG > > > > > > ------------------------------------------------------- > > > James F. Gould > > > Principal Software Engineer > > > VeriSign Naming Services > > > jgould@verisign.com > > > Direct: 703.948.3271 > > > Mobile: 703.628.7063 > > > > > > > > > 21345 Ridgetop Circle > > > LS2-2-1 > > > Dulles, VA 20166 > > > > > > Notice to Recipient: This e-mail contains confidential, proprietary and/or Registry Sensitive information intended solely for the > > > recipient and, thus may not be retransmitted, reproduced or disclosed without the prior written consent of VeriSign Naming and > Directory > > > Services. If you have received this e-mail message in error, please notify the sender immediately by telephone or reply e-mail and > > > destroy the original message without making a copy. Thank you. > > > > > > > > > > > > > > > > > >