To:
Jens Wagner <jwagner@hexonet.net>
Cc:
James Gould <jgould@verisign.com>, Ulrich Wisser <liste@publisher.de>, Frederico A C Neves <fneves@registro.br>, EPP Provreg<ietf-provreg@cafax.se>
From:
Oliver Peter <lists@peter.de.com>
Date:
Wed, 4 Aug 2010 10:28:37 +0200
In-Reply-To:
<4C582ECF.5050801@hexonet.net>
Reply-To:
lists@peter.de.com
Sender:
owner-ietf-provreg@cafax.se
Subject:
Re: [ietf-provreg] RFC5910 public client implementation
On Tue, 03 Aug 2010 16:59:27 +0200 Jens Wagner <jwagner@hexonet.net> wrote: > E.g. it accepts the following input > > <?xml version="1.0" encoding="UTF-8" standalone="no"?> > <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"> > <command> > <update> > <domain:update xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"> > <domain:name>secdns.org</domain:name> > </domain:update> > </update> > <extension> > <secDNS:update xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1"> > <secDNS:rem> > <secDNS:all>true</secDNS:all> > </secDNS:rem> > <secDNS:add> > <secDNS:keyData> > <secDNS:flags>256</secDNS:flags> > <secDNS:protocol>3</secDNS:protocol> > <secDNS:alg>1</secDNS:alg> > <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey> > </secDNS:keyData> > <secDNS:keyData> > <secDNS:flags>257</secDNS:flags> > <secDNS:protocol>3</secDNS:protocol> > <secDNS:alg>5</secDNS:alg> > <secDNS:pubKey>AQPJ////5Q==</secDNS:pubKey> > </secDNS:keyData> > </secDNS:add> > </secDNS:update> > </extension> > <clTRID>ABC-12345</clTRID> > </command> > </epp> > > > and creates two DS data record: > > <secDNS:dsData> > <secDNS:keyTag>65535</secDNS:keyTag> > <secDNS:alg>1</secDNS:alg> > <secDNS:digestType>1</secDNS:digestType> > <secDNS:digest>1543C1BABEB5ECAF98774188032928B3CD18299A</secDNS:digest> > <secDNS:keyData> > <secDNS:flags>256</secDNS:flags> > <secDNS:protocol>3</secDNS:protocol> > <secDNS:alg>1</secDNS:alg> > <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey> > </secDNS:keyData> > </secDNS:dsData> > <secDNS:dsData> > <secDNS:keyTag>46089</secDNS:keyTag> > <secDNS:alg>5</secDNS:alg> > <secDNS:digestType>1</secDNS:digestType> > <secDNS:digest>2A515440A8AEA13F034191AB0D35DB1DDF7968E8</secDNS:digest> > <secDNS:keyData> > <secDNS:flags>257</secDNS:flags> > <secDNS:protocol>3</secDNS:protocol> > <secDNS:alg>5</secDNS:alg> > <secDNS:pubKey>AQPJ////5Q==</secDNS:pubKey> > </secDNS:keyData> > </secDNS:dsData> Hm, that output above (<secDNS:infData> I guess?) depends on the <extURI> elements specified by the client within the login frame, right? In case of using Key Data Interface and specified urn...secDNS-1.1 within <extURI> I think you have to return the <secDNS:keyData> elements and not the resulting <secDNS:dsData>. That's my understanding - please correct me if I'm wrong. I think we will support the Key Data Interface - but not with secDNS-1.0 backwards compatibility at the same time. But the decision hasn't been made yet. -- Oliver PETER <oliver@peter.de.com> opDNS Internetdienstleistung http://opdns.de Alte Dorfstr. 17 D-93309 Kelheim-Weltenburg -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List run by majordomo software. For (Un-)subscription and similar details send "help" to ietf-provreg-request@cafax.se