Re: [ietf-provreg] secDNS-1.1: use of only one form of interface

[James Gould <jgould@verisign.com>]

Title: Re: [ietf-provreg] secDNS-1.1: use of only one form of interface

James,

> We have one server (process) that provides an EPP interface for more
> than one zone, each zone potentially having a different policy, i.e. one
> policy may mandate Key Data whereas another policy may mandate DS Data.
> Furthermore, I do not understand why one zone cannot have a policy that
> gives registrants the choice of DS Data or Key Data for a domain. What
> is the rationale for this requirement?

I don’t understand what you mean by “each zone potentially having a different policy”.  Generally the Registry is providing an EPP interface for the management of a TLD (zone) with a single server-side policy.  The rationale for requiring one form of interface for a server was the following:

1. Be consistent with the other EPP specifications.  RFC 5731 supports two forms of interfaces for name servers (hostObj and hostAttr) where “A server operator MUST use one name server specification form consistently”.  
2. Provides for a simpler and cleaner interface if the server instance only supports a single interface for the same object types (DS in RFC 5910).   With the DS Data Interface the client is responsible for managing the DS and with the Key Data Interface the server is responsible for managing the DS based on the Key Data.  Mixing both interfaces will make it more complex for clients, since all clients would have to support both interfaces and would need to determine the interface to use on domain transfers.  
   

-- 


JG 

-------------------------------------------------------
James F. Gould
Principal Software Engineer
VeriSign Naming Services
jgould@verisign.com
Direct: 703.948.3271
Mobile: 703.628.7063

 
21345 Ridgetop Circle
LS2-2-1
Dulles, VA 20166

Notice to Recipient:  This e-mail contains confidential, proprietary and/or Registry  Sensitive information intended solely for the recipient and, thus may not be  retransmitted, reproduced or disclosed without the prior written consent of  VeriSign Naming and Directory Services.  If you have received  this e-mail message in error, please notify the sender immediately by  telephone or reply e-mail and destroy the original message without making a  copy.  Thank you.

---

From: James Mitchell <james.mitchell@ausregistry.com.au>
Date: Sat, 11 Sep 2010 03:11:29 -0400
To: EPP Provreg <ietf-provreg@cafax.se>
Subject: [ietf-provreg] secDNS-1.1: use of only one form of interface

Hello,

I am seeking clarification on the following sentence from RFC 5910.

   The server MUST support the
   use of only one form of interface across all <secDNS:create>,
   <secDNS:update>, and <secDNS:infData> elements, except during a
   transition period, during which the server MAY support both.

We have one server (process) that provides an EPP interface for more
than one zone, each zone potentially having a different policy, i.e. one
policy may mandate Key Data whereas another policy may mandate DS Data.
Furthermore, I do not understand why one zone cannot have a policy that
gives registrants the choice of DS Data or Key Data for a domain. What
is the rationale for this requirement?

Regards,

James Mitchell

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List run by majordomo software.  For (Un-)subscription and similar details
send "help" to ietf-provreg-request@cafax.se