Re: draft-gould-rfc4310bis-00.txt Submitted for Review
James Gould <jgould <at> verisign.com>
2009-12-11 20:51:42 GMT
Thanks for the feedback. The secDNS:chg should be able to handle the use
case that you describe, since secDNS:chg is a full replace. Removing all
existing and setting the new DS or Key Data is handled by secDNS:chg. The
corner case that is not covered in the current schema is replacing all DS or
Key Data with nothing, meaning remove all. I prefer that the client
explicitly specify what should be added or removed via the secDNS:add and
secDNS:rem, but the secDNS:chg could be updated to allow an empty
secDNS:chg. Below is the schema update needed to allow secDNS:chg to be
empty. This change is also backward compatible, so the question is whether
it meets the need and whether it is a good practice to include in the draft?
Any thoughts to this?
<element name="dsData" type="secDNS:dsDataType"
<element name="keyData" type="secDNS:keyDataType"
<element name="chg" type="secDNS:chgType"/>
<element name="add" type="secDNS:dsOrKeyType" minOccurs="0"/>
<element name="rem" type="secDNS:remType" minOccurs="0"/>
<attribute name="urgent" type="boolean" default="false"/>
The sample command looks like:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
James F. Gould
Principal Software Engineer
VeriSign Naming Services
jgould <at> verisign.com
21345 Ridgetop Circle
Dulles, VA 20166
Notice to Recipient: This e-mail contains confidential, proprietary and/or
Registry Sensitive information intended solely for the recipient and, thus
may not be retransmitted, reproduced or disclosed without the prior written
consent of VeriSign Naming and Directory Services. If you have received
this e-mail message in error, please notify the sender immediately by
telephone or reply e-mail and destroy the original message without making a
copy. Thank you.
From: Patrik Fältström <patrik <at> frobbit.se>
Date: Fri, 11 Dec 2009 05:10:46 -0500
To: James Gould <jgould <at> verisign.com>
Cc: EPP Provreg <ietf-provreg <at> cafax.se>
Subject: Re: [ietf-provreg] draft-gould-rfc4310bis-00.txt Submitted for
On 8 dec 2009, at 16.01, James Gould wrote:
> The draft meets the following goals that were previously sent to the list:
> 1. XML schema is backward compatible
> 2. Support for add and rem in the same command
> 3. Support for passing all four dsData attributes on a rem
> 4. Support for a dsData and keyData primary interface. Only one primary
> interface should be supported by the server.
> 5. Remove support for the wildcard delete of dsData in the rem by just using
> the keyTag with a clear statement (i.e. Server must return error if the
> keyTag matches multiple DS records) in the specification. From my
> perspective and I believe a couple others this is a key issue that must be
> 6. Clarity in the specification on the use of the chg as a replace or a
> ³change all².
> 7. Clarity around the corner case of a client attempting to add and remove
> the same dsData or keyData in a single command. This must result in an
> error from the server. Additionally an error must be returned if the client
> tries to remove dsData or keyData that does not exist or tries to add dsData
> or keyData that already exists.
I think the draft is good, and clarifies a number of things.
But, when adding things (as we are), I ask whether we can not add a feature
to the protocol that we use in .SE that actually make things a bit easier:
If a "rem" has a keytag of zero, then all keytags are removed.
That eliminates some situations (specifically after a transfer to a gaining
registrar) a number of info + multiple rem commands. One can "just" do "rem
keytag=0" followed by the add of the new keys. And, it also makes life
easier when doing a transfer to a registrar that do not support DNSSEC. They
"only" have to be able to do rem, keytag=9 on the domains they gain.
List run by majordomo software. For (Un-)subscription and similar details
send "help" to ietf-provreg-request <at> cafax.se