Benjamin Kaduk has entered the following ballot position for draft-ietf-regext-org-ext-09: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-regext-org-ext/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I have two points that I would like to discuss. It is more likely than not that at least one of them merely reflects my confusion and is a non-issue, but I would like to get these at least clarified. First, the examples throughout the document use organization identifiers like "myreseller" or "myproxy". This seems to me to be highly confusing, since these IDs are supposed to be server-unique values per organization, and are highly unlikely to be "my" reseller/proxy/etc. for all the entries in the registry. If I understand things correctly, the example IDs should instead be company-name-like values or "random" numbers or similar (or combination thereof). Second, I am unsure of the semantics relating to role types, especially as they interact with the <update> command. Various aspects of the examples seem to imply that it is only permitted to have at most one organization mapping of a given role type (i.e., one reseller, one proxy, etc.). In particular, the <orgext:chg> element seems to be using the <orgext:id> role attribute to determine which <orgext:id> is being changed (with the new value being provided in the element body), and the <orgext:rem> element is providing <orgext:id> with only the role attribute and no body to identify a specific organization to remove. If this reading of the document is correct, then I would expect the limitation to be called out more clearly, especially as it would seem to prevent a domain owner from (e.g.) using multiple DNS service operators. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Section 1 In the business model of domain registration, we usually have 3 roles of entities: a registrant, a registrar and a registry. There may be other roles of entities involved in the domain registration process which are not formally defined, such as resellers, DNS service operators, privacy proxies, etc. nit: Perhaps I am misreading, but are we not going to formally define these entities in the next paragraph (in which case "yet" might be worth adding)? An organization mapping object defined in [ID.draft-ietf-regext-org] SHOULD be created first. The organization information specified in this document MUST reference the existing organization identifier. What does "first" refer to? "prior to the use of that object"? Section 2 The XML namespace prefix "orgext" is used, but implementations MUST NOT depend on it and instead employ a proper namespace-aware XML parser and serializer to interpret and output the XML documents. [This could probably be written more clearly; see my comment on the companion document] Section 9 IIRC the authorization model for EPP does not allow arbitrary clients to retrieve information about arbitrary (unrelated) domains. If that's not the case, there would be privacy considerations with respect to exposing the linkages of the organization mappings (and roles). _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
