Roman, Thank you for review and comments. Please find our responses in line below. Please let us know if you have any questions.
Thanks, Jody. -----Original Message----- From: Roman Danyliw via Datatracker <nore...@ietf.org> Sent: Wednesday, October 6, 2021 10:58 AM To: The IESG <i...@ietf.org> Cc: draft-ietf-regext-epp-registry-maintena...@ietf.org; regext-cha...@ietf.org; regext@ietf.org; James Galvin <gal...@elistx.com>; gal...@elistx.com Subject: Roman Danyliw's No Objection on draft-ietf-regext-epp-registry-maintenance-17: (with COMMENT) Caution: This email is from an external sender. Please do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspicious emails to isitbad@. Roman Danyliw has entered the following ballot position for draft-ietf-regext-epp-registry-maintenance-17: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fblog%2Fhandling-iesg-ballot-positions%2F&data=04%7C01%7Cjkolker%40godaddy.com%7Cb84b5055519e4614fc8508d988e21865%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637691326930629065%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=m7cR8WPoeVkx0hwbVVTl4P9UmrgMtkGADkRsbFjKur4%3D&reserved=0 for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-regext-epp-registry-maintenance%2F&data=04%7C01%7Cjkolker%40godaddy.com%7Cb84b5055519e4614fc8508d988e21865%7Cd5f1622b14a345a6b069003f8dc4851f%7C0%7C0%7C637691326930629065%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=N1Jod4XovrypIM83Qel4GwppHSAyZg52cy1nFNp7A0M%3D&reserved=0 ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Thank you to Melinda Shore for the SECDIR review. ** Section 7. "If a client queries for a maintenance identifier, per Section 4.1.3.1 "Info Maintenance Item", that it is not authorized to access, the server MUST return an EPP error result code of 2201 [RFC5730]." Should this be softened to give a server the flexibility to alternatively return a 2303 error ("Object does not exist") so the existence of a maintenance updates would remain unknown to unauthorized users? If not, this (likely minor) risk of leaking the existence of maintenance windows should be noted. << The text has been updated to allow the server to return a 2303 or a 2101 error. >> ** Section 7. These could be read as conflicting. (a) Section 7. "a server MUST only provide maintenance information for clients that are authorized." (b) Later in Section 7. "The list of top-level domains or registry zones returned in the "Info Maintenance Item" response SHOULD be filtered based on the top-level domains or registry zones the client is authorized." (a) seems to say that a client must only get the information for which it is authorized, but (b) suggests that this filtering for those TLD/zones to restrict it only to authorized clients is only a should. << The text has been updated from MUST to SHOULD for the return of the 2201 or 2203 error. This should resolve the conflict. >> _______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
