Summary: Has a DISCUSS. Needs 8 more YES or NO OBJECTION positions to pass.
** Section 6.1. Please provide a normative reference to XML Schema. ** Section 6.1. The schema defines types “clIDType” and “rrType” but their use isn’t explained in the text and they don’t appear to be used in the definition of <deposit>. ** Section 11. Was a requirement to secure the deposit data at rest considered? The text here suggests that such details needed to be worked out individually. However, Section 9 notes that the whole deposit is likely to be confidential. It would seem best practice to store such sensitive information encrypted.
** I didn’t follow how this draft fits with EPP or RDAP per the REGEXT charter (and neither of these protocols are references). ** Section 5.1. @resend. How does the registry know the escrow deposit failed to increment this attribute and resend? ** Section 5.1.2. <version>. The schema indicates that this should be set to 1.0, but this isn’t said in the text. How should an implementation process a version number it doesn’t recognize? ** Section 10. Per “As such, the registry transmitting the data to the escrow agent _should_ take all the necessary precautions …”, why isn’t this a “_MUST_ take all necessary precautions …”? Under what circumstances would transport security not be desirable?
+1 to Roman’s concerns on encryption, but I’m happy when he’s happy.
[comments under development, not an official position yet] Roman took many of my ideas, so I support his DISCUSS position and his comments. Some of the BCP14 language in this document feels mushy. "SHOULD/MUST take all necessary precautions" isn't very precise, while normally interoperability/normative language is supposed to be pretty crisp. "gTLD" and "ccTLD" could stand to be included in the definitions section, either by prose or by reference if there is one. This may reveal a weak point in my understanding of XML, but Section 5.1 says that the type of the deposit is FULL, INCR or DIFF. Is this case-sensitive? Section 5.1.1: Should "data-time" be "date-time"? Section 5.1.2: About "version", although I think this is made explicit in the XML schema in Section 6.1, I suggest a sentence be added making it clear that this document specifies version "1.0". Section 5.1.3: "This element SHOULD be present in deposits of type Incremental or Differential." This makes it sound like a deposit of those two types not using this element might be non-compliant. I suggest instead "This element is only used in Incremental and Differential deposits." (Or instead of "used", maybe "meaningful".) Section 5.1.4: " It SHOULD be present in all type of deposits." Same issue. Maybe "It is valid for use in all types of deposits." Section 5.1.4, last paragraph: When would you not apply that SHOULD? That strikes me as MUST territory.