Minutes IETF104: regext
minutes-104-regext-01

IETF 104, REGEXT WG, Monday 2019-03-25 13:50-15:50

Opening by James Galvin and Antoin Verschuren (both! present)

Jabber scribe George Michaelson

RFC published since last meeting, RFC 8521, 8495, 8543, 8544

Submitted for Evaluation "Registration Fee extension",
"Strict bundling registration"

Document withdrawal by authors for "Verification Code extension"

Newly adopted documents
- Federated authentication for RDAP
- RDAP Query Parameters for Result Sorting
- RDAP Partial Response
- RDAP Reverse Search
- Login Security Extension for EPP

Scott Hollenbeck presents his draft about "Federated Authentication for RDAP".

Adam Roach, Scott make sure to make parameters compliant with BCP 190

Andrew Newton, device flow makes things over complicated

James Galvin (as individual), how do we handle non browsers if not
by device flow?

Richard Wilhelm, on going policy in ICANN is not ICANN organisation
but the ICANN process

Alexander Mayerhofer, do out-of-band for non browsers

Jaromir Talir, problem discussion with oauth around restful vs. session



Mario Loffredo, presents RDAP Sorting and Paging

Jim Gould, is it possible to implement paging without sorting?
Mario Loffredo, yes

Jim Gould, is it possible to identify what is supported?
Jim Gould, would it be benificial to support different version numbers
for sorting and paging

Andrew Newton, need mechanism for servers to indicate capabilities

Jim Gould, seconds Andrew


Mario Loffredo, presents RDAP Partial Response

Jim Gould, policy in draft, better a mechanism to let server
define fieldsets

Andrew Newton, thinks normally expected is good enough



Mario Loffredo, presents RDAP Reverse Search

Stephane Bortzmeyer, privacy considerations is not enough,
reverse search is dangerous,

Gurshabad Grover, seconds Stephane

Alexander Mayerhofer, privacy section not sufficient, should say it is
ok to just implement a subset

Andrew Newton, MUST NOT do until the user is authenticated



Jim Gould, Login Security Extension for EPP

Robert Story, password complexity requirements not met should be
better; Jim Gould responded that the password complexity requirements
are handled in draft-gould-regext-login-security-policy.

Martin Casanova (Switch), agent is free text, should maybe be more structured

Stephane Bortzmeyer, password recommendations should reference password
research document; Jim Gould asked if there are any suggested password
documents to reference in draft-ietf-regext-login-security.



Milestone review

James Galvin, we have two streams RDAP and EPP and struggle to balance
between them

George Michaelson, RDAP is important now because industry wants to
replace whois, we might need two time slots

Richard Wilhelm, RDAP has core documents that are important and others
that are less important

James Galvin, Alexander Mayerhofer, two workstreams have diffrent sice
of audience, EPP small audience world wide, RDAP much larger audience
in the future

Peter Koch, we need in depth review of privacy,

Andrew Newton, if two meetings, maybe two working groups

James Galvin, stay focused on 5 mile stones at most, proposal to have
two milestones per stream and assign the fifth as appropriate

Jim Gould, do not split, substantial personal overlap

Scott Hollenbeck, do not split, maybe more than 5 milestones

James Galvin, maybe we can have adopted documents but not have
milestones for them

Andrew Newton, George Michaelson, privacy stuff is important, we need
an overarching doc for privacy

Antoin Verschuren, do we have the expertise in the wg?

James Galvin, maybe we can't commit to milestones and find a way to
manage discussion to get a document to this point

Barry Leiba, documents can be moved between adopted, worked on,
milestones as needed



Proposed New Work

Tom Harrison, presents RDAP Mirroring Protocol

Marc Blanchet, Map a registrar ID to the registrar RDAP server URL

Andrew Newton, RDAP jcard issues

Alexander Mayerhofer, announcing Registry Lock side meeting at IETF104