Skip to main content

Last Call Review of draft-ietf-regext-epp-ttl-15
review-ietf-regext-epp-ttl-15-secdir-lc-hardaker-2024-08-14-00

Request Review of draft-ietf-regext-epp-ttl
Requested revision No specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2024-08-12
Requested 2024-07-29
Authors Gavin Brown
I-D last updated 2024-08-14
Completed reviews Dnsdir Early review of -09 by Anthony Somerset (diff)
Dnsdir Last Call review of -15 by Tim Wicinski (diff)
Artart Last Call review of -15 by Takahiro Nemoto (diff)
Genart Last Call review of -15 by Ines Robles (diff)
Secdir Last Call review of -15 by Wes Hardaker (diff)
Opsdir Last Call review of -15 by Per Andersson (diff)
Assignment Reviewer Wes Hardaker
State Completed
Request Last Call review on draft-ietf-regext-epp-ttl by Security Area Directorate Assigned
Posted at https://mailarchive.ietf.org/arch/msg/secdir/d3AvWKP00HjCek7Win1UrF1HoMw
Reviewed revision 15 (document currently at 16)
Result Has nits
Completed 2024-08-14
review-ietf-regext-epp-ttl-15-secdir-lc-hardaker-2024-08-14-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.

A note about my background: I'm very familiar with the DNS, moderately
with EPP concepts, and not an expert on XML.

The summary of the review is: ready with a few minor comments/nits

Over all: well written, clear and easy to read document.  Thank you.

The biggest issue:

- Did the WG discuss whether or not a client should be able to check
  generally how long a server will make use of a new TTL value?  It's
  clear that the server can change it at any point, but that makes it
  very hard for a client to actually manage their records in a way
  where the TTL change point can be ideally depended upon.  If I'm
  rolling a key and desire a 4 hour TTL in order to do so properly,
  but the server decides to switch back to a longer one 2 hours later
  that's a real problem and will cause large issues operationally.

  Furthermore, what if the policy changes after a client has set their
  value.  So if I set it to 4 hours because the policy is 30 minutes
  to 12 hours and then shortly after I set my TTL the server decides
  the new minimum value is 24 hours, what happens?

Comments and Nits:

- the introduction could use a few more words describing that this
  document really only is applying to parent/child relationships.
  Specifically, the intro could be read that the whole purpose of a
  zone is to create delegations, which may be true for the top of the
  DNS but less so as you go down.  Now, the document is obvious
  extending EPP where this is used mostly for these types of domains,
  and hopefully people reading the document knows this already.
  However, since the intro is already providing background I'd wish
  for it to be a touch more explicit about describing zone contents.

- In the bottom of 1.1 there is a discussion about the ttl prefix
  being used in examples.  It would add some clarity to specifically
  talk about the name space reference that the string should actually
  point to, like the rest of the examples already do.

- Section 1.2.1 says that elements MAY have the following
  attributes.... but the reality is that the following list contains a
  bunch of REQUIRED, MUST, MUST NOT and MAY requirements.  I'd argue
  this MAY should actually be dropped and left to each of the
  sub-bullets for exactness instead.  Something like "the following
  attributes, depending on whether it appears in a command or response
  frame, can appear:"

- I note that there is no generic statement about what to do when any
  required elements are missing.  Specifically, servers should always
  return "2306 Parameter value policy" error when any required field
  is missing or invalid.  This should probably be added in section 3
  generically, where the rest of the section may be specifically
  stating specific cases but should otherwise be used as a generic
  error message.

- It's unclear if the min parameter is allowed to equal to the max
  parameter.  It's clearly stated that default can be equal to min and
  max, but it would be nice to state clearly that min can, in fact, be
  equal to max as well.

- In 1.2.1.1 there is no upper bound on the TTL value, which surprises
  me.  I think it should match the DNS spec and I think it's indicated
  it might be in the XML requirements (I didn't check).

- In general it seems that the common terminology of
  "registry/registrar/registrant" is avoided (which is fine by me) but
  there are a few instances (eg 1.2.1.2 bullet #3).  I may be
  misreading the intention to shy away from this terminology though.

- I'd suggest moving the examples in 1.2.1.3 after the 1.3 section
  since the examples include a info reference (in 1.2.1.3.2).

- I'd suggest tests that validate the XML if one is not already in place.

- In the XML the clID and crID are both frequently "ClientX" -- I wanted
  to verify that this value is the right example value for both fields

- I note the DELEG example reference in the 2.2.2, which made me smile
  (full disclosure: I was a DELEG BOF chair).

- You might mention in the security considerations that an account
  compromise would lead to an attacker changing the NS/glue addresses
  and then setting a max length TTL to keep the real client from a
  swift recovery.