Hello I was hoping for some input of the community about an implementation decision for the Domain Info Command/Response when it comes to the optional <domain:authInfo> associated with the domain object.
RFC-5731 about <domain:authInfo>: ... If this element is not provided or if the authorization information is invalid, server policy determines if the command is rejected or if response information will be returned to the client. 1. In case the <authinfo><pw> element is delivered but not correct (no match or not set on domain) we will return a Code 2202 to inform. (sponsoring client or not) 2. In case an empty tag is given (<authinfo><pw/></authinfo>) we are wondering if: Option 1: always Response Code 1000 should be returned Option 2: Only answer with 1000 when there is NO authinfo/pw set on the domain (kind of confirming it) and otherwise 2202 considering an empty tag as invalid authorization information delivered. I think maybe option 2 may be better because that way a registrar could check if an <authinfo> is set or not even without knowing it. After all, the registry could have set or deleted <authinfo> without noticing the registrar. However many clients seem to send <authinfo><pw/></authinfo> just about always and they would need to adjust. I have to mention that our Domain Info response will never include the actual <authinfo> since we only store a hash of it for security reasons. A Domain Info Command with the <authinfo> Element entirely omitted will always be answered with 1000. Thanks and merry X-Mas! Martin Casanova --- SWITCH Martin Casanova, Domain Applications Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 55, direct +41 44 268 16 25 [email protected], www.switch.ch Working for a better digital world _______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
