On Thu, Dec 19, 2019, at 04:04, Martin Casanova wrote:
> Hello
>
> I was hoping for some input of the community about an implementation
> decision for the Domain Info Command/Response when it comes to the
> optional <domain:authInfo> associated with the domain object.
Unfortunately, currently, everyone does things differently.
I recently made an internal survey about how registries reply in the following
cases of domain:info
- by sponsor (note that I seem to recall a registry giving out an error
if you are sponsor but do provide the authInfo, where without it is a success)
- when not sponsor, without an authInfo, with a valid one, with an invalid one
- and also for an unregistered domain, results with or without authInfo.
I still need to be able to wrap my brains around the multiple cases I have
found,
no uniformity at all. This makes life of registrars very complicated,
but the problem here comes from the special handling of passwords, and also
GDPR-level issues.
> 2.
> In case an empty tag is given (<authinfo><pw/></authinfo>) we are
> wondering if:
> Option 1: always Response Code 1000 should be returned
> Option 2: Only answer with 1000 when there is NO authinfo/pw set on the
> domain (kind of confirming it) and otherwise 2202 considering an empty
> tag as invalid authorization information delivered.
Like said in other message, a node being there but empty means the empty value
not the undefined one. I would say the reply should be positive only if the
domain authInfo is also the empty string (which is different from being
undefined)
> After all, the registry could have set or deleted <authinfo> without
> noticing the registrar.
Registries should at least send EPP notifications for anything they do on
registrar objects, otherwise registrars have no hope to keep their own
database in sync.
> However many clients seem to send
> <authinfo><pw/></authinfo> just about always and they would need to adjust.
There are as many broken clients as they are broken servers...
--
Patrick Mevzek
[email protected]
_______________________________________________
regext mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/regext
