idnits 2.17.1 

draft-arias-noguchi-registry-data-escrow-10.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (Jun 27, 2018) is 2128 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

     No issues found here.

     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Network Working Group                                          G. Lozano
3	Internet-Draft                                                     ICANN
4	Intended status: Standards Track                            Jun 27, 2018
5	Expires: December 29, 2018

7	                   Registry Data Escrow Specification
8	              draft-arias-noguchi-registry-data-escrow-10

10	Abstract

12	   This document specifies the format and contents of data escrow
13	   deposits targeted primarily for domain name registries.  However, the
14	   specification was designed to be independent of the underlying
15	   objects that are being escrowed, therefore it could be used for
16	   purposes other than domain name registries.

18	Status of This Memo

20	   This Internet-Draft is submitted in full conformance with the
21	   provisions of BCP 78 and BCP 79.

23	   Internet-Drafts are working documents of the Internet Engineering
24	   Task Force (IETF).  Note that other groups may also distribute
25	   working documents as Internet-Drafts.  The list of current Internet-
26	   Drafts is at https://datatracker.ietf.org/drafts/current/.

28	   Internet-Drafts are draft documents valid for a maximum of six months
29	   and may be updated, replaced, or obsoleted by other documents at any
30	   time.  It is inappropriate to use Internet-Drafts as reference
31	   material or to cite them other than as "work in progress."

33	   This Internet-Draft will expire on December 29, 2018.

35	Copyright Notice

37	   Copyright (c) 2018 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents
42	   (https://trustee.ietf.org/license-info) in effect on the date of
43	   publication of this document.  Please review these documents
44	   carefully, as they describe your rights and restrictions with respect
45	   to this document.  Code Components extracted from this document must
46	   include Simplified BSD License text as described in Section 4.e of
47	   the Trust Legal Provisions and are provided without warranty as
48	   described in the Simplified BSD License.

50	Table of Contents

52	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
53	   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
54	   3.  Problem Scope . . . . . . . . . . . . . . . . . . . . . . . .   4
55	   4.  General Conventions . . . . . . . . . . . . . . . . . . . . .   5
56	     4.1.  Date and Time . . . . . . . . . . . . . . . . . . . . . .   5
57	   5.  Protocol Description  . . . . . . . . . . . . . . . . . . . .   5
58	     5.1.  Root element <deposit>  . . . . . . . . . . . . . . . . .   5
59	     5.2.  Child <watermark> element . . . . . . . . . . . . . . . .   6
60	     5.3.  Child <rdeMenu> element . . . . . . . . . . . . . . . . .   7
61	     5.4.  Child <deletes> element . . . . . . . . . . . . . . . . .   7
62	     5.5.  Child <contents> element  . . . . . . . . . . . . . . . .   8
63	   6.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .   9
64	     6.1.  RDE Schema  . . . . . . . . . . . . . . . . . . . . . . .   9
65	   7.  Internationalization Considerations . . . . . . . . . . . . .  12
66	   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
67	   9.  Implementation Status . . . . . . . . . . . . . . . . . . . .  13
68	     9.1.  Implementation in the gTLD space  . . . . . . . . . . . .  13
69	   10. Security Considerations . . . . . . . . . . . . . . . . . . .  14
70	   11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  14
71	   12. Change History  . . . . . . . . . . . . . . . . . . . . . . .  15
72	     12.1.  Changes from version 00 to 01  . . . . . . . . . . . . .  15
73	     12.2.  Changes from version 01 to 02  . . . . . . . . . . . . .  16
74	     12.3.  Changes from version 02 to 03  . . . . . . . . . . . . .  16
75	     12.4.  Changes from version 03 to 04  . . . . . . . . . . . . .  17
76	     12.5.  Changes from version 04 to 05  . . . . . . . . . . . . .  17
77	     12.6.  Changes from version 05 to 06  . . . . . . . . . . . . .  17
78	     12.7.  Changes from version 06 to 07  . . . . . . . . . . . . .  17
79	     12.8.  Changes from version 07 to 08  . . . . . . . . . . . . .  17
80	     12.9.  Changes from version 08 to 09  . . . . . . . . . . . . .  17
81	     12.10. Changes from version 09 to 10  . . . . . . . . . . . . .  17
82	   13. References  . . . . . . . . . . . . . . . . . . . . . . . . .  17
83	     13.1.  Normative References . . . . . . . . . . . . . . . . . .  17
84	     13.2.  Informative References . . . . . . . . . . . . . . . . .  18
85	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  18

87	1.  Introduction

89	   Registry Data Escrow is the process by which an Registry periodically
90	   submits data deposits to a third party called an Escrow Agent.  These
91	   deposits comprise the minimum data needed by a third party to resume
92	   operations if the registry can not function and is unable or
93	   unwilling to facilitate an orderly transfer of service.  For example,
94	   for a domain name registry or registrar the data to be deposited
95	   would include all the objects related to registered domain names,
96	   e.g., names, contacts, name servers, etc.

98	   The goal of data escrow is higher resiliency of registration
99	   services, for the benefit of Internet users.  The beneficiaries of a
100	   registry are not just those registering information there, but all
101	   relying parties that need to identify the owners of objects.

103	   In the context of domain name registries, registration data escrow is
104	   a requirement for generic top-level domains and some country code
105	   top-level domain managers are also currently escrowing data.  There
106	   is also a similar requirement for ICANN-accredited domain registrars.

108	   This document specifies a format for data escrow deposits independent
109	   of the objects being escrowed.  A specification is required for each
110	   type of registry/set of objects that is expected to be escrowed.

112	2.  Terminology

114	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
115	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
116	   document are to be interpreted as described in BCP 14, [RFC2119].

118	   DEPOSIT.  Deposits can be of three kinds: Full, Differential or
119	   Incremental.  For all kinds of Deposits, the Universe of Registry
120	   objects to be considered for data escrow are those objects necessary
121	   in order to offer the Registry Services.

123	   DIFFERENTIAL DEPOSIT.  Contains data that reflects all transactions
124	   involving the database that were not reflected in the last previous
125	   Full, Incremental or Differential Deposit, as the case may be.
126	   Differential deposit files will contain information from all database
127	   objects that were added, modified or deleted since the previous
128	   Deposit was completed as of its defined Timeline Watermark.

130	   ESCROW AGENT.  The organization designated by the Registry or the
131	   Third-Party Beneficiary to receive and guard Data Escrow Deposits
132	   from the Registry.

134	   FULL DEPOSIT.  Contains the Registry Data that reflects the current
135	   and complete Registry Database and will consist of data that reflects
136	   the state of the registry as of a defined Timeline Watermark for the
137	   deposit.

139	   INCREMENTAL DEPOSIT.  Contains data that reflects all transactions
140	   involving the database that were not reflected in the last previous
141	   Full Deposit.  Incremental Deposit files will contain information
142	   from all database objects that were added, modified or deleted since
143	   the previous Full Deposit was completed as of its defined Timeline
144	   Watermark.  If the Timeline Watermark of an Incremental Deposit were
145	   to cover the Watermark of another (Incremental or Differential)
146	   Deposit since the last Full Deposit, the more recent Deposit MUST
147	   contain all the transactions of the earlier Deposit.

149	   REGISTRY.  A registration organization providing registration
150	   services for a certain type of objects, e.g., domain names, IP number
151	   resources, routing information.

153	   THIRD-PARTY BENEFICIARY.  Is the organization that, under
154	   extraordinary circumstances, would receive the escrow Deposits the
155	   Registry transferred to the Escrow Agent.  This organization could be
156	   a backup Registry, Registry regulator, contracting party of the
157	   Registry, etc.

159	   TIMELINE WATERMARK.  Point in time on which to base the collecting of
160	   database objects for a Deposit.  Deposits are expected to be
161	   consistent to that point in time.

163	3.  Problem Scope

165	   In the past few years, the issue of Registry continuity has been
166	   carefully considered in the gTLD and ccTLD space.  Various
167	   organizations have carried out risk analyses and developed business
168	   continuity plans to deal with those risks, should they materialize.

170	   One of the solutions considered and used, especially in the gTLD
171	   space, is Registry Data Escrow as a way to ensure the Continuity of
172	   Registry Services in the extreme case of Registry failure.

174	   So far, almost every Registry that uses Registry Data Escrow has its
175	   own specification.  It is anticipated that more Registries will be
176	   implementing escrow especially with an increasing number of domain
177	   registries coming into service, adding complexity to this issue.

179	   It would seem beneficial to have a standardized specification for
180	   Registry Data Escrow that can be used by any Registry to submit its
181	   deposits.

183	   While the main motivation for developing this solution is rooted on
184	   the domain name industry, the specification has been designed to be
185	   as general as possible.  This allows other types of registries to use
186	   the base specification and develop their own specifications covering
187	   the objects used by other registration organizations.

189	   A solution to the problem at hand SHALL clearly identify the format
190	   and contents of the deposits a Registry has to make, such that a
191	   different Registry would be able to rebuild the registration services
192	   of the former, without its help, in a timely manner, with minimum
193	   disruption to its users.

195	   Since the details of the registration services provided vary from
196	   Registry to Registry, the solution SHALL provide mechanisms that
197	   allow its extensibility to accommodate variations and extensions of
198	   the registration services.

200	   Given the requirement for confidentiality and the importance of
201	   accuracy of the information that is handled in order to offer
202	   registration services, the solution SHALL define confidentiality and
203	   integrity mechanisms for handling the registration data.

205	   The solution SHALL NOT include in the specification transient objects
206	   that can be recreated by the new Registry, particularly those of
207	   delicate confidentiality, e.g., DNSSEC KSK/ZSK private keys.

209	   Details that are a matter of policy SHOULD be identified as such for
210	   the benefit of the implementers.

212	   Non-technical issues concerning Data Escrow, such as whether to
213	   escrow data and under which purposes the data may be used, are
214	   outside of scope of this document.

216	4.  General Conventions

218	4.1.  Date and Time

220	   Numerous fields indicate "dates", such as the creation and expiry
221	   dates for objects.  These fields SHALL contain timestamps indicating
222	   the date and time in UTC, specified in Internet Date/Time Format (see
223	   [RFC3339], Section 5.6) with the time-offset specified as "Z".

225	5.  Protocol Description

227	   The following is a format for Data Escrow deposits as produced by a
228	   Registry.  The deposits are represented in XML.  Only the format of
229	   the objects deposited is defined, nothing is prescribed about the
230	   method used to transfer such deposits between the Registry and the
231	   Escrow Agent or vice versa.

233	   The protocol intends to be object agnostic allowing the "overload" of
234	   abstract elements using the "substitutionGroup" attribute to define
235	   the actual elements of an object to be escrowed.

237	5.1.  Root element <deposit>

239	   The container or root element for a Registry Data Escrow deposits is
240	   <deposit>.  This element contains the following child elements:
241	   watermark, deletes and contents.  This element also contains the
242	   following attributes:

244	   o  A REQUIRED "type" attribute that is used to identify the kind of
245	      deposit: FULL, INCR (Incremental) or DIFF (Differential).

247	   o  A REQUIRED "id" attribute that is used to uniquely identify the
248	      escrow deposit.  Each registry is responsible for maintaining its
249	      own escrow deposits identifier space to ensure uniqueness, e.g.,
250	      using identifiers as described in Section 2.8 of [RFC5730].

252	   o  An OPTIONAL "prevId" attribute that can be used to identify the
253	      previous incremental, differential or full escrow deposit.  This
254	      attribute MUST be used in Differential Deposits ("DIFF" type).

256	   o  An OPTIONAL "resend" attribute that is incremented each time the
257	      escrow deposit failed the verification procedure at the receiving
258	      party and a new escrow deposit needs to be generated by the
259	      Registry for that specific date.  The first time a deposit is
260	      generated the attribute is either omitted or MUST be "0".  If a
261	      deposit needs to be generated again, the attribute MUST be set to
262	      "1", and so on.

264	   Example of root element object:

266	   <?xml version="1.0" encoding="UTF-8"?>
267	   <rde:deposit
268	       xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
269	       ...
270	       type="FULL"
271	       id="20101017001" prevId="20101010001">
272	       <rde:watermark>2010-10-18T00:00:00Z</rde:watermark>
273	       <rde:deletes>
274	           ...
275	       </rde:deletes>
276	       <rde:contents>
277	           ...
278	       </rde:contents>
279	   </rde:deposit>

281	5.2.  Child <watermark> element

283	   A REQUIRED <watermark> element contains the data-time corresponding
284	   to the Timeline Watermark of the deposit.

286	   Example of <watermark> element object:

288	   <?xml version="1.0" encoding="UTF-8"?>
289	   <rde:deposit
290	       xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
291	       ...
292	       type="FULL"
293	       id="20101017001" prevId="20101010001">
294	       <rde:watermark>2010-10-18T00:00:00Z</rde:watermark>
295	       ...
296	   </rde:deposit>

298	5.3.  Child <rdeMenu> element

300	   This element contains auxiliary information of the data escrow
301	   deposit.

303	   A REQUIRED <rdeMenu> element contains the following child elements:

305	   o  A REQUIRED <version> element that identifies the RDE protocol
306	      version.

308	   o  One or more <objURI> elements that contain namespace URIs
309	      representing the <contents> and <deletes> element objects.

311	   Example of <rdeMenu> element object:

313	<?xml version="1.0" encoding="UTF-8"?>
314	<rde:deposit
315	    xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
316	    ...
317	    <rde:rdeMenu>
318	        <rde:version>1.0</rde:version>
319	        <rde:objURI>urn:ietf:params:xml:ns:rdeContact-1.0</rde:objURI>
320	        <rde:objURI>urn:ietf:params:xml:ns:rdeHost-1.0</rde:objURI>
321	        <rde:objURI>urn:ietf:params:xml:ns:rdeDomain-1.0</rde:objURI>
322	        <rde:objURI>urn:ietf:params:xml:ns:rdeRegistrar-1.0</rde:objURI>
323	        <rde:objURI>urn:ietf:params:xml:ns:rdeIDN-1.0</rde:objURI>
324	        <rde:objURI>urn:ietf:params:xml:ns:rdeNNDN-1.0</rde:objURI>
325	        <rde:objURI>urn:ietf:params:xml:ns:rdeEppParams-1.0</rde:objURI>
326	    </rde:rdeMenu>
327	    ...
328	</rde:deposit>

330	5.4.  Child <deletes> element

332	   This element SHOULD be present in deposits of type Incremental or
333	   Differential.  It contains the list of objects that were deleted
334	   since the base previous deposit.  Each object in this section SHALL
335	   contain an ID for the object deleted.

337	   This section of the deposit SHOULD NOT be present in Full deposits.
338	   When rebuilding a registry it SHOULD be ignored if present in a Full
339	   deposit.

341	   The specification for each object to be escrowed MUST declare the
342	   identifier to be used to reference the object to be deleted.

344	   Example of <deletes> element object:

346	   <?xml version="1.0" encoding="UTF-8"?>
347	   <rde:deposit
348	       xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
349	       ...
350	       <rde:deletes>
351	           <rdeObj1:delete>
352	               <rdeObj1:name>foo.test</rdeObj1:name>
353	               <rdeObj1:name>bar.test</rdeObj1:name>
354	           </rdeObj1:delete>
355	           <rdeObj2:delete>
356	               <rdeObj2:id>sh8013-TEST</rdeObj2:id>
357	               <rdeObj2:id>co8013-TEST</rdeObj2:id>
358	           </rdeObj2:delete>
359	       </rde:deletes>
360	       ...
361	   </rde:deposit>

363	5.5.  Child <contents> element

365	   This element of the deposit contains the objects in the deposit.  It
366	   MUST be present in all type of deposits.  It contains the data for
367	   the objects to be escrowed.  The actual objects have to be specified
368	   individually.

370	   In the case of Incremental or Differential deposits, the objects
371	   indicate whether the object was added or modified after the base
372	   previous deposit.  In order to distinguish between one and the other,
373	   it will be sufficient to check existence of the referenced object in
374	   the base previous deposit.

376	   When applying Incremental or Differential deposits (when rebuilding
377	   the registry from data escrow deposits) the relative order of the
378	   <deletes> elements is important, as is the relative order of the
379	   <contents> elements.  All the <deletes> elements MUST be applied
380	   first, in the order that they appear.  All the <contents> elements
381	   MUST be applied next, in the order that they appear.

383	   If an object is present in the <contents> section of several Deposits
384	   (e.g.  Full and Differential) the registry data from the latest
385	   Deposit (as defined by the Timeline Watermark) SHOULD be used when
386	   rebuilding the registry.

388	   Example of <contents> element object:

390	   <?xml version="1.0" encoding="UTF-8"?>
391	   <rde:deposit
392	       xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
393	       ...
394	       <rde:contents>
395	           ...
396	           <rdeObj1:contents>
397	               <rdeObj1:element1>
398	                   <rdeObj1:child1>Object1 specific.</rdeObj1:child1>
399	                   ...
400	               </rdeObj1:element1>
401	               <rdeObj2:element2>
402	                   <rdeObj2:field1>Object2 specific.</rdeObj2:field1>
403	                   ...
404	               </rdeObj2:element2>
405	           </rdeObj1:contents>
406	           ...
407	       </rde:contents>
408	       ...
409	   </rde:deposit>

411	6.  Formal Syntax

413	6.1.  RDE Schema

415	   Copyright (c) 2011 IETF Trust and the persons identified as authors
416	   of the code.  All rights reserved.

418	   Redistribution and use in source and binary forms, with or without
419	   modification, are permitted provided that the following conditions
420	   are met:

422	   o  Redistributions of source code must retain the above copyright
423	      notice, this list of conditions and the following disclaimer.

425	   o  Redistributions in binary form must reproduce the above copyright
426	      notice, this list of conditions and the following disclaimer in
427	      the documentation and/or other materials provided with the
428	      distribution.

430	   o  Neither the name of Internet Society, IETF or IETF Trust, nor the
431	      names of specific contributors, may be used to endorse or promote
432	      products derived from this software without specific prior written
433	      permission.

435	   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
436	   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
437	   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
438	   A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
439	   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
440	   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
441	   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
442	   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
443	   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
444	   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
445	   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

447	  BEGIN
448	  <?xml version="1.0" encoding="UTF-8"?>
449	  <schema targetNamespace="urn:ietf:params:xml:ns:rde-1.0"
450	    xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
451	    xmlns:eppcom="urn:ietf:params:xml:ns:eppcom-1.0"
452	    xmlns="http://www.w3.org/2001/XMLSchema"
453	    elementFormDefault="qualified">

455	    <annotation>
456	      <documentation>
457	        Registry Data Escrow schema
458	      </documentation>
459	    </annotation>

461	    <import namespace="urn:ietf:params:xml:ns:eppcom-1.0"/>

463	    <!-- Root element -->
464	    <element name="deposit" type="rde:escrowDepositType"/>

466	    <!-- RDE types -->
467	    <complexType name="escrowDepositType">
468	      <sequence>
469	        <element name="watermark" type="dateTime"/>
470	        <element name="rdeMenu" type="rde:rdeMenuType"/>
471	        <element name="deletes" type="rde:deletesType" minOccurs="0"/>
472	        <element name="contents" type="rde:contentsType"/>
473	      </sequence>
474	      <attribute name="type" type="rde:depositTypeType" use="required"/>
475	      <attribute name="id" type="rde:depositIdType" use="required"/>
476	      <attribute name="prevId" type="rde:depositIdType"/>
477	      <attribute name="resend" type="unsignedShort" default="0"/>
478	    </complexType>
479	    <!-- Menu type -->
480	    <complexType name="rdeMenuType">
481	      <sequence>
482	        <element name="version" type="rde:versionType"/>
483	        <element name="objURI" type="anyURI" maxOccurs="unbounded"/>
484	      </sequence>
485	    </complexType>

487	    <!-- Deletes Type -->
488	    <complexType name="deletesType">
489	      <sequence minOccurs="0" maxOccurs="unbounded">
490	        <element ref="rde:delete"/>
491	      </sequence>
492	    </complexType>

494	    <element name="delete" type="rde:deleteType" abstract="true" />
495	    <complexType name="deleteType">
496	      <complexContent>
497	        <restriction base="anyType"/>
498	      </complexContent>
499	    </complexType>

501	    <!-- Contents Type -->
502	    <complexType name="contentsType">
503	      <sequence maxOccurs="unbounded">
504	        <element ref="rde:content"/>
505	      </sequence>
506	    </complexType>

508	    <element name="content" type="rde:contentType" abstract="true" />
509	    <complexType name="contentType">
510	      <complexContent>
511	        <restriction base="anyType"/>
512	      </complexContent>
513	    </complexType>

515	    <!-- Type of deposit -->
516	    <simpleType name="depositTypeType">
517	      <restriction base="token">
518	        <enumeration value="FULL"/>
519	        <enumeration value="INCR"/>
520	        <enumeration value="DIFF"/>
521	      </restriction>
522	    </simpleType>

524	    <!-- Deposit identifier type -->
525	    <simpleType name="depositIdType">
526	      <restriction base="token">
527	        <pattern value="\w{1,13}"/>
528	      </restriction>
529	    </simpleType>

531	    <!-- A RDE version number is a dotted pair of decimal numbers -->
532	    <simpleType name="versionType">
533	      <restriction base="token">
534	        <pattern value="[1-9]+\.[0-9]+"/>
535	        <enumeration value="1.0"/>
536	      </restriction>
537	    </simpleType>

539	    <complexType name="rrType">
540	      <simpleContent>
541	        <extension base="eppcom:clIDType">
542	          <attribute name="client" type="eppcom:clIDType"/>
543	        </extension>
544	      </simpleContent>
545	    </complexType>
546	  </schema>
547	                          END

549	7.  Internationalization Considerations

551	   Data Escrow deposits are represented in XML, which provides native
552	   support for encoding information using the Unicode character set and
553	   its more compact representations including UTF-8.  Conformant XML
554	   processors recognize both UTF-8 and UTF-16.  Though XML includes
555	   provisions to identify and use other character encodings through use
556	   of an "encoding" attribute in an <?xml?> declaration, use of UTF-8 is
557	   RECOMMENDED.

559	8.  IANA Considerations

561	   This document uses URNs to describe XML namespaces and XML schemas
562	   conforming to a registry mechanism described in [RFC3688].  Two URI
563	   assignments have been registered by the IANA.

565	   Registration request for the RDE namespace:

567	      URI: urn:ietf:params:xml:ns:rde-1.0

569	      Registrant Contact: See the "Author's Address" section of this
570	      document.

572	      XML: None.  Namespace URIs do not represent an XML specification.

574	   Registration request for the RDE XML schema:

576	      URI: urn:ietf:params:xml:schema:rde-1.0

578	      Registrant Contact: See the "Author's Address" section of this
579	      document.

581	      See the "Formal Syntax" section of this document.

583	9.  Implementation Status

585	   Note to RFC Editor: Please remove this section and the reference to
586	   RFC 7942 [RFC7942] before publication.

588	   This section records the status of known implementations of the
589	   protocol defined by this specification at the time of posting of this
590	   Internet-Draft, and is based on a proposal described in RFC 7942
591	   [RFC7942].  The description of implementations in this section is
592	   intended to assist the IETF in its decision processes in progressing
593	   drafts to RFCs.  Please note that the listing of any individual
594	   implementation here does not imply endorsement by the IETF.
595	   Furthermore, no effort has been spent to verify the information
596	   presented here that was supplied by IETF contributors.  This is not
597	   intended as, and must not be construed to be, a catalog of available
598	   implementations or their features.  Readers are advised to note that
599	   other implementations may exist.

601	   According to RFC 7942 [RFC7942], "this will allow reviewers and
602	   working groups to assign due consideration to documents that have the
603	   benefit of running code, which may serve as evidence of valuable
604	   experimentation and feedback that have made the implemented protocols
605	   more mature.  It is up to the individual working groups to use this
606	   information as they see fit".

608	9.1.  Implementation in the gTLD space

610	   Organization: ICANN

612	   Name: ICANN Registry Agreement

614	   Description: the ICANN Base Registry Agreement requires Registries,
615	   Data Escrow Agents, and ICANN to implement this specification.  ICANN
616	   receives daily notifications from Data Escrow Agents confirming that
617	   more than 1,200 gTLDs are sending deposits that comply with this
618	   specification.  ICANN receives on a weekly basis per gTLD, from more
619	   than 1,200 gTLD registries, a Bulk Registration Data Access file that
620	   also complies with this specification.  In addition, ICANN is aware
621	   of Registry Service Provider transitions using data files that
622	   conform to this specification.

624	   Level of maturity: production.

626	   Coverage: all aspects of this specification are implemented.

628	   Version compatibility: versions 03 - 08 are known to be implemented.

630	   Contact: gustavo.lozano@icann.org

632	   URL: https://www.icann.org/resources/pages/registries/registries-
633	   agreements-en

635	10.  Security Considerations

637	   This specification does not define the security mechanisms to be used
638	   in the transmission of the data escrow deposits, since it only
639	   specifies the minimum necessary to enable the rebuilding of a
640	   Registry from deposits without intervention from the original
641	   Registry.

643	   Depending on local policies, some elements or most likely, the whole
644	   deposit will be considered confidential.  As such the Registry
645	   transmitting the data to the Escrow Agent must take all the necessary
646	   precautions like encrypting the data itself and/or the transport
647	   channel to avoid inadvertent disclosure of private data.

649	   Mutual authentication of both parties passing data escrow deposit
650	   files is of the utmost importance.  The Escrow Agent should properly
651	   authenticate the identity of the Registry before accepting data
652	   escrow deposits.  In a similar manner, the Registry should
653	   authenticate the identity of the Escrow Agent before submitting any
654	   data.

656	   Additionally, the Registry and the Escrow Agent should use integrity
657	   checking mechanisms to ensure the data transmitted is what the source
658	   intended.  It is recommended that specifications defining format and
659	   semantics for particular business models define an algorithm that
660	   Escrow Agents and Third-Party Beneficiaries could use to validate the
661	   contents of the data escrow deposit.

663	11.  Acknowledgments

665	   Special suggestions that have been incorporated into this document
666	   were provided by James Gould, Edward Lewis, Jaap Akkerhuis, Lawrence
667	   Conroy, Marc Groeneweg, Michael Young, Chris Wright, Patrick Mevzek,
668	   Stephen Morris, Scott Hollenbeck, Stephane Bortzmeyer, Warren Kumari,
669	   Paul Hoffman, Vika Mpisane, Bernie Hoeneisen, Jim Galvin, Andrew
670	   Sullivan, Hiro Hotta, Christopher Browne, Daniel Kalchev, David
671	   Conrad, James Mitchell, Francisco Obispo, Bhadresh Modi and Alexander
672	   Mayrhofer.

674	   Shoji Noguchi and Francisco Arias participated as co-authors until
675	   version 07 providing invaluable support for this document.

677	12.  Change History

679	12.1.  Changes from version 00 to 01

681	   1.   Included DNSSEC elements as part of the basic <domain> element
682	        as defined in RFC 5910.

684	   2.   Included RGP elements as part of the basic <domain> element as
685	        defined in RFC 3915.

687	   3.   Added support for IDNs and IDN variants.

689	   4.   Eliminated the <summary> element and all its subordinate
690	        objects, except <watermarkDate>.

692	   5.   Renamed <watermarkDate> to <watermark> and included it directly
693	        under root element.

695	   6.   Renamed root element to <deposit>.

697	   7.   Added <authinfo> element under <registrar> element.

699	   8.   Added <roid> element under <registrar> element.

701	   9.   Reversed the order of the <deletes> and <contents> elements.

703	   10.  Removed <rdeDomain:status> minOccurs="0".

705	   11.  Added <extension> element under root element.

707	   12.  Added <extension> element under <contact> element.

709	   13.  Removed <period> element from <domain> element.

711	   14.  Populated the "Security Considerations" section.

713	   15.  Populated the "Internationalization Considerations" section.

715	   16.  Populated the "Extension Example" section.

717	   17.  Added <deDate> element under <domain> element.

719	   18.  Added <icannID> element under <registrar> element.

721	   19.  Added <eppParams> element under root element.

723	   20.  Fixed some typographical errors and omissions.

725	12.2.  Changes from version 01 to 02

727	   1.  Added definition for "canonical" in the "IDN variants Handling"
728	       section.

730	   2.  Clarified that "blocked" and "reserved" IDN variants are
731	       optional.

733	   3.  Made <rdeRegistrar:authInfo> optional.

735	   4.  Introduced substitutionGroup as the mechanism for extending the
736	       protocol.

738	   5.  Moved <eppParams> element to be child of <contents>

740	   6.  Text improvements in the Introduction, Terminology, and Problem
741	       Scope per Jay's suggestion.

743	   7.  Removed <trDate> from <rdeDomain> and added <trnData> instead,
744	       which include all the data from the last (pending/processed)
745	       transfer request

747	   8.  Removed <trDate> from <rdeContact> and added <trnData> instead,
748	       which include all the data from the last (pending/processed)
749	       transfer request

751	   9.  Fixed some typographical errors and omissions.

753	12.3.  Changes from version 02 to 03

755	   1.  Separated domain name objects from protocol.

757	   2.  Moved <extension> elements to be child of <deletes> and
758	       <contents>, additionally removed <extension> element from
759	       <rdeDomain>,<rdeHost>, <rdeContact>,<rdeRegistrar> and <rdeIDN>
760	       elements.

762	   3.  Modified the definition of <rde:id> and <rde:prevId>.

764	   4.  Added <rdeMenu> element under <deposit> element.

766	   5.  Fixed some typographical errors and omissions.

768	12.4.  Changes from version 03 to 04

770	   1.  Removed <eppParams> objects.

772	   2.  Populated the "Extension Guidelines" section.

774	   3.  Fixed some typographical errors and omissions.

776	12.5.  Changes from version 04 to 05

778	   1.  Fixes to the XSD

780	   2.  Extension Guidelines moved to dnrd-mappings draft

782	   3.  Fixed some typographical errors and omissions.

784	12.6.  Changes from version 05 to 06

786	   1.  Fix resend definition.

788	12.7.  Changes from version 06 to 07

790	   1.  Editorial updates.

792	   2.  schemaLocation removed from RDE Schema.

794	12.8.  Changes from version 07 to 08

796	   1.  Ping update

798	12.9.  Changes from version 08 to 09

800	   1.  Ping update.

802	12.10.  Changes from version 09 to 10

804	   1.  Implementation Status section was added

806	13.  References

808	13.1.  Normative References

810	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
811	              Requirement Levels", BCP 14, RFC 2119,
812	              DOI 10.17487/RFC2119, March 1997,
813	              <https://www.rfc-editor.org/info/rfc2119>.

815	   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
816	              Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
817	              <https://www.rfc-editor.org/info/rfc3339>.

819	13.2.  Informative References

821	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
822	              DOI 10.17487/RFC3688, January 2004,
823	              <https://www.rfc-editor.org/info/rfc3688>.

825	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
826	              STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
827	              <https://www.rfc-editor.org/info/rfc5730>.

829	   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
830	              Code: The Implementation Status Section", BCP 205,
831	              RFC 7942, DOI 10.17487/RFC7942, July 2016,
832	              <https://www.rfc-editor.org/info/rfc7942>.

834	Author's Address

836	   Gustavo Lozano
837	   Internet Corporation for Assigned Names and Numbers
838	   12025 Waterfront Drive, Suite 300
839	   Los Angeles  90292
840	   United States of America

842	   Phone: +1.310.823.9358
843	   Email: gustavo.lozano@icann.org