idnits 2.17.1 

draft-gould-eppext-verificationcode-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (September 29, 2015) is 3132 days in the past.  Is
     this intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 7451


     Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                           J. Gould
3	Internet-Draft                                            VeriSign, Inc.
4	Intended status: Standards Track                      September 29, 2015
5	Expires: April 1, 2016

7	  Verification Code Extension for the Extensible Provisioning Protocol
8	                                 (EPP)
9	                 draft-gould-eppext-verificationcode-00

11	Abstract

13	   This document describes an Extensible Provisioning Protocol (EPP)
14	   extension for including a verification code for marking the data for
15	   a transform command as being verified by a 3rd party, which is
16	   referred to as the Verification Service Provider (VSP).  The
17	   verification code is digitally signed by the VSP using XML Signature
18	   and is "base64" encoded.  The XML Signature includes the VSP signer
19	   certificate, so the server can verify that the verification code
20	   originated from the VSP.

22	Status of This Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at http://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on April 1, 2016.

39	Copyright Notice

41	   Copyright (c) 2015 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (http://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	Table of Contents

56	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
57	     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
58	   2.  Object Attributes . . . . . . . . . . . . . . . . . . . . . .   3
59	     2.1.  Verification Code . . . . . . . . . . . . . . . . . . . .   4
60	       2.1.1.  Signed Code . . . . . . . . . . . . . . . . . . . . .   4
61	       2.1.2.  Encoded Signed Code . . . . . . . . . . . . . . . . .   6
62	     2.2.  Verification Profile  . . . . . . . . . . . . . . . . . .  11
63	   3.  EPP Command Mapping . . . . . . . . . . . . . . . . . . . . .  11
64	     3.1.  EPP Query Commands  . . . . . . . . . . . . . . . . . . .  12
65	       3.1.1.  EPP <check> Command . . . . . . . . . . . . . . . . .  12
66	       3.1.2.  EPP <info> Command  . . . . . . . . . . . . . . . . .  12
67	       3.1.3.  EPP <transfer> Command  . . . . . . . . . . . . . . .  23
68	     3.2.  EPP Transform Commands  . . . . . . . . . . . . . . . . .  24
69	       3.2.1.  EPP <create> Command  . . . . . . . . . . . . . . . .  24
70	       3.2.2.  EPP <delete> Command  . . . . . . . . . . . . . . . .  26
71	       3.2.3.  EPP <renew> Command . . . . . . . . . . . . . . . . .  27
72	       3.2.4.  EPP <transfer> Command  . . . . . . . . . . . . . . .  27
73	       3.2.5.  EPP <update> Command  . . . . . . . . . . . . . . . .  27
74	   4.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  27
75	     4.1.  Verification Code Extension Schema  . . . . . . . . . . .  27
76	   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  31
77	     5.1.  XML Namespace . . . . . . . . . . . . . . . . . . . . . .  31
78	     5.2.  EPP Extension Registry  . . . . . . . . . . . . . . . . .  31
79	   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  32
80	   7.  Normative References  . . . . . . . . . . . . . . . . . . . .  32
81	   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  33
82	   Appendix B.  Change History . . . . . . . . . . . . . . . . . . .  33
83	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  33

85	1.  Introduction

87	   This document describes an extension mapping for version 1.0 of the
88	   Extensible Provisioning Protocol (EPP) [RFC5730].  This mapping, an
89	   extension to EPP object mappings like the EPP domain name mapping
90	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
91	   [RFC5733], can be used to pass a verification code to one of the EPP
92	   transform commands.  The domain name object is used for examples in
93	   the document.  The verification code is signed using XML Signature
94	   [W3C.CR-xmldsig-core2-20120124] and is "base64" encoded.  The
95	   "base64" encoded text of the verification code MUST conform to

97	   [RFC2045].  The verification code demonstrates that verification was
98	   done by a Verification Service Provider (VSP).

100	   The Verification Service Provider (VSP) is a certified party to
101	   verify that data is in compliance with the policies of a locality.  A
102	   locality MAY require the client to have data verified in accordance
103	   with local regulations or laws utilizing data sources not available
104	   to the server.  The VSP has access to the local data sources and is
105	   authorized to verify the data.  Examples include verifying that the
106	   domain name is not prohibited and verifying that the domain name
107	   registrant is a valid individual, organization, or business in the
108	   locality.  The data verified, and the objects and operations that
109	   require the verification code to be passed to the server is up to the
110	   policies of the locality.  The verification code represents a marker
111	   that the verification was completed.  The data verified by the VSP
112	   MUST be stored by the VSP along with the generated verification code
113	   to address any compliance issues.  The signer certificate and the
114	   digital signature of the verification code MUST be verified by the
115	   server.

117	1.1.  Conventions Used in This Document

119	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
120	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
121	   document are to be interpreted as described in RFC 2119 [RFC2119].

123	   XML is case sensitive.  Unless stated otherwise, XML specifications
124	   and examples provided in this document MUST be interpreted in the
125	   character case presented in order to develop a conforming
126	   implementation.

128	   In examples, "C:" represents lines sent by a protocol client and "S:"
129	   represents lines returned by a protocol server.  Indentation and
130	   white space in examples are provided only to illustrate element
131	   relationships and are not a REQUIRED feature of this protocol.

133	   "verificationCode-1.0" is used as an abbreviation for
134	   "urn:ietf:params:xml:ns:verificationCode-1.0".  The XML namespace
135	   prefix "verificationCode" is used, but implementations MUST NOT
136	   depend on it and instead employ a proper namespace-aware XML parser
137	   and serializer to interpret and output the XML documents.

139	2.  Object Attributes

141	   This extension adds additional elements to EPP object mappings like
142	   the EPP domain name mapping [RFC5731], EPP host mapping [RFC5732],
143	   and EPP contact mapping [RFC5733].  Only those new elements are
144	   described here.

146	2.1.  Verification Code

148	   The Verification Code is a formatted token, referred to as the
149	   Verification Code Token, that is digitally signed by a Verification
150	   Service Provider (VSP) using XML Signature
151	   [W3C.CR-xmldsig-core2-20120124], using the process described in
152	   Section 2.1.1, and is then "base64" encoded, as defined in
153	   Section 2.1.2.  The Verification Code Token syntax is specified using
154	   Augmented Backus-Naur Form (ABNF) grammar [RFC5234] as follows:

156	   Verification Code Token ABNF

158	   token     = vsp-id "-" verification-id ; Verification Code Token
159	   vsp-id    = 1*DIGIT                    ; VSP Identifier
160	   verification-id = 1*(DIGIT / ALPHA)    ; Verification Identifier

162	   For a VSP given VSP Identifier "1" and with a Verification Identifier
163	   of "abc123", the resulting Verification Code Token is "1-abc123".
164	   The Verification Identifier MUST be unique within a VSP and the VSP
165	   Identifier MUST be unique across supporting VSP's, so the
166	   Verification Code Token MUST be unique to an individual verification.
167	   The VSP Identifiers MAY require registration within an IANA registry.

169	2.1.1.  Signed Code

171	   The <verificationCode:signedCode> is the fragment of XML that is
172	   digitally signed using XML Signature [W3C.CR-xmldsig-core2-20120124].
173	   The <verificationCode:signedCode> includes a required "id" attribute
174	   of type XSD ID for use with an IDREF URI from the Signature element.
175	   The certificate of the issuer MUST be included with the Signature so
176	   it that can be chained with the issuer's certificate by the
177	   validating client.

179	   The <verificationCode:signedCode> element includes a REQUIRED "type"
180	   attribute for use in defining the type of the signed code.  It is up
181	   to the VSP and the server to define the valid values for the "type"
182	   attribute.  Examples of possible "type" attribute values include
183	   "domain" for verification of the domain name, "registrant" for
184	   verification of the registrant contact, or "domain-registrant" for
185	   verification of both the domain name and the registrant.  The typed
186	   signed code is used to indicate the verifications that are done by
187	   the VSP.  The "type" attribute values MAY require registration within
188	   an IANA registry.

190	   A <verificationCode:signedCode> element subsitutes for the
191	   <verificationCode:abstractSignedCode> abstract element to define a
192	   concrete definition of a signed code.  The
193	   <verificationCode:abstractSignedCode> element can be replaced by
194	   other signed code definitions using the XML schema subsitution groups
195	   feature.

197	   The child elements of the <verificationCode:signedCode> element
198	   include:

200	   <verificationCode:code>  Contains the Verification Code Token as
201	       defined by the ABNF in Section 2.1.
202	   <Signature>  XML Signature [W3C.CR-xmldsig-core2-20120124] for the
203	       <verificationCode:signedCode>.  Use of a namespace prefix, like
204	       "dsig", is recommended for the XML Signature
205	       [W3C.CR-xmldsig-core2-20120124] elements.

207	   Example of a "domain" typed signed code using the
208	   <verificationCode:signedCode> element and XML Signature
209	   [W3C.CR-xmldsig-core2-20120124]:

211	   <verificationCode:signedCode
212	     xmlns:verificationCode=
213	     "urn:ietf:params:xml:ns:verificationCode-1.0"
214	     id="signedCode">
215	     <verificationCode:code type="domain">1-abc111
216	     </verificationCode:code>
217	     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
218	      <SignedInfo>
219	       <CanonicalizationMethod
220	    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
221	       <SignatureMethod
222	    Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
223	       <Reference URI="#signedCode">
224	        <Transforms>
225	         <Transform
226	    Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
227	        </Transforms>
228	        <DigestMethod
229	    Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
230	    <DigestValue>wgyW3nZPoEfpptlhRILKnOQnbdtU6ArM7ShrAfHgDFg=
231	    </DigestValue>
232	       </Reference>
233	      </SignedInfo>
234	      <SignatureValue>
235	    jMu4PfyQGiJBF0GWSEPFCJjmywCEqR2h4LD+ge6XQ+JnmKFFCuCZS/3SLKAx0L1w
236	    QDFO2e0Y69k2G7/LGE37X3vOflobFM1oGwja8+GMVraoto5xAd4/AF7eHukgAymD
237	    o9toxoa2h0yV4A4PmXzsU6S86XtCcUE+S/WM72nyn47zoUCzzPKHZBRyeWehVFQ+
238	    jYRMIAMzM57HHQA+6eaXefRvtPETgUO4aVIVSugc4OUAZZwbYcZrC6wOaQqqqAZi
239	    30aPOBYbAvHMSmWSS+hFkbshomJfHxb97TD2grlYNrQIzqXk7WbHWy2SYdA+sI/Z
240	    ipJsXNa6osTUw1CzA7jfwA==
241	      </SignatureValue>
242	      <KeyInfo>
243	       <X509Data>
244	       <X509Certificate>
245	    MIIESTCCAzGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEL
246	    MAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJQ0FO
247	    TiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0EwHhcNMTMwMjA4MDAw
248	    MDAwWhcNMTgwMjA3MjM1OTU5WjBsMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
249	    FDASBgNVBAcTC0xvcyBBbmdlbGVzMRcwFQYDVQQKEw5WYWxpZGF0b3IgVE1DSDEh
250	    MB8GA1UEAxMYVmFsaWRhdG9yIFRNQ0ggVEVTVCBDRVJUMIIBIjANBgkqhkiG9w0B
251	    AQEFAAOCAQ8AMIIBCgKCAQEAo/cwvXhbVYl0RDWWvoyeZpETVZVVcMCovUVNg/sw
252	    WinuMgEWgVQFrz0xA04pEhXCFVv4evbUpekJ5buqU1gmQyOsCKQlhOHTdPjvkC5u
253	    pDqa51Flk0TMaMkIQjs7aUKCmA4RG4tTTGK/EjR1ix8/D0gHYVRldy1YPrMP+ou7
254	    5bOVnIos+HifrAtrIv4qEqwLL4FTZAUpaCa2BmgXfy2CSRQbxD5Or1gcSa3vurh5
255	    sPMCNxqaXmIXmQipS+DuEBqMM8tldaN7RYojUEKrGVsNk5i9y2/7sjn1zyyUPf7v
256	    L4GgDYqhJYWV61DnXgx/Jd6CWxvsnDF6scscQzUTEl+hywIDAQABo4H/MIH8MAwG
257	    A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPZEcIQcD/Bj2IFz/LERuo2ADJviMIGMBgNV
258	    HSMEgYQwgYGAFO0/7kEh3FuEKS+Q/kYHaD/W6wihoWakZDBiMQswCQYDVQQGEwJV
259	    UzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJ
260	    Q0FOTiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0GCAQEwDgYDVR0P
261	    AQH/BAQDAgeAMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jcmwuaWNhbm4ub3Jn
262	    L3RtY2guY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB2qSy7ui+43cebKUKwWPrzz9y/
263	    IkrMeJGKjo40n+9uekaw3DJ5EqiOf/qZ4pjBD++oR6BJCb6NQuQKwnoAz5lE4Ssu
264	    y5+i93oT3HfyVc4gNMIoHm1PS19l7DBKrbwbzAea/0jKWVzrvmV7TBfjxD3AQo1R
265	    bU5dBr6IjbdLFlnO5x0G0mrG7x5OUPuurihyiURpFDpwH8KAH1wMcCpXGXFRtGKk
266	    wydgyVYAty7otkl/z3bZkCVT34gPvF70sR6+QxUy8u0LzF5A/beYaZpxSYG31amL
267	    AdXitTWFipaIGea9lEGFM0L9+Bg7XzNn4nVLXokyEB3bgS4scG6QznX23FGk
268	      </X509Certificate>
269	      </X509Data>
270	      </KeyInfo>
271	     </Signature>
272	   </verificationCode:signedCode>

274	2.1.2.  Encoded Signed Code

276	   The <verificationCode:encodedSignedCode> element contains one or more
277	   encoded form of the digitally signed <verificationCode:signedCode>
278	   element, described in Section 2.1.1.

280	   The child elements of the <verificationCode:encodedSignedCode>
281	   element include:

283	   <verificationCode:code>  One or more <verificationCode:code> elements
284	       that is an encoded form of the digitally signed
285	       <verificationCode:signedCode> element, described in
286	       Section 2.1.1, with the encoding defined by the "encoding"
287	       attribute with the default "encoding" value of "base64".  The
288	       "base64" encoded text of the <verificationCode:encodedSignedCode>
289	       element MUST conform to [RFC2045].

291	   Example <verificationCode:encodedSignedCode> element that contains
292	   one "base64" encoded <verificationCode:signedCode> contained in the
293	   <verificationCode:code> element:

295	   <verificationCode:encodedSignedCode
296	     xmlns:verificationCode=
297	       "urn:ietf:params:xml:ns:verificationCode-1.0">
298	     <verificationCode:code>
299	   ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
300	   OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
301	   bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
302	   b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
303	   ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
304	   dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
305	   PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
306	   My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
307	   aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
308	   Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
309	   Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
310	   aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
311	   ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
312	   dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
313	   YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
314	   UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
315	   ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
316	   UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
317	   Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
318	   amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
319	   bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
320	   CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
321	   d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
322	   SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
323	   VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
324	   CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
325	   ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
326	   d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
327	   bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
328	   eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
329	   d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
330	   R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
331	   UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
332	   c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
333	   QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
334	   cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
335	   NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
336	   MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
337	   ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
338	   WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
339	   QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
340	   Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
341	   Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
342	   SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
343	   LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
344	   VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
345	   R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
346	   SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
347	   Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
348	   bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
349	   MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
350	   REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
351	   aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
352	   N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
353	   aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
354	   L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
355	   TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
356	   UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
357	   YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
358	   b25Db2RlOnNpZ25lZENvZGU+Cg==
359	     </verificationCode:code>
360	   </verificationCode:encodedSignedCode>

362	   Example <verificationCode:encodedSignedCode> element that contains
363	   two <verificationCode:code> elements ;.

365	   <?xml version="1.0" encoding="UTF-8" standalone="no"?>
366	   <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
367	     <command>
368	       <create>
369	         <domain:create
370	          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
371	           <domain:name>domain.example</domain:name>
372	           <domain:registrant>jd1234</domain:registrant>
373	           <domain:contact type="admin">sh8013</domain:contact>
374	           <domain:contact type="tech">sh8013</domain:contact>
375	           <domain:authInfo>
376	             <domain:pw>2fooBAR</domain:pw>
377	           </domain:authInfo>
378	         </domain:create>
379	       </create>
380	       <extension>
381	         <verificationCode:encodedSignedCode
382	           xmlns:verificationCode=
383	             "urn:ietf:params:xml:ns:verificationCode-1.0">
384	           <verificationCode:code>
385	   ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
386	   OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
387	   bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
388	   b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
389	   ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
390	   dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
391	   PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
392	   My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
393	   aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
394	   Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
395	   Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
396	   aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
397	   ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
398	   dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
399	   YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
400	   UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
401	   ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
402	   UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
403	   Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
404	   amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
405	   bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
406	   CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
407	   d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
408	   SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
409	   VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
410	   CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
411	   ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
412	   d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
413	   bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
414	   eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
415	   d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
416	   R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
417	   UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
418	   c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
419	   QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
420	   cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
421	   NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
422	   MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
423	   ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
424	   WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
425	   QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
426	   Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
427	   Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
428	   SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
429	   LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
430	   VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
431	   R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
432	   SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
433	   Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
434	   bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
435	   MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
436	   REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
437	   aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
438	   N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
439	   aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
440	   L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
441	   TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
442	   UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
443	   YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
444	   b25Db2RlOnNpZ25lZENvZGU+Cg==
445	           </verificationCode:code>
446	           <verificationCode:code>
447	   PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48dmVyaWZpY2F0
448	   aW9uQ29kZTpzaWduZWRDb2RlIHhtbG5zOnZlcmlmaWNhdGlvbkNvZGU9InVybjpp
449	   ZXRmOnBhcmFtczp4bWw6bnM6dmVyaWZpY2F0aW9uQ29kZS0xLjAiIGlkPSJzaWdu
450	   ZWRDb2RlIiB0eXBlPSJyZWdpc3RyYW50Ij48dmVyaWZpY2F0aW9uQ29kZTpjb2Rl
451	   PjEtYWJjMjIyPC92ZXJpZmljYXRpb25Db2RlOmNvZGU+PGRzaWc6U2lnbmF0dXJl
452	   IHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMi
453	   Pjxkc2lnOlNpZ25lZEluZm8+PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBB
454	   bGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRu
455	   LTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBB
456	   bGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Et
457	   c2hhMSIvPjxkc2lnOlJlZmVyZW5jZSBVUkk9IiNzaWduZWRDb2RlIj48ZHNpZzpU
458	   cmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cu
459	   dzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9k
460	   c2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0
461	   cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGln
462	   ZXN0VmFsdWU+SFg2TU1WUWdnSStzNG9tT3haYjBGTW1VSlBRdk15WmUybDVEdEhh
463	   QlZMND08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6
464	   U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZT5VOUhPNVlYVWE0ZUsyYXRz
465	   U1RuQk1DU3dXM0dWUzZnUEtkaDBZTlZicERud1d4b1BtYlR2YkVsNDE4NFlKZ3Uw
466	   WXB3RkROMmZLY3JVCk1YV0hncE56K0oycTh6MWpTcVJMUEw0UmpnRWw0eGhiOXl5
467	   cExOZC8xQXJXRVlhWWZEdUc1S3FYV05MRG5YVzJoQkEzK0R5Wk82MFQKcTVPd0R5
468	   ZVFSVlNPVWNXVE9FOTJsSlZ4M014Q1V6d1hoL0ZOSTlPbGtXK0ZPNVZNNTZlTmZq
469	   UEhkUlJVdjdzQzRmM0NnWmFaSWFXNQp2RmJnTmJodFJVa0hsSVhnYVNGWDgvcFdV
470	   RXFIY0dLTUxnRU1nbHBnQ3RtOFlIcXVqb0tXUk0yUDNiK2h3ZTRsU0hSWVRjK0pB
471	   eEluClU4RDc1WnliWThnSWFuZUprS2dwVTk2T0tJTGQ5L0l0UVhaeHZnPT08L2Rz
472	   aWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48
473	   ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRGlUQ0NBbkdnQXdJQkFnSUVmcXE2SFRB
474	   TkJna3Foa2lHOXcwQkFRc0ZBREIxTVJBd0RnWURWUVFHRXdkVmJtdHViM2R1TVJB
475	   dwpEZ1lEVlFRSUV3ZFZibXR1YjNkdU1SQXdEZ1lEVlFRSEV3ZFZibXR1YjNkdU1S
476	   QXdEZ1lEVlFRS0V3ZFZibXR1YjNkdU1SQXdEZ1lEClZRUUxFd2RWYm10dWIzZHVN
477	   Umt3RndZRFZRUURFeEIyWlhKcFptbGpZWFJwYjI1RGIyUmxNQjRYRFRFMU1EWXhO
478	   VEl4TURBeU1sb1gKRFRNMU1EWXhNREl4TURBeU1sb3dkVEVRTUE0R0ExVUVCaE1I
479	   Vlc1cmJtOTNiakVRTUE0R0ExVUVDQk1IVlc1cmJtOTNiakVRTUE0RwpBMVVFQnhN
480	   SFZXNXJibTkzYmpFUU1BNEdBMVVFQ2hNSFZXNXJibTkzYmpFUU1BNEdBMVVFQ3hN
481	   SFZXNXJibTkzYmpFWk1CY0dBMVVFCkF4TVFkbVZ5YVdacFkyRjBhVzl1UTI5a1pU
482	   Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpjY2pY
483	   cmsKUWFJL2lHUEZ3WmVITjFnRFVhcTltVnJmQis2eWR5Qmdoc2FHVFZoaERIOFNO
484	   TmtpamxIMkxCQ3J3TjhjVjhQZ1BPOXRwbG9rR2F5UwpxNktFaHZtTk03b1dsZk5L
485	   SkdSdGNidGMzTnJuYzhiUUJacU1xcFo0UlNRTmh5QWh6Ri85UmErd3RFc0JWeGF3
486	   VDc1L2J0SDZ1YytmClJOdE5FcmhJdVlJUmN0WTZIRmRaR3BlS3cxYnlYK0RsNkJP
487	   L3ZLdnQ4NDllY1R3aEZIcDUwWGh2NFVTL0Z5aWVLaGs3dDdHRnJGRlQKL2NCTGsy
488	   WmxFa1lLcFlEU2dlc2lseFg2QkpTZVdCbXZLQzlTL2pBZDhNWmRHVUg2aHNHRXBl
489	   U1BmZkZQV3FWcXl6V0p5bG91OXF4ZQpnUTZjOFo2SVpXZkUzakxSOUVySDhzOTFD
490	   Mm1pTFZrQ0F3RUFBYU1oTUI4d0hRWURWUjBPQkJZRUZIY0JLdk03dmk3dUZNTUx5
491	   ZE43CmVGVXF2YzVVTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBVjB2cmlrSWRB
492	   d2l4THZ0NUx5eXpTNFdTU1d0dVlWL2JQMVg3NzVMRmYKSWh3a2xoMENidk5rYXlK
493	   Tms2Tnp0eDlSc1AwNWZndkxrZER1N0V5cnRzY3I1ZVdETG1WMGtKMWE1N1Z4bnJh
494	   aEdLTnM2Wit1Ui9pSApMaTJXb3liWEpFT2N0NWtJSjFzL05CeUUrdkdGdjFoTmJz
495	   dVVVUEVCYWVtaWpYUFROOWxxZE9uM1FIbktobXhsa1czYS9KbmhtT20vCkRWYTE0
496	   NDJXTVVUSlUyVFlWVldtdUs2NFkwQXFrN2FldzkvVzIzZEcrT2xhOW9VYnBrSXJr
497	   dDRDN3hRa0d5SXN2eUo3bi91OFhBRDIKbno1T1cvek5GWnlrZDAzT2N3M240NkZx
498	   c1IwVDlBbFBEWHQxUjlmMjZMd1lxdjk3dWtVNEcrMVRJNHorV0F2TCtVRk9FVnNu
499	   PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktl
500	   eUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3ZlcmlmaWNhdGlvbkNvZGU6c2lnbmVk
501	   Q29kZT4=
502	           </verificationCode:code>
503	       </verificationCode:encodedSignedCode>
504	       </extension>
505	       <clTRID>ABC-12345</clTRID>
506	     </command>
507	   </epp>

509	2.2.  Verification Profile

511	   A Verification Profile defines the set of verification code types,
512	   the commands that the verification code types are required,
513	   supported, or not supported, and the grace period by which the
514	   verification code types MUST be set.  A server MAY support many
515	   verificaton profiles, each with a unique name and a unique
516	   verification policy that is implemented by the server.  Each client
517	   MAY have zero or more server assigned verification profiles that will
518	   enforce the required verification policies.  Most likely a client
519	   will be assigned zero or one server assigned verification profile,
520	   but overlapping profiles is possible.  Overlapping verification
521	   profiles MUST be treated as an logical "and" of the policies by the
522	   server.  If no verification profile is assigned to the client, no
523	   additional verification is required by the client.

525	3.  EPP Command Mapping

527	   A detailed description of the EPP syntax and semantics can be found
528	   in the EPP core protocol specification [RFC5730].

530	3.1.  EPP Query Commands

532	   EPP provides three commands to retrieve object information: <check>
533	   to determine if an object is known to the server, <info> to retrieve
534	   detailed information associated with an object, and <transfer> to
535	   retrieve object transfer status information.

537	3.1.1.  EPP <check> Command

539	   This extension does not add any elements to the EPP <check> command
540	   or <check> response described in the [RFC5730].

542	3.1.2.  EPP <info> Command

544	   This extension defines additional elements to extend the EPP <info>
545	   command of an object mapping like the EPP domain name mapping
546	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
547	   [RFC5733].

549	   The EPP <info> command is used to retrieve the verification
550	   information.  The verification information is based on the
551	   verification profile, as defined in Section 2.2, set in the server
552	   for the client.  The <verificationCode:info> element is an empty
553	   element that indicates that the client requests the verification
554	   information.  The OPTIONAL "profile" attribute can be used by the
555	   client to explicitly specify a verification profile, as defined in
556	   Section 2.2, to base the verification information on.  It is up to
557	   server policy on the set of verification profiles that the client is
558	   allowed to explicitly specify, and if the client is not allowed, the
559	   server MUST return the 2201 error response.

561	   Example <info> domain command with the <verificationCode:info>
562	   extension to retrieve the verification information for the domain
563	   "domain.example", using the profiles associated with the client:

565	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
566	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
567	   C:  <command>
568	   C:    <info>
569	   C:      <domain:info
570	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
571	   C:        <domain:name>domain.example</domain:name>
572	   C:      </domain:info>
573	   C:    </info>
574	   C:    <extension>
575	   C:      <verificationCode:info
576	   C:        xmlns:verificationCode=
577	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"/>
578	   C:    </extension>
579	   C:    <clTRID>ABC-12345</clTRID>
580	   C:  </command>
581	   C:</epp>

583	   Example <info> domain command with the <verificationCode:info>
584	   extension to retrieve the verification information for the domain
585	   "domain.example", using the profiles associated with the client and
586	   with the authorization information to retrieve the verification codes
587	   from the non-sponsoring client:

589	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
590	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
591	   C:  <command>
592	   C:    <info>
593	   C:      <domain:info
594	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
595	   C:        <domain:name>domain.example</domain:name>
596	   C:        <domain:authInfo>
597	   C:          <domain:pw>2fooBAR</domain:pw>
598	   C:        </domain:authInfo>
599	   C:      </domain:info>
600	   C:    </info>
601	   C:    <extension>
602	   C:      <verificationCode:info
603	   C:        xmlns:verificationCode=
604	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"/>
605	   C:    </extension>
606	   C:    <clTRID>ABC-12345</clTRID>
607	   C:  </command>
608	   C:</epp>
609	   Example <info> domain command with the <verificationCode:info>
610	   extension to retrieve the verification information for the domain
611	   "domain.example", using the the "sample" profile:

613	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
614	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
615	   C:  <command>
616	   C:    <info>
617	   C:      <domain:info
618	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
619	   C:        <domain:name>domain.example</domain:name>
620	   C:      </domain:info>
621	   C:    </info>
622	   C:    <extension>
623	   C:      <verificationCode:info
624	   C:        xmlns:verificationCode=
625	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"
626	   C:        profile="sample"/>
627	   C:    </extension>
628	   C:    <clTRID>ABC-12345</clTRID>
629	   C:  </command>
630	   C:</epp>

632	   If the query was successful, the server replies with a
633	   <verificationCode:infData> element along with the regular EPP
634	   <resData>.  The <verificationCode:infData> element contains the
635	   following child elements:

637	   <verificationCode:status>  The status of the verification for the
638	       object, using all of the verification profiles assigned to the
639	       client.  There are three possible values for the status:

641	       nonCompliant  The object is non-compliant according to the
642	           verification profiles.  If at least one of the profiles is
643	           "nonCompliant", the object is "nonCompliant".
644	       pendingCompliance  The object is not in compliance with the
645	           verification profiles, but has a grace period to set the
646	           required set of verification codes, as reflected by the due
647	           date of the verification code type.  If at least one of the
648	           profiles is "pendingComplaince" and none of the profiles is
649	           "nonCompliant", the object is "pendingCompliance".
650	       compliant  The object is compliant with the verification
651	           profiles.  If All of the profiles for the object are
652	           "complaint" or if the object has no assignd profiles, the
653	           object is "compliant".
654	   <verificationCode:profile>  Zero or more OPTIONAL
655	       <verificationCode:profile> elements that defines the verification
656	       status of the object based on the profile.  The required "name"
657	       attribute defines the name of the profile.  The
658	       <verificationCode:profile> element contains the following child
659	       elements:

661	       <verificationCode:status>  The status of the verification for the
662	           object and the profile.  There are three possible values for
663	           the status:

665	           nonCompliant  The object is non-compliant according to the
666	               verification profile.
667	           pendingCompliance  The object is not in compliance with the
668	               verification profile, but has a grace period to set the
669	               required set of verification codes, as reflected by the
670	               due date of the verification code type.
671	           compliant  The object is compliant with the verification
672	               profile.
673	       <verificationCode:missing>  OPTIONAL list of missing verification
674	           code types.  The <verificationCode:missing> element is
675	           returned only if there is at least one missing verification
676	           code type and based on server policy.  The
677	           <verificationCode:missing> element contains the following
678	           child elements:

680	           <verificationCode:code>  One or more <verificationCode:code>
681	               elements that is empty with the REQUIRED "type" attribute
682	               that indicates the verification code type and the
683	               REQUIRED "due" attribute that indicates when the
684	               verification code type was or is due.  Past due
685	               verification code types will result in the
686	               <verificationCode:status> element being set to
687	               "nonCompliant".
688	       <verificationCode:set>  OPTIONAL list of set verification codes.
689	           The <verificationCode:set> element is returned only if there
690	           is at least one set verification code.  The
691	           <verificationCode:set> element contains the following child
692	           elements:

694	           <verificationCode:code>  One or more <verificationCode:code>
695	               elements containing the verification code with a REQUIRED
696	               "type" attribute that indicates the code type and a
697	               REQUIRED "date" attribute that indicates when the
698	               verification code was set.  The inclusion of the code
699	               value is up server policy, so if the server determines
700	               that the code value cannot be exposed to a non-sponsoring
701	               client, the <verificationCode:code> element MUST be
702	               empty.

704	   Example <info> domain response using the <verificationCode:infData>
705	   extension for a compliant domain using the "sample" profile, and with
706	   the two verification codes, from the sponsoring or authorized client:

708	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
709	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
710	   S:  <response>
711	   S:    <result code="1000">
712	   S:      <msg>Command completed successfully</msg>
713	   S:    </result>
714	   S:    <resData>
715	   S:      <domain:infData
716	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
717	   S:        <domain:name>domain.example</domain:name>
718	   S:        <domain:roid>DOMAIN-REP</domain:roid>
719	   S:        <domain:status s="ok"/>
720	   S:        <domain:clID>ClientX</domain:clID>
721	   S:        <domain:crID>ClientY</domain:crID>
722	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
723	   S:        </domain:crDate>
724	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
725	   S:        </domain:exDate>
726	   S:        <domain:authInfo>
727	   S:          <domain:pw>2fooBAR</domain:pw>
728	   S:        </domain:authInfo>
729	   S:      </domain:infData>
730	   S:    </resData>
731	   S:    <extension>
732	   S:      <verificationCode:infData
733	   S:        xmlns:verificationCode=
734	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
735	   S:        <verificationCode:status>compliant
736	   S:        </verificationCode:status>
737	   S:        <verificationCode:profile name="sample">
738	   S:          <verificationCode:status>compliant
739	   S:          </verificationCode:status>
740	   S:          <verificationCode:set>
741	   S:            <verificationCode:code type="domain"
742	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
743	   S:            </verificationCode:code>
744	   S:            <verificationCode:code type="registrant"
745	   S:              date="2010-04-03T22:00:00.0Z">1-abc444
746	   S:            </verificationCode:code>
747	   S:          </verificationCode:set>
748	   S:        </verificationCode:profile>
749	   S:      </verificationCode:infData>
750	   S:    </extension>
751	   S:    <trID>
752	   S:      <clTRID>ABC-12345</clTRID>
753	   S:      <svTRID>54322-XYZ</svTRID>
754	   S:    </trID>
755	   S:  </response>
756	   S:</epp>
757	   Example <info> domain response using the <verificationCode:infData>
758	   extension for a compliant domain using the "sample" profile, and with
759	   the two verification code types, from the non-sponsoring client:

761	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
762	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
763	   S:  <response>
764	   S:    <result code="1000">
765	   S:      <msg>Command completed successfully</msg>
766	   S:    </result>
767	   S:    <resData>
768	   S:      <domain:infData
769	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
770	   S:        <domain:name>domain.example</domain:name>
771	   S:        <domain:roid>DOMAIN-REP</domain:roid>
772	   S:        <domain:status s="ok"/>
773	   S:        <domain:clID>ClientX</domain:clID>
774	   S:        <domain:crID>ClientY</domain:crID>
775	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
776	   S:        </domain:crDate>
777	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
778	   S:        </domain:exDate>
779	   S:      </domain:infData>
780	   S:    </resData>
781	   S:    <extension>
782	   S:      <verificationCode:infData
783	   S:        xmlns:verificationCode=
784	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
785	   S:        <verificationCode:status>compliant
786	   S:        </verificationCode:status>
787	   S:        <verificationCode:profile name="sample">
788	   S:          <verificationCode:status>compliant
789	   S:          </verificationCode:status>
790	   S:          <verificationCode:set>
791	   S:            <verificationCode:code type="domain"
792	   S:              date="2010-04-03T22:00:00.0Z"/>
793	   S:            <verificationCode:code type="registrant"
794	   S:              date="2010-04-03T22:00:00.0Z"/>
795	   S:          </verificationCode:set>
796	   S:        </verificationCode:profile>
797	   S:      </verificationCode:infData>
798	   S:    </extension>
799	   S:    <trID>
800	   S:      <clTRID>ABC-12345</clTRID>
801	   S:      <svTRID>54322-XYZ</svTRID>
802	   S:    </trID>
803	   S:  </response>
804	   S:</epp>
805	   Example <info> domain response using the <verificationCode:infData>
806	   extension for a non-compliant domain using the "sample" profile, and
807	   with the verification code types missing along with their due dates:

809	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
810	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
811	   S:  <response>
812	   S:    <result code="1000">
813	   S:      <msg>Command completed successfully</msg>
814	   S:    </result>
815	   S:    <resData>
816	   S:      <domain:infData
817	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
818	   S:        <domain:name>domain.example</domain:name>
819	   S:        <domain:roid>DOMAIN-REP</domain:roid>
820	   S:        <domain:status s="serverHold"/>
821	   S:        <domain:clID>ClientX</domain:clID>
822	   S:        <domain:crID>ClientY</domain:crID>
823	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
824	   S:        </domain:crDate>
825	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
826	   S:        </domain:exDate>
827	   S:      </domain:infData>
828	   S:    </resData>
829	   S:    <extension>
830	   S:      <verificationCode:infData
831	   S:        xmlns:verificationCode=
832	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
833	   S:        <verificationCode:status>nonCompliant
834	   S:        </verificationCode:status>
835	   S:        <verificationCode:profile name="sample">
836	   S:          <verificationCode:status>nonCompliant
837	   S:          </verificationCode:status>
838	   S:          <verificationCode:missing>
839	   S:            <verificationCode:code
840	   S:              type="domain"
841	   S:              due="2010-04-03T22:00:00.0Z"/>
842	   S:            <verificationCode:code
843	   S:              type="registrant"
844	   S:              due="2010-04-08T22:00:00.0Z"/>
845	   S:          </verificationCode:missing>
846	   S:        </verificationCode:profile>
847	   S:      </verificationCode:infData>
848	   S:    </extension>
849	   S:    <trID>
850	   S:      <clTRID>ABC-12345</clTRID>
851	   S:      <svTRID>54322-XYZ</svTRID>
852	   S:    </trID>
853	   S:  </response>
854	   S:</epp>

856	   Example <info> domain response using the <verificationCode:infData>
857	   extension for a pending compliance domain using the "sample" profile,
858	   with the verification code type missing along with the due date, and
859	   with set verification code:

861	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
862	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
863	   S:  <response>
864	   S:    <result code="1000">
865	   S:      <msg>Command completed successfully</msg>
866	   S:    </result>
867	   S:    <resData>
868	   S:      <domain:infData
869	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
870	   S:        <domain:name>domain.example</domain:name>
871	   S:        <domain:roid>DOMAIN-REP</domain:roid>
872	   S:        <domain:status s="ok"/>
873	   S:        <domain:clID>ClientX</domain:clID>
874	   S:        <domain:crID>ClientY</domain:crID>
875	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
876	   S:        </domain:crDate>
877	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
878	   S:        </domain:exDate>
879	   S:      </domain:infData>
880	   S:    </resData>
881	   S:    <extension>
882	   S:      <verificationCode:infData
883	   S:        xmlns:verificationCode=
884	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
885	   S:        <verificationCode:status>pendingCompliance
886	   S:        </verificationCode:status>
887	   S:        <verificationCode:profile name="sample">
888	   S:          <verificationCode:status>pendingCompliance
889	   S:          </verificationCode:status>
890	   S:          <verificationCode:missing>
891	   S:            <verificationCode:code
892	   S:              type="registrant"
893	   S:              due="2010-04-08T22:00:00.0Z"/>
894	   S:          </verificationCode:missing>
895	   S:          <verificationCode:set>
896	   S:            <verificationCode:code type="domain"
897	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
898	   S:            </verificationCode:code>
899	   S:          </verificationCode:set>
900	   S:        </verificationCode:profile>
901	   S:      </verificationCode:infData>
902	   S:    </extension>
903	   S:    <trID>
904	   S:      <clTRID>ABC-12345</clTRID>
905	   S:      <svTRID>54322-XYZ</svTRID>
906	   S:    </trID>
907	   S:  </response>
908	   S:</epp>
909	   Example <info> domain response using the <verificationCode:infData>
910	   extension for a client that does not have a verification profile
911	   assigned:

913	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
914	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
915	   S:  <response>
916	   S:    <result code="1000">
917	   S:      <msg>Command completed successfully</msg>
918	   S:    </result>
919	   S:    <resData>
920	   S:      <domain:infData
921	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
922	   S:        <domain:name>domain.example</domain:name>
923	   S:        <domain:roid>DOMAIN-REP</domain:roid>
924	   S:        <domain:status s="ok"/>
925	   S:        <domain:clID>ClientX</domain:clID>
926	   S:        <domain:crID>ClientY</domain:crID>
927	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
928	   S:        </domain:crDate>
929	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
930	   S:        </domain:exDate>
931	   S:      </domain:infData>
932	   S:    </resData>
933	   S:    <extension>
934	   S:      <verificationCode:infData
935	   S:        xmlns:verificationCode=
936	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
937	   S:        <verificationCode:status>compliant
938	   S:        </verificationCode:status>
939	   S:      </verificationCode:infData>
940	   S:    </extension>
941	   S:    <trID>
942	   S:      <clTRID>ABC-12345</clTRID>
943	   S:      <svTRID>54322-XYZ</svTRID>
944	   S:    </trID>
945	   S:  </response>
946	   S:</epp>

948	3.1.3.  EPP <transfer> Command

950	   This extension does not add any elements to the EPP <transfer> query
951	   command or <transfer> response described in the [RFC5730].

953	3.2.  EPP Transform Commands

955	   EPP provides five commands to transform objects: <create> to create
956	   an instance of an object, <delete> to delete an instance of an
957	   object, <renew> to extend the validity period of an object,
958	   <transfer> to manage object sponsorship changes, and <update> to
959	   change information associated with an object.

961	3.2.1.  EPP <create> Command

963	   This extension defines additional elements to extend the EPP <create>
964	   command of an object mapping like the EPP domain name mapping
965	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
966	   [RFC5733].

968	   The EPP <create> command provides a transform operation that allows a
969	   client to create an object.  In addition to the EPP command elements
970	   described in an object mapping like [RFC5731], the command MAY
971	   contain a child <verificationCode:encodedSignedCode> element, as
972	   defined in Section 2.1.2, that identifies the extension namespace for
973	   the client to provide proof of verification by a Verification Service
974	   Provider (VSP).  The server MAY support multiple policies for the
975	   passing of the <verificationCode:encodedSignedCode> element based on
976	   the client profile, which include:

978	   required  The client MUST pass a valid
979	       <verificationCode:encodedSignedCode> element containing the
980	       required set of verification codes.  If a
981	       <verificationCode:encodedSignedCode> element is not passed or the
982	       required set of verification codes is not included, the server
983	       MUST return an EPP error result code of 2306.  If an invalid
984	       <verificationCode:encodedSignedCode> element is passed, the
985	       server MUST return an EPP error result code of 2005.
986	   optional  The client MAY pass a valid
987	       <verificationCode:encodedSignedCode> element.  If an invalid
988	       <verificationCode:encodedSignedCode> element is passed, the
989	       server MUST return an EPP error result code of 2005.
990	   not supported  The client MUST NOT pass a
991	       <verificationCode:encodedSignedCode> element.  If a
992	       <verificationCode:encodedSignedCode> element is passed, the
993	       server MUST return an EPP error result code of 2102.

995	   Example <create> command to create a domain object with a
996	   verification code:

998	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
999	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
1000	   C:  <command>
1001	   C:    <create>
1002	   C:      <domain:create
1003	   C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
1004	   C:        <domain:name>domain.example</domain:name>
1005	   C:        <domain:registrant>jd1234</domain:registrant>
1006	   C:        <domain:contact type="admin">sh8013</domain:contact>
1007	   C:        <domain:contact type="tech">sh8013</domain:contact>
1008	   C:        <domain:authInfo>
1009	   C:          <domain:pw>2fooBAR</domain:pw>
1010	   C:        </domain:authInfo>
1011	   C:      </domain:create>
1012	   C:    </create>
1013	   C:    <extension>
1014	   C:      <verificationCode:encodedSignedCode
1015	   C:        xmlns:verificationCode=
1016	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0">
1017	   C:        <verificationCode:code>
1018	   C:ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
1019	   C:OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
1020	   C:bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
1021	   C:b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
1022	   C:ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
1023	   C:dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
1024	   C:PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
1025	   C:My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
1026	   C:aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
1027	   C:Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
1028	   C:Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
1029	   C:aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
1030	   C:ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
1031	   C:dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
1032	   C:YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
1033	   C:UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
1034	   C:ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
1035	   C:UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
1036	   C:Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
1037	   C:amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
1038	   C:bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
1039	   C:CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
1040	   C:d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
1041	   C:SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
1042	   C:VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
1043	   C:CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
1044	   C:ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
1045	   C:d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
1046	   C:bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
1047	   C:eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
1048	   C:d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
1049	   C:R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
1050	   C:UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
1051	   C:c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
1052	   C:QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
1053	   C:cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
1054	   C:NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
1055	   C:MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
1056	   C:ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
1057	   C:WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
1058	   C:QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
1059	   C:Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
1060	   C:Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
1061	   C:SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
1062	   C:LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
1063	   C:VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
1064	   C:R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
1065	   C:SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
1066	   C:Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
1067	   C:bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
1068	   C:MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
1069	   C:REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
1070	   C:aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
1071	   C:N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
1072	   C:aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
1073	   C:L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
1074	   C:TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
1075	   C:UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
1076	   C:YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
1077	   C:b25Db2RlOnNpZ25lZENvZGU+Cg==
1078	   C:        </verificationCode:code>
1079	   C:      </verificationCode:encodedSignedCode>
1080	   C:    </extension>
1081	   C:    <clTRID>ABC-12345</clTRID>
1082	   C:  </command>
1083	   C:</epp>

1085	   This extension does not add any elements to the EPP <create> response
1086	   described in the [RFC5730].

1088	3.2.2.  EPP <delete> Command

1090	   This extension defines additional elements to extend the EPP <delete>
1091	   command and response in the same fashion as defined for the EPP
1092	   <create> Command (Section 3.2.1).

1094	3.2.3.  EPP <renew> Command

1096	   This extension defines additional elements to extend the EPP <renew>
1097	   command and response in the same fashion as defined for the EPP
1098	   <create> Command (Section 3.2.1).

1100	3.2.4.  EPP <transfer> Command

1102	   This extension defines additional elements to extend the EPP
1103	   <transfer> command and response in the same fashion as defined for
1104	   the EPP <create> Command (Section 3.2.1).

1106	3.2.5.  EPP <update> Command

1108	   This extension defines additional elements to extend the EPP <update>
1109	   command and response in the same fashion as defined for the EPP
1110	   <create> Command (Section 3.2.1).

1112	4.  Formal Syntax

1114	   One schema is presented here that is the EPP Verification Code
1115	   Extension schema.

1117	   The formal syntax presented here is a complete schema representation
1118	   of the object mapping suitable for automated validation of EPP XML
1119	   instances.  The BEGIN and END tags are not part of the schema; they
1120	   are used to note the beginning and ending of the schema for URI
1121	   registration purposes.

1123	4.1.  Verification Code Extension Schema

1125	   BEGIN
1126	   <?xml version="1.0" encoding="UTF-8"?>
1127	   <schema
1128	     targetNamespace=
1129	       "urn:ietf:params:xml:ns:verificationCode-1.0"
1130	     xmlns:verificationCode=
1131	       "urn:ietf:params:xml:ns:verificationCode-1.0"
1132	     xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
1133	     xmlns="http://www.w3.org/2001/XMLSchema"
1134	     elementFormDefault="qualified">

1136	     <annotation>
1137	       <documentation>
1138	         Extensible Provisioning Protocol v1.0
1139	         Verification Code Extension.
1140	       </documentation>
1141	     </annotation>
1142	     <import namespace="http://www.w3.org/2000/09/xmldsig#"
1143	       schemaLocation="xmldsig-core-schema.xsd"/>

1145	     <!-- Abstract signed code for substitution -->
1146	     <element name="abstractSignedCode"
1147	       type="verificationCode:abstractSignedCodeType"
1148	       abstract="true"/>

1150	     <!-- Empty type for use in extending for a signed code -->
1151	     <complexType name="abstractSignedCodeType"/>

1153	     <!-- Definition of concrete signed code -->
1154	     <element name="signedCode"
1155	       type="verificationCode:signedCodeType"
1156	       substitutionGroup="verificationCode:abstractSignedCode"/>

1158	     <complexType name="signedCodeType">
1159	       <complexContent>
1160	         <extension base="verificationCode:abstractSignedCodeType">
1161	           <sequence>
1162	             <element name="code"
1163	               type="verificationCode:verificationCodeType"/>
1164	             <element ref="dsig:Signature"/>
1165	           </sequence>
1166	           <attribute name="id" type="ID" use="required"/>
1167	         </extension>
1168	       </complexContent>
1169	     </complexType>

1171	     <complexType name="verificationCodeType">
1172	       <simpleContent>
1173	         <extension base="token">
1174	           <attribute name="type" type="token"
1175	             use="required"/>
1176	         </extension>
1177	       </simpleContent>
1178	     </complexType>

1180	     <!-- Definition of an encoded signed code -->
1181	     <element name="encodedSignedCode"
1182	       type="verificationCode:encodedSignedCodeListType"/>

1184	     <complexType name="encodedSignedCodeListType">
1185	       <sequence>
1186	          <element name="code"
1187	             type="verificationCode:encodedSignedCodeType"
1188	             minOccurs="1" maxOccurs="unbounded"/>
1189	       </sequence>

1191	     </complexType>

1193	     <complexType name="encodedSignedCodeType">
1194	       <simpleContent>
1195	         <extension base="token">
1196	           <attribute name="encoding"
1197	             type="token" default="base64"/>
1198	         </extension>
1199	       </simpleContent>
1200	     </complexType>

1202	     <!-- info command extension elements -->
1203	     <element name="info" type="verificationCode:infoType"/>

1205	     <complexType name="infoType">
1206	       <simpleContent>
1207	         <extension base="token">
1208	            <attribute name="profile" type="token"/>
1209	         </extension>
1210	       </simpleContent>
1211	     </complexType>

1213	     <!-- info response extension elements -->
1214	     <element name="infData" type="verificationCode:infDataType"/>

1216	     <complexType name="infDataType">
1217	       <sequence>
1218	         <element name="status"
1219	           type="verificationCode:statusEnum"/>
1220	         <element name="profile"
1221	           type="verificationCode:profileDataType"
1222	           minOccurs="0" maxOccurs="unbounded"/>
1223	       </sequence>
1224	     </complexType>

1226	     <complexType name="profileDataType">
1227	       <sequence>
1228	         <element name="status"
1229	           type="verificationCode:statusEnum"/>
1230	         <element name="missing"
1231	           type="verificationCode:missingCodes"
1232	           minOccurs="0"/>
1233	         <element name="set"
1234	           type="verificationCode:codesType"
1235	           minOccurs="0"/>
1236	       </sequence>
1237	       <attribute name="name" type="token"/>

1239	     </complexType>

1241	     <simpleType name="statusEnum">
1242	       <restriction base="token">
1243	         <enumeration value="nonCompliant"/>
1244	         <enumeration value="pendingCompliance"/>
1245	         <enumeration value="compliant"/>
1246	       </restriction>
1247	     </simpleType>

1249	     <complexType name="missingVerificationCode">
1250	       <simpleContent>
1251	         <extension base="verificationCode:verificationCodeType">
1252	           <attribute name="due" type="dateTime"
1253	             use="required"/>
1254	         </extension>
1255	       </simpleContent>
1256	     </complexType>

1258	     <complexType name="missingCodes">
1259	       <sequence>
1260	         <element name="code"
1261	           type="verificationCode:missingVerificationCode"
1262	           minOccurs="1" maxOccurs="unbounded"/>
1263	       </sequence>
1264	     </complexType>

1266	     <complexType name="infoVerificationCodeType">
1267	       <simpleContent>
1268	         <extension base="verificationCode:verificationCodeType">
1269	           <attribute name="date" type="dateTime"
1270	             use="required"/>
1271	         </extension>
1272	       </simpleContent>
1273	     </complexType>

1275	     <complexType name="codesType">
1276	       <sequence>
1277	         <element name="code"
1278	           type="verificationCode:infoVerificationCodeType"
1279	           minOccurs="1" maxOccurs="unbounded"/>
1280	       </sequence>
1281	     </complexType>

1283	   </schema>
1284	   END

1286	5.  IANA Considerations

1288	5.1.  XML Namespace

1290	   This document uses URNs to describe XML namespaces and XML schemas
1291	   conforming to a registry mechanism described in [RFC3688].

1293	   Registration request for the verificationCode namespace:

1295	      URI: ietf:params:xml:ns:verificationCode-1.0
1296	      Registrant Contact: See the "Author's Address" section of this
1297	      document.
1298	      XML: None.  Namespace URIs do not represent an XML specification.

1300	   Registration request for the verificationCode XML schema:

1302	      URI: ietf:params:xml:ns:verificationCode-1.0
1303	      Registrant Contact: See the "Author's Address" section of this
1304	      document.
1305	      XML: See the "Formal Syntax" section of this document.

1307	5.2.  EPP Extension Registry

1309	   The EPP extension described in this document should be registered by
1310	   the IANA in the EPP Extension Registry described in [RFC7451].  The
1311	   details of the registration are as follows:

1313	   Name of Extension: "Verification Code Extension for the Extensible
1314	   Provisioning Protocol (EPP)"

1316	   Document status: Standards Track

1318	   Reference: (insert reference to RFC version of this document)

1320	   Registrant Name and Email Address: IESG, <iesg@ietf.org>

1322	   TLDs: Any

1324	   IPR Disclosure: None

1326	   Status: Active

1328	   Notes: None

1330	6.  Security Considerations

1332	   The mapping extension described in this document is based on the
1333	   security services described by EPP [RFC5730] and protocol layers used
1334	   by EPP.  The security considerations described in these other
1335	   specifications apply to this specification as well.

1337	   XML Signature [W3C.CR-xmldsig-core2-20120124] is used in this
1338	   extension to verify that the Verification Code originated from a
1339	   trusted Verification Service Provider (VSP) and that it wasn't
1340	   tampered with in transit from the VSP to the client to the server.
1341	   To support multiple VSP keys, the VSP certificate chain MUST be
1342	   included in the <X509Certificate> elements of the Signed Code
1343	   (Section 2.1.1) and MUST chain up and be verified by the server
1344	   against a set of trusted certificates.

1346	   It is RECOMMENDED that signed codes do not include white-spaces
1347	   between the XML elements in order to mitigate risks of invalidating
1348	   the digital signature when transferring of signed codes between
1349	   applications takes place.

1351	   Use of XML canonicalization SHOULD be used when generating the signed
1352	   code.  SHA256/RSA-SHA256 SHOULD be used for digesting and signing.
1353	   The size of the RSA key SHOULD be at least 2048 bits.

1355	7.  Normative References

1357	   [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1358	              Extensions (MIME) Part One: Format of Internet Message
1359	              Bodies", RFC 2045, November 1996.

1361	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1362	              Requirement Levels", BCP 14, RFC 2119, March 1997.

1364	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1365	              January 2004.

1367	   [RFC5234]  Crocker, D. and P. Overell, "Augmented BNF for Syntax
1368	              Specifications: ABNF", STD 68, RFC 5234, January 2008.

1370	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
1371	              STD 69, RFC 5730, August 2009.

1373	   [RFC5731]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1374	              Domain Name Mapping", STD 69, RFC 5731, August 2009.

1376	   [RFC5732]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1377	              Host Mapping", STD 69, RFC 5732, August 2009.

1379	   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1380	              Contact Mapping", STD 69, RFC 5733, August 2009.

1382	   [RFC7451]  Hollenbeck, S., "Extension Registry for the Extensible
1383	              Provisioning Protocol", RFC 7451, February 2015.

1385	   [W3C.CR-xmldsig-core2-20120124]
1386	              Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle,
1387	              J., Solo, D., Datta, P., and F. Hirsch, "XML Signature
1388	              Syntax and Processing Version 2.0", World Wide Web
1389	              Consortium CR CR-xmldsig-core2-20120124, January 2012,
1390	              <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>.

1392	Appendix A.  Acknowledgements

1394	Appendix B.  Change History

1396	Author's Address

1398	   James Gould
1399	   VeriSign, Inc.
1400	   12061 Bluemont Way
1401	   Reston, VA  20190
1402	   US

1404	   Email: jgould@verisign.com
1405	   URI:   http://www.verisign.com