idnits 2.17.1 

draft-ietf-regext-data-escrow-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (Nov 25, 2019) is 1614 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  -- Obsolete informational reference (is this intentional?): RFC 8499
     (Obsoleted by RFC 9499)


     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Network Working Group                                          G. Lozano
3	Internet-Draft                                                     ICANN
4	Intended status: Standards Track                            Nov 25, 2019
5	Expires: May 28, 2020

7	                   Registry Data Escrow Specification
8	                    draft-ietf-regext-data-escrow-02

10	Abstract

12	   This document specifies the format and contents of data escrow
13	   deposits targeted primarily for domain name registries.  However, the
14	   specification was designed to be independent of the underlying
15	   objects that are being escrowed, therefore it could be used for
16	   purposes other than domain name registries.

18	Status of This Memo

20	   This Internet-Draft is submitted in full conformance with the
21	   provisions of BCP 78 and BCP 79.

23	   Internet-Drafts are working documents of the Internet Engineering
24	   Task Force (IETF).  Note that other groups may also distribute
25	   working documents as Internet-Drafts.  The list of current Internet-
26	   Drafts is at https://datatracker.ietf.org/drafts/current/.

28	   Internet-Drafts are draft documents valid for a maximum of six months
29	   and may be updated, replaced, or obsoleted by other documents at any
30	   time.  It is inappropriate to use Internet-Drafts as reference
31	   material or to cite them other than as "work in progress."

33	   This Internet-Draft will expire on May 28, 2020.

35	Copyright Notice

37	   Copyright (c) 2019 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents
42	   (https://trustee.ietf.org/license-info) in effect on the date of
43	   publication of this document.  Please review these documents
44	   carefully, as they describe your rights and restrictions with respect
45	   to this document.  Code Components extracted from this document must
46	   include Simplified BSD License text as described in Section 4.e of
47	   the Trust Legal Provisions and are provided without warranty as
48	   described in the Simplified BSD License.

50	Table of Contents

52	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
53	   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   3
54	   3.  Problem Scope . . . . . . . . . . . . . . . . . . . . . . . .   4
55	   4.  General Conventions . . . . . . . . . . . . . . . . . . . . .   5
56	     4.1.  Date and Time . . . . . . . . . . . . . . . . . . . . . .   6
57	   5.  Protocol Description  . . . . . . . . . . . . . . . . . . . .   6
58	     5.1.  Root element <deposit>  . . . . . . . . . . . . . . . . .   6
59	     5.2.  Child <watermark> element . . . . . . . . . . . . . . . .   9
60	     5.3.  Child <rdeMenu> element . . . . . . . . . . . . . . . . .   9
61	     5.4.  Child <deletes> element . . . . . . . . . . . . . . . . .  10
62	     5.5.  Child <contents> element  . . . . . . . . . . . . . . . .  10
63	   6.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  10
64	     6.1.  RDE Schema  . . . . . . . . . . . . . . . . . . . . . . .  10
65	   7.  Internationalization Considerations . . . . . . . . . . . . .  13
66	   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
67	   9.  Implementation Status . . . . . . . . . . . . . . . . . . . .  14
68	     9.1.  Implementation in the gTLD space  . . . . . . . . . . . .  15
69	   10. Security Considerations . . . . . . . . . . . . . . . . . . .  15
70	   11. Privacy Considerations  . . . . . . . . . . . . . . . . . . .  16
71	   12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  16
72	   13. Change History  . . . . . . . . . . . . . . . . . . . . . . .  16
73	     13.1.  Changes from 00 to 01  . . . . . . . . . . . . . . . . .  16
74	     13.2.  Changes from 01 to 02  . . . . . . . . . . . . . . . . .  17
75	     13.3.  Changes from 02 to 03  . . . . . . . . . . . . . . . . .  18
76	     13.4.  Changes from 03 to 04  . . . . . . . . . . . . . . . . .  18
77	     13.5.  Changes from 04 to 05  . . . . . . . . . . . . . . . . .  18
78	     13.6.  Changes from 05 to 06  . . . . . . . . . . . . . . . . .  19
79	     13.7.  Changes from 06 to 07  . . . . . . . . . . . . . . . . .  19
80	     13.8.  Changes from 07 to 08  . . . . . . . . . . . . . . . . .  19
81	     13.9.  Changes from 08 to 09  . . . . . . . . . . . . . . . . .  19
82	     13.10. Changes from 09 to 10  . . . . . . . . . . . . . . . . .  19
83	     13.11. Changes from 10 to 11  . . . . . . . . . . . . . . . . .  19
84	     13.12. Changes from 11 to REGEXT 00 . . . . . . . . . . . . . .  19
85	     13.13. Changes from version REGEXT 00 to REGEXT 01  . . . . . .  19
86	     13.14. Changes from version REGEXT 01 to REGEXT 02  . . . . . .  19
87	   14. References  . . . . . . . . . . . . . . . . . . . . . . . . .  20
88	     14.1.  Normative References . . . . . . . . . . . . . . . . . .  20
89	     14.2.  Informative References . . . . . . . . . . . . . . . . .  20
90	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  20

92	1.  Introduction

94	   Registry Data Escrow is the process by which a registry periodically
95	   submits data deposits to a third-party called an escrow agent.  These
96	   deposits comprise the minimum data needed by a third-party to resume
97	   operations if the registry cannot function and is unable or unwilling
98	   to facilitate an orderly transfer of service.  For example, for a
99	   domain name registry or registrar, the data to be deposited would
100	   include all the objects related to registered domain names, e.g.,
101	   names, contacts, name servers, etc.

103	   The goal of data escrow is higher resiliency of registration
104	   services, for the benefit of Internet users.  The beneficiaries of a
105	   registry are not just those registering information there, but all
106	   relying parties that need to identify the owners of objects.

108	   In the context of domain name registries, registration data escrow is
109	   a requirement for generic top-level domains and some country code
110	   top-level domain managers are also currently escrowing data.  There
111	   is also a similar requirement for ICANN-accredited domain registrars.

113	   This document specifies a format for data escrow deposits independent
114	   of the objects being escrowed.  A specification is required for each
115	   type of registry/set of objects that is expected to be escrowed.

117	2.  Terminology

119	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
120	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
121	   "OPTIONAL" in this document are to be interpreted as described in BCP
122	   14 [RFC2119] [RFC8174] when, and only when, they appear in all
123	   capitals, as shown here.

125	   Deposit.  Deposits can be of three kinds: Full, Differential or
126	   Incremental.  For all kinds of deposits, the universe of registry
127	   objects to be considered for data escrow are those objects necessary
128	   in order to offer the registry services.

130	   Differential Deposit.  Contains data that reflects all transactions
131	   involving the database that were not reflected in the last previous
132	   Full, Incremental or Differential Deposit, as the case may be.
133	   Differential Deposit files will contain information from all database
134	   objects that were added, modified or deleted since the previous
135	   deposit was completed as of its defined Timeline Watermark.

137	   Domain Name.  See definition of Domain name in [RFC8499].

139	   Escrow Agent.  The organization designated by the registry or the
140	   third-party beneficiary to receive and guard data escrow deposits
141	   from the registry.

143	   Full Deposit.  Contains the registry data that reflects the current
144	   and complete registry database and will consist of data that reflects
145	   the state of the registry as of a defined Timeline Watermark for the
146	   deposit.

148	   Incremental Deposit.  Contains data that reflects all transactions
149	   involving the database that were not reflected in the last previous
150	   Full Deposit.  Incremental Deposit files will contain information
151	   from all database objects that were added, modified or deleted since
152	   the previous Full Deposit was completed as of its defined Timeline
153	   Watermark.  If the Timeline Watermark of an Incremental Deposit were
154	   to cover the Timeline Watermark of another (Incremental or
155	   Differential) Deposit since the last Full Deposit, the more recent
156	   deposit MUST contain all the transactions of the earlier deposit.

158	   Registrar.  See definition of Registrar in [RFC8499].

160	   Registry.  See definition of Registry in [RFC8499].

162	   Third-Party Beneficiary.  Is the organization that, under
163	   extraordinary circumstances, would receive the escrow deposits the
164	   registry transferred to the escrow agent.  This organization could be
165	   a backup registry, registry regulator, contracting party of the
166	   registry, etc.

168	   Timeline Watermark.  Point in time on which to base the collecting of
169	   database objects for a deposit.  Deposits are expected to be
170	   consistent to that point in time.

172	   Top-Level Domain.  See definition of Top-Level Domain (TLD) in
173	   [RFC8499].

175	3.  Problem Scope

177	   In the past few years, the issue of registry continuity has been
178	   carefully considered in the gTLD and ccTLD space.  Various
179	   organizations have carried out risk analyses and developed business
180	   continuity plans to deal with those risks, should they materialize.

182	   One of the solutions considered and used, especially in the gTLD
183	   space, is Registry Data Escrow as a way to ensure the continuity of
184	   registry services in the extreme case of registry failure.

186	   So far, almost every registry that uses Registry Data Escrow has its
187	   own specification.  It is anticipated that more registries will be
188	   implementing escrow especially with an increasing number of domain
189	   registries coming into service, adding complexity to this issue.

191	   It would seem beneficial to have a standardized specification for
192	   Registry Data Escrow that can be used by any registry to submit its
193	   deposits.

195	   While the main motivation for developing this specification is rooted
196	   on the domain name industry, the specification has been designed to
197	   be as general as possible.  This allows other types of registries to
198	   use this base specification and develop their own specifications
199	   covering the objects used by other registration organizations.

201	   Specifications covering the objects used by registration
202	   organizations shall identify the format and contents of the deposits
203	   a registry has to make, such that a different registry would be able
204	   to rebuild the registration services of the former, without its help,
205	   in a timely manner, with minimum disruption to its users.

207	   Since the details of the registration services provided vary from
208	   registry to registry, specifications covering the objects used by
209	   registration organizations shall provide mechanisms that allow its
210	   extensibility to accommodate variations and extensions of the
211	   registration services.

213	   Given the requirement for confidentiality and the importance of
214	   accuracy of the information that is handled in order to offer
215	   registration services, parties using this specification shall define
216	   confidentiality and integrity mechanisms for handling the
217	   registration data.

219	   Specifications covering the objects used by registration
220	   organizations shall not include in the specification transient
221	   objects that can be recreated by the new registry, particularly those
222	   of delicate confidentiality, e.g., DNSSEC KSK/ZSK private keys.

224	   Details that are a matter of policy should be identified as such for
225	   the benefit of the implementers.

227	   Non-technical issues concerning data escrow, such as whether to
228	   escrow data and under which purposes the data may be used, are
229	   outside of scope of this document.

231	4.  General Conventions

233	   The XML namespace prefix "rde" is used for the namespace
234	   "urn:ietf:params:xml:ns:rde-1.0", but implementations MUST NOT depend
235	   on it; instead, they should employ a proper namespace-aware XML
236	   parser and serializer to interpret and output the XML documents.

238	   The XML namespace prefix "rdeObj1" and "rdeObj2" with the
239	   corresponding namespace "urn:ietf:params:xml:ns:rdeObj1-1.0" and
240	   "urn:ietf:params:xml:ns:rdeObj2-1.0" are used as example data escrow
241	   objects.

243	4.1.  Date and Time

245	   Numerous fields indicate "dates", such as the creation and expiry
246	   dates for objects.  These fields SHALL contain timestamps indicating
247	   the date and time in UTC, specified in Internet Date/Time Format (see
248	   [RFC3339], Section 5.6) with the time-offset specified as "Z".

250	5.  Protocol Description

252	   The following is a format for data escrow deposits as produced by a
253	   registry.  The deposits are represented in XML.  Only the format of
254	   the objects deposited is defined, nothing is prescribed about the
255	   method used to transfer such deposits between the registry and the
256	   escrow agent or vice versa.

258	   The protocol intends to be object agnostic allowing the "overload" of
259	   abstract elements using the "substitutionGroup" attribute of the XML
260	   Schema element to define the actual elements of an object to be
261	   escrowed.

263	5.1.  Root element <deposit>

265	   The container or root element for a Registry Data Escrow deposit is
266	   <deposit>.  This element contains the following child elements:
267	   <watermark>, <rdeMenu>, <deletes> and <contents> elements.  This
268	   element also contains the following attributes:

270	   o  A REQUIRED "type" attribute that is used to identify the kind of
271	      deposit: FULL (Full), INCR (Incremental) or DIFF (Differential).

273	   o  A REQUIRED "id" attribute that is used to uniquely identify the
274	      escrow deposit.  Each registry is responsible for maintaining its
275	      own escrow deposits identifier space to ensure uniqueness.

277	   o  An OPTIONAL "prevId" attribute that can be used to identify the
278	      previous Incremental, Differential or Full Deposit.  This
279	      attribute MUST be used in Differential Deposits ("DIFF" type).

281	   o  An OPTIONAL "resend" attribute that is incremented each time the
282	      escrow deposit failed the verification procedure at the receiving
283	      party and a new escrow deposit needs to be generated by the
284	      registry for that specific date.  The first time a deposit is
285	      generated the attribute is either omitted or MUST be "0".  If a
286	      deposit needs to be generated again, the attribute MUST be set to
287	      "1", and so on.

289	   Example of a Full Deposit with the two example objects rdeObj1 and
290	   rdeObj2:

292	   <?xml version="1.0" encoding="UTF-8"?>
293	   <rde:deposit
294	     xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
295	     xmlns:rdeObj1="urn:ietf:params:xml:ns:rdeObj1-1.0"
296	     xmlns:rdeObj2="urn:ietf:params:xml:ns:rdeObj2-1.0"
297	     type="FULL"
298	     id="20191017001">
299	     <rde:watermark>2019-10-18T00:00:00Z</rde:watermark>
300	     <rde:rdeMenu>
301	       <rde:version>1.0</rde:version>
302	       <rde:objURI>urn:ietf:params:xml:ns:rdeObj1-1.0</rde:objURI>
303	       <rde:objURI>urn:ietf:params:xml:ns:rdeObj2-1.0</rde:objURI>
304	     </rde:rdeMenu>
305	     <rde:contents>
306	       <rdeObj1:rdeObj1>
307	         <rdeObj1:name>EXAMPLE</rdeObj1:name>
308	       </rdeObj1:rdeObj1>
309	       <rdeObj2:rdeObj2>
310	         <rdeObj2:id>fsh8013-EXAMPLE</rdeObj2:id>
311	       </rdeObj2:rdeObj2>
312	     </rde:contents>
313	   </rde:deposit>

315	   Example of a Differential Deposit with the two example objects
316	   rdeObj1 and rdeObj2:

318	   <?xml version="1.0" encoding="UTF-8"?>
319	   <rde:deposit
320	     xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
321	     xmlns:rdeObj1="urn:ietf:params:xml:ns:rdeObj1-1.0"
322	     xmlns:rdeObj2="urn:ietf:params:xml:ns:rdeObj2-1.0"
323	     type="DIFF"
324	     id="20191017001" prevId="20191016001">
325	     <rde:watermark>2019-10-18T00:00:00Z</rde:watermark>
326	     <rde:rdeMenu>
327	       <rde:version>1.0</rde:version>
328	         <rde:objURI>urn:ietf:params:xml:ns:rdeObj1-1.0</rde:objURI>
329	         <rde:objURI>urn:ietf:params:xml:ns:rdeObj2-1.0</rde:objURI>
330	     </rde:rdeMenu>
331	     <rde:deletes>
332	       <rdeObj1:delete>
333	         <rdeObj1:name>EXAMPLE1</rdeObj1:name>
334	       </rdeObj1:delete>
335	       <rdeObj2:delete>
336	         <rdeObj2:id>fsh8013-EXAMPLE</rdeObj2:id>
337	       </rdeObj2:delete>
338	     </rde:deletes>
339	     <rde:contents>
340	       <rdeObj1:rdeObj1>
341	         <rdeObj1:name>EXAMPLE2</rdeObj1:name>
342	       </rdeObj1:rdeObj1>
343	       <rdeObj2:rdeObj2>
344	         <rdeObj2:id>sh8014-EXAMPLE</rdeObj2:id>
345	       </rdeObj2:rdeObj2>
346	     </rde:contents>
347	   </rde:deposit>

349	   Example of an Incremental Deposit with the two example objects
350	   rdeObj1 and rdeObj2:

352	   <?xml version="1.0" encoding="UTF-8"?>
353	   <rde:deposit
354	     xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
355	     xmlns:rdeObj1="urn:ietf:params:xml:ns:rdeObj1-1.0"
356	     xmlns:rdeObj2="urn:ietf:params:xml:ns:rdeObj2-1.0"
357	     type="INCR"
358	     id="20191017001" prevId="20191010001">
359	     <rde:watermark>2019-10-18T00:00:00Z</rde:watermark>
360	     <rde:rdeMenu>
361	       <rde:version>1.0</rde:version>
362	       <rde:objURI>urn:ietf:params:xml:ns:rdeObj1-1.0</rde:objURI>
363	       <rde:objURI>urn:ietf:params:xml:ns:rdeObj2-1.0</rde:objURI>
364	     </rde:rdeMenu>
365	     <rde:deletes>
366	       <rdeObj1:delete>
367	         <rdeObj1:name>EXAMPLE1</rdeObj1:name>
368	       </rdeObj1:delete>
369	       <rdeObj2:delete>
370	         <rdeObj2:id>fsh8013-EXAMPLE</rdeObj2:id>
371	       </rdeObj2:delete>
372	     </rde:deletes>
373	     <rde:contents>
374	       <rdeObj1:rdeObj1>
375	         <rdeObj1:name>EXAMPLE2</rdeObj1:name>
376	       </rdeObj1:rdeObj1>
377	       <rdeObj2:rdeObj2>
378	         <rdeObj2:id>sh8014-EXAMPLE</rdeObj2:id>
379	       </rdeObj2:rdeObj2>
380	     </rde:contents>
381	   </rde:deposit>

383	5.2.  Child <watermark> element

385	   A REQUIRED <watermark> element contains the data-time corresponding
386	   to the Timeline Watermark of the deposit.

388	5.3.  Child <rdeMenu> element

390	   This element contains auxiliary information of the data escrow
391	   deposit.

393	   A REQUIRED <rdeMenu> element contains the following child elements:

395	   o  A REQUIRED <version> element that identifies the RDE protocol
396	      version.

398	   o  One or more <objURI> elements that contain namespace URIs
399	      representing the <contents> and <deletes> element objects.

401	5.4.  Child <deletes> element

403	   This element SHOULD be present in deposits of type Incremental or
404	   Differential.  It contains the list of objects that were deleted
405	   since the base previous deposit.  Each object in this section SHALL
406	   contain an ID for the object deleted.

408	   This section of the deposit SHOULD NOT be present in Full Deposits.
409	   When rebuilding a registry it SHOULD be ignored if present in a Full
410	   Deposit.

412	   The specification for each object to be escrowed MUST declare the
413	   identifier to be used to reference the object to be deleted.

415	5.5.  Child <contents> element

417	   This element of the deposit contains the objects in the deposit.  It
418	   MUST be present in all type of deposits.  It contains the data for
419	   the objects to be escrowed.  The actual objects have to be specified
420	   individually.

422	   In the case of Incremental or Differential Deposits, the objects
423	   indicate whether the object was added or modified after the base
424	   previous deposit.  In order to distinguish between one and the other,
425	   it will be sufficient to check existence of the referenced object in
426	   the previous deposit.

428	   When applying Incremental or Differential Deposits (when rebuilding
429	   the registry from data escrow deposits) the relative order of the
430	   <deletes> elements is important, as is the relative order of the
431	   <contents> elements.  All the <deletes> elements MUST be applied
432	   first, in the order that they appear.  All the <contents> elements
433	   MUST be applied next, in the order that they appear.

435	   If an object is present in the <contents> section of several deposits
436	   (e.g.  Full and Differential) the registry data from the latest
437	   deposit (as defined by the Timeline Watermark) SHOULD be used when
438	   rebuilding the registry.

440	6.  Formal Syntax

442	6.1.  RDE Schema

444	   Copyright (c) 2019 IETF Trust and the persons identified as authors
445	   of the code.  All rights reserved.

447	   Redistribution and use in source and binary forms, with or without
448	   modification, are permitted provided that the following conditions
449	   are met:

451	   o  Redistributions of source code must retain the above copyright
452	      notice, this list of conditions and the following disclaimer.

454	   o  Redistributions in binary form must reproduce the above copyright
455	      notice, this list of conditions and the following disclaimer in
456	      the documentation and/or other materials provided with the
457	      distribution.

459	   o  Neither the name of Internet Society, IETF or IETF Trust, nor the
460	      names of specific contributors, may be used to endorse or promote
461	      products derived from this software without specific prior written
462	      permission.

464	   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
465	   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
466	   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
467	   A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
468	   OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
469	   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
470	   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
471	   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
472	   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
473	   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
474	   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

476	  BEGIN
477	  <?xml version="1.0" encoding="UTF-8"?>
478	  <schema targetNamespace="urn:ietf:params:xml:ns:rde-1.0"
479	    xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
480	    xmlns="http://www.w3.org/2001/XMLSchema"
481	    elementFormDefault="qualified">

483	    <annotation>
484	      <documentation>
485	        Registry Data Escrow schema
486	      </documentation>
487	    </annotation>

489	    <!-- Root element -->
490	    <element name="deposit" type="rde:escrowDepositType"/>

492	    <!-- RDE types -->
493	    <complexType name="escrowDepositType">
494	      <sequence>
495	        <element name="watermark" type="dateTime"/>
496	        <element name="rdeMenu" type="rde:rdeMenuType"/>
497	        <element name="deletes" type="rde:deletesType" minOccurs="0"/>
498	        <element name="contents" type="rde:contentsType"/>
499	      </sequence>
500	      <attribute name="type" type="rde:depositTypeType" use="required"/>
501	      <attribute name="id" type="rde:depositIdType" use="required"/>
502	      <attribute name="prevId" type="rde:depositIdType"/>
503	      <attribute name="resend" type="unsignedShort" default="0"/>
504	    </complexType>

506	    <!-- Menu type -->
507	    <complexType name="rdeMenuType">
508	      <sequence>
509	        <element name="version" type="rde:versionType"/>
510	        <element name="objURI" type="anyURI" maxOccurs="unbounded"/>
511	      </sequence>
512	    </complexType>

514	    <!-- Deletes Type -->
515	    <complexType name="deletesType">
516	      <sequence minOccurs="0" maxOccurs="unbounded">
517	        <element ref="rde:delete"/>
518	      </sequence>
519	    </complexType>

521	    <element name="delete" type="rde:deleteType" abstract="true" />
522	    <complexType name="deleteType">
523	      <complexContent>
524	        <restriction base="anyType"/>
525	      </complexContent>
526	    </complexType>

528	    <!-- Contents Type -->
529	    <complexType name="contentsType">
530	      <sequence maxOccurs="unbounded">
531	        <element ref="rde:content"/>
532	      </sequence>
533	    </complexType>

535	    <element name="content" type="rde:contentType" abstract="true" />
536	    <complexType name="contentType">
537	      <complexContent>
538	        <restriction base="anyType"/>
539	      </complexContent>
540	    </complexType>

542	    <!-- Type of deposit -->
543	    <simpleType name="depositTypeType">
544	      <restriction base="token">
545	        <enumeration value="FULL"/>
546	        <enumeration value="INCR"/>
547	        <enumeration value="DIFF"/>
548	      </restriction>
549	    </simpleType>

551	    <!-- Deposit identifier type -->
552	    <simpleType name="depositIdType">
553	      <restriction base="token">
554	        <pattern value="\w{1,13}"/>
555	      </restriction>
556	    </simpleType>

558	    <!-- A RDE version number is a dotted pair of decimal numbers -->
559	    <simpleType name="versionType">
560	      <restriction base="token">
561	        <pattern value="[1-9]+\.[0-9]+"/>
562	        <enumeration value="1.0"/>
563	      </restriction>
564	    </simpleType>

566	    <!-- Auxiliary element to identify a registrar -->
567	    <simpleType name="clIDType">
568	      <restriction base="token">
569	        <minLength value="3"/>
570	        <maxLength value="16"/>
571	      </restriction>
572	    </simpleType>

574	    <complexType name="rrType">
575	      <simpleContent>
576	        <extension base="rde:clIDType">
577	          <attribute name="client" type="rde:clIDType"/>
578	        </extension>
579	      </simpleContent>
580	    </complexType>
581	  </schema>
582	  END

584	7.  Internationalization Considerations

586	   Data escrow deposits are represented in XML, which provides native
587	   support for encoding information using the Unicode character set and
588	   its more compact representations including UTF-8.  Conformant XML
589	   processors recognize both UTF-8 and UTF-16.  Though XML includes
590	   provisions to identify and use other character encodings through use
591	   of an "encoding" attribute in an <?xml?> declaration, use of UTF-8 is
592	   RECOMMENDED.

594	8.  IANA Considerations

596	   This document uses URNs to describe XML namespaces and XML schemas
597	   conforming to a registry mechanism described in [RFC3688].  Two URI
598	   assignments have been registered by the IANA.

600	   Registration request for the RDE namespace:

602	      URI: urn:ietf:params:xml:ns:rde-1.0

604	      Registrant Contact: See the "Author's Address" section of this
605	      document.

607	      XML: None.  Namespace URIs do not represent an XML specification.

609	   Registration request for the RDE XML schema:

611	      URI: urn:ietf:params:xml:schema:rde-1.0

613	      Registrant Contact: See the "Author's Address" section of this
614	      document.

616	      See the "Formal Syntax" section of this document.

618	9.  Implementation Status

620	   Note to RFC Editor: Please remove this section and the reference to
621	   RFC 7942 [RFC7942] before publication.

623	   This section records the status of known implementations of the
624	   protocol defined by this specification at the time of posting of this
625	   Internet-Draft, and is based on a proposal described in RFC 7942
626	   [RFC7942].  The description of implementations in this section is
627	   intended to assist the IETF in its decision processes in progressing
628	   drafts to RFCs.  Please note that the listing of any individual
629	   implementation here does not imply endorsement by the IETF.
630	   Furthermore, no effort has been spent to verify the information
631	   presented here that was supplied by IETF contributors.  This is not
632	   intended as, and must not be construed to be, a catalog of available
633	   implementations or their features.  Readers are advised to note that
634	   other implementations may exist.

636	   According to RFC 7942 [RFC7942], "this will allow reviewers and
637	   working groups to assign due consideration to documents that have the
638	   benefit of running code, which may serve as evidence of valuable
639	   experimentation and feedback that have made the implemented protocols
640	   more mature.  It is up to the individual working groups to use this
641	   information as they see fit".

643	9.1.  Implementation in the gTLD space

645	   Organization: ICANN

647	   Name: ICANN Registry Agreement

649	   Description: the ICANN Base Registry Agreement requires Registries,
650	   Data Escrow Agents, and ICANN to implement this specification.  ICANN
651	   receives daily notifications from Data Escrow Agents confirming that
652	   more than 1,200 gTLDs are sending deposits that comply with this
653	   specification.  ICANN receives on a weekly basis per gTLD, from more
654	   than 1,200 gTLD registries, a Bulk Registration Data Access file that
655	   also complies with this specification.  In addition, ICANN is aware
656	   of Registry Service Provider transitions using data files that
657	   conform to this specification.

659	   Level of maturity: production.

661	   Coverage: all aspects of this specification are implemented.

663	   Version compatibility: versions 03 - 08 are known to be implemented.

665	   Contact: gustavo.lozano@icann.org

667	   URL: https://www.icann.org/resources/pages/registries/registries-
668	   agreements-en

670	10.  Security Considerations

672	   This specification does not define the security mechanisms to be used
673	   in the transmission of the data escrow deposits, since it only
674	   specifies the minimum necessary to enable the rebuilding of a
675	   registry from deposits without intervention from the original
676	   registry.

678	   Depending on local policies, some elements or most likely, the whole
679	   deposit will be considered confidential.  As such the registry
680	   transmitting the data to the escrow agent SHOULD take all the
681	   necessary precautions like encrypting the data itself and/or the
682	   transport channel to avoid inadvertent disclosure of private data.

684	   It is also of the utmost importance the authentication of the parties
685	   passing data escrow deposit files.  The escrow agent SHOULD properly
686	   authenticate the identity of the registry before accepting data
687	   escrow deposits.  In a similar manner, the registry SHOULD
688	   authenticate the identity of the escrow agent before submitting any
689	   data.

691	   Additionally, the registry and the escrow agent SHOULD use integrity
692	   checking mechanisms to ensure the data transmitted is what the source
693	   intended.  Validation of the contents by the escrow agent is
694	   RECOMMENDED to ensure not only the file was transmitted correctly
695	   from the registry, but also the contents are also "meaningful".

697	11.  Privacy Considerations

699	   This specification defines a format that may be used to escrow
700	   personal data.  The process of data escrow is governed by a legal
701	   document agreed by the parties, and such legal document must regulate
702	   the particularities regarding the protection of personal data.

704	12.  Acknowledgments

706	   Special suggestions that have been incorporated into this document
707	   were provided by James Gould, Edward Lewis, Jaap Akkerhuis, Lawrence
708	   Conroy, Marc Groeneweg, Michael Young, Chris Wright, Patrick Mevzek,
709	   Stephen Morris, Scott Hollenbeck, Stephane Bortzmeyer, Warren Kumari,
710	   Paul Hoffman, Vika Mpisane, Bernie Hoeneisen, Jim Galvin, Andrew
711	   Sullivan, Hiro Hotta, Christopher Browne, Daniel Kalchev, David
712	   Conrad, James Mitchell, Francisco Obispo, Bhadresh Modi and Alexander
713	   Mayrhofer.

715	   Shoji Noguchi and Francisco Arias participated as co-authors until
716	   version 07 providing invaluable support for this document.

718	13.  Change History

720	   [[RFC Editor: Please remove this section.]]

722	13.1.  Changes from 00 to 01

724	   1.   Included DNSSEC elements as part of the basic <domain> element
725	        as defined in RFC 5910.

727	   2.   Included RGP elements as part of the basic <domain> element as
728	        defined in RFC 3915.

730	   3.   Added support for IDNs and IDN variants.

732	   4.   Eliminated the <summary> element and all its subordinate
733	        objects, except <watermarkDate>.

735	   5.   Renamed <watermarkDate> to <watermark> and included it directly
736	        under root element.

738	   6.   Renamed root element to <deposit>.

740	   7.   Added <authinfo> element under <registrar> element.

742	   8.   Added <roid> element under <registrar> element.

744	   9.   Reversed the order of the <deletes> and <contents> elements.

746	   10.  Removed <rdeDomain:status> minOccurs="0".

748	   11.  Added <extension> element under root element.

750	   12.  Added <extension> element under <contact> element.

752	   13.  Removed <period> element from <domain> element.

754	   14.  Populated the "Security Considerations" section.

756	   15.  Populated the "Internationalization Considerations" section.

758	   16.  Populated the "Extension Example" section.

760	   17.  Added <deDate> element under <domain> element.

762	   18.  Added <icannID> element under <registrar> element.

764	   19.  Added <eppParams> element under root element.

766	   20.  Fixed some typographical errors and omissions.

768	13.2.  Changes from 01 to 02

770	   1.  Added definition for "canonical" in the "IDN variants Handling"
771	       section.

773	   2.  Clarified that "blocked" and "reserved" IDN variants are
774	       optional.

776	   3.  Made <rdeRegistrar:authInfo> optional.

778	   4.  Introduced substitutionGroup as the mechanism for extending the
779	       protocol.

781	   5.  Moved <eppParams> element to be child of <contents>
782	   6.  Text improvements in the Introduction, Terminology, and Problem
783	       Scope per Jay's suggestion.

785	   7.  Removed <trDate> from <rdeDomain> and added <trnData> instead,
786	       which include all the data from the last (pending/processed)
787	       transfer request

789	   8.  Removed <trDate> from <rdeContact> and added <trnData> instead,
790	       which include all the data from the last (pending/processed)
791	       transfer request

793	   9.  Fixed some typographical errors and omissions.

795	13.3.  Changes from 02 to 03

797	   1.  Separated domain name objects from protocol.

799	   2.  Moved <extension> elements to be child of <deletes> and
800	       <contents>, additionally removed <extension> element from
801	       <rdeDomain>,<rdeHost>, <rdeContact>,<rdeRegistrar> and <rdeIDN>
802	       elements.

804	   3.  Modified the definition of <rde:id> and <rde:prevId>.

806	   4.  Added <rdeMenu> element under <deposit> element.

808	   5.  Fixed some typographical errors and omissions.

810	13.4.  Changes from 03 to 04

812	   1.  Removed <eppParams> objects.

814	   2.  Populated the "Extension Guidelines" section.

816	   3.  Fixed some typographical errors and omissions.

818	13.5.  Changes from 04 to 05

820	   1.  Fixes to the XSD

822	   2.  Extension Guidelines moved to dnrd-mappings draft

824	   3.  Fixed some typographical errors and omissions.

826	13.6.  Changes from 05 to 06

828	   1.  Fix resend definition.

830	13.7.  Changes from 06 to 07

832	   1.  Editorial updates.

834	   2.  schemaLocation removed from RDE Schema.

836	13.8.  Changes from 07 to 08

838	   1.  Ping update

840	13.9.  Changes from 08 to 09

842	   1.  Ping update.

844	13.10.  Changes from 09 to 10

846	   1.  Implementation Status section was added

848	13.11.  Changes from 10 to 11

850	   1.  Ping update.

852	13.12.  Changes from 11 to REGEXT 00

854	   1.  Internet Draft (I-D) adopted by the REGEXT WG.

856	13.13.  Changes from version REGEXT 00 to REGEXT 01

858	   1.  Privacy consideration section was added

860	13.14.  Changes from version REGEXT 01 to REGEXT 02

862	   1.  Updated the Security Considerations section to make the language
863	       normative

865	   2.  Updated the rde XML schema to remove the dependency with the
866	       eppcom namespace reference

868	   3.  Editorial updates

870	   4.  Remove the reference to RFC 5730

872	   5.  Added complete examples of deposits

874	14.  References

876	14.1.  Normative References

878	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
879	              Requirement Levels", BCP 14, RFC 2119,
880	              DOI 10.17487/RFC2119, March 1997,
881	              <https://www.rfc-editor.org/info/rfc2119>.

883	   [RFC3339]  Klyne, G. and C. Newman, "Date and Time on the Internet:
884	              Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
885	              <https://www.rfc-editor.org/info/rfc3339>.

887	   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
888	              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
889	              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

891	14.2.  Informative References

893	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
894	              DOI 10.17487/RFC3688, January 2004,
895	              <https://www.rfc-editor.org/info/rfc3688>.

897	   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
898	              Code: The Implementation Status Section", BCP 205,
899	              RFC 7942, DOI 10.17487/RFC7942, July 2016,
900	              <https://www.rfc-editor.org/info/rfc7942>.

902	   [RFC8499]  Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS
903	              Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,
904	              January 2019, <https://www.rfc-editor.org/info/rfc8499>.

906	Author's Address

908	   Gustavo Lozano
909	   Internet Corporation for Assigned Names and Numbers
910	   12025 Waterfront Drive, Suite 300
911	   Los Angeles  90292
912	   United States of America

914	   Phone: +1.310.823.9358
915	   Email: gustavo.lozano@icann.org