idnits 2.17.1 draft-ietf-regext-epp-eai-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (27 June 2022) is 666 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group D. Belyavskiy 3 Internet-Draft 4 Intended status: Standards Track J. Gould 5 Expires: 29 December 2022 VeriSign, Inc. 6 27 June 2022 8 Use of Internationalized Email Addresses in the Extensible Provisioning 9 Protocol (EPP) 10 draft-ietf-regext-epp-eai-14 12 Abstract 14 This document describes an EPP extension that permits usage of 15 Internationalized Email Addresses in the EPP protocol and specifies 16 the terms when it can be used by EPP clients and servers. The 17 Extensible Provisioning Protocol (EPP), being developed before the 18 standards for Internationalized Email Addresses (EAI), does not 19 support such email addresses. 21 TO BE REMOVED on turning to RFC: The document is edited in the 22 dedicated github repo (https://github.com/beldmit/eppeai). Please 23 send your submissions via GitHub. 25 Status of This Memo 27 This Internet-Draft is submitted in full conformance with the 28 provisions of BCP 78 and BCP 79. 30 Internet-Drafts are working documents of the Internet Engineering 31 Task Force (IETF). Note that other groups may also distribute 32 working documents as Internet-Drafts. The list of current Internet- 33 Drafts is at https://datatracker.ietf.org/drafts/current/. 35 Internet-Drafts are draft documents valid for a maximum of six months 36 and may be updated, replaced, or obsoleted by other documents at any 37 time. It is inappropriate to use Internet-Drafts as reference 38 material or to cite them other than as "work in progress." 40 This Internet-Draft will expire on 29 December 2022. 42 Copyright Notice 44 Copyright (c) 2022 IETF Trust and the persons identified as the 45 document authors. All rights reserved. 47 This document is subject to BCP 78 and the IETF Trust's Legal 48 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 49 license-info) in effect on the date of publication of this document. 50 Please review these documents carefully, as they describe your rights 51 and restrictions with respect to this document. Code Components 52 extracted from this document must include Revised BSD License text as 53 described in Section 4.e of the Trust Legal Provisions and are 54 provided without warranty as described in the Revised BSD License. 56 Table of Contents 58 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 59 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 60 2. Migrating to Newer Versions of This Extension . . . . . . . . 3 61 3. Email Address Specification . . . . . . . . . . . . . . . . . 4 62 4. Functional Extension . . . . . . . . . . . . . . . . . . . . 4 63 5. Internationalized Email Addresses (EAI) Functional 64 Extension . . . . . . . . . . . . . . . . . . . . . . . . 5 65 5.1. Scope of Functional Extension . . . . . . . . . . . . . . 5 66 5.2. Signaling Client and Server Support . . . . . . . . . . . 5 67 5.3. Functional Extension Behavior . . . . . . . . . . . . . . 5 68 5.3.1. EAI Functional Extension Negotiated . . . . . . . . . 5 69 5.3.2. EAI Functional Extension Not Negotiated . . . . . . . 6 70 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 71 6.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 7 72 6.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 7 73 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 74 7.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 8 75 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 76 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 77 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 78 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 79 10.2. Informative References . . . . . . . . . . . . . . . . . 10 80 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 11 81 A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 11 82 A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 11 83 A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 11 84 A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 11 85 A.5. Change from 04 to the regext 01 version . . . . . . . . . 12 86 A.6. Change from the regext 01 to regext 02 version . . . . . 12 87 A.7. Change from the regext 02 to regext 03 version . . . . . 12 88 A.8. Change from the regext 03 to regext 04 version . . . . . 12 89 A.9. Change from the regext 04 to regext 05 version . . . . . 12 90 A.10. Change from the regext 05 to regext 06 version . . . . . 12 91 A.11. Change from the regext 06 to regext 07 version . . . . . 12 92 A.12. Change from the regext 07 to regext 08 version . . . . . 12 93 A.13. Change from the regext 08 to regext 09 version . . . . . 13 94 A.14. Change from the regext 09 to regext 10 version . . . . . 13 95 A.15. Change from the regext 10 to regext 11 version . . . . . 13 96 A.16. Change from the regext 11 to regext 12 version . . . . . 13 97 A.17. Change from the regext 12 to regext 13 version . . . . . 13 98 A.18. Change from the regext 13 to regext 14 version . . . . . 13 99 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 101 1. Introduction 103 [RFC6530] introduced the framework for Internationalized Email 104 Addresses. To make such addresses more widely accepted, the changes 105 to various protocols need to be introduced. 107 This document describes an Extensible Provisioning Protocol (EPP) 108 extension that permits usage of Internationalized Email Addresses in 109 the EPP protocol and specifies the terms when it can be used by EPP 110 clients and servers. A new form of EPP extension, referred to as a 111 Functional Extension, is defined and used to apply the rules for the 112 handling of email address elements in all of the [RFC5730] extensions 113 negotiated in the EPP session, which include the object and command- 114 responses extensions. The described mechanism can be applied to any 115 object or command-response extension that uses an email address. 117 The Extensible Provisioning Protocol (EPP) specified in [RFC5730] is 118 a base document for object management operations and an extensible 119 framework that maps protocol operations to objects. The specifics of 120 various objects managed via EPP is described in separate documents. 121 This document is only referring to an email address as a property of 122 a managed object, such as the element in the EPP 123 contact mapping [RFC5733] or the element in the EPP 124 organization mapping [RFC8543], and command-response extensions 125 applied to a managed object. 127 1.1. Conventions Used in This Document 129 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 130 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 131 "OPTIONAL" in this document are to be interpreted as described in BCP 132 14 [RFC2119] [RFC8174] when, and only when, they appear in all 133 capitals, as shown here. 135 2. Migrating to Newer Versions of This Extension 137 Servers that implement this extension SHOULD provide a way for 138 clients to progressively update their implementations when a new 139 version of the extension is deployed. A newer version of the 140 extension is expected to use an XML namespace URI with a higher 141 version number than the prior versions. 143 3. Email Address Specification 145 Support of non-ASCII email address syntax is defined in RFC 6530 146 [RFC6530]. This mapping does not prescribe minimum or maximum 147 lengths for character strings used to represent email addresses. The 148 exact syntax of such addresses is described in Section 3.3 of 149 [RFC6531]. The validation rules introduced in RFC 6531 MUST be 150 followed when processing this extension. 152 The definition of email address in the EPP RFCs, including 153 Section 2.6 of [RFC5733] and Section 4.1.2, 4.2.1, and 4.2.5 of 154 [RFC8543], references [RFC5322] for the email address syntax. The 155 XML schema definition in Section 4 of [RFC5733] and Section 5 of 156 [RFC8543] defines the "email" element using the type 157 "eppcom:minTokenType", which is defined in Section 4.2 of [RFC5730] 158 as an XML schema "token" type with minimal length of one. The XML 159 schema "token" type will fully support the use of EAI addresses, so 160 the primary application of the EAI extension is to apply the use of 161 [RFC6531] instead of [RFC5322] for the email address syntax. Other 162 EPP extensions may follow the formal syntax definition using the XML 163 schema type "eppcom:minTokenType" and the [RFC5322] format 164 specification, where this extension applies to all EPP extensions 165 with the same or similar definitions. 167 The email address format is formally defined in Section 3.4.1 of 168 [RFC5322], which only consists of printable US-ASCII characters for 169 both the local-part and the domain ABNF rules. [RFC6531] extends the 170 Mailbox, Local-part and Domain ABNF rules in [RFC5321] to support 171 "UTF8-non-ascii", defined in Section 3.1 of [RFC6532], for the local- 172 part and U-label, defined in Section 2.3.2.1 of [RFC5890], for the 173 domain. By applying the syntax rules of [RFC6531], the EPP 174 extensions will change from supporting only ASCII characters to 175 supporting Internationalized characters both in the email address 176 local-part and domain-part. 178 4. Functional Extension 180 [RFC5730] defines three types of extensions at the protocol, object, 181 and command-response level, which impact the structure of the EPP 182 messages. A Functional Extension applies a functional capability to 183 an existing set of EPP extensions and properties. The scope of the 184 applicable EPP extensions and applicable extension properties are 185 defined in the Functional Extension along with the requirements for 186 the servers and clients that support it. The Functional Extension 187 needs to cover the expected behavior of the supporting client or 188 server when interacting with an unsupporting client or server. 189 Negotiating support for a Functional Extension is handled using the 190 EPP Greeting and EPP Login services. 192 5. Internationalized Email Addresses (EAI) Functional Extension 194 5.1. Scope of Functional Extension 196 The functional extension applies to all object extensions and 197 command-response extensions negotiated in the EPP session that 198 include email address properties. Examples include the 199 element in the EPP contact mapping [RFC5733] or the 200 element in the EPP organization mapping [RFC8543]. All 201 registry zones (e.g., top-level domains) authorized for the client in 202 the EPP session apply. There is no concept of a per-client, per- 203 zone, per-extension, or per-field setting that is used to indicate 204 support for EAI, but instead it's a global setting that applies to 205 the EPP session. 207 5.2. Signaling Client and Server Support 209 The client and the server can signal support for the functional 210 extension using a namespace URI in the login and greeting extension 211 services respectively. The namespace URI 212 "urn:ietf:params:xml:ns:epp:eai-1.0" is used to signal support for 213 the functional extension. The client includes the namespace URI in 214 an element of the [RFC5730] Command. 215 The server includes the namespace URI in an 216 element of the [RFC5730] Greeting. 218 5.3. Functional Extension Behavior 220 5.3.1. EAI Functional Extension Negotiated 222 If both client and server have indicated the support of the EAI 223 addresses during the session establishment, they MUST be able to 224 process the EAI address in any message having an email property 225 during the established EPP session. Below are the server and client 226 obligations when the EAI extension has been successfuly negotiated in 227 the EPP session. 229 The server MUST satisfy the following obligations when the EAI 230 extension has been negotiated: 232 * Accept EAI compatible addresses for all email properties in the 233 EPP session negotiated object extensions and command-response 234 extensions. For example the element in [RFC5733] 235 and the element in [RFC8543]. 237 * Accept EAI compatible addresses for all registry zones (e.g., top- 238 level domains) authorized for the client in the EPP session. 240 * Email address validation based on EAI validation rules defined in 241 Section 3 243 * Storage of email properties that support internationalized 244 characters. 246 * Return EAI compatible addresses for all email properties in the 247 EPP responses. 249 The client MUST satisfy the following obligations when THE EAI 250 extension has been negotiated: 252 * Provide EAI compatible addresses for all e-mail properties in the 253 EPP session negotiated object extensions and command-response 254 extensions. For example the element in [RFC5733] 255 and the element in [RFC8543]. 257 * Provide EAI compatible addresses for all registry zones (e.g., 258 top-level domains) authorized for the client in the EPP session. 260 * Accept EAI compatible addresses in the EPP responses for all email 261 properties in the EPP session negotiated object extensions and 262 command-response extensions. 264 5.3.2. EAI Functional Extension Not Negotiated 266 The lack of EAI support can cause data and functional issues, so an 267 EAI supporting client or server needs to handle cases where the 268 opposite party doesn't support EAI. Below are the server and client 269 obligations when the EAI extension is not negotiated due to the lack 270 of support by the peer. 272 The EAI supporting server MUST satisfy the following obligations when 273 the client does not support the EAI extension: 275 * When the email property is required in the EPP command, the server 276 MUST validate the email property sent by the client using the 277 ASCII email validation rules. 279 * When the email property is optional in the EPP command, if the 280 client supplies the email property the server MUST validate the 281 email property using the ASCII email validation rules. 283 * When the email property is required in the EPP response, the 284 server MUST validate whether the email property is an EAI address 285 and if so return the error code 2308 "Data management policy 286 violation". 288 * When the email property is optional in the EPP response and is 289 provided, the server MUST validate whether the email property is 290 an EAI address and if so return the error code 2308 "Data 291 management policy violation". 293 The EAI supporting client MUST satisfy the following obligations when 294 the server does not support the EAI extension: 296 * When the email property is required in the EPP command and the 297 email property is an EAI address, the client MUST provide an ASCII 298 email address. The provided email address should provide a way to 299 contact the registrant. It can be an extra ASCII email address 300 collected by registrar or registrar-provided proxy email address. 302 * When the email property is optional in the EPP command and the 303 email property is an EAI address and client does not have an ASCII 304 address providing a way to contact the registrant, the client MUST 305 omit the email property. If the email property is provided, the 306 client MUST provide an ASCII email address. The provided address 307 can be an extra ASCII email address collected by registrar or 308 registrar-provided proxy email address. 310 6. IANA Considerations 312 6.1. XML Namespace 314 This document uses URNs to describe XML namespaces conforming to a 315 registry mechanism described in RFC 3688 [RFC3688]. The following 316 URI assignment should be made by IANA: 318 Registration request for the eai namespace: 320 URI: urn:ietf:params:xml:ns:epp:eai-1.0 321 Registrant Contact: IESG 322 XML: None. Namespace URIs do not represent an XML specification. 324 6.2. EPP Extension Registry 326 The EPP extension described in this document should be registered by 327 IANA in the "Extensions for the Extensible Provisioning Protocol 328 (EPP)" registry described in RFC 7451 [RFC7451]. The details of the 329 registration are as follows: 331 Name of Extension: Use of Internationalized Email Addresses 332 in EPP protocol 333 Document status: Standards Track 334 Reference: TBA 335 Registrant Name and Email Address: IESG, 336 Top-Level Domains(TLDs): Any 337 IPR Disclosure: None 338 Status: Active 339 Notes: None 341 7. Implementation Status 343 Note to RFC Editor: Please remove this section and the reference to 344 RFC 7942 [RFC7942] before publication. 346 This section records the status of known implementations of the 347 protocol defined by this specification at the time of posting of this 348 Internet-Draft, and is based on a proposal described in RFC 7942 349 [RFC7942]. The description of implementations in this section is 350 intended to assist the IETF in its decision processes in progressing 351 drafts to RFCs. Please note that the listing of any individual 352 implementation here does not imply endorsement by the IETF. 353 Furthermore, no effort has been spent to verify the information 354 presented here that was supplied by IETF contributors. This is not 355 intended as, and must not be construed to be, a catalog of available 356 implementations or their features. Readers are advised to note that 357 other implementations may exist. 359 According to RFC 7942 [RFC7942], "this will allow reviewers and 360 working groups to assign due consideration to documents that have the 361 benefit of running code, which may serve as evidence of valuable 362 experimentation and feedback that have made the implemented protocols 363 more mature. It is up to the individual working groups to use this 364 information as they see fit". 366 7.1. Verisign EPP SDK 368 Organization: Verisign Inc. 370 Name: Verisign EPP SDK 372 Description: The Verisign EPP SDK includes both a full client 373 implementation and a full server stub implementation of draft-ietf- 374 regext-epp-eai. 376 Level of maturity: Development 378 Coverage: All aspects of the protocol are implemented. 380 Licensing: GNU Lesser General Public License 382 Contact: jgould@verisign.com 384 URL: https://www.verisign.com/en_US/channel-resources/domain- 385 registry-products/epp-sdks 387 8. Security Considerations 389 The extended security considerations discussion in [RFC6530] and 390 [RFC6531] applies here. 392 As email address is often a primary end user contact, an invalid 393 email address may put the communication with the end user into risk 394 in case when such contact is necessary. In case of an invalid domain 395 name in the email address a malicious actor can register a valid 396 domain name with similar U-label (homograph attack) and get a control 397 over the domain name associated with the contact using social 398 engineering techniques. To reduce the risk of the use of invalid 399 domain names in email addresses, registries SHOULD validate the 400 domain name syntax in the provided email addresses and validate 401 whether the domain name consists of the code points allow:ed by IDNA 402 Rules and Derived Property Values (https://www.iana.org/assignments/ 403 idna-tables). 405 When the EAI functional extension is negotiated by both the client 406 and the server, the client and server obligations defined in 407 Section 5.3.1 MUST be satisfied. If the obligations are not 408 satisfied by either the client or server, the EAI address may be 409 mishandled in processing or storage and be unusable. 411 9. Acknowledgments 413 The authors would like to thank Alexander Mayrhofer, Chris Lonvick, 414 Gustavo Lozano, Jody Kolker, John C Klensin, John Levine, Klaus 415 Malorny, Marc Blanchet, Marco Schrieck, Mario Loffredo, Murray S. 416 Kucherawy, Patrick Mevzek, Pete Resnick, Scott Hollenbeck, Takahiro 417 Nemoto, Taras Heichenko, and Thomas Corte for their careful review 418 and valuable comments. 420 10. References 422 10.1. Normative References 424 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 425 Requirement Levels", BCP 14, RFC 2119, 426 DOI 10.27487/RFC2119, March 1997, 427 . 429 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 430 DOI 10.27487/RFC3688, January 2004, 431 . 433 [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, 434 DOI 10.17487/RFC5321, October 2008, 435 . 437 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 438 DOI 10.17487/RFC5322, October 2008, 439 . 441 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 442 STD 69, RFC 5730, DOI 10.27487/RFC5730, August 2009, 443 . 445 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 446 Contact Mapping", STD 69, RFC 5733, DOI 10.27487/RFC5733, 447 August 2009, . 449 [RFC5890] Klensin, J., "Internationalized Domain Names for 450 Applications (IDNA): Definitions and Document Framework", 451 RFC 5890, DOI 10.17487/RFC5890, August 2010, 452 . 454 [RFC6530] Klensin, J. and Y. Ko, "Overview and Framework for 455 Internationalized Email", RFC 6530, DOI 10.17487/RFC6530, 456 February 2012, . 458 [RFC6531] Yao, J. and W. Mao, "SMTP Extension for Internationalized 459 Email", RFC 6531, DOI 10.17487/RFC6531, February 2012, 460 . 462 [RFC6532] Yang, A., Steele, S., and N. Freed, "Internationalized 463 Email Headers", RFC 6532, DOI 10.17487/RFC6532, February 464 2012, . 466 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 467 Code: The Implementation Status Section", BCP 205, 468 RFC 7942, DOI 10.17487/RFC7942, July 2016, 469 . 471 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 472 2119 Key Words", BCP 14, RFC 8174, DOI 10.27487/RFC8174, 473 May 2017, . 475 10.2. Informative References 477 [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible 478 Provisioning Protocol", RFC 7451, DOI 10.27487/RFC7451, 479 February 2015, . 481 [RFC8543] Zhou, L., Kong, N., Yao, J., Gould, J., and G. Zhou, 482 "Extensible Provisioning Protocol (EPP) Organization 483 Mapping", RFC 8543, DOI 10.27487/RFC8543, March 2019, 484 . 486 Appendix A. Change History 488 A.1. Change from 00 to 01 490 1. Changed from update of RFC 5733 to use the "Placeholder Text and 491 a New Email Element" EPP Extension approach. 493 A.2. Change from 01 to 02 495 1. Fixed the XML schema and the XML examples based on validating 496 them. 498 2. Added James Gould as co-author. 500 3. Updated the language to apply to any EPP object mapping and to 501 use the EPP contact mapping as an example. 503 4. Updated the structure of document to be consistent with the other 504 Command-Response Extensions. 506 5. Replaced the use of "eppEAI" in the XML namespace and the XML 507 namespace prefix with "eai". 509 6. Changed to use a pointed XML namespace with "0.2" instead of 510 "1.0". 512 A.3. Change from 02 to 03 514 1. The approach has changed to use the concept of Functional EPP 515 Extension. 517 2. The examples are removed 519 A.4. Change from 03 to 04 521 1. More detailed reference to email syntax is provided 523 2. The shortened eai namespace reference is removed 525 A.5. Change from 04 to the regext 01 version 527 1. Provided the recommended placeholder value 529 A.6. Change from the regext 01 to regext 02 version 531 1. Removed the concept of the placeholder value 533 A.7. Change from the regext 02 to regext 03 version 535 1. Changed to use a pointed XML namespace with "0.3" instead of 536 "0.2". 538 2. Some wording improvements 540 A.8. Change from the regext 03 to regext 04 version 542 1. Some nitpicking 544 A.9. Change from the regext 04 to regext 05 version 546 1. Some nitpicking 548 2. The "Implementation considerations" section is removed 550 A.10. Change from the regext 05 to regext 06 version 552 1. Some nitpicking 554 A.11. Change from the regext 06 to regext 07 version 556 1. Namespace version set to 1.0 558 A.12. Change from the regext 07 to regext 08 version 560 1. Information about implementations is provided. 562 2. Acknowledgments section is added. 564 3. Reference to RFC 7451 is moved to Informative. 566 4. IPR information is provided 568 5. Sections are reordered to align with the other regext documents 570 A.13. Change from the regext 08 to regext 09 version 572 1. Nitpicking according to Murray S. Kucherawy review 574 A.14. Change from the regext 09 to regext 10 version 576 1. Some nitpicking in the security considerations. 578 A.15. Change from the regext 10 to regext 11 version 580 1. Nitpicking according mostly GenArt review. 582 A.16. Change from the regext 11 to regext 12 version 584 1. XML schema registration request removed. 586 A.17. Change from the regext 12 to regext 13 version 588 1. Document updated according to SecDir and ART-ART review. 590 A.18. Change from the regext 13 to regext 14 version 592 1. Document updated according the IANA review #1231866. 594 Authors' Addresses 596 Dmitry Belyavskiy 597 8 marta st. 598 Moscow 599 127083 600 Russian Federation 601 Phone: +7 916 262 5593 602 Email: beldmit@gmail.com 604 James Gould 605 VeriSign, Inc. 606 12061 Bluemont Way 607 Reston, VA 20190 608 United States of America 609 Email: jgould@verisign.com 610 URI: http://www.verisigninc.com