idnits 2.17.1 draft-ietf-regext-tmch-func-spec-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 10 instances of too long lines in the document, the longest one being 15 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The exact meaning of the all-uppercase expression 'NOT REQUIRED' is not defined in RFC 2119. If it is intended as a requirements expression, it should be rewritten using one of the combinations defined in RFC 2119; otherwise it should not be all-uppercase. -- The document date (June 8, 2016) is 2876 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: '0-9A-F' is mentioned on line 1369, but not defined == Unused Reference: 'RFC2617' is defined on line 2634, but no explicit reference was found in the text -- Possible downref: Non-RFC (?) normative reference: ref. 'MatchingRules' -- Obsolete informational reference (is this intentional?): RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) -- Obsolete informational reference (is this intentional?): RFC 2617 (Obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617) -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7719 (Obsoleted by RFC 8499) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force G. Lozano 3 Internet-Draft ICANN 4 Intended status: Standards Track June 8, 2016 5 Expires: December 10, 2016 7 ICANN TMCH functional specifications 8 draft-ietf-regext-tmch-func-spec-01 10 Abstract 12 This document describes the requirements, the architecture and the 13 interfaces between the ICANN Trademark Clearinghouse (TMCH) and 14 Domain Name Registries as well as between the ICANN TMCH and Domain 15 Name Registrars for the provisioning and management of domain names 16 during Sunrise and Trademark Claims Periods. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on December 10, 2016. 35 Copyright Notice 37 Copyright (c) 2016 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 54 3. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 9 56 4.1. Sunrise Period . . . . . . . . . . . . . . . . . . . . . 9 57 4.2. Trademark Claims Period . . . . . . . . . . . . . . . . . 10 58 4.3. Interfaces . . . . . . . . . . . . . . . . . . . . . . . 10 59 4.3.1. hv . . . . . . . . . . . . . . . . . . . . . . . . . 10 60 4.3.2. vd . . . . . . . . . . . . . . . . . . . . . . . . . 11 61 4.3.3. dy . . . . . . . . . . . . . . . . . . . . . . . . . 11 62 4.3.4. tr . . . . . . . . . . . . . . . . . . . . . . . . . 11 63 4.3.5. ry . . . . . . . . . . . . . . . . . . . . . . . . . 11 64 4.3.6. dr . . . . . . . . . . . . . . . . . . . . . . . . . 11 65 4.3.7. yd . . . . . . . . . . . . . . . . . . . . . . . . . 11 66 4.3.8. dv . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 4.3.9. vh . . . . . . . . . . . . . . . . . . . . . . . . . 12 68 4.3.10. vs . . . . . . . . . . . . . . . . . . . . . . . . . 12 69 4.3.11. sy . . . . . . . . . . . . . . . . . . . . . . . . . 12 70 4.3.12. sr . . . . . . . . . . . . . . . . . . . . . . . . . 12 71 4.3.13. vc . . . . . . . . . . . . . . . . . . . . . . . . . 13 72 4.3.14. cy . . . . . . . . . . . . . . . . . . . . . . . . . 13 73 4.3.15. cr . . . . . . . . . . . . . . . . . . . . . . . . . 13 74 5. Process Descriptions . . . . . . . . . . . . . . . . . . . . 13 75 5.1. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 13 76 5.1.1. Bootstrapping for Registries . . . . . . . . . . . . 13 77 5.1.1.1. Credentials . . . . . . . . . . . . . . . . . . . 13 78 5.1.1.2. IP Addresses for Access Control . . . . . . . . . 14 79 5.1.1.3. ICANN TMCH Trust Anchor . . . . . . . . . . . . . 14 80 5.1.1.4. TMDB PGP Key . . . . . . . . . . . . . . . . . . 14 81 5.1.2. Bootstrapping for Registrars . . . . . . . . . . . . 15 82 5.1.2.1. Credentials . . . . . . . . . . . . . . . . . . . 15 83 5.1.2.2. IP Addresses for Access Control . . . . . . . . . 15 84 5.1.2.3. ICANN TMCH Trust Anchor . . . . . . . . . . . . . 15 85 5.1.2.4. TMDB PGP Key . . . . . . . . . . . . . . . . . . 15 86 5.2. Sunrise Period . . . . . . . . . . . . . . . . . . . . . 16 87 5.2.1. Domain Name registration . . . . . . . . . . . . . . 16 88 5.2.2. Sunrise Domain Name registration by Registries . . . 17 89 5.2.3. TMDB Sunrise Services for Registries . . . . . . . . 18 90 5.2.3.1. SMD Revocation List . . . . . . . . . . . . . . . 18 91 5.2.3.2. TMV Certificate Revocation List (CRL) . . . . . . 18 92 5.2.3.3. Notice of Registered Domain Names (NORN) . . . . 19 93 5.2.4. Sunrise Domain Name registration by Registrars . . . 22 94 5.2.5. TMDB Sunrise Services for Registrars . . . . . . . . 22 95 5.3. Trademark Claims Period . . . . . . . . . . . . . . . . . 23 96 5.3.1. Domain Registration . . . . . . . . . . . . . . . . . 23 97 5.3.2. Trademark Claims Domain Name registration by 98 Registries . . . . . . . . . . . . . . . . . . . . . 24 99 5.3.3. TMBD Trademark Claims Services for Registries . . . . 25 100 5.3.3.1. Domain Name Label (DNL) List . . . . . . . . . . 25 101 5.3.3.2. Notice of Registered Domain Names (NORN) . . . . 26 102 5.3.4. Trademark Claims Domain Name registration by 103 Registrars . . . . . . . . . . . . . . . . . . . . . 26 104 5.3.5. TMBD Trademark Claims Services for Registrars . . . . 27 105 5.3.5.1. Claims Notice Information Service (CNIS) . . . . 27 106 5.4. Qualified Launch Program (QLP) Period . . . . . . . . . . 28 107 5.4.1. Domain Registration . . . . . . . . . . . . . . . . . 28 108 5.4.2. TMBD QLP Services for Registries . . . . . . . . . . 30 109 5.4.2.1. Sunrise List (SURL) . . . . . . . . . . . . . . . 30 110 6. Data Format Descriptions . . . . . . . . . . . . . . . . . . 30 111 6.1. Domain Name Label (DNL) List . . . . . . . . . . . . . . 30 112 6.2. SMD Revocation List . . . . . . . . . . . . . . . . . . . 32 113 6.3. List of Registered Domain Names (LORDN) file . . . . . . 34 114 6.3.1. LORDN Log file . . . . . . . . . . . . . . . . . . . 39 115 6.3.1.1. LORDN Log Result Codes . . . . . . . . . . . . . 41 116 6.4. Signed Mark Data (SMD) File . . . . . . . . . . . . . . . 45 117 6.5. Trademark Claims Notice (TCN) . . . . . . . . . . . . . . 46 118 6.6. Sunrise List (SURL) . . . . . . . . . . . . . . . . . . . 53 119 7. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 54 120 7.1. Trademark Claims Notice (TCN) . . . . . . . . . . . . . . 54 121 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 57 122 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 57 123 10. Security Considerations . . . . . . . . . . . . . . . . . . . 57 124 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 58 125 11.1. Normative References . . . . . . . . . . . . . . . . . . 58 126 11.2. Informative References . . . . . . . . . . . . . . . . . 58 127 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 60 129 1. Introduction 131 Domain Name Registries (DNRs) may operate in special modes for 132 certain periods of time enabling trademark holders to protect their 133 rights during the introduction of a Top Level Domain (TLD). 135 Along with the introduction of new generic TLDs (gTLD), two special 136 modes came into effect: 138 o Sunrise Period, the Sunrise Period allows trademark holders an 139 advance opportunity to register domain names corresponding to 140 their marks before names are generally available to the public. 142 o Trademark Claims Period, the Trademark Claims Period follows the 143 Sunrise Period and runs for at least the first 90 days of an 144 initial operating period of general registration. During the 145 Trademark Claims Period, anyone attempting to register a domain 146 name matching a mark that is recorded in the ICANN Trademark 147 Clearinghouse (TMCH) will receive a notification displaying the 148 relevant mark information. 150 This document describes the requirements, the architecture and the 151 interfaces between the ICANN TMCH and Domain Name Registries (called 152 Registries in the rest of the document) as well as between the ICANN 153 TMCH and Domain Name Registrars (called Registrars in the rest of the 154 document) for the provisioning and management of domain names during 155 the Sunrise and Trademark Claims Periods. 157 For any date and/or time indications, Coordinated Universal Time 158 (UTC) applies. 160 2. Terminology 162 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 163 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 164 document are to be interpreted as described in [RFC2119]. 166 XML is case sensitive. Unless stated otherwise, XML specifications 167 and examples provided in this document MUST be interpreted in the 168 character case presented in order to develop a conforming 169 implementation. 171 "tmNotice-1.0" is used as an abbreviation for 172 "urn:ietf:params:xml:ns:tmNotice-1.0". The XML namespace prefix 173 "tmNotice" is used, but implementations MUST NOT depend on it and 174 instead employ a proper namespace-aware XML parser and serializer to 175 interpret and output the XML documents. 177 3. Glossary 179 In the following section, the most common terms are briefly 180 explained: 182 o Backend Registry Operator: Entity that manages (a part of) the 183 technical infrastructure for a Registry Operator. The Registry 184 Operator may also be the Backend Registry Operator. 186 o CA: Certificate Authority, see [RFC5280]. 188 o CNIS, Claims Notice Information Service: This service provides 189 Trademark Claims Notices (TCN) to Registrars. 191 o CRC32, Cyclic Redundancy Check: algorithm used in the ISO 3309 192 standard and in section 8.1.1.6.2 of ITU-T recommendation V.42. 194 o CRL: Certificate Revocation List, see [RFC5280]. 196 o CSV: Comma-Separated Values, see [RFC4180] 198 o Date and time, datetime: Date and time are specified following the 199 standard "Date and Time on the Internet specification", see 200 [RFC3339]. 202 o DN, Domain Name, domain name: see definition of Domain name in 203 [RFC7719]. In case of IDNs, the A-label form MUST be used, i.e. 204 each of the DNLs are an A-label or NR-LDH (see [RFC5890]). 206 o DNROID, DN Repository Object IDentifier: an identifier assigned by 207 the Registry to each DN object that unequivocally identifies said 208 DN object. For example, if a new DN object is created for a name 209 that existed in the past, the DN objects will have different 210 DNROIDs. 212 o DNL, Domain Name Label, see definition of Label in [RFC7719]. The 213 DNL is an A-label or NR-LDH. 215 o DNL List: A list of DNLs that are covered by a PRM. 217 o DNS: Domain Name System, see [RFC7719]. 219 o Effective allocation: A DN is considered effectively allocated 220 when the DN object for the DN has been created in the SRS of the 221 Registry and has been assigned to the effective user. A DN object 222 in status "pendingCreate" or any other status that precedes the 223 first time a DN is assigned to an end-user is not considered an 224 effective allocation. A DN object created internally by the 225 Registry for subsequent delegation to another Registrant is not 226 considered an effective allocation. 228 o EPP: The Extensible Provisioning Protocol, see definition of EPP 229 in [RFC7719]. 231 o FQDN: Fully-Qualified Domain Name, see definition of FQDN in 232 [RFC7719]. 234 o HTTP: Hypertext Transfer Protocol, see [RFC2616] 236 o HTTPS: HTTP over TLS (Transport Layer Security), [RFC2818]. 238 o IDN: Internationalized Domain Name, see definition of IDN in 239 [RFC7719]. 241 o Lookup Key: A random string of up to 51 chars from the set [a-zA- 242 Z0-9/] to be used as the lookup key by Registrars to obtain the 243 TCN using the CNIS. Lookup Keys are unique and are related to one 244 DNL only. 246 o LORDN, List of Registered Domain Names: This is the list of 247 effectively allocated DNs matching a DNL of a PRM. Registries 248 will upload this list to the TMDB (during the NORDN process). 250 o Matching Rules: Some trademarks entitled to inclusion in the TMDB 251 include characters that are impermissible in the domain name 252 system (DNS) as a DNL. The TMV changes ( using the ICANN TMCH 253 Matching Rules [MatchingRules]) certain DNS-impermissible 254 characters in a trademark into DNS-permissible equivalent 255 characters 257 o NORDN, Notification of Registered Domain Names: The process by 258 which Registries upload their recent LORDN to the TMDB. 260 o PGP: Pretty Good Privacy, see [RFC4880] 262 o PKI: Public Key Infrastructure, see [RFC5280]. 264 o PRM, Pre-registered mark: Mark that has been pre-registered with 265 the ICANN TMCH. 267 o QLP Period, Qualified Launch Program Period: During this optional 268 period, a special process applies to DNs matching the Sunrise List 269 (SURL) and/or the DNL List, to ensure that TMHs are informed of a 270 DN matching their PRM. 272 o Registrant: see definition of Registrant in [RFC7719]. 274 o Registrar, Domain Name Registrar: see definition of Registrar in 275 [RFC7719]. 277 o Registry, Domain Name Registry, Registry Operator: see definition 278 of Registry in [RFC7719]. A Registry Operator is the contracting 279 party with ICANN for the TLD. 281 o SMD, Signed Mark Data: A cryptographically signed token issued by 282 the TMV to the TMH to be used in the Sunrise Period to apply for a 283 DN that matches a DNL of a PRM; see also 284 [I-D.ietf-eppext-tmch-smd]. An SMD generated by an ICANN-approved 285 trademark validator (TMV) contains both the signed token and the 286 TMV's PKIX certificate. 288 o SMD File: A file containing the SMD (see above) and some human 289 readable data. The latter is usually ignored in the processing of 290 the SMD File. See also Section 6.4. 292 o SMD Revocation List: The SMD Revocation List is used by Registries 293 (and optionally by Registrars) during the Sunrise Period to ensure 294 that an SMD is still valid (i.e. not revoked). The SMD Revocation 295 List has a similar function as CRLs used in PKI. 297 o SRS: Shared Registration System, see also 298 [ICANN-GTLD-AGB-20120604]. 300 o SURL, Sunrise List: The list of DNLs that are covered by a PRM and 301 eligible for Sunrise. 303 o Sunrise Period: During this period DNs matching a DNL of a PRM can 304 be exclusively obtained by the respective TMHs. For DNs matching 305 a PRM, a special process applies to ensure that TMHs are informed 306 on the effective allocation of a DN matching their PRM. 308 o TLD: Top-Level Domain Name, see definition of TLD in [RFC7719]. 310 o ICANN TMCH: a central repository for information to be 311 authenticated, stored, and disseminated, pertaining to the rights 312 of TMHs. The ICANN TMCH is split into two functions TMV and TMDB 313 (see below). There could be several entities performing the TMV 314 function, but only one entity performing the TMDB function. 316 o ICANN TMCH-CA: The Certificate Authority (CA) for the ICANN TMCH. 317 This CA is operated by ICANN. The public key for this CA is the 318 trust anchor used to validate the identity of each TMV. 320 o TMDB, Trademark Clearinghouse Database: Serves as a database of 321 the ICANN TMCH to provide information to the gTLD Registries and 322 Registrars to support Sunrise or Trademark Claims services. There 323 is only one TMDB in the ICANN TMCH that concentrates the 324 information about the "verified" Trademark records from the TMVs. 326 o TMH, Trademark Holder: The person or organization owning rights on 327 a mark. 329 o TMV, Trademark Validator, Trademark validation organization: An 330 entity authorized by ICANN to authenticate and validate 331 registrations in the TMDB ensuring the marks qualify as registered 332 or are court-validated marks or marks that are protected by 333 statute or treaty. This entity would also be asked to ensure that 334 proof of use of marks is provided, which can be demonstrated by 335 furnishing a signed declaration and one specimen of current use. 337 o Trademark, mark: Marks are used to claim exclusive properties of 338 products or services. A mark is typically a name, word, phrase, 339 logo, symbol, design, image, or a combination of these elements. 340 For the scope of this document only textual marks are relevant. 342 o Trademark Claims, Claims: Provides information to enhance the 343 understanding of the Trademark rights being claimed by the TMH. 345 o TCN, Trademark Claims Notice, Claims Notice, Trademark Notice: A 346 Trademark Claims Notice consist of one or more Trademark Claims 347 and are provided to prospective Registrants of DNs. 349 o TCNID, Trademark Claims Notice Identifier: An element of the 350 Trademark Claims Notice (see above), identifying said TCN. The 351 Trademark Claims Notice Identifier is specified in the element 352 . 354 o Trademark Claims Period: During this period, a special process 355 applies to DNs matching the DNL List, to ensure that TMHs are 356 informed of a DN matching their PRM. For DNs matching the DNL 357 List, Registrars show a TCN to prospective Registrants that has to 358 be acknowledged before effective allocation of the DN. 360 o UTC: Coordinated Universal Time, as maintained by the Bureau 361 International des Poids et Mesures (BIPM); see also [RFC3339]. 363 4. Architecture 365 4.1. Sunrise Period 367 Architecture of the Sunrise Period 369 SMD hand over (out-of-band) 370 .............................................. 371 : : 372 : .'''''''''''''''''''. : 373 : . ICANN TMCH . : 374 : ..................... : 375 v . . : 376 .------------. . .-------------. . hv .-----. 377 | Registrant | . | TMV |<---------->| TMH | 378 '------------' . '-------------' . vh '-----' 379 | . | ^ \ . 380 | . | | \. 381 tr | . vs | | dv \ 382 | . | vd | .\ 383 v . v v . \ 384 .-----------. sr . .---------. . \ 385 .->| Registrar |<..........| | . \ 386 : '-----------' . | | . \ 387 : | sy . | T | . \ 388 : ry | .------------| M | . vc \ 389 : | | . | D | . \ 390 : v v . | B | . v 391 : .-----------. . yd | | . .---------------. 392 : | Registry |---------->| | . | ICANN TMCH-CA | 393 : '-----------' . '---------' . '---------------' 394 : ^ . . | : 395 : | ''''''''''''''''''' | : 396 : | cy | : 397 : cr '-----------------------------------------' : 398 :......................................................: 400 Figure 1 402 4.2. Trademark Claims Period 404 Architecture of the Trademark Claims Period 406 .''''''''''''''. 407 . ICANN TMCH . 408 ................ 409 . . 410 .------------. . .-------. . hv .-----. 411 | Registrant | . | TMV |<----------->| TMH | 412 '------------' . '-------' . vh '-----' 413 | . ^ . 414 | . | dv . 415 tr | . vd | . 416 v . v . 417 .-----------. dr . .-------. . 418 | Registrar |<--------| | . 419 '-----------' . | T | . 420 ry | . | M | . 421 v . | D | . 422 .----------. dy . | B | . 423 | Registry |<------->| | . 424 '----------' yd . '-------' . 425 . . 426 '''''''''''''' 428 Figure 2 430 4.3. Interfaces 432 In the sub-sections below follows a short description of each 433 interface to provide an overview of the architecture. More detailed 434 descriptions of the relevant interfaces follow further below 435 (Section 5). 437 4.3.1. hv 439 The TMH registers a mark with a TMV via the hv interface. 441 After the successful registration of the mark, the TMV makes 442 available a SMD File (see also Section 6.4) to the TMH to be used 443 during the Sunrise Period. 445 The specifics of the hv interface are beyond the scope of this 446 document. 448 4.3.2. vd 450 After successful mark registration, the TMV ensures the TMDB inserts 451 the corresponding DNLs and mark information into the database via the 452 vd interface. 454 The specifics of the vd interface are beyond the scope of this 455 document. 457 4.3.3. dy 459 During the Trademark Claims Period the Registry fetches the latest 460 DNL List from the TMDB via the dy interface at regular intervals. 461 The protocol used on the dy interface is HTTPS. 463 Not relevant during the Sunrise Period. 465 4.3.4. tr 467 The Registrant communicates with the Registrar via the tr interface. 469 The specifics of the tr interface are beyond the scope of this 470 document. 472 4.3.5. ry 474 The Registrar communicate with the Registry via the ry interface. 475 The ry interfaces is typically implemented in EPP. 477 4.3.6. dr 479 During the Trademark Claims Period, the Registrar fetches the TCN 480 from the TMDB (to be displayed to the Registrant via the tr 481 interface) via the dr interface. The protocol used for fetching the 482 TCN is HTTPS. 484 Not relevant during the Sunrise Period. 486 4.3.7. yd 488 During the Sunrise Period the Registry notifies the TMDB via the yd 489 interface of all DNs effectively allocated. 491 During the Trademark Claims Period, the Registry notifies the TMDB 492 via the yd interface of all DNs effectively allocated that matched an 493 entry in the Registry previously downloaded DNL List during the 494 creation of the DN. 496 The protocol used on the yd interface is HTTPS. 498 4.3.8. dv 500 The TMDB notifies via the dv interface to the TMV of all DNs 501 effectively allocated that match a mark registered by that TMV. 503 The specifics of the dv interface are beyond the scope of this 504 document. 506 4.3.9. vh 508 The TMV notifies the TMH via the vh interface after a DN has been 509 effectively allocated that matches a PRM of this TMH. 511 The specifics of the vh interface are beyond the scope of this 512 document. 514 4.3.10. vs 516 The TMV requests to add a revoked SMD to the SMD Revocation List at 517 the TMDB. 519 The specifics of the vs interface are beyond the scope of this 520 document. 522 Not relevant during the Trademark Claims Period. 524 4.3.11. sy 526 During the Sunrise Period the Registry fetches the most recent SMD 527 Revocation List from the TMDB via the sy interface in regular 528 intervals. The protocol used on the sy interface is HTTPS. 530 Not relevant during the Trademark Claims Period. 532 4.3.12. sr 534 During the Sunrise Period the Registrar may fetch the most recent SMD 535 Revocation List from the TMDB via the sr interface. The protocol 536 used on the sr interface is the same as on the sy interface (s. 537 above), i.e. HTTPS. 539 Not relevant during the Trademark Claims Period. 541 4.3.13. vc 543 The TMV registers its public key, and requests to revoke an existing 544 key, with the ICANN TMCH-CA over the vc interface. 546 The specifics of the vc interface are beyond the scope of this 547 document, but it involves personal communication between the 548 operators of the TMV and the operators of the ICANN TMCH-CA. 550 Not relevant during the Trademark Claims Period. 552 4.3.14. cy 554 During the Sunrise Period the Registry fetches the most recent TMV 555 CRL file from the ICANN TMCH-CA via the cy interface at regular 556 intervals. The TMV CRL is used for validation of TMV certificates. 557 The protocol used on the cy interface is HTTPS. 559 Not relevant during the Trademark Claims Period. 561 4.3.15. cr 563 During the Sunrise Period the Registrar optionally fetches the most 564 recent TMV CRL file from the ICANN TMCH-CA via the cr interface at 565 regular intervals. The TMV CRL is used for validation of TMV 566 certificates. The protocol used on the cr interface is HTTPS. 568 Not relevant during the Trademark Claims Period. 570 5. Process Descriptions 572 5.1. Bootstrapping 574 5.1.1. Bootstrapping for Registries 576 5.1.1.1. Credentials 578 Each Registry Operator will receive authentication credentials from 579 the TMDB to be used: 581 o During the Sunrise Period to fetch the SMD Revocation List from 582 the TMBD via the sy interface (Section 4.3.11). 584 o During the Trademark Claims Period to fetch the DNL List from the 585 TMDB via the dy interface (Section 4.3.3). 587 o During the NORDN process to notify the LORDN to the TMDB via the 588 yd interface (Section 4.3.7). 590 Note: credentials are created per TLD and provided to the Registry 591 Operator. 593 5.1.1.2. IP Addresses for Access Control 595 Each Registry Operator MUST provide to the TMDB all IP addresses that 596 will be used to: 598 o Fetch the SMD Revocation List via the sy interface 599 (Section 4.3.11). 601 o Fetch the DNL List from the TMDB via the dy interface 602 (Section 4.3.3). 604 o Upload the LORDN to the TMDB via the yd interface (Section 4.3.7). 606 This access restriction MAY be applied by the TMDB in addition to 607 HTTP Basic access authentication (for credentials to be used, see 608 Section 5.1.1.1). 610 The TMDB MAY limit the number of IP addresses to be accepted per 611 Registry Operator. 613 5.1.1.3. ICANN TMCH Trust Anchor 615 Each Registry Operator MUST fetch the PKIX certificate ([RFC5280]) of 616 the ICANN TMCH-CA (Trust Anchor) from < https://ca.icann.org/ 617 tmch.crt > to be used: 619 o During the Sunrise Period to validate the TMV certificates and the 620 TMV CRL. 622 5.1.1.4. TMDB PGP Key 624 The TMDB MUST provide each Registry Operator with the public portion 625 of the PGP Key used by TMDB, to be used: 627 o During the Sunrise Period to perform integrity checking of the SMD 628 Revocation List fetched from the TMDB via the sy interface 629 (Section 4.3.11). 631 o During the Trademark Claims Period to perform integrity checking 632 of the DNL List fetched from the TMDB via the dy interface 633 (Section 4.3.3). 635 5.1.2. Bootstrapping for Registrars 637 5.1.2.1. Credentials 639 Each ICANN-accredited Registrar will receive authentication 640 credentials from the TMDB to be used: 642 o During the Sunrise Period to (optionally) fetch the SMD Revocation 643 List from the TMDB via the sr interface (Section 4.3.12). 645 o During the Trademark Claims Period to fetch TCNs from the TMDB via 646 the dr interface (Section 4.3.6). 648 5.1.2.2. IP Addresses for Access Control 650 Each Registrar MUST provide to the TMDB all IP addresses, which will 651 be used to: 653 o Fetch the SMD Revocation List via the sr interface 654 (Section 4.3.12). 656 o Fetch TCNs via the dr interface (Section 4.3.6). 658 This access restriction MAY be applied by the TMDB in addition to 659 HTTP Basic access authentication (for credentials to be used, see 660 Section 5.1.2.1). 662 The TMDB MAY limit the number of IP addresses to be accepted per 663 Registrar. 665 5.1.2.3. ICANN TMCH Trust Anchor 667 Registrars MAY fetch the PKIX certificate of the ICANN TMCH-CA (Trust 668 Anchor) from < https://ca.icann.org/tmch.crt > to be used: 670 o During the Sunrise Period to (optionally) validate the TMV 671 certificates and TMV CRL. 673 5.1.2.4. TMDB PGP Key 675 Registrars MUST receive the public portion of the PGP Key used by 676 TMDB from the TMDB administrator to be used: 678 o During the Sunrise Period to (optionally) perform integrity 679 checking of the SMD Revocation List fetched from the TMDB via the 680 sr interface (Section 4.3.12). 682 5.2. Sunrise Period 684 5.2.1. Domain Name registration 686 Domain Name registration during the Sunrise Period 688 .------------. .-----------. .----------. 689 | Registrant | | Registrar | | Registry | 690 '------------' '-----------' '----------' 691 | | | 692 | Request DN | | 693 | registration | | 694 | (with SMD) | | 695 |---------------->| Check DN availability | 696 | |---------------------------->| 697 | | | 698 | | DN unavailable .-------------. 699 | DN unavailable |<--------------------( DN available? ) 700 |<----------------| no '-------------' 701 | | | yes 702 | | DN available | 703 | |<----------------------------| 704 | | | 705 | | Request DN registration | 706 | | (with SMD) | 707 | |---------------------------->| 708 | | | 709 | | .------------------------------. 710 | | | DN registration validation / | 711 | | | SMD validation | 712 | | '------------------------------' 713 | | | 714 | Registration |.-----------. Error .----------------------. 715 | error || TRY AGAIN |<-----( Validation successful? ) 716 |<----------------|| / ABORT | no '----------------------' 717 | |'-----------' | yes 718 | | | 719 | | DN registered | 720 | DN registered |<----------------------------| 721 |<----------------| | 722 | | | 724 Figure 3 726 Note: the figure depicted above represents a synchronous DN 727 registration workflow (usually called first come first served). 729 5.2.2. Sunrise Domain Name registration by Registries 731 Registries MUST perform a minimum set of checks for verifying each DN 732 registration during the Sunrise Period upon reception of a 733 registration request over the ry interface (Section 4.3.5). If any 734 of these checks fails the Registry MUST abort the registration. Each 735 of these checks MUST be performed before the DN is effectively 736 allocated. 738 In case of asynchronous registrations (e.g. auctions), the minimum 739 set of checks MAY be performed when creating the intermediate object 740 (e.g. a DN application) used for DN registration. If the minimum set 741 of checks is performed when creating the intermediate object (e.g. a 742 DN application) a Registry MAY effective allocate the DN without 743 performing the minimum set of checks again. 745 Performing the minimum set of checks Registries MUST verify that: 747 1. An SMD has been received from the Registrar along with the DN 748 registration. 750 2. The certificate of the TMV has been correctly signed by the ICANN 751 TMCH-CA. (The certificate of the TMV is contained within the 752 SMD.) 754 3. The datetime when the validation is done is within the validity 755 period of the TMV certificate. 757 4. The certificate of the TMV is not listed in the TMV CRL file 758 specified in the CRL distribution point of the TMV certificate. 760 5. The signature of the SMD (signed with the TMV certificate) is 761 valid. 763 6. The datetime when the validation is done is within the validity 764 period of the SMD based on and 765 elements. 767 7. The SMD has not been revoked, i.e., is not contained in the SMD 768 Revocation List. 770 8. The leftmost DNL of the DN (A-label form in the case of IDNs) 771 being effectively allocated matches one of the labels 772 () elements in the SMD. For example, if the DN "xn-- 773 mgbachtv.xn--mgbh0fb" is being effectively allocated, the 774 leftmost DNL would be "xn--mgbachtv". 776 These procedure apply to all DN effective allocations at the second 777 level as well as to all other levels subordinate to the TLD that the 778 Registry accepts registrations for. 780 5.2.3. TMDB Sunrise Services for Registries 782 5.2.3.1. SMD Revocation List 784 A new SMD Revocation List MUST be published by the TMDB twice a day, 785 by 00:00:00 and 12:00:00 UTC. 787 Registries MUST refresh the latest version of the SMD Revocation List 788 at least once every 24 hours. 790 Note: the SMD Revocation List will be the same regardless of the TLD. 791 If a Backend Registry Operator manages the infrastructure of several 792 TLDs, the Backend Registry Operator could refresh the SMD Revocation 793 List once every 24 hours, the SMD Revocation List could be used for 794 all the TLDs managed by the Backend Registry Operator. 796 Update of the SMD Revocation List 798 .----------. .------. 799 | Registry | | TMDB | 800 '----------' '------' 801 | | 802 .----------------. | 803 | Periodically, | | 804 | at least | | 805 | every 24 hours | | 806 '----------------' | 807 | | 808 |----------------------------------------------------->| 809 | Download the latest SMD Revocation List | 810 |<-----------------------------------------------------| 811 | | 812 | | 814 Figure 4 816 5.2.3.2. TMV Certificate Revocation List (CRL) 818 Registries MUST refresh their local copy of the TMV CRL file at least 819 every 24 hours using the CRL distribution point specified in the TMV 820 certificate. 822 Operationally, the TMV CRL file and CRL distribution point is the 823 same for all TMVs and (at publication of this document) located at < 824 http://crl.icann.org/tmch.crl >. 826 Note: the TMV CRL file will be the same regardless of the TLD. If a 827 Backend Registry Operator manages the infrastructure of several TLDs, 828 the Backend Registry Operator could refresh the TMV CRL file once 829 every 24 hours, the TMV CRL file could be used for all the TLDs 830 managed by the Backend Registry Operator. 832 Update of the TMV CRL file 834 .----------. .---------------. 835 | Registry | | ICANN TMCH-CA | 836 '----------' '---------------' 837 | | 838 .----------------. | 839 | Periodically, | | 840 | at least | | 841 | every 24 hours | | 842 '----------------' | 843 | | 844 |-------------------------------------------->| 845 | Download the latest TMV CRL file | 846 |<--------------------------------------------| 847 | | 848 | | 850 Figure 5 852 5.2.3.3. Notice of Registered Domain Names (NORN) 854 The Registry MUST send a LORDN file containing DNs effectively 855 allocated to the TMDB (over the yd interface, Section 4.3.7). 857 The effective allocation of a DN MUST be reported by the Registry to 858 the TMDB within 26 hours of the effective allocation of such DN. 860 The Registry MUST create and upload a LORDN file in case there are 861 effective allocations in the SRS, that have not been successfully 862 reported to the TMDB in a previous LORDN file. 864 Based on the timers used by TMVs and the TMDB, the RECOMMENDED 865 maximum frequency to upload LORDN files from the Registries to the 866 TMDB is every 3 hours. 868 It is RECOMMENDED that Registries try to upload at least two LORDN 869 files per day to the TMDB with enough time in between, in order to 870 have time to fix problems reported in the LORDN file. 872 The Registry SHOULD upload a LORDN file only when the previous LORDN 873 file has been processed by the TMDB and the related LORDN Log file 874 has been downloaded and processed by the Registry. 876 The Registry MUST upload LORDN files for DNs effectively allocated 877 during the Sunrise or Trademark Claims Period (same applies to DNs 878 effectively allocated using applications created during the Sunrise 879 or Trademark Claims Period in case of using asynchronous 880 registrations). 882 The yd interface (Section 4.3.7) MUST support at least one (1) and 883 MAY support up to ten (10) concurrent connections from each IP 884 address registered by a Registry Operator to access the service. 886 The TMDB MUST process each uploaded LORDN file and make the related 887 log file available for Registry download within 30 minutes of the 888 finalization of the upload. 890 Notification of Registered Domain Name 892 .----------. .------. .-----. .-----. 893 | Registry | | TMDB | | TMV | | TMH | 894 '----------' '------' '-----' '-----' 895 | | | | 896 .------------------. | | | 897 | Periodically | | | | 898 | upload LORDN | | | | 899 | file | | | | 900 '------------------' | | | 901 | | | | 902 .--------->| Upload LORDN | | | 903 | |-------------------->| | | 904 | | | | | 905 | | .-------------------------. | | 906 | | | Verify each domain name | | | 907 | | | in the uploaded file | | | 908 | | | (within 30') | | | 909 | | '-------------------------' | | 910 | | | ._____.| | 911 | | Download Log file | | END || | 912 | |<--------------------| '-----'| | 913 | | | ^ | | 914 | .-----------------. .---------------. | | | 915 | | Check whether | / everything fine \ no | | | 916 | | Log file | ( (i.e. no errors )---' | | 917 | | contains errors | \ in Log file )? / | | 918 | '-----------------' '---------------' | | 919 | | | yes | | 920 | .---------------. | | | 921 | / everything fine \ yes | | | 922 |( (i.e. no errors )-----. | Notify TMVs | | 923 | \ in Log file )? / | | on the LORDN | | 924 | '---------------' | | pre-registered | | 925 | | no v | with said TMV | | 926 | .----------------. .------. |--------------->| | 927 '-| Correct Errors | | DONE | | | | 928 '----------------' '------' | | Notify each | 929 | | | affected TMH | 930 | | |-------------->| 931 | | | | 933 Figure 6 935 The format used for the LORDN is described in Section 6.3 937 5.2.4. Sunrise Domain Name registration by Registrars 939 Registrars MAY choose to perform the checks for verifying DN 940 registrations as performed by the Registries (see Section 5.2.2) 941 before sending the command to register a DN. 943 5.2.5. TMDB Sunrise Services for Registrars 945 The processes described in Section 5.2.3.1 and Section 5.2.3.2 are 946 also available for Registrars to optionally validate the SMDs 947 received. 949 5.3. Trademark Claims Period 951 5.3.1. Domain Registration 953 Domain Name registration during the Trademark Claims Period 955 .------------. .-----------. .----------. .------. 956 | Registrant | | Registrar | | Registry | | TMDB | 957 '------------' '-----------' '----------' '------' 958 | Request DN | | | 959 | registration | | | 960 |--------------->| Check DN availability | | 961 | |--------------------------->| | 962 | | DN unavailable .-------------. | 963 | DN unavailable |<-------------------( DN available? ) | 964 |<---------------| no '-------------' | 965 | | DN available | yes | 966 | |<---------------------------| | 967 | | Request Lookup key | | 968 | |--------------------------->| | 969 | |.__________. .---------. | 970 | || CONTINUE | / Does DN \ | 971 | || NORMALLY |<--------( match DNL ) | 972 | |'----------' no \ of PRM? / | 973 | | '---------' | 974 | | Lookup key | yes | 975 | |<----------------------------' | 976 | | | 977 .-----. | | Request TCN | 978 |ABORT| | Display |---------------------------------------->| 979 '-----' | Claims | Return TCN | 980 ^ | Notice |<----------------------------------------| 981 | no |<---------------| | 982 | .------. yes | | 983 '-( Ack? )----------->| Register DN (with TCNID) | | 984 '------' |--------------------------->| | 985 | Registration | Error .----------------------. | 986 | error |<-------------( Validation successful? ) | 987 |<---------------| no '----------------------' | 988 | | | yes | 989 | | DN registered | | 990 | DN registered |<---------------------------| | 991 |<---------------| | | 993 Figure 7 995 Note: the figure depicted above represents a synchronous DN 996 registration workflow (usually called first come first served). 998 5.3.2. Trademark Claims Domain Name registration by Registries 1000 During the Trademark Claims Period, Registries perform two main 1001 functions: 1003 o Registries MUST provide Registrars (over the ry interface, 1004 Section 4.3.5) the Lookup Key used to retrieve the TCNs for DNs 1005 that match the DNL List. 1007 o Registries MUST provide the Lookup Key only when queried about a 1008 specific DN. 1010 o For each DN matching a DNL of a PRM, Registries MUST perform a 1011 minimum set of checks for verifying DN registrations during the 1012 Trademark Claims Period upon reception of a registration request 1013 over the ry interface (Section 4.3.5). If any of these checks 1014 fails the Registry MUST abort the registration. Each of these 1015 checks MUST be performed before the DN is effectively allocated. 1017 o In case of asynchronous registrations (e.g. auctions), the minimum 1018 set of checks MAY be performed when creating the intermediate 1019 object (e.g. a DN application) used for DN effective allocation. 1020 If the minimum set of checks is performed when creating the 1021 intermediate object (e.g. a DN application) a Registry MAY 1022 effective allocate the DN without performing the minimum set of 1023 checks again. 1025 o Performing the minimum set of checks Registries MUST verify that: 1027 1. The TCNID (), expiration datetime 1028 () and acceptance datetime of the TCN, have 1029 been received from the Registrar along with the DN 1030 registration. 1032 If the three elements mentioned above are not provided by 1033 the Registrar for a DN matching a DNL of a PRM, but the DNL 1034 was inserted (or re-inserted) for the first time into DNL 1035 List less than 24 hours ago, the registration MAY continue 1036 without this data and the tests listed below are not 1037 required to be performed. 1039 2. The TCN has not expired (according to the expiration datetime 1040 sent by the Registrar). 1042 3. The acceptance datetime is no more than 48 hours in the past, 1043 or a different value defined by policy. 1045 4. Using the leftmost DNL of the DN (A-label form in the case of 1046 IDNs) being effectively allocated, the expiration datetime 1047 provided by the Registrar, and the TMDB Notice Identifier 1048 extracted from the TCNID provided by the Registrar compute the 1049 TCN Checksum. Verify that the computed TCN Checksum match the 1050 TCN Checksum present in the TCNID. For example, if the DN 1051 "xn--mgbachtv.xn--mgbh0fb" is being effectively allocated, the 1052 leftmost DNL would be "xn--mgbachtv". 1054 These procedures apply to all DN registrations at the second level as 1055 well as to all other levels subordinate to the TLD that the Registry 1056 accepts registrations for. 1058 5.3.3. TMBD Trademark Claims Services for Registries 1060 5.3.3.1. Domain Name Label (DNL) List 1062 A new DNL List MUST be published by the TMDB twice a day, by 00:00:00 1063 and 12:00:00 UTC. 1065 Registries MUST refresh the latest version of the DNL List at least 1066 once every 24 hours. 1068 Update of the DNL List 1070 .----------. .------. 1071 | Registry | | TMDB | 1072 '----------' '------' 1073 | | 1074 .----------------. | 1075 | Periodically, | | 1076 | at least | | 1077 | every 24 hours | | 1078 '----------------' | 1079 | | 1080 |-------------------------------->| 1081 | Download the latest DNL List | 1082 |<--------------------------------| 1083 | | 1084 | | 1086 Figure 8 1088 Note: the DNL List will be the same regardless of the TLD. If a 1089 Backend Registry Operator manages the infrastructure of several TLDs, 1090 the Backend Registry Operator could refresh the DNL List once every 1091 24 hours, the DNL List could be used for all the TLDs managed by the 1092 Backend Registry Operator. 1094 5.3.3.2. Notice of Registered Domain Names (NORN) 1096 The NORDN process during the Trademark Claims Period is almost the 1097 same as during Sunrise Period as defined in Section 5.2.3.3 with the 1098 difference that only registrations subject to a Trademark Claim 1099 (i.e., at registration time the name appeared in the current DNL List 1100 downloaded by the Registry Operator) are included in the LORDN. 1102 5.3.4. Trademark Claims Domain Name registration by Registrars 1104 For each DN matching a DNL of a PRM, Registrars MUST perform the 1105 following steps: 1107 1. Use the Lookup Key received from the Registry to obtain the TCN 1108 from the TMDB using the dr interface (Section 4.3.6) Registrars 1109 MUST only query for the Lookup Key of a DN that is available for 1110 registration. 1112 2. Present the TCN to the Registrant as described in Exhibit A, 1113 [RPM-Requirements]. 1115 3. Ask Registrant for acknowledgement, i.e. the Registrant MUST 1116 consent with the TCN, before any further processing. (The 1117 transmission of a TCNID to the Registry over the ry interface, 1118 Section 4.3.5 implies that the Registrant has expressed his/her 1119 consent with the TCN.) 1121 4. Perform the minimum set of checks for verifying DN registrations. 1122 If any of these checks fails the Registrar MUST abort the DN 1123 registration. Each of these checks MUST be performed before the 1124 registration is sent to the Registry. Performing the minimum set 1125 of checks Registrars MUST verify that: 1127 1. The datetime when the validation is done is within the TCN 1128 validity based on the and 1129 elements. 1131 2. The leftmost DNL of the DN (A-label form in the case of IDNs) 1132 being effectively allocated matches the label 1133 () element in the TCN. For example, if the 1134 DN "xn--mgbachtv.xn--mgbh0fb" is being effectively allocated, 1135 the leftmost DNL would be "xn--mgbachtv". 1137 3. The Registrant has acknowledged (expressed his/her consent 1138 with) the TCN. 1140 5. Record the date and time when the registrant acknowledged the 1141 TCN. 1143 6. Send the registration to the Registry (ry interface, 1144 Section 4.3.5) and include the following information: 1146 * TCNID () 1148 * Expiration date of the TCN () 1150 * Acceptance datetime of the TCN. 1152 TCNs are generated twice a day. The expiration date 1153 () of each TCN MUST be set to 48 hours (or a 1154 different value if defined by policy) in the future by the TMDB, 1155 allowing the implementation of a cache by Registrars and enough time 1156 for acknowledging the TCN. Registrars SHOULD implement a cache of 1157 TCNs to minimize the number of queries sent to the TMDB. A cached 1158 TCN MUST be removed from the cache after the expiration date of the 1159 TCN as defined by . The TMDB MAY implement rate- 1160 limiting as one of the protection mechanisms to mitigate the risk of 1161 performance degradation. 1163 5.3.5. TMBD Trademark Claims Services for Registrars 1165 5.3.5.1. Claims Notice Information Service (CNIS) 1167 The TCNs are provided by the TMDB online and are fetched by the 1168 Registrar via the dr interface (Section 4.3.6). 1170 To get access to the TCNs, the Registrar needs the credentials 1171 provided by the TMDB (Section 5.1.2.1) and the Lookup Key received 1172 from the Registry via the ry interface (Section 4.3.5). The dr 1173 interface (Section 4.3.6) uses HTTPS with Basic access 1174 authentication. 1176 The dr interface (Section 4.3.6) MAY support up to ten (10) 1177 concurrent connections from each Registrar. 1179 The URL of the dr interface (Section 4.3.6) is: 1181 < https:///cnis/.xml > 1183 Note that the "lookupkey" may contain SLASH characters ("/"). The 1184 SLASH character is part of the URL path and MUST NOT be escaped when 1185 requesting the TCN. 1187 The TLS certificate (HTTPS) used on the dr interface (Section 4.3.6) 1188 MUST be signed by a well-know public CA. Registrars MUST perform the 1189 Certification Path Validation described in Section 6 of [RFC5280]. 1190 Registrars will be authenticated in the dr interface using HTTP Basic 1191 access authentication. The dr (Section 4.3.6) interface MUST support 1192 HTTPS keep-alive and MUST maintain the connection for up to 30 1193 minutes. 1195 5.4. Qualified Launch Program (QLP) Period 1197 5.4.1. Domain Registration 1199 During the OPTIONAL (see [QLP-Addendum]) Qualified Launch Program 1200 (QLP) Period effective allocations of DNs to third parties could 1201 require that Registries and Registrars provide Sunrise and/or 1202 Trademark Claims services. If required, Registries and Registrars 1203 MUST provide Sunrise and/or Trademark Claims services as described in 1204 Section 5.2 and Section 5.3. 1206 The effective allocation scenarios are: 1208 o If the leftmost DNL of the DN (A-label form in the case of IDNs) 1209 being effectively allocated (QLP Name in this section) matches a 1210 DNL in the SURL, and an SMD is provided, then Registries MUST 1211 provide Sunrise Services (see Section 5.2) and the DN MUST be 1212 reported in a Sunrise LORDN file during the QLP Period. For 1213 example, if the DN "xn--mgbachtv.xn--mgbh0fb" is being effectively 1214 allocated, the leftmost DNL would be "xn--mgbachtv". 1216 o If the QLP Name matches a DNL in the SURL but does not match a DNL 1217 in the DNL List, and an SMD is NOT provided (see section 2.2 of 1218 [QLP-Addendum]), then the DN MUST be reported in a Sunrise LORDN 1219 file using the special SMD-id "99999-99999" during the QLP Period. 1221 o If the QLP Name matches a DNL in the SURL and also matches a DNL 1222 in the DNL List, and an SMD is NOT provided (see section 2.2 of 1223 [QLP-Addendum]), then Registries MUST provide Trademark Claims 1224 services (see Section 5.3) and the DN MUST be reported in a 1225 Trademark Claims LORDN file during the QLP Period. 1227 o If the QLP Name matches a DNL in the DNL List but does not match a 1228 DNL in the SURL, then Registries MUST provide Trademark Claims 1229 services (see Section 5.2) and the DN MUST be reported in a 1230 Trademark Claims LORDN file during the QLP Period. 1232 The following table lists all the effective allocation scenarios 1233 during a QLP Period: 1235 +--------+---------+-----------------+--------------+---------------+ 1236 | QLP | QLP | SMD was | Registry | Registry MUST | 1237 | Name | Name | provided by the | MUST provide | report DN | 1238 | match | match | potential | Sunrise or | registration | 1239 | in the | in the | Registrant | Trademark | in | 1240 | SURL | DNL | | Claims | LORDN file | 1241 | | List | | Services | | 1242 +--------+---------+-----------------+--------------+---------------+ 1243 | Y | Y | Y | Sunrise | Sunrise | 1244 | | | | | | 1245 | Y | N | Y | Sunrise | Sunrise | 1246 | | | | | | 1247 | N | Y | -- | Trademark | Trademark | 1248 | | | | Claims | Claims | 1249 | | | | | | 1250 | N | N | -- | -- | -- | 1251 | | | | | | 1252 | Y | Y | N (see section | Trademark | Trademark | 1253 | | | 2.2 of | Claims | Claims | 1254 | | | [QLP-Addendum]) | | | 1255 | | | | | | 1256 | Y | N | N (see section | -- | Sunrise | 1257 | | | 2.2 of | | (using | 1258 | | | [QLP-Addendum]) | | special SMD- | 1259 | | | | | id) | 1260 +--------+---------+-----------------+--------------+---------------+ 1262 QLP Effective Allocation Scenarios 1264 The TMDB MUST provide the following services to Registries during a 1265 QLP Period: 1267 o SMD Revocation List (see Section 5.2.3.1) 1269 o NORN (see Section 5.2.3.3) 1271 o DNL List (see Section 5.3.3.1) 1273 o Sunrise List (SURL) (see Section 5.4.2.1 1275 The TMDB MUST provide the following services to Registrars during a 1276 QLP Period: 1278 o SMD Revocation List (see Section 5.2.3.1) 1279 o CNIS (see Section 5.3.5.1) 1281 5.4.2. TMBD QLP Services for Registries 1283 5.4.2.1. Sunrise List (SURL) 1285 A new Sunrise List (SURL) MUST be published by the TMDB twice a day, 1286 by 00:00:00 and 12:00:00 UTC. 1288 Registries offering the OPTIONAL QLP Period MUST refresh the latest 1289 version of the SURL at least once every 24 hours. 1291 Update of the SURL 1293 .----------. .------. 1294 | Registry | | TMDB | 1295 '----------' '------' 1296 | | 1297 .----------------. | 1298 | Periodically, | | 1299 | at least | | 1300 | every 24 hours | | 1301 '----------------' | 1302 | | 1303 |------------------------------->| 1304 | Download the latest SURL | 1305 |<-------------------------------| 1306 | | 1307 | | 1309 Figure 9 1311 Note: the SURL will be the same regardless of the TLD. If a Backend 1312 Registry Operator manages the infrastructure of several TLDs, the 1313 Backend Registry Operator could refresh the SURL once every 24 hours, 1314 the SURL could be used for all the TLDs managed by the Backend 1315 Registry Operator. 1317 6. Data Format Descriptions 1319 6.1. Domain Name Label (DNL) List 1321 This section defines the format of the list containing every Domain 1322 Name Label (DNL) that matches a Pre-Registered Mark (PRM). The list 1323 is maintained by the TMDB and downloaded by Registries in regular 1324 intervals (see Section 5.3.3.1). The Registries use the DNL List 1325 during the Trademark Claims Period to check whether a requested DN 1326 matches a DNL of a PRM. 1328 The DNL List contains all the DNLs covered by a PRM present in the 1329 TMDB at the datetime it is generated. 1331 The DNL List is contained in a CSV formatted file that has the 1332 following structure: 1334 o first line: , 1336 Where: 1338 + , version of the file, this field MUST be 1. 1340 + , date and time in UTC that the 1341 DNL List was created. 1343 o second line: a header line as specified in [RFC4180] 1345 With the header names as follows: 1347 DNL,lookup-key,insertion-datetime 1349 o One or more lines with: ,, 1352 Where: 1354 + , a Domain Name Label covered by a PRM. 1356 + , lookup key that the Registry MUST provide to 1357 the Registrar. The lookup key has the following format: 1358
////, where: 1361 - YYYY: year that the TCN was generated. 1363 - MM: zero-padded month that the TCN was generated. 1365 - DD: zero-padded day that the TCN was generated. 1367 - vv: version of the TCN, possible values are 00 and 01. 1369 - X: one hexadecimal digit [0-9A-F]. This is the first, 1370 second and third hexadecimal digit of encoding the 1371 in base16 as specified in [RFC4648]. 1373 - Random bits: 144 random bits encoded in base64url as 1374 specified in [RFC4648]. 1376 - Sequential number: zero-padded natural number in the 1377 range 0000000001 to 2147483647. 1379 + , datetime in UTC that the DNL was 1380 first inserted into the DNL List. The possible two values 1381 of time for inserting a DNL to the DNL List are 00:00:00 and 1382 12:00:00 UTC. 1384 Example of a DNL List 1386 1,2012-08-16T00:00:00.0Z 1387 DNL,lookup-key,insertion-datetime 1388 example,2013041500/2/6/9/rJ1NrDO92vDsAzf7EQzgjX4R0000000001,\ 1389 2010-07-14T00:00:00.0Z 1390 another-example,2013041500/6/A/5/alJAqG2vI2BmCv5PfUvuDkf40000000002,\ 1391 2012-08-16T00:00:00.0Z 1392 anotherexample,2013041500/A/C/7/rHdC4wnrWRvPY6nneCVtQhFj0000000003,\ 1393 2011-08-16T12:00:00.0Z 1395 Figure 10 1397 To provide authentication and integrity protection, the DNL List will 1398 be PGP [RFC4880] signed by the TMDB (see also Section 5.1.1.4). The 1399 PGP signature of the DNL List can be found in the similar URI but 1400 with extension .sig as shown below. 1402 The URL of the dy interface (Section 4.3.3) is: 1404 o < https:///dnl/dnl-latest.csv > 1406 o < https:///dnl/dnl-latest.sig > 1408 6.2. SMD Revocation List 1410 This section defines the format of the list of SMDs that have been 1411 revoked. The list is maintained by the TMDB and downloaded by 1412 Registries (and optionally by Registrars) in regular intervals (see 1413 Section 5.2.3.1). The SMD Revocation List is used during the Sunrise 1414 Period to validate SMDs received. The SMD Revocation List has a 1415 similar function as CRLs used in PKI [RFC5280]. 1417 The SMD Revocation List contains all the revoked SMDs present in the 1418 TMDB at the datetime it is generated. 1420 The SMD Revocation List is contained in a CSV formatted file that has 1421 the following structure: 1423 o first line: , 1425 Where: 1427 + , version of the file, this field MUST be 1. 1429 + , datetime in UTC 1430 that the SMD Revocation List was created. 1432 o second line: a header line as specified in [RFC4180] 1434 With the header names as follows: 1436 smd-id,insertion-datetime 1438 o One or more lines with: , 1440 Where: 1442 + , identifier of the SMD that was revoked. 1444 + , revocation datetime in UTC of the 1445 SMD. The possible two values of time for inserting an SMD 1446 to the SMD Revocation List are 00:00:00 and 12:00:00 UTC. 1448 To provide integrity protection, the SMD Revocation List is PGP 1449 signed by the TMDB (see also Section 5.1.1.4). The SMD Revocation 1450 List is provided by the TMDB with extension .csv. The PGP signature 1451 of the SMD Revocation List can be found in the similar URI but with 1452 extension .sig as shown below. 1454 The URL of the sr interface (Section 4.3.12) and sy interface 1455 (Section 4.3.11) is: 1457 o < https:///smdrl/smdrl-latest.csv > 1459 o < https:///smdrl/smdrl-latest.sig > 1460 Example of an SMD Revocation List 1462 1,2012-08-16T00:00:00.0Z 1463 smd-id,insertion-datetime 1464 2-2,2012-08-15T00:00:00.0Z 1465 3-2,2012-08-15T00:00:00.0Z 1466 1-2,2012-08-15T00:00:00.0Z 1468 Figure 11 1470 6.3. List of Registered Domain Names (LORDN) file 1472 This section defines the format of the List of Registered Domain 1473 Names (LORDN), which is maintained by each Registry and uploaded at 1474 least daily to the TMDB. Every time a DN matching a DNL of a PRM 1475 said DN is added to the LORDN along with further information related 1476 to its registration. 1478 The URIs of the yd interface (Section 4.3.7) used to upload the LORDN 1479 file is: 1481 o Sunrise LORDN file: 1483 < https:///LORDN//sunrise > 1485 o Trademark Claims LORDN file: 1487 < https:///LORDN//claims > 1489 During a QLP Period, Registries MAY be required to upload Sunrise or 1490 Trademark Claims LORDN files. The URIs of the yd interface used to 1491 upload LORDN files during a QLP Period is: 1493 o Sunrise LORDN file (during QLP Period): 1495 < https:///LORDN//sunrise/qlp > 1497 o Trademark Claims LORDN file (during a QLP Period): 1499 < https:///LORDN//claims/qlp > 1501 The yd interface (Section 4.3.7) returns the following HTTP status 1502 codes after a HTTP POST request method is received: 1504 o The interface provides a HTTP/202 status code if the interface was 1505 able to receive the LORDN file and the syntax of the LORDN file is 1506 correct. 1508 The interface provides the LORDN Transaction Identifier in the 1509 HTTP Entity-body that would be used by the Registry to download 1510 the LORDN Log file. The LORDN Transaction Identifier is a 1511 natural number zero-padded in the range 0000000000000000001 to 1512 9223372036854775807. 1514 The TMDB uses the element of the 1515 LORDN file as a unique client-side identifier. If a LORDN file 1516 with the same of a previously sent 1517 LORDN file is received by the TMDB, the LORDN Transaction 1518 Identifier of the previously sent LORDN file MUST be provided 1519 to the Registry. The TMDB MUST ignore the DN Lines present in 1520 the LORDN file if a LORDN file with the same was previously sent. 1523 The HTTP Location header field contains the URI where the LORDN 1524 Log file could be retrieved later, for example: 1526 202 Accepted 1528 Location: https:///LORDN/example/sunrise/0000000000000000001/result 1531 o The interface provides a HTTP/400 if the request is incorrect or 1532 the syntax of the LORDN file is incorrect. The TMDB MUST return a 1533 human readable message in the HTTP Entity-body regarding the 1534 incorrect syntax of the LORDN file. 1536 o The interface provides a HTTP/401 status code if the credentials 1537 provided does not authorize the Registry Operator to upload a 1538 LORDN file. 1540 o The TMDB MUST return a HTTP/404 status code when trying to upload 1541 a LORDN file using the https:///LORDN//sunrise/qlp or https:///LORDN//claims/qlp interface outside of a QLP Period 1544 plus 26 hours. 1546 o The interface provides a HTTP/500 status code if the system is 1547 experiencing a general failure. 1549 For example, to upload the Sunrise LORDN file for TLD "example", the 1550 URI would be: 1552 < https:///LORDN/example/sunrise > 1554 The LORDN is contained in a CSV formatted file that has the following 1555 structure: 1557 o For Sunrise Period: 1559 * first line: ,, 1562 Where: 1564 - , version of the file, this field MUST be 1. 1566 - , date and time in UTC that the 1567 LORDN was created. 1569 - , number of DN Lines present in the 1570 LORDN file. 1572 * second line: a header line as specified in [RFC4180] 1574 With the header names as follows: 1576 roid,domain-name,SMD-id,registrar-id,registration- 1577 datetime,application-datetime 1579 * One or more lines with: ,,,,, 1583 Where: 1585 - , DN Repository Object IDentifier (DNROID) in the 1586 SRS. 1588 - , DN that was effectively allocated. For 1589 IDNs, the A-Label form is used. 1591 - , SMD ID used for registration. 1593 - , IANA Registrar ID. 1595 - , date and time in UTC that the 1596 domain was effectively allocated. 1598 - OPTIONAL , date and 1599 time in UTC that the application was created. The 1600 MUST be provided in 1601 case of a DN effective allocation based on an 1602 asynchronous registration (e.g., when using auctions). 1604 Example of a Sunrise LORDN file 1606 1,2012-08-16T00:00:00.0Z,3 1607 roid,domain-name,SMD-id,registrar-id,registration-datetime,\ 1608 application-datetime 1609 SH8013-REP,example1.gtld,1-2,9999,2012-08-15T13:20:00.0Z,\ 1610 2012-07-15T00:50:00.0Z 1611 EK77-REP,example2.gtld,2-2,9999,2012-08-15T14:00:03.0Z 1612 HB800-REP,example3.gtld,3-2,9999,2012-08-15T15:40:00.0Z 1614 Figure 12 1616 o For Trademark Claims Period: 1618 * first line: ,, 1621 Where: 1623 - , version of the file, this field MUST be 1. 1625 - , date and time in UTC that the 1626 LORDN was created. 1628 - , number of DN Lines present in the 1629 LORDN file. 1631 * second line: a header line as specified in [RFC4180] 1633 With the header names as follows: 1635 roid,domain-name,notice-id,registrar-id,registration- 1636 datetime,ack-datetime,application-datetime 1638 * One or more lines with: ,,,,,, 1642 Where: 1644 - , DN Repository Object IDentifier (DNROID) in the 1645 SRS. 1647 - , DN that was effectively allocated. For 1648 IDNs, the A-Label form is used. 1650 - , Trademark Claims Notice Identifier as specified 1651 in . 1653 - , IANA Registrar ID. 1655 - , date and time in UTC that the 1656 domain was effectively allocated. 1658 - , date and time in UTC 1659 that the TCN was acknowledged. 1661 - OPTIONAL , date and 1662 time in UTC that the application was created. The 1663 MUST be provided in 1664 case of a DN effective allocation based on an 1665 asynchronous registration (e.g., when using auctions). 1667 For a DN matching a DNL of a PRM at the moment of 1668 registration, created without the TCNID, expiration datetime 1669 and acceptance datetime, because DNL was inserted (or re- 1670 inserted) for the first time into DNL List less than 24 1671 hours ago, the string "recent-dnl-insertion" MAY be 1672 specified in and . 1675 Example of a Trademark Claims LORDN file 1677 1,2012-08-16T00:00:00.0Z,3 1678 roid,domain-name,notice-id,registrar-id,registration-datetime,\ 1679 ack-datetime,application-datetime 1680 SH8013-REP,example1.gtld,a76716ed9223352036854775808,\ 1681 9999,2012-08-15T14:20:00.0Z,2012-08-15T13:20:00.0Z 1682 EK77-REP,example2.gtld,a7b786ed9223372036856775808,\ 1683 9999,2012-08-15T11:20:00.0Z,2012-08-15T11:19:00.0Z 1684 HB800-REP,example3.gtld,recent-dnl-insertion,\ 1685 9999,2012-08-15T13:20:00.0Z,recent-dnl-insertion 1687 Figure 13 1689 6.3.1. LORDN Log file 1691 After reception of the LORDN file, the TMDB verifies its content for 1692 syntactical and semantical correctness. The output of the LORDN file 1693 verification is retrieved using the yd interface (Section 4.3.7). 1695 The URI of the yd interface (Section 4.3.7) used to retrieve the 1696 LORDN Log file is: 1698 o Sunrise LORDN Log file: 1700 < https:///LORDN//sunrise//result > 1703 o Trademark Claims LORDN Log file: 1705 < https:///LORDN//claims//result > 1708 A Registry Operator MUST NOT send more than one request per minute 1709 per TLD to download a LORDN Log file. 1711 The yd interface (Section 4.3.7) returns the following HTTP status 1712 codes after a HTTP GET request method is received: 1714 o The interface provides a HTTP/200 status code if the interface was 1715 able to provide the LORDN Log file. The LORDN Log file is 1716 contained in the HTTP Entity-body. 1718 o The interface provides a HTTP/204 status code if the LORDN 1719 Transaction Identifier is correct, but the server has not 1720 finalized processing the LORDN file. 1722 o The interface provides a HTTP/400 status code if the request is 1723 incorrect. 1725 o The interface provides a HTTP/401 status code if the credentials 1726 provided does not authorize the Registry Operator to download the 1727 LORDN Log file. 1729 o The interface provides a HTTP/404 status code if the LORDN 1730 Transaction Identifier is incorrect. 1732 o The interface provides a HTTP/500 status code if the system is 1733 experiencing a general failure. 1735 For example, to obtain the LORDN Log file in case of a Sunrise LORDN 1736 file with LORDN Transaction Identifier 0000000000000000001 and TLD 1737 "example" the URI would be: 1739 < https:///LORDN/example/sunrise/0000000000000000001/result > 1742 The LORDN Log file is contained in a CSV formatted file that has the 1743 following structure: 1745 o first line: ,,,,,, 1749 Where: 1751 + , version of the file, this field MUST be 1. 1753 + , date and time in UTC that the 1754 LORDN Log was created. 1756 + , date and time in UTC of 1757 creation for the LORDN file that this log file is referring 1758 to. 1760 + , unique identifier of the LORDN Log 1761 provided by the TMDB. This identifier could be used by the 1762 Registry Operator to unequivocally identify the LORDN Log. 1763 The identified will be a string of a maximum LENGTH of 60 1764 characters from the Base 64 alphabet. 1766 + , whether the LORDN file has been accepted for 1767 processing by the TMDB. Possible values are "accepted" or 1768 "rejected". 1770 + , whether the LORDN Log has any warning result 1771 codes. Possible values are "no-warnings" or "warnings- 1772 present". 1774 + , number of DNs effective allocations 1775 processed in the LORDN file. 1777 A Registry Operator is NOT REQUIRED to process a LORDN Log with 1778 a ="accepted" and ="no-warnings". 1780 o second line: a header line as specified in [RFC4180] 1782 With the header names as follows: 1784 roid,result-code 1786 o One or more lines with: , 1788 Where: 1790 + , DN Repository Object IDentifier (DNROID) in the SRS. 1792 + , result code as described in Section 6.3.1.1. 1794 Example of a LORDN Log file 1796 1,2012-08-16T02:15:00.0Z,2012-08-16T00:00:00.0Z,\ 1797 0000000000000478Nzs+3VMkR8ckuUynOLmyeqTmZQSbzDuf/R50n2n5QX4=,\ 1798 accepted,no-warnings,1 1799 roid,result-code 1800 SH8013-REP,2000 1802 Figure 14 1804 6.3.1.1. LORDN Log Result Codes 1806 In Figure 15 the classes of result codes (rc) are listed. Those 1807 classes in square brackets are not used at this time, but may come 1808 into use at some later stage. The first two digits of a result code 1809 denote the result code class, which defines the outcome at the TMDB: 1811 o ok: Success, DN Line accepted by the TMDB. 1813 o warn: a warning is issued, DN Line accepted by the TMDB. 1815 o err: an error is issued, LORDN file rejected by the TMDB. 1817 In case that after processing a DN Line, the error result code is 1818 45xx or 46xx for that DN Line, the LORDN file MUST be rejected by the 1819 TMDB. If the LORDN file is rejected, DN Lines that are syntactically 1820 valid will be reported with a 2001 result code. A 2001 result code 1821 means that the DN Line is syntactically valid, however the DN Line 1822 was not processed because the LORDN file was rejected. All DNs 1823 reported in a rejected LORDN file MUST be reported again by the 1824 Registry because none of the DN Lines present in the LORDN file have 1825 been processed by the TMDB. 1827 LORDN Log Result Code Classes 1829 code Class outcome 1830 ---- ----- ------- 1832 20xx Success ok 1834 35xx [ DN Line syntax warning ] warn 1835 36xx DN Line semantic warning warn 1837 45xx DN Line syntax error err 1838 46xx DN Line semantic error err 1840 Figure 15 1842 In the following, the LORDN Log result codes used by the TMDB are 1843 described: 1845 LORDN Log result Codes 1847 rc Short Description 1848 Long Description 1849 ---- ------------------------------------------------------------- 1851 2000 OK 1852 DN Line successfully processed. 1854 2001 OK but not processed 1855 DN Line is syntactically correct but was not processed 1856 because the LORDN file was rejected. 1858 3601 TCN Acceptance Date after Registration Date 1859 TCN Acceptance Date in DN Line is newer than the Registration 1860 Date. 1862 3602 Duplicate DN Line 1863 This DN Line is an exact duplicate of another DN Line in same 1864 file, DN Line ignored. 1866 3603 DNROID Notified Earlier 1867 Same DNROID has been notified earlier, DN Line ignored. 1869 3604 TCN Checksum invalid 1870 Based on the DN effectively allocated, the TCNID and the 1871 expiration date of the linked TCN, the TCN Checksum is 1872 invalid. 1874 3605 TCN Expired 1875 The TCN was already expired (based on the 1876 field of the TCN) at the datetime of acknowledgement. 1878 3606 Wrong TCNID used 1879 The TCNID used for the registration does not match 1880 the related DN. 1882 3609 Invalid SMD used 1883 The SMD used for registration was not valid at the moment of 1884 registration based on the and 1885 elements. 1886 In case of an asynchronous registration, this refer to the 1887 . 1889 3610 DN reported outside of the time window 1890 The DN was reported outside of the required 26 hours 1891 reporting window. 1893 3611 DN does not match the labels in SMD 1894 The DN does not match the labels included in the SMD. 1896 3612 SMDID does not exist 1897 The SMDID has never existed in the central repository. 1899 3613 SMD was revoked when used 1900 The SMD used for registration was revoked more than 1901 24 hours ago of the . 1902 In case of an asynchronous registration, 1903 the is used when 1904 validating the DN Line. 1906 3614 TCNID does not exist 1907 The TCNID has never existed in the central repository. 1909 3615 Recent-dnl-insertion outside of the time window 1910 The DN registration is reported as a recent-dnl-insertion, 1911 but the (re) insertion into the DNL occurred more than 1912 24 hours ago. 1914 3616 Registration Date of DN in Claims before the end of Sunrise Period 1915 The registration date of the DN is before the end of Sunrise Period 1916 and the DN was reported in a Trademark Claims LORDN file. 1918 3617 Registrar has not been approved by the TMDB 1919 Registrar ID in DN Line has not completed Trademark Claims integration 1920 testing with the TMDB. 1922 3618 Registration Date of DN in a QLP LORDN file outside of the QLP Period 1923 The registration date of the DN in a QLP LORDN file is outside 1924 of the QLP Period. 1926 3619 TCN was not valid 1927 The TCN was not valid (based on the 1928 field of the TCN) at the datetime of acknowledgement. 1930 4501 Syntax Error in DN Line 1931 Syntax Error in DN Line. 1933 4601 Invalid TLD used 1934 The TLD in the DN Line does not match what is expected for 1935 this LORDN. 1937 4602 Registrar ID Invalid 1938 Registrar ID in DN Line is not a valid ICANN-Accredited 1939 Registrar. 1941 4603 Registration Date in the future 1942 The in the DN Line is in the 1943 future. 1945 4606 TLD not in Sunrise or Trademark Claims Period 1946 The was reported when the TLD was 1947 not in Sunrise or Trademark Claims Periods. 1948 In case of an asynchronous registration, 1949 the is used when 1950 validating the DN Line. 1952 4607 Application Date in the future 1953 The in the DN Line is in the 1954 future. 1956 4608 Application Date is later than Registration Date 1957 The in the DN Line is later 1958 than the . 1960 4609 TCNID wrong syntax 1961 The syntax of the TCNID is invalid. 1963 4610 TCN Acceptance Date is in the future 1964 The is in the future. 1966 4611 Label has never existed in the TMDB 1967 The label in the registered DN has never existed in the TMDB. 1969 Figure 16 1971 6.4. Signed Mark Data (SMD) File 1973 This section defines the format of the Signed Mark Data (SMD) File. 1974 After a successful registration of a mark, the TMV returns an SMD 1975 File to the TMH. The SMD File can then be used for registration of 1976 one or more DNs covered by the PRM during the Sunrise Period of a 1977 TLD. 1979 Two encapsulation boundaries are defined for delimiting the 1980 encapsulated base64 encoded SMD: i.e. "-----BEGIN ENCODED SMD-----" 1981 and "-----END ENCODED SMD-----". Only data inside the encapsulation 1982 boundaries MUST be used by Registries and Registrars for validation 1983 purposes, i.e. any data outside these boundaries as well as the 1984 boundaries themselves MUST be ignored for validation purposes. 1986 The structure of the SMD File is as follows, all the elements are 1987 REQUIRED, and MUST appear in the specified order. 1989 1. Marks: 1991 2. smdID: 1993 3. U-labels: 1996 4. notBefore: 1998 5. notAfter: 2000 6. -----BEGIN ENCODED SMD----- 2002 7. 2004 8. -----END ENCODED SMD----- 2005 Example of an SMD File: 2007 Marks: Example One 2008 smdID: 1-2 2009 U-labels: example-one, exampleone 2010 notBefore: 2011-08-16 09:00 2011 notAfter: 2012-08-16 09:00 2012 -----BEGIN ENCODED SMD----- 2013 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNtZDpzaWdu 2014 ZWRNYXJrIHhtbG5zOnNtZD0idXJuOmlldGY6cGFyYW1zOnhtbDpuczpzaWduZWRN 2015 ... (base64 data elided for brevity) ... 2016 dXJlPgo8L3NtZDpzaWduZWRNYXJrPgo= 2017 -----END ENCODED SMD----- 2019 Figure 17 2021 6.5. Trademark Claims Notice (TCN) 2023 The TMDB MUST provide the TCN to Registrars in XML format as 2024 specified below. 2026 An enclosing element that describes the Trademark 2027 Notice to a given label. 2029 The child elements of the element include: 2031 o A element that contains the unique identifier of the 2032 Trademark Notice. This element contains the the TCNID. 2034 The TCNID is a string concatenation of a TCN Checksum and the 2035 TMDB Notice Identifier. The first 8 characters of the TCNID is 2036 a TCN Checksum. The rest is the TMDB Notice Identifier, which 2037 is a zero-padded natural number in the range of 2038 0000000000000000001 to 9223372036854775807. 2040 Example of a TCNID: 2042 370d0b7c9223372036854775807. 2044 Where: 2046 + TCN Checksum=370d0b7c 2048 + TMDB Notice Identifier=9223372036854775807 2049 The TCN Checksum is a 8 characters long Base16 encoded output 2050 of computing the CRC32 of the string concatenation of: label + 2051 unix_timestamp() + TMDB Notice Identifier 2053 TMDB MUST use the Unix time conversion of the 2054 in UTC to calculate the TCN Checksum. Unix 2055 time is defined as the number of seconds that have elapsed 2056 since 1970-01-01T00:00:00Z not counting leap seconds. For 2057 example, the conversion to Unix time of 2010-08-16T09:00:00.0Z 2058 is shown: 2060 unix_time(2010-08-16T09:00:00.0Z)=1281949200 2062 The TMDB uses the and 2063 elements from the TCN along with the TMDB Notice Identifier to 2064 compute the TCN Checksum. 2066 A Registry MUST use the leftmost DNL of the DN (A-label form in 2067 the case of IDNs) being effectively allocated, the expiration 2068 datetime of the TCN (provided by the Registrar) and the TMDB 2069 Notice Identifier extracted from the TCNID (provided by the 2070 Registrar) to compute the TCN Checksum. For example, if the DN 2071 "xn--mgbachtv.xn--mgbh0fb" is being effectively allocated, the 2072 leftmost DNL would be "xn--mgbachtv". 2074 Example of computation of the TCN Checksum: 2076 CRC32(example-one12819492009223372036854775807)=370d0b7c 2078 o A element that contains the start of the 2079 validity date and time of the TCN. 2081 o A element that contains the expiration date 2082 and time of the TCN. 2084 o A element that contains the DNL covered by a PRM. 2086 o One or more elements that contain the Trademark 2087 Claim. The element contains the following child 2088 elements: 2090 * A element that contains the mark text 2091 string. 2093 * One or more elements that contains the 2094 information of the holder of the mark. An "entitlement" 2095 attribute is used to identify the entitlement of the holder, 2096 possible values are: owner, assignee or licensee. The child 2097 elements of include: 2099 + An OPTIONAL element that contains the name 2100 of the holder. A MUST be specified if 2101 is not specified. 2103 + An OPTIONAL element that contains the name of 2104 the organization holder of the mark. A MUST 2105 be specified if is not specified. 2107 + A element that contains the address 2108 information of the holder of a mark. A 2109 contains the following child elements: 2111 - One, two or three OPTIONAL elements 2112 that contains the organization's street address. 2114 - A element that contains the 2115 organization's city. 2117 - An OPTIONAL element that contains the 2118 organization's state or province. 2120 - An OPTIONAL element that contains the 2121 organization's postal code. 2123 - A element that contains the organization's 2124 country code. This a two-character code from 2125 [ISO3166-2]. 2127 + An OPTIONAL element that contains the 2128 organization's voice telephone number. 2130 + An OPTIONAL element that contains the 2131 organization's facsimile telephone number. 2133 + An OPTIONAL element that contains the email 2134 address of the holder. 2136 * Zero or more OPTIONAL elements that contains 2137 the information of the representative of the mark registration. 2138 A "type" attribute is used to identify the type of contact, 2139 possible values are: owner, agent or thirdparty. The child 2140 elements of include: 2142 + A element that contains name of the 2143 responsible person. 2145 + An OPTIONAL element that contains the name of 2146 the organization of the contact. 2148 + A element that contains the address 2149 information of the contact. A contains the 2150 following child elements: 2152 - One, two or three OPTIONAL elements 2153 that contains the contact's street address. 2155 - A element that contains the contact's 2156 city. 2158 - An OPTIONAL element that contains the 2159 contact's state or province. 2161 - An OPTIONAL element that contains the 2162 contact's postal code. 2164 - A element that contains the contact's 2165 country code. This a two-character code from 2166 [ISO3166-2]. 2168 + A element that contains the contact's voice 2169 telephone number. 2171 + An OPTIONAL element that contains the 2172 contact's facsimile telephone number. 2174 + A element that contains the contact's email 2175 address. 2177 * A element that contains the name (in 2178 English) of the jurisdiction where the mark is protected. A 2179 jurCC attribute contains the two-character code of the 2180 jurisdiction where the mark was registered. This is a two- 2181 character code from [WIPO.ST3]. 2183 * Zero or more OPTIONAL element that 2184 contains the description (in English) of the Nice 2185 Classification as defined in [WIPO-NICE-CLASSES]. A classNum 2186 attribute contains the class number. 2188 * A element that contains the full 2189 description of the goods and services mentioned in the mark 2190 registration document. 2192 * An OPTIONAL element signals that the 2193 claim notice was added to the TCN based on other rule (e.g. 2194 [Claims50] ) than exact match (defined in [MatchingRules]). 2195 The contains one or more: 2197 + An OPTIONAL element that signals that the 2198 claim notice was added because of a previously abused name 2199 included in an UDRP case. The contains: 2201 - A element that contains the UDRP case 2202 number used to validate the previously abused name. 2204 - A element that contains the name 2205 of the UDRP provider. 2207 + An OPTIONAL element that signals that the 2208 claim notice was added because of a previously abused name 2209 included in a court's resolution. The 2210 contains: 2212 - A element that contains the reference 2213 number of the court's resolution used to validate the 2214 previously abused name. 2216 - A element that contains the two-character 2217 code from [ISO3166-2] of the jurisdiction of the court. 2219 - A element that contains the name of 2220 the court. 2222 Example of a object: 2224 2225 2226 370d0b7c9223372036854775807 2227 2010-08-14T09:00:00.0Z 2228 2010-08-16T09:00:00.0Z 2229 example-one 2230 2231 Example One 2232 2233 Example Inc. 2234 2235 123 Example Dr. 2236 Suite 100 2237 Reston 2238 VA 2239 20190 2240 US 2241 2242 2243 2244 Joe Doe 2245 Example Inc. 2246 2247 123 Example Dr. 2248 Suite 100 2249 Reston 2250 VA 2251 20190 2252 US 2253 2254 +1.7035555555 2255 jdoe@example.com 2256 2257 UNITED STATES OF AMERICA 2258 2259 Advertising; business management; business administration. 2260 2261 2262 Insurance; financial affairs; monetary affairs; real estate. 2263 2264 2265 Bardus populorum circumdabit se cum captiosus populum. 2266 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2267 2268 2269 2270 Example-One 2271 2272 Example S.A. de C.V. 2273 2274 Calle conocida #343 2275 Conocida 2276 SP 2277 82140 2278 BR 2279 2280 2281 BRAZIL 2282 2283 Bardus populorum circumdabit se cum captiosus populum. 2284 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2285 2286 2287 2288 One 2289 2290 One Corporation 2291 2292 Otra calle 2293 Otra ciudad 2294 OT 2295 383742 2296 CR 2297 2298 2299 COSTA RICA 2300 2301 Bardus populorum circumdabit se cum captiosus populum. 2302 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2303 2304 2305 2306 234235 2307 CR 2308 Supreme Court of Justice of Costa Rica 2309 2310 2311 2312 2313 One Inc 2314 2315 One SA de CV 2316 2317 La calle 2318 La ciudad 2319 CD 2320 34323 2321 AR 2322 2323 2324 ARGENTINA 2325 2326 Bardus populorum circumdabit se cum captiosus populum. 2327 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2328 2329 2330 2331 D2003-0499 2332 WIPO 2333 2334 2336 2337 2339 For the formal syntax of the TCN please refer to Section 7.1. 2341 6.6. Sunrise List (SURL) 2343 This section defines the format of the list containing every Domain 2344 Name Label (DNL) that matches a PRM eligible for Sunrise. The list 2345 is maintained by the TMDB and downloaded by Registries in regular 2346 intervals (see Section 5.4.2.1). The Registries use the Sunrise List 2347 during the Qualified Launch Program Period to check whether a 2348 requested DN matches a DNL of a PRM eligible for Sunrise. 2350 The Sunrise List contains all the DNLs covered by a PRM eligible for 2351 Sunrise present in the TMDB at the datetime it is generated. 2353 The Sunrise List is contained in a CSV formatted file that has the 2354 following structure: 2356 o first line: , 2358 Where: 2360 + , version of the file, this field MUST be 1. 2362 + , date and time in UTC that 2363 the Sunrise List was created. 2365 o second line: a header line as specified in [RFC4180] 2367 With the header names as follows: 2369 DNL,insertion-datetime 2371 o One or more lines with: , 2373 Where: 2375 + , a Domain Name Label covered by a PRM eligible for 2376 Sunrise. 2378 + , datetime in UTC that the DNL was 2379 first inserted into the Sunrise List. The possible two 2380 values of time for inserting a DNL to the Sunrise List are 2381 00:00:00 and 12:00:00 UTC. 2383 Example of a SURL 2385 1,2012-08-16T00:00:00.0Z 2386 DNL,insertion-datetime 2387 example,2010-07-14T00:00:00.0Z 2388 another-example,2012-08-16T00:00:00.0Z 2389 anotherexample,2011-08-16T12:00:00.0Z 2391 Figure 18 2393 To provide authentication and integrity protection, the Sunrise List 2394 will be PGP signed by the TMDB (see also Section 5.1.1.4). The PGP 2395 signature of the Sunrise List can be found in the similar URI but 2396 with extension .sig as shown below. 2398 The URL of the dy interface (Section 4.3.3) is: 2400 o < https:///dnl/surl-latest.csv > 2402 o < https:///dnl/surl-latest.sig > 2404 7. Formal Syntax 2406 7.1. Trademark Claims Notice (TCN) 2408 The schema presented here is for a Trademark Claims Notice. 2410 The BEGIN and END tags are not part of the schema; they are used to 2411 note the beginning and ending of the schema for URI registration 2412 purposes. 2414 Copyright (c) 2016 IETF Trust and the persons identified as authors 2415 of the code. All rights reserved. 2417 Redistribution and use in source and binary forms, with or without 2418 modification, is permitted pursuant to, and subject to the license 2419 terms contained in, the Simplified BSD License set forth in 2420 Section 4.c of the IETF Trust's Legal Provisions Relating to IETF 2421 Documents (http://trustee.ietf.org/license-info). 2423 BEGIN 2424 2425 2430 2431 2432 Schema for representing a Trademark Claim Notice. 2433 2434 2435 2436 2437 2438 2439 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2456 2457 2458 2459 2460 2461 2463 2465 2466 2468 2469 2471 2472 2473 2474 2475 2476 2477 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2505 2506 2507 2508 2509 2510 2511 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 END 2536 8. Acknowledgements 2538 This specification is a collaborative effort from several 2539 participants in the ICANN community. Bernie Hoeneisen participated 2540 as co-author until version 02 providing invaluable support for this 2541 document. This specification is based on a model spearheaded by: 2542 Chris Wright, Jeff Neuman, Jeff Eckhaus and Will Shorter. The author 2543 would also like to thank the thoughtful feedbak provided by many in 2544 the tmch-tech mailing list, but particularly the extensive help 2545 provided by James Gould, James Mitchell and Francisco Arias. This 2546 document includes feedback received from the following individuals: 2547 Paul Hoffman. 2549 9. IANA Considerations 2551 This document uses URNs to describe XML namespaces and XML schemas 2552 conforming to a registry mechanism described in [RFC3688]. One URI 2553 assignment have been registered by the IANA. 2555 Registration request for the Trademark Claims Notice: 2557 URI: urn:ietf:params:xml:ns:tmNotice-1.0 2559 Registrant Contact: See the "Author's Address" section of this 2560 document. 2562 XML: None. Namespace URIs do not represent an XML specification. 2564 10. Security Considerations 2566 This specification uses HTTP Basic Authentication to provide a simple 2567 application-layer authentication service. HTTPS is used in all 2568 interfaces in order to protect against most common attacks. In 2569 addition, the client identifier is tied to a set of IP addresses that 2570 are allowed to connect to the interfaces described in this document, 2571 providing an extra security measure. 2573 The TMDB MUST provide credentials to the appropriate Registries and 2574 Registrars. 2576 The TMDB MUST require the use of strong passwords by Registries and 2577 Registrars. 2579 The TMDB, Registries and Registrars MUST use the best practices 2580 described in RFC 7525 or its successors. 2582 11. References 2584 11.1. Normative References 2586 [I-D.ietf-eppext-tmch-smd] 2587 Lozano, G., "Mark and Signed Mark Objects Mapping", draft- 2588 ietf-eppext-tmch-smd-06 (work in progress), March 2016. 2590 [MatchingRules] 2591 ICANN, "Memorandum on Implementing Matching Rules", 2592 September 2012, . 2595 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2596 Requirement Levels", BCP 14, RFC 2119, 2597 DOI 10.17487/RFC2119, March 1997, 2598 . 2600 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2601 DOI 10.17487/RFC3688, January 2004, 2602 . 2604 11.2. Informative References 2606 [Claims50] 2607 ICANN, "Implementation Notes: Trademark Claims Protection 2608 for Previously Abused Names", July 2013, 2609 . 2612 [ICANN-GTLD-AGB-20120604] 2613 ICANN, "gTLD Applicant Guidebook Version 2012-06-04", June 2614 2012, . 2617 [ISO3166-2] 2618 ISO, "International Standard for country codes and codes 2619 for their subdivisions", 2006, 2620 . 2622 [QLP-Addendum] 2623 ICANN, "Qualified Launch Program Addendum", April 2014, 2624 . 2628 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 2629 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 2630 Transfer Protocol -- HTTP/1.1", RFC 2616, 2631 DOI 10.17487/RFC2616, June 1999, 2632 . 2634 [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., 2635 Leach, P., Luotonen, A., and L. Stewart, "HTTP 2636 Authentication: Basic and Digest Access Authentication", 2637 RFC 2617, DOI 10.17487/RFC2617, June 1999, 2638 . 2640 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 2641 DOI 10.17487/RFC2818, May 2000, 2642 . 2644 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 2645 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 2646 . 2648 [RFC4180] Shafranovich, Y., "Common Format and MIME Type for Comma- 2649 Separated Values (CSV) Files", RFC 4180, 2650 DOI 10.17487/RFC4180, October 2005, 2651 . 2653 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 2654 Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, 2655 . 2657 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. 2658 Thayer, "OpenPGP Message Format", RFC 4880, 2659 DOI 10.17487/RFC4880, November 2007, 2660 . 2662 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 2663 Housley, R., and W. Polk, "Internet X.509 Public Key 2664 Infrastructure Certificate and Certificate Revocation List 2665 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 2666 . 2668 [RFC5890] Klensin, J., "Internationalized Domain Names for 2669 Applications (IDNA): Definitions and Document Framework", 2670 RFC 5890, DOI 10.17487/RFC5890, August 2010, 2671 . 2673 [RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 2674 Terminology", RFC 7719, DOI 10.17487/RFC7719, December 2675 2015, . 2677 [RPM-Requirements] 2678 ICANN, "Rights Protection Mechanism Requirements", 2679 September 2013, . 2682 [WIPO-NICE-CLASSES] 2683 WIPO, "WIPO Nice Classification", 2015, 2684 . 2686 [WIPO.ST3] 2687 WIPO, "Recommended standard on two-letter codes for the 2688 representation of states, other entities and 2689 intergovernmental organizations", March 2007, 2690 . 2692 Author's Address 2694 Gustavo Lozano 2695 ICANN 2696 12025 Waterfront Drive, Suite 300 2697 Los Angeles 90292 2698 US 2700 Phone: +1.3103015800 2701 Email: gustavo.lozano@icann.org