idnits 2.17.1 draft-ietf-regext-tmch-func-spec-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 10 instances of too long lines in the document, the longest one being 15 characters in excess of 72. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The exact meaning of the all-uppercase expression 'NOT REQUIRED' is not defined in RFC 2119. If it is intended as a requirements expression, it should be rewritten using one of the combinations defined in RFC 2119; otherwise it should not be all-uppercase. -- The document date (Jun 13, 2018) is 2144 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Missing Reference: '0-9A-F' is mentioned on line 1376, but not defined -- Obsolete informational reference (is this intentional?): RFC 2818 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7230 (Obsoleted by RFC 9110, RFC 9112) -- Obsolete informational reference (is this intentional?): RFC 7231 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7235 (Obsoleted by RFC 9110) -- Obsolete informational reference (is this intentional?): RFC 7719 (Obsoleted by RFC 8499) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Internet Engineering Task Force G. Lozano 3 Internet-Draft ICANN 4 Intended status: Informational Jun 13, 2018 5 Expires: December 15, 2018 7 ICANN TMCH functional specifications 8 draft-ietf-regext-tmch-func-spec-04 10 Abstract 12 This document describes the requirements, the architecture and the 13 interfaces between the ICANN Trademark Clearinghouse (TMCH) and 14 Domain Name Registries as well as between the ICANN TMCH and Domain 15 Name Registrars for the provisioning and management of domain names 16 during Sunrise and Trademark Claims Periods. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at https://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on December 15, 2018. 35 Copyright Notice 37 Copyright (c) 2018 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (https://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 53 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 4 54 3. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 4. Architecture . . . . . . . . . . . . . . . . . . . . . . . . 9 56 4.1. Sunrise Period . . . . . . . . . . . . . . . . . . . . . 9 57 4.2. Trademark Claims Period . . . . . . . . . . . . . . . . . 10 58 4.3. Interfaces . . . . . . . . . . . . . . . . . . . . . . . 10 59 4.3.1. hv . . . . . . . . . . . . . . . . . . . . . . . . . 10 60 4.3.2. vd . . . . . . . . . . . . . . . . . . . . . . . . . 11 61 4.3.3. dy . . . . . . . . . . . . . . . . . . . . . . . . . 11 62 4.3.4. tr . . . . . . . . . . . . . . . . . . . . . . . . . 11 63 4.3.5. ry . . . . . . . . . . . . . . . . . . . . . . . . . 11 64 4.3.6. dr . . . . . . . . . . . . . . . . . . . . . . . . . 11 65 4.3.7. yd . . . . . . . . . . . . . . . . . . . . . . . . . 11 66 4.3.8. dv . . . . . . . . . . . . . . . . . . . . . . . . . 12 67 4.3.9. vh . . . . . . . . . . . . . . . . . . . . . . . . . 12 68 4.3.10. vs . . . . . . . . . . . . . . . . . . . . . . . . . 12 69 4.3.11. sy . . . . . . . . . . . . . . . . . . . . . . . . . 12 70 4.3.12. sr . . . . . . . . . . . . . . . . . . . . . . . . . 12 71 4.3.13. vc . . . . . . . . . . . . . . . . . . . . . . . . . 13 72 4.3.14. cy . . . . . . . . . . . . . . . . . . . . . . . . . 13 73 4.3.15. cr . . . . . . . . . . . . . . . . . . . . . . . . . 13 74 5. Process Descriptions . . . . . . . . . . . . . . . . . . . . 13 75 5.1. Bootstrapping . . . . . . . . . . . . . . . . . . . . . . 13 76 5.1.1. Bootstrapping for Registries . . . . . . . . . . . . 13 77 5.1.1.1. Credentials . . . . . . . . . . . . . . . . . . . 13 78 5.1.1.2. IP Addresses for Access Control . . . . . . . . . 14 79 5.1.1.3. ICANN TMCH Trust Anchor . . . . . . . . . . . . . 14 80 5.1.1.4. TMDB PGP Key . . . . . . . . . . . . . . . . . . 14 81 5.1.2. Bootstrapping for Registrars . . . . . . . . . . . . 15 82 5.1.2.1. Credentials . . . . . . . . . . . . . . . . . . . 15 83 5.1.2.2. IP Addresses for Access Control . . . . . . . . . 15 84 5.1.2.3. ICANN TMCH Trust Anchor . . . . . . . . . . . . . 15 85 5.1.2.4. TMDB PGP Key . . . . . . . . . . . . . . . . . . 15 86 5.2. Sunrise Period . . . . . . . . . . . . . . . . . . . . . 16 87 5.2.1. Domain Name registration . . . . . . . . . . . . . . 16 88 5.2.2. Sunrise Domain Name registration by Registries . . . 17 89 5.2.3. TMDB Sunrise Services for Registries . . . . . . . . 18 90 5.2.3.1. SMD Revocation List . . . . . . . . . . . . . . . 18 91 5.2.3.2. TMV Certificate Revocation List (CRL) . . . . . . 18 92 5.2.3.3. Notice of Registered Domain Names (NORN) . . . . 19 93 5.2.4. Sunrise Domain Name registration by Registrars . . . 22 94 5.2.5. TMDB Sunrise Services for Registrars . . . . . . . . 22 95 5.3. Trademark Claims Period . . . . . . . . . . . . . . . . . 23 96 5.3.1. Domain Registration . . . . . . . . . . . . . . . . . 23 97 5.3.2. Trademark Claims Domain Name registration by 98 Registries . . . . . . . . . . . . . . . . . . . . . 24 99 5.3.3. TMBD Trademark Claims Services for Registries . . . . 25 100 5.3.3.1. Domain Name Label (DNL) List . . . . . . . . . . 25 101 5.3.3.2. Notice of Registered Domain Names (NORN) . . . . 26 102 5.3.4. Trademark Claims Domain Name registration by 103 Registrars . . . . . . . . . . . . . . . . . . . . . 26 104 5.3.5. TMBD Trademark Claims Services for Registrars . . . . 28 105 5.3.5.1. Claims Notice Information Service (CNIS) . . . . 28 106 5.4. Qualified Launch Program (QLP) Period . . . . . . . . . . 28 107 5.4.1. Domain Registration . . . . . . . . . . . . . . . . . 28 108 5.4.2. TMBD QLP Services for Registries . . . . . . . . . . 31 109 5.4.2.1. Sunrise List (SURL) . . . . . . . . . . . . . . . 31 110 6. Data Format Descriptions . . . . . . . . . . . . . . . . . . 31 111 6.1. Domain Name Label (DNL) List . . . . . . . . . . . . . . 31 112 6.2. SMD Revocation List . . . . . . . . . . . . . . . . . . . 33 113 6.3. List of Registered Domain Names (LORDN) file . . . . . . 35 114 6.3.1. LORDN Log file . . . . . . . . . . . . . . . . . . . 40 115 6.3.1.1. LORDN Log Result Codes . . . . . . . . . . . . . 42 116 6.4. Signed Mark Data (SMD) File . . . . . . . . . . . . . . . 46 117 6.5. Trademark Claims Notice (TCN) . . . . . . . . . . . . . . 47 118 6.6. Sunrise List (SURL) . . . . . . . . . . . . . . . . . . . 54 119 7. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 55 120 7.1. Trademark Claims Notice (TCN) . . . . . . . . . . . . . . 55 121 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 58 122 9. Change History . . . . . . . . . . . . . . . . . . . . . . . 58 123 9.1. Version 04 . . . . . . . . . . . . . . . . . . . . . . . 58 124 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 58 125 11. Security Considerations . . . . . . . . . . . . . . . . . . . 59 126 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 59 127 12.1. Normative References . . . . . . . . . . . . . . . . . . 59 128 12.2. Informative References . . . . . . . . . . . . . . . . . 60 129 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 62 131 1. Introduction 133 Domain Name Registries (DNRs) may operate in special modes for 134 certain periods of time enabling trademark holders to protect their 135 rights during the introduction of a Top Level Domain (TLD). 137 Along with the introduction of new generic TLDs (gTLD), two special 138 modes came into effect: 140 o Sunrise Period, the Sunrise Period allows trademark holders an 141 advance opportunity to register domain names corresponding to 142 their marks before names are generally available to the public. 144 o Trademark Claims Period, the Trademark Claims Period follows the 145 Sunrise Period and runs for at least the first 90 days of an 146 initial operating period of general registration. During the 147 Trademark Claims Period, anyone attempting to register a domain 148 name matching a mark that is recorded in the ICANN Trademark 149 Clearinghouse (TMCH) will receive a notification displaying the 150 relevant mark information. 152 This document describes the requirements, the architecture and the 153 interfaces between the ICANN TMCH and Domain Name Registries (called 154 Registries in the rest of the document) as well as between the ICANN 155 TMCH and Domain Name Registrars (called Registrars in the rest of the 156 document) for the provisioning and management of domain names during 157 the Sunrise and Trademark Claims Periods. 159 For any date and/or time indications, Coordinated Universal Time 160 (UTC) applies. 162 2. Terminology 164 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 165 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 166 document are to be interpreted as described in [RFC2119]. 168 XML is case sensitive. Unless stated otherwise, XML specifications 169 and examples provided in this document MUST be interpreted in the 170 character case presented in order to develop a conforming 171 implementation. 173 "tmNotice-1.0" is used as an abbreviation for 174 "urn:ietf:params:xml:ns:tmNotice-1.0". The XML namespace prefix 175 "tmNotice" is used, but implementations MUST NOT depend on it and 176 instead employ a proper namespace-aware XML parser and serializer to 177 interpret and output the XML documents. 179 3. Glossary 181 In the following section, the most common terms are briefly 182 explained: 184 o Backend Registry Operator: Entity that manages (a part of) the 185 technical infrastructure for a Registry Operator. The Registry 186 Operator may also be the Backend Registry Operator. 188 o CA: Certificate Authority, see [RFC5280]. 190 o CNIS, Claims Notice Information Service: This service provides 191 Trademark Claims Notices (TCN) to Registrars. 193 o CRC32, Cyclic Redundancy Check: algorithm used in the ISO 3309 194 standard and in section 8.1.1.6.2 of ITU-T recommendation V.42. 196 o CRL: Certificate Revocation List, see [RFC5280]. 198 o CSV: Comma-Separated Values, see [RFC4180] 200 o Date and time, datetime: Date and time are specified following the 201 standard "Date and Time on the Internet specification", see 202 [RFC3339]. 204 o DN, Domain Name, domain name: see definition of Domain name in 205 [RFC7719]. 207 o DNROID, DN Repository Object IDentifier: an identifier assigned by 208 the Registry to each DN object that unequivocally identifies said 209 DN object. For example, if a new DN object is created for a name 210 that existed in the past, the DN objects will have different 211 DNROIDs. 213 o DNL, Domain Name Label, the DNL is an A-label or NR-LDH label (see 214 [RFC5890]). 216 o DNL List: A list of DNLs that are covered by a PRM. 218 o DNS: Domain Name System, see [RFC7719]. 220 o Effective allocation: A DN is considered effectively allocated 221 when the DN object for the DN has been created in the SRS of the 222 Registry and has been assigned to the effective user. A DN object 223 in status "pendingCreate" or any other status that precedes the 224 first time a DN is assigned to an end-user is not considered an 225 effective allocation. A DN object created internally by the 226 Registry for subsequent delegation to another Registrant is not 227 considered an effective allocation. 229 o EPP: The Extensible Provisioning Protocol, see definition of EPP 230 in [RFC7719]. 232 o FQDN: Fully-Qualified Domain Name, see definition of FQDN in 233 [RFC7719]. 235 o HTTP: Hypertext Transfer Protocol, see [RFC7230] and [RFC7231]. 237 o HTTPS: HTTP over TLS (Transport Layer Security), [RFC2818]. 239 o IDN: Internationalized Domain Name, see definition of IDN in 240 [RFC7719]. 242 o Lookup Key: A random string of up to 51 chars from the set [a-zA- 243 Z0-9/] to be used as the lookup key by Registrars to obtain the 244 TCN using the CNIS. Lookup Keys are unique and are related to one 245 DNL only. 247 o LORDN, List of Registered Domain Names: This is the list of 248 effectively allocated DNs matching a DNL of a PRM. Registries 249 will upload this list to the TMDB (during the NORDN process). 251 o Matching Rules: Some trademarks entitled to inclusion in the TMDB 252 include characters that are impermissible in the domain name 253 system (DNS) as a DNL. The TMV changes ( using the ICANN TMCH 254 Matching Rules [MatchingRules]) certain DNS-impermissible 255 characters in a trademark into DNS-permissible equivalent 256 characters 258 o NORDN, Notification of Registered Domain Names: The process by 259 which Registries upload their recent LORDN to the TMDB. 261 o PGP: Pretty Good Privacy, see [RFC4880] 263 o PKI: Public Key Infrastructure, see [RFC5280]. 265 o PRM, Pre-registered mark: Mark that has been pre-registered with 266 the ICANN TMCH. 268 o QLP Period, Qualified Launch Program Period: During this optional 269 period, a special process applies to DNs matching the Sunrise List 270 (SURL) and/or the DNL List, to ensure that TMHs are informed of a 271 DN matching their PRM. 273 o Registrant: see definition of Registrant in [RFC7719]. 275 o Registrar, Domain Name Registrar: see definition of Registrar in 276 [RFC7719]. 278 o Registry, Domain Name Registry, Registry Operator: see definition 279 of Registry in [RFC7719]. A Registry Operator is the contracting 280 party with ICANN for the TLD. 282 o SMD, Signed Mark Data: A cryptographically signed token issued by 283 the TMV to the TMH to be used in the Sunrise Period to apply for a 284 DN that matches a DNL of a PRM; see also [RFC7848]. An SMD 285 generated by an ICANN-approved trademark validator (TMV) contains 286 both the signed token and the TMV's PKIX certificate. 288 o SMD File: A file containing the SMD (see above) and some human 289 readable data. The latter is usually ignored in the processing of 290 the SMD File. See also Section 6.4. 292 o SMD Revocation List: The SMD Revocation List is used by Registries 293 (and optionally by Registrars) during the Sunrise Period to ensure 294 that an SMD is still valid (i.e. not revoked). The SMD Revocation 295 List has a similar function as CRLs used in PKI. 297 o SRS: Shared Registration System, see also 298 [ICANN-GTLD-AGB-20120604]. 300 o SURL, Sunrise List: The list of DNLs that are covered by a PRM and 301 eligible for Sunrise. 303 o Sunrise Period: During this period DNs matching a DNL of a PRM can 304 be exclusively obtained by the respective TMHs. For DNs matching 305 a PRM, a special process applies to ensure that TMHs are informed 306 on the effective allocation of a DN matching their PRM. 308 o TLD: Top-Level Domain Name, see definition of TLD in [RFC7719]. 310 o ICANN TMCH: a central repository for information to be 311 authenticated, stored, and disseminated, pertaining to the rights 312 of TMHs. The ICANN TMCH is split into two functions TMV and TMDB 313 (see below). There could be several entities performing the TMV 314 function, but only one entity performing the TMDB function. 316 o ICANN TMCH-CA: The Certificate Authority (CA) for the ICANN TMCH. 317 This CA is operated by ICANN. The public key for this CA is the 318 trust anchor used to validate the identity of each TMV. 320 o TMDB, Trademark Clearinghouse Database: Serves as a database of 321 the ICANN TMCH to provide information to the gTLD Registries and 322 Registrars to support Sunrise or Trademark Claims services. There 323 is only one TMDB in the ICANN TMCH that concentrates the 324 information about the "verified" Trademark records from the TMVs. 326 o TMH, Trademark Holder: The person or organization owning rights on 327 a mark. 329 o TMV, Trademark Validator, Trademark validation organization: An 330 entity authorized by ICANN to authenticate and validate 331 registrations in the TMDB ensuring the marks qualify as registered 332 or are court-validated marks or marks that are protected by 333 statute or treaty. This entity would also be asked to ensure that 334 proof of use of marks is provided, which can be demonstrated by 335 furnishing a signed declaration and one specimen of current use. 337 o Trademark, mark: Marks are used to claim exclusive properties of 338 products or services. A mark is typically a name, word, phrase, 339 logo, symbol, design, image, or a combination of these elements. 340 For the scope of this document only textual marks are relevant. 342 o Trademark Claims, Claims: Provides information to enhance the 343 understanding of the Trademark rights being claimed by the TMH. 345 o TCN, Trademark Claims Notice, Claims Notice, Trademark Notice: A 346 Trademark Claims Notice consist of one or more Trademark Claims 347 and are provided to prospective Registrants of DNs. 349 o TCNID, Trademark Claims Notice Identifier: An element of the 350 Trademark Claims Notice (see above), identifying said TCN. The 351 Trademark Claims Notice Identifier is specified in the element 352 . 354 o Trademark Claims Period: During this period, a special process 355 applies to DNs matching the DNL List, to ensure that TMHs are 356 informed of a DN matching their PRM. For DNs matching the DNL 357 List, Registrars show a TCN to prospective Registrants that has to 358 be acknowledged before effective allocation of the DN. 360 o UTC: Coordinated Universal Time, as maintained by the Bureau 361 International des Poids et Mesures (BIPM); see also [RFC3339]. 363 4. Architecture 365 4.1. Sunrise Period 367 Architecture of the Sunrise Period 369 SMD hand over (out-of-band) 370 .............................................. 371 : : 372 : .'''''''''''''''''''. : 373 : . ICANN TMCH . : 374 : ..................... : 375 v . . : 376 .------------. . .-------------. . hv .-----. 377 | Registrant | . | TMV |<---------->| TMH | 378 '------------' . '-------------' . vh '-----' 379 | . | ^ \ . 380 | . | | \. 381 tr | . vs | | dv \ 382 | . | vd | .\ 383 v . v v . \ 384 .-----------. sr . .---------. . \ 385 .->| Registrar |<..........| | . \ 386 : '-----------' . | | . \ 387 : | sy . | T | . \ 388 : ry | .------------| M | . vc \ 389 : | | . | D | . \ 390 : v v . | B | . v 391 : .-----------. . yd | | . .---------------. 392 : | Registry |---------->| | . | ICANN TMCH-CA | 393 : '-----------' . '---------' . '---------------' 394 : ^ . . | : 395 : | ''''''''''''''''''' | : 396 : | cy | : 397 : cr '-----------------------------------------' : 398 :......................................................: 400 Figure 1 402 4.2. Trademark Claims Period 404 Architecture of the Trademark Claims Period 406 .''''''''''''''. 407 . ICANN TMCH . 408 ................ 409 . . 410 .------------. . .-------. . hv .-----. 411 | Registrant | . | TMV |<----------->| TMH | 412 '------------' . '-------' . vh '-----' 413 | . ^ . 414 | . | dv . 415 tr | . vd | . 416 v . v . 417 .-----------. dr . .-------. . 418 | Registrar |<--------| | . 419 '-----------' . | T | . 420 ry | . | M | . 421 v . | D | . 422 .----------. dy . | B | . 423 | Registry |<------->| | . 424 '----------' yd . '-------' . 425 . . 426 '''''''''''''' 428 Figure 2 430 4.3. Interfaces 432 In the sub-sections below follows a short description of each 433 interface to provide an overview of the architecture. More detailed 434 descriptions of the relevant interfaces follow further below 435 (Section 5). 437 4.3.1. hv 439 The TMH registers a mark with a TMV via the hv interface. 441 After the successful registration of the mark, the TMV makes 442 available a SMD File (see also Section 6.4) to the TMH to be used 443 during the Sunrise Period. 445 The specifics of the hv interface are beyond the scope of this 446 document. 448 4.3.2. vd 450 After successful mark registration, the TMV ensures the TMDB inserts 451 the corresponding DNLs and mark information into the database via the 452 vd interface. 454 The specifics of the vd interface are beyond the scope of this 455 document. 457 4.3.3. dy 459 During the Trademark Claims Period the Registry fetches the latest 460 DNL List from the TMDB via the dy interface at regular intervals. 461 The protocol used on the dy interface is HTTPS. 463 Not relevant during the Sunrise Period. 465 4.3.4. tr 467 The Registrant communicates with the Registrar via the tr interface. 469 The specifics of the tr interface are beyond the scope of this 470 document. 472 4.3.5. ry 474 The Registrar communicate with the Registry via the ry interface. 475 The ry interfaces is typically implemented in EPP. 477 4.3.6. dr 479 During the Trademark Claims Period, the Registrar fetches the TCN 480 from the TMDB (to be displayed to the Registrant via the tr 481 interface) via the dr interface. The protocol used for fetching the 482 TCN is HTTPS. 484 Not relevant during the Sunrise Period. 486 4.3.7. yd 488 During the Sunrise Period the Registry notifies the TMDB via the yd 489 interface of all DNs effectively allocated. 491 During the Trademark Claims Period, the Registry notifies the TMDB 492 via the yd interface of all DNs effectively allocated that matched an 493 entry in the Registry previously downloaded DNL List during the 494 creation of the DN. 496 The protocol used on the yd interface is HTTPS. 498 4.3.8. dv 500 The TMDB notifies via the dv interface to the TMV of all DNs 501 effectively allocated that match a mark registered by that TMV. 503 The specifics of the dv interface are beyond the scope of this 504 document. 506 4.3.9. vh 508 The TMV notifies the TMH via the vh interface after a DN has been 509 effectively allocated that matches a PRM of this TMH. 511 The specifics of the vh interface are beyond the scope of this 512 document. 514 4.3.10. vs 516 The TMV requests to add a revoked SMD to the SMD Revocation List at 517 the TMDB. 519 The specifics of the vs interface are beyond the scope of this 520 document. 522 Not relevant during the Trademark Claims Period. 524 4.3.11. sy 526 During the Sunrise Period the Registry fetches the most recent SMD 527 Revocation List from the TMDB via the sy interface in regular 528 intervals. The protocol used on the sy interface is HTTPS. 530 Not relevant during the Trademark Claims Period. 532 4.3.12. sr 534 During the Sunrise Period the Registrar may fetch the most recent SMD 535 Revocation List from the TMDB via the sr interface. The protocol 536 used on the sr interface is the same as on the sy interface (s. 537 above), i.e. HTTPS. 539 Not relevant during the Trademark Claims Period. 541 4.3.13. vc 543 The TMV registers its public key, and requests to revoke an existing 544 key, with the ICANN TMCH-CA over the vc interface. 546 The specifics of the vc interface are beyond the scope of this 547 document, but it involves personal communication between the 548 operators of the TMV and the operators of the ICANN TMCH-CA. 550 Not relevant during the Trademark Claims Period. 552 4.3.14. cy 554 During the Sunrise Period the Registry fetches the most recent TMV 555 CRL file from the ICANN TMCH-CA via the cy interface at regular 556 intervals. The TMV CRL is used for validation of TMV certificates. 557 The protocol used on the cy interface is HTTPS. 559 Not relevant during the Trademark Claims Period. 561 4.3.15. cr 563 During the Sunrise Period the Registrar optionally fetches the most 564 recent TMV CRL file from the ICANN TMCH-CA via the cr interface at 565 regular intervals. The TMV CRL is used for validation of TMV 566 certificates. The protocol used on the cr interface is HTTPS. 568 Not relevant during the Trademark Claims Period. 570 5. Process Descriptions 572 5.1. Bootstrapping 574 5.1.1. Bootstrapping for Registries 576 5.1.1.1. Credentials 578 Each Registry Operator will receive authentication credentials from 579 the TMDB to be used: 581 o During the Sunrise Period to fetch the SMD Revocation List from 582 the TMBD via the sy interface (Section 4.3.11). 584 o During the Trademark Claims Period to fetch the DNL List from the 585 TMDB via the dy interface (Section 4.3.3). 587 o During the NORDN process to notify the LORDN to the TMDB via the 588 yd interface (Section 4.3.7). 590 Note: credentials are created per TLD and provided to the Registry 591 Operator. 593 5.1.1.2. IP Addresses for Access Control 595 Each Registry Operator MUST provide to the TMDB all IP addresses that 596 will be used to: 598 o Fetch the SMD Revocation List via the sy interface 599 (Section 4.3.11). 601 o Fetch the DNL List from the TMDB via the dy interface 602 (Section 4.3.3). 604 o Upload the LORDN to the TMDB via the yd interface (Section 4.3.7). 606 This access restriction MAY be applied by the TMDB in addition to 607 HTTP Basic access authentication (see [RFC7235]). For credentials to 608 be used, see Section 5.1.1.1. 610 The TMDB MAY limit the number of IP addresses to be accepted per 611 Registry Operator. 613 5.1.1.3. ICANN TMCH Trust Anchor 615 Each Registry Operator MUST fetch the PKIX certificate ([RFC5280]) of 616 the ICANN TMCH-CA (Trust Anchor) from < https://ca.icann.org/ 617 tmch.crt > to be used: 619 o During the Sunrise Period to validate the TMV certificates and the 620 TMV CRL. 622 5.1.1.4. TMDB PGP Key 624 The TMDB MUST provide each Registry Operator with the public portion 625 of the PGP Key used by TMDB, to be used: 627 o During the Sunrise Period to perform integrity checking of the SMD 628 Revocation List fetched from the TMDB via the sy interface 629 (Section 4.3.11). 631 o During the Trademark Claims Period to perform integrity checking 632 of the DNL List fetched from the TMDB via the dy interface 633 (Section 4.3.3). 635 5.1.2. Bootstrapping for Registrars 637 5.1.2.1. Credentials 639 Each ICANN-accredited Registrar will receive authentication 640 credentials from the TMDB to be used: 642 o During the Sunrise Period to (optionally) fetch the SMD Revocation 643 List from the TMDB via the sr interface (Section 4.3.12). 645 o During the Trademark Claims Period to fetch TCNs from the TMDB via 646 the dr interface (Section 4.3.6). 648 5.1.2.2. IP Addresses for Access Control 650 Each Registrar MUST provide to the TMDB all IP addresses, which will 651 be used to: 653 o Fetch the SMD Revocation List via the sr interface 654 (Section 4.3.12). 656 o Fetch TCNs via the dr interface (Section 4.3.6). 658 This access restriction MAY be applied by the TMDB in addition to 659 HTTP Basic access authentication (for credentials to be used, see 660 Section 5.1.2.1). 662 The TMDB MAY limit the number of IP addresses to be accepted per 663 Registrar. 665 5.1.2.3. ICANN TMCH Trust Anchor 667 Registrars MAY fetch the PKIX certificate of the ICANN TMCH-CA (Trust 668 Anchor) from < https://ca.icann.org/tmch.crt > to be used: 670 o During the Sunrise Period to (optionally) validate the TMV 671 certificates and TMV CRL. 673 5.1.2.4. TMDB PGP Key 675 Registrars MUST receive the public portion of the PGP Key used by 676 TMDB from the TMDB administrator to be used: 678 o During the Sunrise Period to (optionally) perform integrity 679 checking of the SMD Revocation List fetched from the TMDB via the 680 sr interface (Section 4.3.12). 682 5.2. Sunrise Period 684 5.2.1. Domain Name registration 686 Domain Name registration during the Sunrise Period 688 .------------. .-----------. .----------. 689 | Registrant | | Registrar | | Registry | 690 '------------' '-----------' '----------' 691 | | | 692 | Request DN | | 693 | registration | | 694 | (with SMD) | | 695 |---------------->| Check DN availability | 696 | |---------------------------->| 697 | | | 698 | | DN unavailable .-------------. 699 | DN unavailable |<--------------------( DN available? ) 700 |<----------------| no '-------------' 701 | | | yes 702 | | DN available | 703 | |<----------------------------| 704 | | | 705 | | Request DN registration | 706 | | (with SMD) | 707 | |---------------------------->| 708 | | | 709 | | .------------------------------. 710 | | | DN registration validation / | 711 | | | SMD validation | 712 | | '------------------------------' 713 | | | 714 | Registration |.-----------. Error .----------------------. 715 | error || TRY AGAIN |<-----( Validation successful? ) 716 |<----------------|| / ABORT | no '----------------------' 717 | |'-----------' | yes 718 | | | 719 | | DN registered | 720 | DN registered |<----------------------------| 721 |<----------------| | 722 | | | 724 Figure 3 726 Note: the figure depicted above represents a synchronous DN 727 registration workflow (usually called first come first served). 729 5.2.2. Sunrise Domain Name registration by Registries 731 Registries MUST perform a minimum set of checks for verifying each DN 732 registration during the Sunrise Period upon reception of a 733 registration request over the ry interface (Section 4.3.5). If any 734 of these checks fails the Registry MUST abort the registration. Each 735 of these checks MUST be performed before the DN is effectively 736 allocated. 738 In case of asynchronous registrations (e.g. auctions), the minimum 739 set of checks MAY be performed when creating the intermediate object 740 (e.g. a DN application) used for DN registration. If the minimum set 741 of checks is performed when creating the intermediate object (e.g. a 742 DN application) a Registry MAY effective allocate the DN without 743 performing the minimum set of checks again. 745 Performing the minimum set of checks Registries MUST verify that: 747 1. An SMD has been received from the Registrar along with the DN 748 registration. 750 2. The certificate of the TMV has been correctly signed by the ICANN 751 TMCH-CA. (The certificate of the TMV is contained within the 752 SMD.) 754 3. The datetime when the validation is done is within the validity 755 period of the TMV certificate. 757 4. The certificate of the TMV is not listed in the TMV CRL file 758 specified in the CRL distribution point of the TMV certificate. 760 5. The signature of the SMD (signed with the TMV certificate) is 761 valid. 763 6. The datetime when the validation is done is within the validity 764 period of the SMD based on and 765 elements. 767 7. The SMD has not been revoked, i.e., is not contained in the SMD 768 Revocation List. 770 8. The leftmost DNL of the DN being effectively allocated matches 771 one of the labels () elements in the SMD. For 772 example, if the DN "xn--mgbachtv.xn--mgbh0fb" is being 773 effectively allocated, the leftmost DNL would be "xn--mgbachtv". 775 These procedure apply to all DN effective allocations at the second 776 level as well as to all other levels subordinate to the TLD that the 777 Registry accepts registrations for. 779 5.2.3. TMDB Sunrise Services for Registries 781 5.2.3.1. SMD Revocation List 783 A new SMD Revocation List MUST be published by the TMDB twice a day, 784 by 00:00:00 and 12:00:00 UTC. 786 Registries MUST refresh the latest version of the SMD Revocation List 787 at least once every 24 hours. 789 Note: the SMD Revocation List will be the same regardless of the TLD. 790 If a Backend Registry Operator manages the infrastructure of several 791 TLDs, the Backend Registry Operator could refresh the SMD Revocation 792 List once every 24 hours, the SMD Revocation List could be used for 793 all the TLDs managed by the Backend Registry Operator. 795 Update of the SMD Revocation List 797 .----------. .------. 798 | Registry | | TMDB | 799 '----------' '------' 800 | | 801 .----------------. | 802 | Periodically, | | 803 | at least | | 804 | every 24 hours | | 805 '----------------' | 806 | | 807 |----------------------------------------------------->| 808 | Download the latest SMD Revocation List | 809 |<-----------------------------------------------------| 810 | | 811 | | 813 Figure 4 815 5.2.3.2. TMV Certificate Revocation List (CRL) 817 Registries MUST refresh their local copy of the TMV CRL file at least 818 every 24 hours using the CRL distribution point specified in the TMV 819 certificate. 821 Operationally, the TMV CRL file and CRL distribution point is the 822 same for all TMVs and (at publication of this document) located at < 823 http://crl.icann.org/tmch.crl >. 825 Note: the TMV CRL file will be the same regardless of the TLD. If a 826 Backend Registry Operator manages the infrastructure of several TLDs, 827 the Backend Registry Operator could refresh the TMV CRL file once 828 every 24 hours, the TMV CRL file could be used for all the TLDs 829 managed by the Backend Registry Operator. 831 Update of the TMV CRL file 833 .----------. .---------------. 834 | Registry | | ICANN TMCH-CA | 835 '----------' '---------------' 836 | | 837 .----------------. | 838 | Periodically, | | 839 | at least | | 840 | every 24 hours | | 841 '----------------' | 842 | | 843 |-------------------------------------------->| 844 | Download the latest TMV CRL file | 845 |<--------------------------------------------| 846 | | 847 | | 849 Figure 5 851 5.2.3.3. Notice of Registered Domain Names (NORN) 853 The Registry MUST send a LORDN file containing DNs effectively 854 allocated to the TMDB (over the yd interface, Section 4.3.7). 856 The effective allocation of a DN MUST be reported by the Registry to 857 the TMDB within 26 hours of the effective allocation of such DN. 859 The Registry MUST create and upload a LORDN file in case there are 860 effective allocations in the SRS, that have not been successfully 861 reported to the TMDB in a previous LORDN file. 863 Based on the timers used by TMVs and the TMDB, the RECOMMENDED 864 maximum frequency to upload LORDN files from the Registries to the 865 TMDB is every 3 hours. 867 It is RECOMMENDED that Registries try to upload at least two LORDN 868 files per day to the TMDB with enough time in between, in order to 869 have time to fix problems reported in the LORDN file. 871 The Registry SHOULD upload a LORDN file only when the previous LORDN 872 file has been processed by the TMDB and the related LORDN Log file 873 has been downloaded and processed by the Registry. 875 The Registry MUST upload LORDN files for DNs effectively allocated 876 during the Sunrise or Trademark Claims Period (same applies to DNs 877 effectively allocated using applications created during the Sunrise 878 or Trademark Claims Period in case of using asynchronous 879 registrations). 881 The yd interface (Section 4.3.7) MUST support at least one (1) and 882 MAY support up to ten (10) concurrent connections from each IP 883 address registered by a Registry Operator to access the service. 885 The TMDB MUST process each uploaded LORDN file and make the related 886 log file available for Registry download within 30 minutes of the 887 finalization of the upload. 889 Notification of Registered Domain Name 891 .----------. .------. .-----. .-----. 892 | Registry | | TMDB | | TMV | | TMH | 893 '----------' '------' '-----' '-----' 894 | | | | 895 .------------------. | | | 896 | Periodically | | | | 897 | upload LORDN | | | | 898 | file | | | | 899 '------------------' | | | 900 | | | | 901 .--------->| Upload LORDN | | | 902 | |-------------------->| | | 903 | | | | | 904 | | .-------------------------. | | 905 | | | Verify each domain name | | | 906 | | | in the uploaded file | | | 907 | | | (within 30') | | | 908 | | '-------------------------' | | 909 | | | ._____.| | 910 | | Download Log file | | END || | 911 | |<--------------------| '-----'| | 912 | | | ^ | | 913 | .-----------------. .---------------. | | | 914 | | Check whether | / everything fine \ no | | | 915 | | Log file | ( (i.e. no errors )---' | | 916 | | contains errors | \ in Log file )? / | | 917 | '-----------------' '---------------' | | 918 | | | yes | | 919 | .---------------. | | | 920 | / everything fine \ yes | | | 921 |( (i.e. no errors )-----. | Notify TMVs | | 922 | \ in Log file )? / | | on the LORDN | | 923 | '---------------' | | pre-registered | | 924 | | no v | with said TMV | | 925 | .----------------. .------. |--------------->| | 926 '-| Correct Errors | | DONE | | | | 927 '----------------' '------' | | Notify each | 928 | | | affected TMH | 929 | | |-------------->| 930 | | | | 932 Figure 6 934 The format used for the LORDN is described in Section 6.3 936 5.2.4. Sunrise Domain Name registration by Registrars 938 Registrars MAY choose to perform the checks for verifying DN 939 registrations as performed by the Registries (see Section 5.2.2) 940 before sending the command to register a DN. 942 5.2.5. TMDB Sunrise Services for Registrars 944 The processes described in Section 5.2.3.1 and Section 5.2.3.2 are 945 also available for Registrars to optionally validate the SMDs 946 received. 948 5.3. Trademark Claims Period 950 5.3.1. Domain Registration 952 Domain Name registration during the Trademark Claims Period 954 .------------. .-----------. .----------. .------. 955 | Registrant | | Registrar | | Registry | | TMDB | 956 '------------' '-----------' '----------' '------' 957 | Request DN | | | 958 | registration | | | 959 |--------------->| Check DN availability | | 960 | |--------------------------->| | 961 | | DN unavailable .-------------. | 962 | DN unavailable |<-------------------( DN available? ) | 963 |<---------------| no '-------------' | 964 | | DN available | yes | 965 | |<---------------------------| | 966 | | Request Lookup key | | 967 | |--------------------------->| | 968 | |.__________. .---------. | 969 | || CONTINUE | / Does DN \ | 970 | || NORMALLY |<--------( match DNL ) | 971 | |'----------' no \ of PRM? / | 972 | | '---------' | 973 | | Lookup key | yes | 974 | |<----------------------------' | 975 | | | 976 .-----. | | Request TCN | 977 |ABORT| | Display |---------------------------------------->| 978 '-----' | Claims | Return TCN | 979 ^ | Notice |<----------------------------------------| 980 | no |<---------------| | 981 | .------. yes | | 982 '-( Ack? )----------->| Register DN (with TCNID) | | 983 '------' |--------------------------->| | 984 | Registration | Error .----------------------. | 985 | error |<-------------( Validation successful? ) | 986 |<---------------| no '----------------------' | 987 | | | yes | 988 | | DN registered | | 989 | DN registered |<---------------------------| | 990 |<---------------| | | 992 Figure 7 994 Note: the figure depicted above represents a synchronous DN 995 registration workflow (usually called first come first served). 997 5.3.2. Trademark Claims Domain Name registration by Registries 999 During the Trademark Claims Period, Registries perform two main 1000 functions: 1002 o Registries MUST provide Registrars (over the ry interface, 1003 Section 4.3.5) the Lookup Key used to retrieve the TCNs for DNs 1004 that match the DNL List. 1006 o Registries MUST provide the Lookup Key only when queried about a 1007 specific DN. 1009 o For each DN matching a DNL of a PRM, Registries MUST perform a 1010 minimum set of checks for verifying DN registrations during the 1011 Trademark Claims Period upon reception of a registration request 1012 over the ry interface (Section 4.3.5). If any of these checks 1013 fails the Registry MUST abort the registration. Each of these 1014 checks MUST be performed before the DN is effectively allocated. 1016 o In case of asynchronous registrations (e.g. auctions), the minimum 1017 set of checks MAY be performed when creating the intermediate 1018 object (e.g. a DN application) used for DN effective allocation. 1019 If the minimum set of checks is performed when creating the 1020 intermediate object (e.g. a DN application) a Registry MAY 1021 effective allocate the DN without performing the minimum set of 1022 checks again. 1024 o Performing the minimum set of checks Registries MUST verify that: 1026 1. The TCNID (), expiration datetime 1027 () and acceptance datetime of the TCN, have 1028 been received from the Registrar along with the DN 1029 registration. 1031 If the three elements mentioned above are not provided by 1032 the Registrar for a DN matching a DNL of a PRM, but the DNL 1033 was inserted (or re-inserted) for the first time into DNL 1034 List less than 24 hours ago, the registration MAY continue 1035 without this data and the tests listed below are not 1036 required to be performed. 1038 2. The TCN has not expired (according to the expiration datetime 1039 sent by the Registrar). 1041 3. The acceptance datetime is within the window of time defined 1042 by ICANN policy. In the gTLD round of 2012, Registrars 1043 verified that the acceptance datetime was less than or equal 1044 to 48 hours in the past, as there were no defined ICANN 1045 policies at that time. Implementers should be aware that 1046 ICANN policy may define this value in the future. 1048 4. Using the leftmost DNL of the DN being effectively allocated, 1049 the expiration datetime provided by the Registrar, and the 1050 TMDB Notice Identifier extracted from the TCNID provided by 1051 the Registrar compute the TCN Checksum. Verify that the 1052 computed TCN Checksum match the TCN Checksum present in the 1053 TCNID. For example, if the DN "xn--mgbachtv.xn--mgbh0fb" is 1054 being effectively allocated, the leftmost DNL would be "xn-- 1055 mgbachtv". 1057 These procedures apply to all DN registrations at the second level as 1058 well as to all other levels subordinate to the TLD that the Registry 1059 accepts registrations for. 1061 5.3.3. TMBD Trademark Claims Services for Registries 1063 5.3.3.1. Domain Name Label (DNL) List 1065 A new DNL List MUST be published by the TMDB twice a day, by 00:00:00 1066 and 12:00:00 UTC. 1068 Registries MUST refresh the latest version of the DNL List at least 1069 once every 24 hours. 1071 Update of the DNL List 1073 .----------. .------. 1074 | Registry | | TMDB | 1075 '----------' '------' 1076 | | 1077 .----------------. | 1078 | Periodically, | | 1079 | at least | | 1080 | every 24 hours | | 1081 '----------------' | 1082 | | 1083 |-------------------------------->| 1084 | Download the latest DNL List | 1085 |<--------------------------------| 1086 | | 1087 | | 1089 Figure 8 1091 Note: the DNL List will be the same regardless of the TLD. If a 1092 Backend Registry Operator manages the infrastructure of several TLDs, 1093 the Backend Registry Operator could refresh the DNL List once every 1094 24 hours, the DNL List could be used for all the TLDs managed by the 1095 Backend Registry Operator. 1097 5.3.3.2. Notice of Registered Domain Names (NORN) 1099 The NORDN process during the Trademark Claims Period is almost the 1100 same as during Sunrise Period as defined in Section 5.2.3.3 with the 1101 difference that only registrations subject to a Trademark Claim 1102 (i.e., at registration time the name appeared in the current DNL List 1103 downloaded by the Registry Operator) are included in the LORDN. 1105 5.3.4. Trademark Claims Domain Name registration by Registrars 1107 For each DN matching a DNL of a PRM, Registrars MUST perform the 1108 following steps: 1110 1. Use the Lookup Key received from the Registry to obtain the TCN 1111 from the TMDB using the dr interface (Section 4.3.6) Registrars 1112 MUST only query for the Lookup Key of a DN that is available for 1113 registration. 1115 2. Present the TCN to the Registrant as described in Exhibit A, 1116 [RPM-Requirements]. 1118 3. Ask Registrant for acknowledgement, i.e. the Registrant MUST 1119 consent with the TCN, before any further processing. (The 1120 transmission of a TCNID to the Registry over the ry interface, 1121 Section 4.3.5 implies that the Registrant has expressed his/her 1122 consent with the TCN.) 1124 4. Perform the minimum set of checks for verifying DN registrations. 1125 If any of these checks fails the Registrar MUST abort the DN 1126 registration. Each of these checks MUST be performed before the 1127 registration is sent to the Registry. Performing the minimum set 1128 of checks Registrars MUST verify that: 1130 1. The datetime when the validation is done is within the TCN 1131 validity based on the and 1132 elements. 1134 2. The leftmost DNL of the DN being effectively allocated 1135 matches the label () element in the TCN. For 1136 example, if the DN "xn--mgbachtv.xn--mgbh0fb" is being 1137 effectively allocated, the leftmost DNL would be "xn-- 1138 mgbachtv". 1140 3. The Registrant has acknowledged (expressed his/her consent 1141 with) the TCN. 1143 5. Record the date and time when the registrant acknowledged the 1144 TCN. 1146 6. Send the registration to the Registry (ry interface, 1147 Section 4.3.5) and include the following information: 1149 * TCNID () 1151 * Expiration date of the TCN () 1153 * Acceptance datetime of the TCN. 1155 Currently TCNs are generated twice a day by the TMDB. The expiration 1156 date () of each TCN MUST be set to a value defined 1157 by ICANN policy. In the gTLD round of 2012, the TMDB set the 1158 expiration value to 48 hours in to the future as there were no 1159 defined ICANN policies at that time. Implementers should be aware 1160 that ICANN policy may define this value in the future. 1162 Registrars SHOULD implement a cache of TCNs to minimize the number of 1163 queries sent to the TMDB. A cached TCN MUST be removed from the 1164 cache after the expiration date of the TCN as defined by 1165 . 1167 The TMDB MAY implement rate-limiting as one of the protection 1168 mechanisms to mitigate the risk of performance degradation. 1170 5.3.5. TMBD Trademark Claims Services for Registrars 1172 5.3.5.1. Claims Notice Information Service (CNIS) 1174 The TCNs are provided by the TMDB online and are fetched by the 1175 Registrar via the dr interface (Section 4.3.6). 1177 To get access to the TCNs, the Registrar needs the credentials 1178 provided by the TMDB (Section 5.1.2.1) and the Lookup Key received 1179 from the Registry via the ry interface (Section 4.3.5). The dr 1180 interface (Section 4.3.6) uses HTTPS with Basic access 1181 authentication. 1183 The dr interface (Section 4.3.6) MAY support up to ten (10) 1184 concurrent connections from each Registrar. 1186 The URL of the dr interface (Section 4.3.6) is: 1188 < https:///cnis/.xml > 1190 Note that the "lookupkey" may contain SLASH characters ("/"). The 1191 SLASH character is part of the URL path and MUST NOT be escaped when 1192 requesting the TCN. 1194 The TLS certificate (HTTPS) used on the dr interface (Section 4.3.6) 1195 MUST be signed by a well-know public CA. Registrars MUST perform the 1196 Certification Path Validation described in Section 6 of [RFC5280]. 1197 Registrars will be authenticated in the dr interface using HTTP Basic 1198 access authentication. The dr (Section 4.3.6) interface MUST support 1199 HTTPS keep-alive and MUST maintain the connection for up to 30 1200 minutes. 1202 5.4. Qualified Launch Program (QLP) Period 1204 5.4.1. Domain Registration 1206 During the OPTIONAL (see [QLP-Addendum]) Qualified Launch Program 1207 (QLP) Period effective allocations of DNs to third parties could 1208 require that Registries and Registrars provide Sunrise and/or 1209 Trademark Claims services. If required, Registries and Registrars 1210 MUST provide Sunrise and/or Trademark Claims services as described in 1211 Section 5.2 and Section 5.3. 1213 The effective allocation scenarios are: 1215 o If the leftmost DNL of the DN being effectively allocated (QLP 1216 Name in this section) matches a DNL in the SURL, and an SMD is 1217 provided, then Registries MUST provide Sunrise Services (see 1218 Section 5.2) and the DN MUST be reported in a Sunrise LORDN file 1219 during the QLP Period. For example, if the DN "xn--mgbachtv.xn-- 1220 mgbh0fb" is being effectively allocated, the leftmost DNL would be 1221 "xn--mgbachtv". 1223 o If the QLP Name matches a DNL in the SURL but does not match a DNL 1224 in the DNL List, and an SMD is NOT provided (see section 2.2 of 1225 [QLP-Addendum]), then the DN MUST be reported in a Sunrise LORDN 1226 file using the special SMD-id "99999-99999" during the QLP Period. 1228 o If the QLP Name matches a DNL in the SURL and also matches a DNL 1229 in the DNL List, and an SMD is NOT provided (see section 2.2 of 1230 [QLP-Addendum]), then Registries MUST provide Trademark Claims 1231 services (see Section 5.3) and the DN MUST be reported in a 1232 Trademark Claims LORDN file during the QLP Period. 1234 o If the QLP Name matches a DNL in the DNL List but does not match a 1235 DNL in the SURL, then Registries MUST provide Trademark Claims 1236 services (see Section 5.2) and the DN MUST be reported in a 1237 Trademark Claims LORDN file during the QLP Period. 1239 The following table lists all the effective allocation scenarios 1240 during a QLP Period: 1242 +--------+---------+-----------------+--------------+---------------+ 1243 | QLP | QLP | SMD was | Registry | Registry MUST | 1244 | Name | Name | provided by the | MUST provide | report DN | 1245 | match | match | potential | Sunrise or | registration | 1246 | in the | in the | Registrant | Trademark | in | 1247 | SURL | DNL | | Claims | LORDN file | 1248 | | List | | Services | | 1249 +--------+---------+-----------------+--------------+---------------+ 1250 | Y | Y | Y | Sunrise | Sunrise | 1251 | | | | | | 1252 | Y | N | Y | Sunrise | Sunrise | 1253 | | | | | | 1254 | N | Y | -- | Trademark | Trademark | 1255 | | | | Claims | Claims | 1256 | | | | | | 1257 | N | N | -- | -- | -- | 1258 | | | | | | 1259 | Y | Y | N (see section | Trademark | Trademark | 1260 | | | 2.2 of | Claims | Claims | 1261 | | | [QLP-Addendum]) | | | 1262 | | | | | | 1263 | Y | N | N (see section | -- | Sunrise | 1264 | | | 2.2 of | | (using | 1265 | | | [QLP-Addendum]) | | special SMD- | 1266 | | | | | id) | 1267 +--------+---------+-----------------+--------------+---------------+ 1269 QLP Effective Allocation Scenarios 1271 The TMDB MUST provide the following services to Registries during a 1272 QLP Period: 1274 o SMD Revocation List (see Section 5.2.3.1) 1276 o NORN (see Section 5.2.3.3) 1278 o DNL List (see Section 5.3.3.1) 1280 o Sunrise List (SURL) (see Section 5.4.2.1 1282 The TMDB MUST provide the following services to Registrars during a 1283 QLP Period: 1285 o SMD Revocation List (see Section 5.2.3.1) 1286 o CNIS (see Section 5.3.5.1) 1288 5.4.2. TMBD QLP Services for Registries 1290 5.4.2.1. Sunrise List (SURL) 1292 A new Sunrise List (SURL) MUST be published by the TMDB twice a day, 1293 by 00:00:00 and 12:00:00 UTC. 1295 Registries offering the OPTIONAL QLP Period MUST refresh the latest 1296 version of the SURL at least once every 24 hours. 1298 Update of the SURL 1300 .----------. .------. 1301 | Registry | | TMDB | 1302 '----------' '------' 1303 | | 1304 .----------------. | 1305 | Periodically, | | 1306 | at least | | 1307 | every 24 hours | | 1308 '----------------' | 1309 | | 1310 |------------------------------->| 1311 | Download the latest SURL | 1312 |<-------------------------------| 1313 | | 1314 | | 1316 Figure 9 1318 Note: the SURL will be the same regardless of the TLD. If a Backend 1319 Registry Operator manages the infrastructure of several TLDs, the 1320 Backend Registry Operator could refresh the SURL once every 24 hours, 1321 the SURL could be used for all the TLDs managed by the Backend 1322 Registry Operator. 1324 6. Data Format Descriptions 1326 6.1. Domain Name Label (DNL) List 1328 This section defines the format of the list containing every Domain 1329 Name Label (DNL) that matches a Pre-Registered Mark (PRM). The list 1330 is maintained by the TMDB and downloaded by Registries in regular 1331 intervals (see Section 5.3.3.1). The Registries use the DNL List 1332 during the Trademark Claims Period to check whether a requested DN 1333 matches a DNL of a PRM. 1335 The DNL List contains all the DNLs covered by a PRM present in the 1336 TMDB at the datetime it is generated. 1338 The DNL List is contained in a CSV formatted file that has the 1339 following structure: 1341 o first line: , 1343 Where: 1345 + , version of the file, this field MUST be 1. 1347 + , date and time in UTC that the 1348 DNL List was created. 1350 o second line: a header line as specified in [RFC4180] 1352 With the header names as follows: 1354 DNL,lookup-key,insertion-datetime 1356 o One or more lines with: ,, 1359 Where: 1361 + , a Domain Name Label covered by a PRM. 1363 + , lookup key that the Registry MUST provide to 1364 the Registrar. The lookup key has the following format: 1365
////, where: 1368 - YYYY: year that the TCN was generated. 1370 - MM: zero-padded month that the TCN was generated. 1372 - DD: zero-padded day that the TCN was generated. 1374 - vv: version of the TCN, possible values are 00 and 01. 1376 - X: one hexadecimal digit [0-9A-F]. This is the first, 1377 second and third hexadecimal digit of encoding the 1378 in base16 as specified in [RFC4648]. 1380 - Random bits: 144 random bits encoded in base64url as 1381 specified in [RFC4648]. 1383 - Sequential number: zero-padded natural number in the 1384 range 0000000001 to 2147483647. 1386 + , datetime in UTC that the DNL was 1387 first inserted into the DNL List. The possible two values 1388 of time for inserting a DNL to the DNL List are 00:00:00 and 1389 12:00:00 UTC. 1391 Example of a DNL List 1393 1,2012-08-16T00:00:00.0Z 1394 DNL,lookup-key,insertion-datetime 1395 example,2013041500/2/6/9/rJ1NrDO92vDsAzf7EQzgjX4R0000000001,\ 1396 2010-07-14T00:00:00.0Z 1397 another-example,2013041500/6/A/5/alJAqG2vI2BmCv5PfUvuDkf40000000002,\ 1398 2012-08-16T00:00:00.0Z 1399 anotherexample,2013041500/A/C/7/rHdC4wnrWRvPY6nneCVtQhFj0000000003,\ 1400 2011-08-16T12:00:00.0Z 1402 Figure 10 1404 To provide authentication and integrity protection, the DNL List will 1405 be PGP [RFC4880] signed by the TMDB (see also Section 5.1.1.4). The 1406 PGP signature of the DNL List can be found in the similar URI but 1407 with extension .sig as shown below. 1409 The URL of the dy interface (Section 4.3.3) is: 1411 o < https:///dnl/dnl-latest.csv > 1413 o < https:///dnl/dnl-latest.sig > 1415 6.2. SMD Revocation List 1417 This section defines the format of the list of SMDs that have been 1418 revoked. The list is maintained by the TMDB and downloaded by 1419 Registries (and optionally by Registrars) in regular intervals (see 1420 Section 5.2.3.1). The SMD Revocation List is used during the Sunrise 1421 Period to validate SMDs received. The SMD Revocation List has a 1422 similar function as CRLs used in PKI [RFC5280]. 1424 The SMD Revocation List contains all the revoked SMDs present in the 1425 TMDB at the datetime it is generated. 1427 The SMD Revocation List is contained in a CSV formatted file that has 1428 the following structure: 1430 o first line: , 1432 Where: 1434 + , version of the file, this field MUST be 1. 1436 + , datetime in UTC 1437 that the SMD Revocation List was created. 1439 o second line: a header line as specified in [RFC4180] 1441 With the header names as follows: 1443 smd-id,insertion-datetime 1445 o One or more lines with: , 1447 Where: 1449 + , identifier of the SMD that was revoked. 1451 + , revocation datetime in UTC of the 1452 SMD. The possible two values of time for inserting an SMD 1453 to the SMD Revocation List are 00:00:00 and 12:00:00 UTC. 1455 To provide integrity protection, the SMD Revocation List is PGP 1456 signed by the TMDB (see also Section 5.1.1.4). The SMD Revocation 1457 List is provided by the TMDB with extension .csv. The PGP signature 1458 of the SMD Revocation List can be found in the similar URI but with 1459 extension .sig as shown below. 1461 The URL of the sr interface (Section 4.3.12) and sy interface 1462 (Section 4.3.11) is: 1464 o < https:///smdrl/smdrl-latest.csv > 1466 o < https:///smdrl/smdrl-latest.sig > 1467 Example of an SMD Revocation List 1469 1,2012-08-16T00:00:00.0Z 1470 smd-id,insertion-datetime 1471 2-2,2012-08-15T00:00:00.0Z 1472 3-2,2012-08-15T00:00:00.0Z 1473 1-2,2012-08-15T00:00:00.0Z 1475 Figure 11 1477 6.3. List of Registered Domain Names (LORDN) file 1479 This section defines the format of the List of Registered Domain 1480 Names (LORDN), which is maintained by each Registry and uploaded at 1481 least daily to the TMDB. Every time a DN matching a DNL of a PRM 1482 said DN is added to the LORDN along with further information related 1483 to its registration. 1485 The URIs of the yd interface (Section 4.3.7) used to upload the LORDN 1486 file is: 1488 o Sunrise LORDN file: 1490 < https:///LORDN//sunrise > 1492 o Trademark Claims LORDN file: 1494 < https:///LORDN//claims > 1496 During a QLP Period, Registries MAY be required to upload Sunrise or 1497 Trademark Claims LORDN files. The URIs of the yd interface used to 1498 upload LORDN files during a QLP Period is: 1500 o Sunrise LORDN file (during QLP Period): 1502 < https:///LORDN//sunrise/qlp > 1504 o Trademark Claims LORDN file (during a QLP Period): 1506 < https:///LORDN//claims/qlp > 1508 The yd interface (Section 4.3.7) returns the following HTTP status 1509 codes after a HTTP POST request method is received: 1511 o The interface provides a HTTP/202 status code if the interface was 1512 able to receive the LORDN file and the syntax of the LORDN file is 1513 correct. 1515 The interface provides the LORDN Transaction Identifier in the 1516 HTTP Entity-body that would be used by the Registry to download 1517 the LORDN Log file. The LORDN Transaction Identifier is a 1518 natural number zero-padded in the range 0000000000000000001 to 1519 9223372036854775807. 1521 The TMDB uses the element of the 1522 LORDN file as a unique client-side identifier. If a LORDN file 1523 with the same of a previously sent 1524 LORDN file is received by the TMDB, the LORDN Transaction 1525 Identifier of the previously sent LORDN file MUST be provided 1526 to the Registry. The TMDB MUST ignore the DN Lines present in 1527 the LORDN file if a LORDN file with the same was previously sent. 1530 The HTTP Location header field contains the URI where the LORDN 1531 Log file could be retrieved later, for example: 1533 202 Accepted 1535 Location: https:///LORDN/example/sunrise/0000000000000000001/result 1538 o The interface provides a HTTP/400 if the request is incorrect or 1539 the syntax of the LORDN file is incorrect. The TMDB MUST return a 1540 human readable message in the HTTP Entity-body regarding the 1541 incorrect syntax of the LORDN file. 1543 o The interface provides a HTTP/401 status code if the credentials 1544 provided does not authorize the Registry Operator to upload a 1545 LORDN file. 1547 o The TMDB MUST return a HTTP/404 status code when trying to upload 1548 a LORDN file using the https:///LORDN//sunrise/qlp or https:///LORDN//claims/qlp interface outside of a QLP Period 1551 plus 26 hours. 1553 o The interface provides a HTTP/500 status code if the system is 1554 experiencing a general failure. 1556 For example, to upload the Sunrise LORDN file for TLD "example", the 1557 URI would be: 1559 < https:///LORDN/example/sunrise > 1561 The LORDN is contained in a CSV formatted file that has the following 1562 structure: 1564 o For Sunrise Period: 1566 * first line: ,, 1569 Where: 1571 - , version of the file, this field MUST be 1. 1573 - , date and time in UTC that the 1574 LORDN was created. 1576 - , number of DN Lines present in the 1577 LORDN file. 1579 * second line: a header line as specified in [RFC4180] 1581 With the header names as follows: 1583 roid,domain-name,SMD-id,registrar-id,registration- 1584 datetime,application-datetime 1586 * One or more lines with: ,,,,, 1590 Where: 1592 - , DN Repository Object IDentifier (DNROID) in the 1593 SRS. 1595 - , DN that was effectively allocated. For 1596 IDNs, the A-label form is used. 1598 - , SMD ID used for registration. 1600 - , IANA Registrar ID. 1602 - , date and time in UTC that the 1603 domain was effectively allocated. 1605 - OPTIONAL , date and 1606 time in UTC that the application was created. The 1607 MUST be provided in 1608 case of a DN effective allocation based on an 1609 asynchronous registration (e.g., when using auctions). 1611 Example of a Sunrise LORDN file 1613 1,2012-08-16T00:00:00.0Z,3 1614 roid,domain-name,SMD-id,registrar-id,registration-datetime,\ 1615 application-datetime 1616 SH8013-REP,example1.gtld,1-2,9999,2012-08-15T13:20:00.0Z,\ 1617 2012-07-15T00:50:00.0Z 1618 EK77-REP,example2.gtld,2-2,9999,2012-08-15T14:00:03.0Z 1619 HB800-REP,example3.gtld,3-2,9999,2012-08-15T15:40:00.0Z 1621 Figure 12 1623 o For Trademark Claims Period: 1625 * first line: ,, 1628 Where: 1630 - , version of the file, this field MUST be 1. 1632 - , date and time in UTC that the 1633 LORDN was created. 1635 - , number of DN Lines present in the 1636 LORDN file. 1638 * second line: a header line as specified in [RFC4180] 1640 With the header names as follows: 1642 roid,domain-name,notice-id,registrar-id,registration- 1643 datetime,ack-datetime,application-datetime 1645 * One or more lines with: ,,,,,, 1649 Where: 1651 - , DN Repository Object IDentifier (DNROID) in the 1652 SRS. 1654 - , DN that was effectively allocated. For 1655 IDNs, the A-label form is used. 1657 - , Trademark Claims Notice Identifier as specified 1658 in . 1660 - , IANA Registrar ID. 1662 - , date and time in UTC that the 1663 domain was effectively allocated. 1665 - , date and time in UTC 1666 that the TCN was acknowledged. 1668 - OPTIONAL , date and 1669 time in UTC that the application was created. The 1670 MUST be provided in 1671 case of a DN effective allocation based on an 1672 asynchronous registration (e.g., when using auctions). 1674 For a DN matching a DNL of a PRM at the moment of 1675 registration, created without the TCNID, expiration datetime 1676 and acceptance datetime, because DNL was inserted (or re- 1677 inserted) for the first time into DNL List less than 24 1678 hours ago, the string "recent-dnl-insertion" MAY be 1679 specified in and . 1682 Example of a Trademark Claims LORDN file 1684 1,2012-08-16T00:00:00.0Z,3 1685 roid,domain-name,notice-id,registrar-id,registration-datetime,\ 1686 ack-datetime,application-datetime 1687 SH8013-REP,example1.gtld,a76716ed9223352036854775808,\ 1688 9999,2012-08-15T14:20:00.0Z,2012-08-15T13:20:00.0Z 1689 EK77-REP,example2.gtld,a7b786ed9223372036856775808,\ 1690 9999,2012-08-15T11:20:00.0Z,2012-08-15T11:19:00.0Z 1691 HB800-REP,example3.gtld,recent-dnl-insertion,\ 1692 9999,2012-08-15T13:20:00.0Z,recent-dnl-insertion 1694 Figure 13 1696 6.3.1. LORDN Log file 1698 After reception of the LORDN file, the TMDB verifies its content for 1699 syntactical and semantical correctness. The output of the LORDN file 1700 verification is retrieved using the yd interface (Section 4.3.7). 1702 The URI of the yd interface (Section 4.3.7) used to retrieve the 1703 LORDN Log file is: 1705 o Sunrise LORDN Log file: 1707 < https:///LORDN//sunrise//result > 1710 o Trademark Claims LORDN Log file: 1712 < https:///LORDN//claims//result > 1715 A Registry Operator MUST NOT send more than one request per minute 1716 per TLD to download a LORDN Log file. 1718 The yd interface (Section 4.3.7) returns the following HTTP status 1719 codes after a HTTP GET request method is received: 1721 o The interface provides a HTTP/200 status code if the interface was 1722 able to provide the LORDN Log file. The LORDN Log file is 1723 contained in the HTTP Entity-body. 1725 o The interface provides a HTTP/204 status code if the LORDN 1726 Transaction Identifier is correct, but the server has not 1727 finalized processing the LORDN file. 1729 o The interface provides a HTTP/400 status code if the request is 1730 incorrect. 1732 o The interface provides a HTTP/401 status code if the credentials 1733 provided does not authorize the Registry Operator to download the 1734 LORDN Log file. 1736 o The interface provides a HTTP/404 status code if the LORDN 1737 Transaction Identifier is incorrect. 1739 o The interface provides a HTTP/500 status code if the system is 1740 experiencing a general failure. 1742 For example, to obtain the LORDN Log file in case of a Sunrise LORDN 1743 file with LORDN Transaction Identifier 0000000000000000001 and TLD 1744 "example" the URI would be: 1746 < https:///LORDN/example/sunrise/0000000000000000001/result > 1749 The LORDN Log file is contained in a CSV formatted file that has the 1750 following structure: 1752 o first line: ,,,,,, 1756 Where: 1758 + , version of the file, this field MUST be 1. 1760 + , date and time in UTC that the 1761 LORDN Log was created. 1763 + , date and time in UTC of 1764 creation for the LORDN file that this log file is referring 1765 to. 1767 + , unique identifier of the LORDN Log 1768 provided by the TMDB. This identifier could be used by the 1769 Registry Operator to unequivocally identify the LORDN Log. 1770 The identified will be a string of a maximum LENGTH of 60 1771 characters from the Base 64 alphabet. 1773 + , whether the LORDN file has been accepted for 1774 processing by the TMDB. Possible values are "accepted" or 1775 "rejected". 1777 + , whether the LORDN Log has any warning result 1778 codes. Possible values are "no-warnings" or "warnings- 1779 present". 1781 + , number of DNs effective allocations 1782 processed in the LORDN file. 1784 A Registry Operator is NOT REQUIRED to process a LORDN Log with 1785 a ="accepted" and ="no-warnings". 1787 o second line: a header line as specified in [RFC4180] 1789 With the header names as follows: 1791 roid,result-code 1793 o One or more lines with: , 1795 Where: 1797 + , DN Repository Object IDentifier (DNROID) in the SRS. 1799 + , result code as described in Section 6.3.1.1. 1801 Example of a LORDN Log file 1803 1,2012-08-16T02:15:00.0Z,2012-08-16T00:00:00.0Z,\ 1804 0000000000000478Nzs+3VMkR8ckuUynOLmyeqTmZQSbzDuf/R50n2n5QX4=,\ 1805 accepted,no-warnings,1 1806 roid,result-code 1807 SH8013-REP,2000 1809 Figure 14 1811 6.3.1.1. LORDN Log Result Codes 1813 In Figure 15 the classes of result codes (rc) are listed. Those 1814 classes in square brackets are not used at this time, but may come 1815 into use at some later stage. The first two digits of a result code 1816 denote the result code class, which defines the outcome at the TMDB: 1818 o ok: Success, DN Line accepted by the TMDB. 1820 o warn: a warning is issued, DN Line accepted by the TMDB. 1822 o err: an error is issued, LORDN file rejected by the TMDB. 1824 In case that after processing a DN Line, the error result code is 1825 45xx or 46xx for that DN Line, the LORDN file MUST be rejected by the 1826 TMDB. If the LORDN file is rejected, DN Lines that are syntactically 1827 valid will be reported with a 2001 result code. A 2001 result code 1828 means that the DN Line is syntactically valid, however the DN Line 1829 was not processed because the LORDN file was rejected. All DNs 1830 reported in a rejected LORDN file MUST be reported again by the 1831 Registry because none of the DN Lines present in the LORDN file have 1832 been processed by the TMDB. 1834 LORDN Log Result Code Classes 1836 code Class outcome 1837 ---- ----- ------- 1839 20xx Success ok 1841 35xx [ DN Line syntax warning ] warn 1842 36xx DN Line semantic warning warn 1844 45xx DN Line syntax error err 1845 46xx DN Line semantic error err 1847 Figure 15 1849 In the following, the LORDN Log result codes used by the TMDB are 1850 described: 1852 LORDN Log result Codes 1854 rc Short Description 1855 Long Description 1856 ---- ------------------------------------------------------------- 1858 2000 OK 1859 DN Line successfully processed. 1861 2001 OK but not processed 1862 DN Line is syntactically correct but was not processed 1863 because the LORDN file was rejected. 1865 3601 TCN Acceptance Date after Registration Date 1866 TCN Acceptance Date in DN Line is newer than the Registration 1867 Date. 1869 3602 Duplicate DN Line 1870 This DN Line is an exact duplicate of another DN Line in same 1871 file, DN Line ignored. 1873 3603 DNROID Notified Earlier 1874 Same DNROID has been notified earlier, DN Line ignored. 1876 3604 TCN Checksum invalid 1877 Based on the DN effectively allocated, the TCNID and the 1878 expiration date of the linked TCN, the TCN Checksum is 1879 invalid. 1881 3605 TCN Expired 1882 The TCN was already expired (based on the 1883 field of the TCN) at the datetime of acknowledgement. 1885 3606 Wrong TCNID used 1886 The TCNID used for the registration does not match 1887 the related DN. 1889 3609 Invalid SMD used 1890 The SMD used for registration was not valid at the moment of 1891 registration based on the and 1892 elements. 1893 In case of an asynchronous registration, this refer to the 1894 . 1896 3610 DN reported outside of the time window 1897 The DN was reported outside of the required 26 hours 1898 reporting window. 1900 3611 DN does not match the labels in SMD 1901 The DN does not match the labels included in the SMD. 1903 3612 SMDID does not exist 1904 The SMDID has never existed in the central repository. 1906 3613 SMD was revoked when used 1907 The SMD used for registration was revoked more than 1908 24 hours ago of the . 1909 In case of an asynchronous registration, 1910 the is used when 1911 validating the DN Line. 1913 3614 TCNID does not exist 1914 The TCNID has never existed in the central repository. 1916 3615 Recent-dnl-insertion outside of the time window 1917 The DN registration is reported as a recent-dnl-insertion, 1918 but the (re) insertion into the DNL occurred more than 1919 24 hours ago. 1921 3616 Registration Date of DN in Claims before the end of Sunrise Period 1922 The registration date of the DN is before the end of Sunrise Period 1923 and the DN was reported in a Trademark Claims LORDN file. 1925 3617 Registrar has not been approved by the TMDB 1926 Registrar ID in DN Line has not completed Trademark Claims integration 1927 testing with the TMDB. 1929 3618 Registration Date of DN in a QLP LORDN file outside of the QLP Period 1930 The registration date of the DN in a QLP LORDN file is outside 1931 of the QLP Period. 1933 3619 TCN was not valid 1934 The TCN was not valid (based on the 1935 field of the TCN) at the datetime of acknowledgement. 1937 4501 Syntax Error in DN Line 1938 Syntax Error in DN Line. 1940 4601 Invalid TLD used 1941 The TLD in the DN Line does not match what is expected for 1942 this LORDN. 1944 4602 Registrar ID Invalid 1945 Registrar ID in DN Line is not a valid ICANN-Accredited 1946 Registrar. 1948 4603 Registration Date in the future 1949 The in the DN Line is in the 1950 future. 1952 4606 TLD not in Sunrise or Trademark Claims Period 1953 The was reported when the TLD was 1954 not in Sunrise or Trademark Claims Periods. 1955 In case of an asynchronous registration, 1956 the is used when 1957 validating the DN Line. 1959 4607 Application Date in the future 1960 The in the DN Line is in the 1961 future. 1963 4608 Application Date is later than Registration Date 1964 The in the DN Line is later 1965 than the . 1967 4609 TCNID wrong syntax 1968 The syntax of the TCNID is invalid. 1970 4610 TCN Acceptance Date is in the future 1971 The is in the future. 1973 4611 Label has never existed in the TMDB 1974 The label in the registered DN has never existed in the TMDB. 1976 Figure 16 1978 6.4. Signed Mark Data (SMD) File 1980 This section defines the format of the Signed Mark Data (SMD) File. 1981 After a successful registration of a mark, the TMV returns an SMD 1982 File to the TMH. The SMD File can then be used for registration of 1983 one or more DNs covered by the PRM during the Sunrise Period of a 1984 TLD. 1986 Two encapsulation boundaries are defined for delimiting the 1987 encapsulated base64 encoded SMD: i.e. "-----BEGIN ENCODED SMD-----" 1988 and "-----END ENCODED SMD-----". Only data inside the encapsulation 1989 boundaries MUST be used by Registries and Registrars for validation 1990 purposes, i.e. any data outside these boundaries as well as the 1991 boundaries themselves MUST be ignored for validation purposes. 1993 The structure of the SMD File is as follows, all the elements are 1994 REQUIRED, and MUST appear in the specified order. 1996 1. Marks: 1998 2. smdID: 2000 3. U-labels: 2003 4. notBefore: 2005 5. notAfter: 2007 6. -----BEGIN ENCODED SMD----- 2009 7. 2011 8. -----END ENCODED SMD----- 2012 Example of an SMD File: 2014 Marks: Example One 2015 smdID: 1-2 2016 U-labels: example-one, exampleone 2017 notBefore: 2011-08-16 09:00 2018 notAfter: 2012-08-16 09:00 2019 -----BEGIN ENCODED SMD----- 2020 PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNtZDpzaWdu 2021 ZWRNYXJrIHhtbG5zOnNtZD0idXJuOmlldGY6cGFyYW1zOnhtbDpuczpzaWduZWRN 2022 ... (base64 data elided for brevity) ... 2023 dXJlPgo8L3NtZDpzaWduZWRNYXJrPgo= 2024 -----END ENCODED SMD----- 2026 Figure 17 2028 6.5. Trademark Claims Notice (TCN) 2030 The TMDB MUST provide the TCN to Registrars in XML format as 2031 specified below. 2033 An enclosing element that describes the Trademark 2034 Notice to a given label. 2036 The child elements of the element include: 2038 o A element that contains the unique identifier of the 2039 Trademark Notice. This element contains the the TCNID. 2041 The TCNID is a string concatenation of a TCN Checksum and the 2042 TMDB Notice Identifier. The first 8 characters of the TCNID is 2043 a TCN Checksum. The rest is the TMDB Notice Identifier, which 2044 is a zero-padded natural number in the range of 2045 0000000000000000001 to 9223372036854775807. 2047 Example of a TCNID: 2049 370d0b7c9223372036854775807. 2051 Where: 2053 + TCN Checksum=370d0b7c 2055 + TMDB Notice Identifier=9223372036854775807 2056 The TCN Checksum is a 8 characters long Base16 encoded output 2057 of computing the CRC32 of the string concatenation of: label + 2058 unix_timestamp() + TMDB Notice Identifier 2060 TMDB MUST use the Unix time conversion of the 2061 in UTC to calculate the TCN Checksum. Unix 2062 time is defined as the number of seconds that have elapsed 2063 since 1970-01-01T00:00:00Z not counting leap seconds. For 2064 example, the conversion to Unix time of 2010-08-16T09:00:00.0Z 2065 is shown: 2067 unix_time(2010-08-16T09:00:00.0Z)=1281949200 2069 The TMDB uses the and 2070 elements from the TCN along with the TMDB Notice Identifier to 2071 compute the TCN Checksum. 2073 A Registry MUST use the leftmost DNL of the DN being 2074 effectively allocated, the expiration datetime of the TCN 2075 (provided by the Registrar) and the TMDB Notice Identifier 2076 extracted from the TCNID (provided by the Registrar) to compute 2077 the TCN Checksum. For example, if the DN "xn--mgbachtv.xn-- 2078 mgbh0fb" is being effectively allocated, the leftmost DNL would 2079 be "xn--mgbachtv". 2081 Example of computation of the TCN Checksum: 2083 CRC32(example-one12819492009223372036854775807)=370d0b7c 2085 o A element that contains the start of the 2086 validity date and time of the TCN. 2088 o A element that contains the expiration date 2089 and time of the TCN. 2091 o A element that contains the DNL covered by a PRM. 2093 o One or more elements that contain the Trademark 2094 Claim. The element contains the following child 2095 elements: 2097 * A element that contains the mark text 2098 string. 2100 * One or more elements that contains the 2101 information of the holder of the mark. An "entitlement" 2102 attribute is used to identify the entitlement of the holder, 2103 possible values are: owner, assignee or licensee. The child 2104 elements of include: 2106 + An OPTIONAL element that contains the name 2107 of the holder. A MUST be specified if 2108 is not specified. 2110 + An OPTIONAL element that contains the name of 2111 the organization holder of the mark. A MUST 2112 be specified if is not specified. 2114 + A element that contains the address 2115 information of the holder of a mark. A 2116 contains the following child elements: 2118 - One, two or three OPTIONAL elements 2119 that contains the organization's street address. 2121 - A element that contains the 2122 organization's city. 2124 - An OPTIONAL element that contains the 2125 organization's state or province. 2127 - An OPTIONAL element that contains the 2128 organization's postal code. 2130 - A element that contains the organization's 2131 country code. This a two-character code from 2132 [ISO3166-2]. 2134 + An OPTIONAL element that contains the 2135 organization's voice telephone number. 2137 + An OPTIONAL element that contains the 2138 organization's facsimile telephone number. 2140 + An OPTIONAL element that contains the email 2141 address of the holder. 2143 * Zero or more OPTIONAL elements that contains 2144 the information of the representative of the mark registration. 2145 A "type" attribute is used to identify the type of contact, 2146 possible values are: owner, agent or thirdparty. The child 2147 elements of include: 2149 + A element that contains name of the 2150 responsible person. 2152 + An OPTIONAL element that contains the name of 2153 the organization of the contact. 2155 + A element that contains the address 2156 information of the contact. A contains the 2157 following child elements: 2159 - One, two or three OPTIONAL elements 2160 that contains the contact's street address. 2162 - A element that contains the contact's 2163 city. 2165 - An OPTIONAL element that contains the 2166 contact's state or province. 2168 - An OPTIONAL element that contains the 2169 contact's postal code. 2171 - A element that contains the contact's 2172 country code. This a two-character code from 2173 [ISO3166-2]. 2175 + A element that contains the contact's voice 2176 telephone number. 2178 + An OPTIONAL element that contains the 2179 contact's facsimile telephone number. 2181 + A element that contains the contact's email 2182 address. 2184 * A element that contains the name (in 2185 English) of the jurisdiction where the mark is protected. A 2186 jurCC attribute contains the two-character code of the 2187 jurisdiction where the mark was registered. This is a two- 2188 character code from [WIPO.ST3]. 2190 * Zero or more OPTIONAL element that 2191 contains the description (in English) of the Nice 2192 Classification as defined in [WIPO-NICE-CLASSES]. A classNum 2193 attribute contains the class number. 2195 * A element that contains the full 2196 description of the goods and services mentioned in the mark 2197 registration document. 2199 * An OPTIONAL element signals that the 2200 claim notice was added to the TCN based on other rule (e.g. 2201 [Claims50] ) than exact match (defined in [MatchingRules]). 2202 The contains one or more: 2204 + An OPTIONAL element that signals that the 2205 claim notice was added because of a previously abused name 2206 included in an UDRP case. The contains: 2208 - A element that contains the UDRP case 2209 number used to validate the previously abused name. 2211 - A element that contains the name 2212 of the UDRP provider. 2214 + An OPTIONAL element that signals that the 2215 claim notice was added because of a previously abused name 2216 included in a court's resolution. The 2217 contains: 2219 - A element that contains the reference 2220 number of the court's resolution used to validate the 2221 previously abused name. 2223 - A element that contains the two-character 2224 code from [ISO3166-2] of the jurisdiction of the court. 2226 - A element that contains the name of 2227 the court. 2229 Example of a object: 2231 2232 2233 370d0b7c9223372036854775807 2234 2010-08-14T09:00:00.0Z 2235 2010-08-16T09:00:00.0Z 2236 example-one 2237 2238 Example One 2239 2240 Example Inc. 2241 2242 123 Example Dr. 2243 Suite 100 2244 Reston 2245 VA 2246 20190 2247 US 2248 2249 2250 2251 Joe Doe 2252 Example Inc. 2253 2254 123 Example Dr. 2255 Suite 100 2256 Reston 2257 VA 2258 20190 2259 US 2260 2261 +1.7035555555 2262 jdoe@example.com 2263 2264 UNITED STATES OF AMERICA 2265 2266 Advertising; business management; business administration. 2267 2268 2269 Insurance; financial affairs; monetary affairs; real estate. 2270 2271 2272 Bardus populorum circumdabit se cum captiosus populum. 2273 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2274 2275 2276 2277 Example-One 2278 2279 Example S.A. de C.V. 2280 2281 Calle conocida #343 2282 Conocida 2283 SP 2284 82140 2285 BR 2286 2287 2288 BRAZIL 2289 2290 Bardus populorum circumdabit se cum captiosus populum. 2291 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2292 2293 2294 2295 One 2296 2297 One Corporation 2298 2299 Otra calle 2300 Otra ciudad 2301 OT 2302 383742 2303 CR 2304 2305 2306 COSTA RICA 2307 2308 Bardus populorum circumdabit se cum captiosus populum. 2309 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2310 2311 2312 2313 234235 2314 CR 2315 Supreme Court of Justice of Costa Rica 2316 2317 2318 2319 2320 One Inc 2321 2322 One SA de CV 2323 2324 La calle 2325 La ciudad 2326 CD 2327 34323 2328 AR 2329 2330 2331 ARGENTINA 2332 2333 Bardus populorum circumdabit se cum captiosus populum. 2334 Smert populorum circumdabit se cum captiosus populum qui eis differimus. 2335 2336 2337 2338 D2003-0499 2339 WIPO 2340 2341 2343 2344 2346 For the formal syntax of the TCN please refer to Section 7.1. 2348 6.6. Sunrise List (SURL) 2350 This section defines the format of the list containing every Domain 2351 Name Label (DNL) that matches a PRM eligible for Sunrise. The list 2352 is maintained by the TMDB and downloaded by Registries in regular 2353 intervals (see Section 5.4.2.1). The Registries use the Sunrise List 2354 during the Qualified Launch Program Period to check whether a 2355 requested DN matches a DNL of a PRM eligible for Sunrise. 2357 The Sunrise List contains all the DNLs covered by a PRM eligible for 2358 Sunrise present in the TMDB at the datetime it is generated. 2360 The Sunrise List is contained in a CSV formatted file that has the 2361 following structure: 2363 o first line: , 2365 Where: 2367 + , version of the file, this field MUST be 1. 2369 + , date and time in UTC that 2370 the Sunrise List was created. 2372 o second line: a header line as specified in [RFC4180] 2374 With the header names as follows: 2376 DNL,insertion-datetime 2378 o One or more lines with: , 2380 Where: 2382 + , a Domain Name Label covered by a PRM eligible for 2383 Sunrise. 2385 + , datetime in UTC that the DNL was 2386 first inserted into the Sunrise List. The possible two 2387 values of time for inserting a DNL to the Sunrise List are 2388 00:00:00 and 12:00:00 UTC. 2390 Example of a SURL 2392 1,2012-08-16T00:00:00.0Z 2393 DNL,insertion-datetime 2394 example,2010-07-14T00:00:00.0Z 2395 another-example,2012-08-16T00:00:00.0Z 2396 anotherexample,2011-08-16T12:00:00.0Z 2398 Figure 18 2400 To provide authentication and integrity protection, the Sunrise List 2401 will be PGP signed by the TMDB (see also Section 5.1.1.4). The PGP 2402 signature of the Sunrise List can be found in the similar URI but 2403 with extension .sig as shown below. 2405 The URL of the dy interface (Section 4.3.3) is: 2407 o < https:///dnl/surl-latest.csv > 2409 o < https:///dnl/surl-latest.sig > 2411 7. Formal Syntax 2413 7.1. Trademark Claims Notice (TCN) 2415 The schema presented here is for a Trademark Claims Notice. 2417 The BEGIN and END tags are not part of the schema; they are used to 2418 note the beginning and ending of the schema for URI registration 2419 purposes. 2421 Copyright (c) 2016 IETF Trust and the persons identified as authors 2422 of the code. All rights reserved. 2424 Redistribution and use in source and binary forms, with or without 2425 modification, is permitted pursuant to, and subject to the license 2426 terms contained in, the Simplified BSD License set forth in 2427 Section 4.c of the IETF Trust's Legal Provisions Relating to IETF 2428 Documents (http://trustee.ietf.org/license-info). 2430 BEGIN 2431 2432 2437 2438 2439 Schema for representing a Trademark Claim Notice. 2440 2441 2442 2443 2444 2445 2446 2447 2448 2449 2450 2451 2452 2453 2454 2455 2456 2457 2458 2459 2460 2461 2463 2464 2465 2466 2467 2468 2470 2472 2473 2475 2476 2478 2479 2480 2481 2482 2483 2484 2485 2486 2487 2488 2489 2490 2491 2492 2493 2494 2495 2496 2497 2498 2499 2500 2501 2502 2503 2504 2505 2506 2507 2508 2509 2510 2512 2513 2514 2515 2516 2517 2518 2519 2520 2521 2522 2523 2524 2525 2526 2527 2528 2529 2530 2531 2532 2533 2534 2535 2536 2537 2538 2539 2540 2541 END 2543 8. Acknowledgements 2545 This specification is a collaborative effort from several 2546 participants in the ICANN community. Bernie Hoeneisen participated 2547 as co-author until version 02 providing invaluable support for this 2548 document. This specification is based on a model spearheaded by: 2549 Chris Wright, Jeff Neuman, Jeff Eckhaus and Will Shorter. The author 2550 would also like to thank the thoughtful feedbak provided by many in 2551 the tmch-tech mailing list, but particularly the extensive help 2552 provided by James Gould, James Mitchell and Francisco Arias. This 2553 document includes feedback received from the following individuals: 2554 Paul Hoffman. 2556 9. Change History 2558 [[RFC Editor: Please remove this section.]] 2560 9.1. Version 04 2562 1. Ping update. 2564 10. IANA Considerations 2566 This document uses URNs to describe XML namespaces and XML schemas 2567 conforming to a registry mechanism described in [RFC3688]. One URI 2568 assignment have been registered by the IANA. 2570 Registration request for the Trademark Claims Notice namespace: 2572 URI: urn:ietf:params:xml:ns:tmNotice-1.0 2574 Registrant Contact: See the "Author's Address" section of this 2575 document. 2577 XML: None. Namespace URIs do not represent an XML specification. 2579 Registration request for the Trademark Claims Notice XML schema: 2581 URI: urn:ietf:params:xml:ns:tmNotice-1.0 2583 Registrant Contact: See the "Author's Address" section of this 2584 document. 2586 XML: See Section 7.1 of this document. 2588 11. Security Considerations 2590 This specification uses HTTP Basic Authentication to provide a simple 2591 application-layer authentication service. HTTPS is used in all 2592 interfaces in order to protect against most common attacks. In 2593 addition, the client identifier is tied to a set of IP addresses that 2594 are allowed to connect to the interfaces described in this document, 2595 providing an extra security measure. 2597 The TMDB MUST provide credentials to the appropriate Registries and 2598 Registrars. 2600 The TMDB MUST require the use of strong passwords by Registries and 2601 Registrars. 2603 The TMDB, Registries and Registrars MUST use the best practices 2604 described in RFC 7525 or its successors. 2606 12. References 2608 12.1. Normative References 2610 [Claims50] 2611 ICANN, "Implementation Notes: Trademark Claims Protection 2612 for Previously Abused Names", July 2013, 2613 . 2616 [MatchingRules] 2617 ICANN, "Memorandum on Implementing Matching Rules", 2618 September 2012, . 2621 [QLP-Addendum] 2622 ICANN, "Qualified Launch Program Addendum", April 2014, 2623 . 2627 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 2628 Requirement Levels", BCP 14, RFC 2119, 2629 DOI 10.17487/RFC2119, March 1997, 2630 . 2632 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 2633 DOI 10.17487/RFC3688, January 2004, 2634 . 2636 [RFC7848] Lozano, G., "Mark and Signed Mark Objects Mapping", 2637 RFC 7848, DOI 10.17487/RFC7848, June 2016, 2638 . 2640 [RPM-Requirements] 2641 ICANN, "Rights Protection Mechanism Requirements", 2642 September 2013, . 2645 12.2. Informative References 2647 [ICANN-GTLD-AGB-20120604] 2648 ICANN, "gTLD Applicant Guidebook Version 2012-06-04", June 2649 2012, . 2652 [ISO3166-2] 2653 ISO, "International Standard for country codes and codes 2654 for their subdivisions", 2006, 2655 . 2657 [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, 2658 DOI 10.17487/RFC2818, May 2000, 2659 . 2661 [RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet: 2662 Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002, 2663 . 2665 [RFC4180] Shafranovich, Y., "Common Format and MIME Type for Comma- 2666 Separated Values (CSV) Files", RFC 4180, 2667 DOI 10.17487/RFC4180, October 2005, 2668 . 2670 [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data 2671 Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, 2672 . 2674 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. 2675 Thayer, "OpenPGP Message Format", RFC 4880, 2676 DOI 10.17487/RFC4880, November 2007, 2677 . 2679 [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., 2680 Housley, R., and W. Polk, "Internet X.509 Public Key 2681 Infrastructure Certificate and Certificate Revocation List 2682 (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, 2683 . 2685 [RFC5890] Klensin, J., "Internationalized Domain Names for 2686 Applications (IDNA): Definitions and Document Framework", 2687 RFC 5890, DOI 10.17487/RFC5890, August 2010, 2688 . 2690 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 2691 Protocol (HTTP/1.1): Message Syntax and Routing", 2692 RFC 7230, DOI 10.17487/RFC7230, June 2014, 2693 . 2695 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 2696 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 2697 DOI 10.17487/RFC7231, June 2014, 2698 . 2700 [RFC7235] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 2701 Protocol (HTTP/1.1): Authentication", RFC 7235, 2702 DOI 10.17487/RFC7235, June 2014, 2703 . 2705 [RFC7719] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 2706 Terminology", RFC 7719, DOI 10.17487/RFC7719, December 2707 2015, . 2709 [WIPO-NICE-CLASSES] 2710 WIPO, "WIPO Nice Classification", 2015, 2711 . 2713 [WIPO.ST3] 2714 WIPO, "Recommended standard on two-letter codes for the 2715 representation of states, other entities and 2716 intergovernmental organizations", March 2007, 2717 . 2719 Author's Address 2721 Gustavo Lozano 2722 ICANN 2723 12025 Waterfront Drive, Suite 300 2724 Los Angeles 90292 2725 US 2727 Phone: +1.3103015800 2728 Email: gustavo.lozano@icann.org