idnits 2.17.1 

draft-ietf-regext-verificationcode-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (October 16, 2017) is 2383 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 7451


     Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                           J. Gould
3	Internet-Draft                                            VeriSign, Inc.
4	Intended status: Standards Track                        October 16, 2017
5	Expires: April 19, 2018

7	  Verification Code Extension for the Extensible Provisioning Protocol
8	                                 (EPP)
9	                 draft-ietf-regext-verificationcode-02

11	Abstract

13	   This document describes an Extensible Provisioning Protocol (EPP)
14	   extension for including a verification code for marking the data for
15	   a transform command as being verified by a 3rd party, which is
16	   referred to as the Verification Service Provider (VSP).  The
17	   verification code is digitally signed by the VSP using XML Signature
18	   and is "base64" encoded.  The XML Signature includes the VSP signer
19	   certificate, so the server can verify that the verification code
20	   originated from the VSP.

22	Status of This Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at http://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on April 19, 2018.

39	Copyright Notice

41	   Copyright (c) 2017 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (http://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	Table of Contents

56	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
57	     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
58	   2.  Object Attributes . . . . . . . . . . . . . . . . . . . . . .   4
59	     2.1.  Verification Code . . . . . . . . . . . . . . . . . . . .   4
60	       2.1.1.  Signed Code . . . . . . . . . . . . . . . . . . . . .   4
61	       2.1.2.  Encoded Signed Code . . . . . . . . . . . . . . . . .   6
62	     2.2.  Verification Profile  . . . . . . . . . . . . . . . . . .  11
63	   3.  EPP Command Mapping . . . . . . . . . . . . . . . . . . . . .  12
64	     3.1.  EPP Query Commands  . . . . . . . . . . . . . . . . . . .  12
65	       3.1.1.  EPP <check> Command . . . . . . . . . . . . . . . . .  12
66	       3.1.2.  EPP <info> Command  . . . . . . . . . . . . . . . . .  12
67	       3.1.3.  EPP <transfer> Command  . . . . . . . . . . . . . . .  24
68	     3.2.  EPP Transform Commands  . . . . . . . . . . . . . . . . .  25
69	       3.2.1.  EPP <create> Command  . . . . . . . . . . . . . . . .  25
70	       3.2.2.  EPP <delete> Command  . . . . . . . . . . . . . . . .  27
71	       3.2.3.  EPP <renew> Command . . . . . . . . . . . . . . . . .  28
72	       3.2.4.  EPP <transfer> Command  . . . . . . . . . . . . . . .  28
73	       3.2.5.  EPP <update> Command  . . . . . . . . . . . . . . . .  28
74	   4.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  28
75	     4.1.  Verification Code Extension Schema  . . . . . . . . . . .  28
76	   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  32
77	     5.1.  XML Namespace . . . . . . . . . . . . . . . . . . . . . .  32
78	     5.2.  EPP Extension Registry  . . . . . . . . . . . . . . . . .  32
79	   6.  Security Considerations . . . . . . . . . . . . . . . . . . .  33
80	   7.  Normative References  . . . . . . . . . . . . . . . . . . . .  33
81	   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  34
82	   Appendix B.  Change History . . . . . . . . . . . . . . . . . . .  34
83	     B.1.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .  34
84	     B.2.  Change from 01 to 02  . . . . . . . . . . . . . . . . . .  34
85	     B.3.  Change from 02 to 03  . . . . . . . . . . . . . . . . . .  35
86	     B.4.  Change from 03 to 04  . . . . . . . . . . . . . . . . . .  35
87	     B.5.  Change from 04 to REGEXT 00 . . . . . . . . . . . . . . .  35
88	     B.6.  Change from REGEXT 00 to REGEXT 01  . . . . . . . . . . .  35
89	     B.7.  Change from REGEXT 01 to REGEXT 02  . . . . . . . . . . .  35
90	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  35

92	1.  Introduction

94	   This document describes an extension mapping for version 1.0 of the
95	   Extensible Provisioning Protocol (EPP) [RFC5730].  This mapping, an
96	   extension to EPP object mappings like the EPP domain name mapping

98	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
99	   [RFC5733], can be used to pass a verification code to one of the EPP
100	   transform commands.  The domain name object is used for examples in
101	   the document.  The verification code is signed using XML Signature
102	   [W3C.CR-xmldsig-core2-20120124] and is "base64" encoded.  The
103	   "base64" encoded text of the verification code MUST conform to
104	   [RFC2045].  The verification code demonstrates that verification was
105	   done by a Verification Service Provider (VSP).

107	   The Verification Service Provider (VSP) is a certified party to
108	   verify that data is in compliance with the policies of a locality.  A
109	   locality MAY require the client to have data verified in accordance
110	   with local regulations or laws utilizing data sources not available
111	   to the server.  The VSP has access to the local data sources and is
112	   authorized to verify the data.  Examples include verifying that the
113	   domain name is not prohibited and verifying that the domain name
114	   registrant is a valid individual, organization, or business in the
115	   locality.  The data verified, and the objects and operations that
116	   require the verification code to be passed to the server is up to the
117	   policies of the locality.  The verification code represents a marker
118	   that the verification was completed.  The data verified by the VSP
119	   MUST be stored by the VSP along with the generated verification code
120	   to address any compliance issues.  The signer certificate and the
121	   digital signature of the verification code MUST be verified by the
122	   server.

124	1.1.  Conventions Used in This Document

126	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
127	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
128	   document are to be interpreted as described in RFC 2119 [RFC2119].

130	   XML is case sensitive.  Unless stated otherwise, XML specifications
131	   and examples provided in this document MUST be interpreted in the
132	   character case presented in order to develop a conforming
133	   implementation.

135	   In examples, "C:" represents lines sent by a protocol client and "S:"
136	   represents lines returned by a protocol server.  Indentation and
137	   white space in examples are provided only to illustrate element
138	   relationships and are not a REQUIRED feature of this protocol.

140	   "verificationCode-1.0" is used as an abbreviation for
141	   "urn:ietf:params:xml:ns:verificationCode-1.0".  The XML namespace
142	   prefix "verificationCode" is used, but implementations MUST NOT
143	   depend on it and instead employ a proper namespace-aware XML parser
144	   and serializer to interpret and output the XML documents.

146	2.  Object Attributes

148	   This extension adds additional elements to EPP object mappings like
149	   the EPP domain name mapping [RFC5731], EPP host mapping [RFC5732],
150	   and EPP contact mapping [RFC5733].  Only those new elements are
151	   described here.

153	2.1.  Verification Code

155	   The Verification Code is a formatted token, referred to as the
156	   Verification Code Token, that is digitally signed by a Verification
157	   Service Provider (VSP) using XML Signature
158	   [W3C.CR-xmldsig-core2-20120124], using the process described in
159	   Section 2.1.1, and is then "base64" encoded, as defined in
160	   Section 2.1.2.  The Verification Code Token syntax is specified using
161	   Augmented Backus-Naur Form (ABNF) grammar [RFC5234] as follows:

163	   Verification Code Token ABNF

165	   token     = vsp-id "-" verification-id ; Verification Code Token
166	   vsp-id    = 1*DIGIT                    ; VSP Identifier
167	   verification-id = 1*(DIGIT / ALPHA)    ; Verification Identifier

169	   For a VSP given VSP Identifier "1" and with a Verification Identifier
170	   of "abc123", the resulting Verification Code Token is "1-abc123".
171	   The Verification Identifier MUST be unique within a VSP and the VSP
172	   Identifier MUST be unique across supporting VSP's, so the
173	   Verification Code Token MUST be unique to an individual verification.
174	   The VSP Identifiers MAY require registration within an IANA registry.

176	2.1.1.  Signed Code

178	   The <verificationCode:signedCode> is the fragment of XML that is
179	   digitally signed using XML Signature [W3C.CR-xmldsig-core2-20120124].
180	   The <verificationCode:signedCode> element includes a required "id"
181	   attribute of type XSD ID for use with an IDREF URI from the Signature
182	   element.  The certificate of the issuer MUST be included with the
183	   Signature so it can be chained with the issuer's certificate by the
184	   validating client.

186	   The <verificationCode:signedCode> element includes a REQUIRED "type"
187	   attribute for use in defining the type of the signed code.  It is up
188	   to the VSP and the server to define the valid values for the "type"
189	   attribute.  Examples of possible "type" attribute values include
190	   "domain" for verification of the domain name, "registrant" for
191	   verification of the registrant contact, or "domain-registrant" for
192	   verification of both the domain name and the registrant.  The typed
193	   signed code is used to indicate the verifications that are done by
194	   the VSP.  The "type" attribute values MAY require registration within
195	   an IANA registry.

197	   A <verificationCode:signedCode> element substitutes for the
198	   <verificationCode:abstractSignedCode> abstract element to define a
199	   concrete definition of a signed code.  The
200	   <verificationCode:abstractSignedCode> element can be replaced by
201	   other signed code definitions using the XML schema substitution
202	   groups feature.

204	   The child elements of the <verificationCode:signedCode> element
205	   include:

207	   <verificationCode:code>  Contains the Verification Code Token as
208	       defined by the ABNF in Section 2.1.
209	   <Signature>  XML Signature [W3C.CR-xmldsig-core2-20120124] for the
210	       <verificationCode:signedCode>.  Use of a namespace prefix, like
211	       "dsig", is recommended for the XML Signature
212	       [W3C.CR-xmldsig-core2-20120124] elements.

214	   Example of a "domain" typed signed code using the
215	   <verificationCode:signedCode> element and XML Signature
216	   [W3C.CR-xmldsig-core2-20120124]:

218	   <verificationCode:signedCode
219	     xmlns:verificationCode=
220	     "urn:ietf:params:xml:ns:verificationCode-1.0"
221	     id="signedCode">
222	     <verificationCode:code type="domain">1-abc111
223	     </verificationCode:code>
224	     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
225	      <SignedInfo>
226	       <CanonicalizationMethod
227	    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
228	       <SignatureMethod
229	    Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
230	       <Reference URI="#signedCode">
231	        <Transforms>
232	         <Transform
233	    Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
234	        </Transforms>
235	        <DigestMethod
236	    Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
237	    <DigestValue>wgyW3nZPoEfpptlhRILKnOQnbdtU6ArM7ShrAfHgDFg=
238	    </DigestValue>
239	       </Reference>
240	      </SignedInfo>
241	      <SignatureValue>

243	    jMu4PfyQGiJBF0GWSEPFCJjmywCEqR2h4LD+ge6XQ+JnmKFFCuCZS/3SLKAx0L1w
244	    QDFO2e0Y69k2G7/LGE37X3vOflobFM1oGwja8+GMVraoto5xAd4/AF7eHukgAymD
245	    o9toxoa2h0yV4A4PmXzsU6S86XtCcUE+S/WM72nyn47zoUCzzPKHZBRyeWehVFQ+
246	    jYRMIAMzM57HHQA+6eaXefRvtPETgUO4aVIVSugc4OUAZZwbYcZrC6wOaQqqqAZi
247	    30aPOBYbAvHMSmWSS+hFkbshomJfHxb97TD2grlYNrQIzqXk7WbHWy2SYdA+sI/Z
248	    ipJsXNa6osTUw1CzA7jfwA==
249	      </SignatureValue>
250	      <KeyInfo>
251	       <X509Data>
252	       <X509Certificate>
253	    MIIESTCCAzGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEL
254	    MAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJQ0FO
255	    TiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0EwHhcNMTMwMjA4MDAw
256	    MDAwWhcNMTgwMjA3MjM1OTU5WjBsMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
257	    FDASBgNVBAcTC0xvcyBBbmdlbGVzMRcwFQYDVQQKEw5WYWxpZGF0b3IgVE1DSDEh
258	    MB8GA1UEAxMYVmFsaWRhdG9yIFRNQ0ggVEVTVCBDRVJUMIIBIjANBgkqhkiG9w0B
259	    AQEFAAOCAQ8AMIIBCgKCAQEAo/cwvXhbVYl0RDWWvoyeZpETVZVVcMCovUVNg/sw
260	    WinuMgEWgVQFrz0xA04pEhXCFVv4evbUpekJ5buqU1gmQyOsCKQlhOHTdPjvkC5u
261	    pDqa51Flk0TMaMkIQjs7aUKCmA4RG4tTTGK/EjR1ix8/D0gHYVRldy1YPrMP+ou7
262	    5bOVnIos+HifrAtrIv4qEqwLL4FTZAUpaCa2BmgXfy2CSRQbxD5Or1gcSa3vurh5
263	    sPMCNxqaXmIXmQipS+DuEBqMM8tldaN7RYojUEKrGVsNk5i9y2/7sjn1zyyUPf7v
264	    L4GgDYqhJYWV61DnXgx/Jd6CWxvsnDF6scscQzUTEl+hywIDAQABo4H/MIH8MAwG
265	    A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPZEcIQcD/Bj2IFz/LERuo2ADJviMIGMBgNV
266	    HSMEgYQwgYGAFO0/7kEh3FuEKS+Q/kYHaD/W6wihoWakZDBiMQswCQYDVQQGEwJV
267	    UzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJ
268	    Q0FOTiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0GCAQEwDgYDVR0P
269	    AQH/BAQDAgeAMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jcmwuaWNhbm4ub3Jn
270	    L3RtY2guY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB2qSy7ui+43cebKUKwWPrzz9y/
271	    IkrMeJGKjo40n+9uekaw3DJ5EqiOf/qZ4pjBD++oR6BJCb6NQuQKwnoAz5lE4Ssu
272	    y5+i93oT3HfyVc4gNMIoHm1PS19l7DBKrbwbzAea/0jKWVzrvmV7TBfjxD3AQo1R
273	    bU5dBr6IjbdLFlnO5x0G0mrG7x5OUPuurihyiURpFDpwH8KAH1wMcCpXGXFRtGKk
274	    wydgyVYAty7otkl/z3bZkCVT34gPvF70sR6+QxUy8u0LzF5A/beYaZpxSYG31amL
275	    AdXitTWFipaIGea9lEGFM0L9+Bg7XzNn4nVLXokyEB3bgS4scG6QznX23FGk
276	      </X509Certificate>
277	      </X509Data>
278	      </KeyInfo>
279	     </Signature>
280	   </verificationCode:signedCode>

282	2.1.2.  Encoded Signed Code

284	   The <verificationCode:encodedSignedCode> element contains one or more
285	   encoded form of the digitally signed <verificationCode:signedCode>
286	   element, described in Section 2.1.1.

288	   The child elements of the <verificationCode:encodedSignedCode>
289	   element include:

291	   <verificationCode:code>  One or more <verificationCode:code> elements
292	       that is an encoded form of the digitally signed
293	       <verificationCode:signedCode> element, described in
294	       Section 2.1.1, with the encoding defined by the "encoding"
295	       attribute with the default "encoding" value of "base64".  The
296	       "base64" encoded text of the <verificationCode:code> element MUST
297	       conform to [RFC2045].

299	   Example <verificationCode:encodedSignedCode> element that contains
300	   one "base64" encoded <verificationCode:signedCode> contained in the
301	   <verificationCode:code> element:

303	   <verificationCode:encodedSignedCode
304	     xmlns:verificationCode=
305	       "urn:ietf:params:xml:ns:verificationCode-1.0">
306	     <verificationCode:code>
307	   ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
308	   OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
309	   bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
310	   b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
311	   ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
312	   dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
313	   PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
314	   My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
315	   aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
316	   Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
317	   Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
318	   aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
319	   ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
320	   dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
321	   YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
322	   UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
323	   ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
324	   UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
325	   Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
326	   amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
327	   bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
328	   CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
329	   d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
330	   SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
331	   VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
332	   CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
333	   ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
334	   d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
335	   bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
336	   eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
337	   d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
338	   R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
339	   UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
340	   c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
341	   QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
342	   cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
343	   NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
344	   MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
345	   ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
346	   WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
347	   QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
348	   Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
349	   Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
350	   SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
351	   LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
352	   VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
353	   R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
354	   SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
355	   Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
356	   bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
357	   MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
358	   REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
359	   aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
360	   N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
361	   aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
362	   L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
363	   TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
364	   UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
365	   YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
366	   b25Db2RlOnNpZ25lZENvZGU+Cg==
367	     </verificationCode:code>
368	   </verificationCode:encodedSignedCode>

370	   Example <verificationCode:encodedSignedCode> element that contains
371	   two <verificationCode:code> elements ;.

373	   <?xml version="1.0" encoding="UTF-8" standalone="no"?>
374	   <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
375	     <command>
376	       <create>
377	         <domain:create
378	          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
379	           <domain:name>domain.example</domain:name>
380	           <domain:registrant>jd1234</domain:registrant>
381	           <domain:contact type="admin">sh8013</domain:contact>
382	           <domain:contact type="tech">sh8013</domain:contact>
383	           <domain:authInfo>
384	             <domain:pw>2fooBAR</domain:pw>
385	           </domain:authInfo>
386	         </domain:create>

388	       </create>
389	       <extension>
390	         <verificationCode:encodedSignedCode
391	           xmlns:verificationCode=
392	             "urn:ietf:params:xml:ns:verificationCode-1.0">
393	           <verificationCode:code>
394	   ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
395	   OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
396	   bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
397	   b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
398	   ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
399	   dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
400	   PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
401	   My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
402	   aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
403	   Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
404	   Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
405	   aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
406	   ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
407	   dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
408	   YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
409	   UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
410	   ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
411	   UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
412	   Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
413	   amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
414	   bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
415	   CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
416	   d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
417	   SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
418	   VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
419	   CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
420	   ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
421	   d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
422	   bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
423	   eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
424	   d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
425	   R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
426	   UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
427	   c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
428	   QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
429	   cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
430	   NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
431	   MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
432	   ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
433	   WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
434	   QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
435	   Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
436	   Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
437	   SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
438	   LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
439	   VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
440	   R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
441	   SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
442	   Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
443	   bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
444	   MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
445	   REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
446	   aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
447	   N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
448	   aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
449	   L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
450	   TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
451	   UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
452	   YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
453	   b25Db2RlOnNpZ25lZENvZGU+Cg==
454	           </verificationCode:code>
455	           <verificationCode:code>
456	   PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48dmVyaWZpY2F0
457	   aW9uQ29kZTpzaWduZWRDb2RlIHhtbG5zOnZlcmlmaWNhdGlvbkNvZGU9InVybjpp
458	   ZXRmOnBhcmFtczp4bWw6bnM6dmVyaWZpY2F0aW9uQ29kZS0xLjAiIGlkPSJzaWdu
459	   ZWRDb2RlIiB0eXBlPSJyZWdpc3RyYW50Ij48dmVyaWZpY2F0aW9uQ29kZTpjb2Rl
460	   PjEtYWJjMjIyPC92ZXJpZmljYXRpb25Db2RlOmNvZGU+PGRzaWc6U2lnbmF0dXJl
461	   IHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMi
462	   Pjxkc2lnOlNpZ25lZEluZm8+PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBB
463	   bGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRu
464	   LTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBB
465	   bGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Et
466	   c2hhMSIvPjxkc2lnOlJlZmVyZW5jZSBVUkk9IiNzaWduZWRDb2RlIj48ZHNpZzpU
467	   cmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cu
468	   dzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9k
469	   c2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0
470	   cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGln
471	   ZXN0VmFsdWU+SFg2TU1WUWdnSStzNG9tT3haYjBGTW1VSlBRdk15WmUybDVEdEhh
472	   QlZMND08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6
473	   U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZT5VOUhPNVlYVWE0ZUsyYXRz
474	   U1RuQk1DU3dXM0dWUzZnUEtkaDBZTlZicERud1d4b1BtYlR2YkVsNDE4NFlKZ3Uw
475	   WXB3RkROMmZLY3JVCk1YV0hncE56K0oycTh6MWpTcVJMUEw0UmpnRWw0eGhiOXl5
476	   cExOZC8xQXJXRVlhWWZEdUc1S3FYV05MRG5YVzJoQkEzK0R5Wk82MFQKcTVPd0R5
477	   ZVFSVlNPVWNXVE9FOTJsSlZ4M014Q1V6d1hoL0ZOSTlPbGtXK0ZPNVZNNTZlTmZq
478	   UEhkUlJVdjdzQzRmM0NnWmFaSWFXNQp2RmJnTmJodFJVa0hsSVhnYVNGWDgvcFdV
479	   RXFIY0dLTUxnRU1nbHBnQ3RtOFlIcXVqb0tXUk0yUDNiK2h3ZTRsU0hSWVRjK0pB
480	   eEluClU4RDc1WnliWThnSWFuZUprS2dwVTk2T0tJTGQ5L0l0UVhaeHZnPT08L2Rz
481	   aWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48
482	   ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRGlUQ0NBbkdnQXdJQkFnSUVmcXE2SFRB
483	   TkJna3Foa2lHOXcwQkFRc0ZBREIxTVJBd0RnWURWUVFHRXdkVmJtdHViM2R1TVJB
484	   dwpEZ1lEVlFRSUV3ZFZibXR1YjNkdU1SQXdEZ1lEVlFRSEV3ZFZibXR1YjNkdU1S
485	   QXdEZ1lEVlFRS0V3ZFZibXR1YjNkdU1SQXdEZ1lEClZRUUxFd2RWYm10dWIzZHVN
486	   Umt3RndZRFZRUURFeEIyWlhKcFptbGpZWFJwYjI1RGIyUmxNQjRYRFRFMU1EWXhO
487	   VEl4TURBeU1sb1gKRFRNMU1EWXhNREl4TURBeU1sb3dkVEVRTUE0R0ExVUVCaE1I
488	   Vlc1cmJtOTNiakVRTUE0R0ExVUVDQk1IVlc1cmJtOTNiakVRTUE0RwpBMVVFQnhN
489	   SFZXNXJibTkzYmpFUU1BNEdBMVVFQ2hNSFZXNXJibTkzYmpFUU1BNEdBMVVFQ3hN
490	   SFZXNXJibTkzYmpFWk1CY0dBMVVFCkF4TVFkbVZ5YVdacFkyRjBhVzl1UTI5a1pU
491	   Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpjY2pY
492	   cmsKUWFJL2lHUEZ3WmVITjFnRFVhcTltVnJmQis2eWR5Qmdoc2FHVFZoaERIOFNO
493	   TmtpamxIMkxCQ3J3TjhjVjhQZ1BPOXRwbG9rR2F5UwpxNktFaHZtTk03b1dsZk5L
494	   SkdSdGNidGMzTnJuYzhiUUJacU1xcFo0UlNRTmh5QWh6Ri85UmErd3RFc0JWeGF3
495	   VDc1L2J0SDZ1YytmClJOdE5FcmhJdVlJUmN0WTZIRmRaR3BlS3cxYnlYK0RsNkJP
496	   L3ZLdnQ4NDllY1R3aEZIcDUwWGh2NFVTL0Z5aWVLaGs3dDdHRnJGRlQKL2NCTGsy
497	   WmxFa1lLcFlEU2dlc2lseFg2QkpTZVdCbXZLQzlTL2pBZDhNWmRHVUg2aHNHRXBl
498	   U1BmZkZQV3FWcXl6V0p5bG91OXF4ZQpnUTZjOFo2SVpXZkUzakxSOUVySDhzOTFD
499	   Mm1pTFZrQ0F3RUFBYU1oTUI4d0hRWURWUjBPQkJZRUZIY0JLdk03dmk3dUZNTUx5
500	   ZE43CmVGVXF2YzVVTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBVjB2cmlrSWRB
501	   d2l4THZ0NUx5eXpTNFdTU1d0dVlWL2JQMVg3NzVMRmYKSWh3a2xoMENidk5rYXlK
502	   Tms2Tnp0eDlSc1AwNWZndkxrZER1N0V5cnRzY3I1ZVdETG1WMGtKMWE1N1Z4bnJh
503	   aEdLTnM2Wit1Ui9pSApMaTJXb3liWEpFT2N0NWtJSjFzL05CeUUrdkdGdjFoTmJz
504	   dVVVUEVCYWVtaWpYUFROOWxxZE9uM1FIbktobXhsa1czYS9KbmhtT20vCkRWYTE0
505	   NDJXTVVUSlUyVFlWVldtdUs2NFkwQXFrN2FldzkvVzIzZEcrT2xhOW9VYnBrSXJr
506	   dDRDN3hRa0d5SXN2eUo3bi91OFhBRDIKbno1T1cvek5GWnlrZDAzT2N3M240NkZx
507	   c1IwVDlBbFBEWHQxUjlmMjZMd1lxdjk3dWtVNEcrMVRJNHorV0F2TCtVRk9FVnNu
508	   PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktl
509	   eUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3ZlcmlmaWNhdGlvbkNvZGU6c2lnbmVk
510	   Q29kZT4=
511	           </verificationCode:code>
512	       </verificationCode:encodedSignedCode>
513	       </extension>
514	       <clTRID>ABC-12345</clTRID>
515	     </command>
516	   </epp>

518	2.2.  Verification Profile

520	   A Verification Profile defines the set of verification code types,
521	   the commands that the verification code types are required,
522	   supported, or not supported, and the grace period by which the
523	   verification code types MUST be set.  A server MAY support many
524	   verification profiles, each with a unique name and a unique
525	   verification policy that is implemented by the server.  Each client
526	   MAY have zero or more server assigned verification profiles that will
527	   enforce the required verification policies.  Most likely a client
528	   will be assigned zero or one server assigned verification profile,
529	   but overlapping profiles is possible.  Overlapping verification
530	   profiles MUST be treated as a logical "and" of the policies by the
531	   server.  If no verification profile is assigned to the client, no
532	   additional verification is required by the client.

534	3.  EPP Command Mapping

536	   A detailed description of the EPP syntax and semantics can be found
537	   in the EPP core protocol specification [RFC5730].

539	3.1.  EPP Query Commands

541	   EPP provides three commands to retrieve object information: <check>
542	   to determine if an object is known to the server, <info> to retrieve
543	   detailed information associated with an object, and <transfer> to
544	   retrieve object transfer status information.

546	3.1.1.  EPP <check> Command

548	   This extension does not add any elements to the EPP <check> command
549	   or <check> response described in the [RFC5730].

551	3.1.2.  EPP <info> Command

553	   This extension defines additional elements to extend the EPP <info>
554	   command of an object mapping like the EPP domain name mapping
555	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
556	   [RFC5733].

558	   The EPP <info> command is used to retrieve the verification
559	   information.  The verification information is based on the
560	   verification profile, as defined in Section 2.2, set in the server
561	   for the client.  The <verificationCode:info> element is an empty
562	   element that indicates that the client requests the verification
563	   information.  The OPTIONAL "profile" attribute can be used by the
564	   client to explicitly specify a verification profile, as defined in
565	   Section 2.2, to base the verification information on.  It is up to
566	   server policy on the set of verification profiles that the client is
567	   allowed to explicitly specify, and if the client is not allowed, the
568	   server MUST return the 2201 error response.

570	   Example <info> domain command with the <verificationCode:info>
571	   extension to retrieve the verification information for the domain
572	   "domain.example", using the profiles associated with the client:

574	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
575	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
576	   C:  <command>
577	   C:    <info>
578	   C:      <domain:info
579	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
580	   C:        <domain:name>domain.example</domain:name>
581	   C:      </domain:info>
582	   C:    </info>
583	   C:    <extension>
584	   C:      <verificationCode:info
585	   C:        xmlns:verificationCode=
586	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"/>
587	   C:    </extension>
588	   C:    <clTRID>ABC-12345</clTRID>
589	   C:  </command>
590	   C:</epp>

592	   Example <info> domain command with the <verificationCode:info>
593	   extension to retrieve the verification information for the domain
594	   "domain.example", using the profiles associated with the client and
595	   with the authorization information to retrieve the verification codes
596	   from the non-sponsoring client:

598	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
599	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
600	   C:  <command>
601	   C:    <info>
602	   C:      <domain:info
603	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
604	   C:        <domain:name>domain.example</domain:name>
605	   C:        <domain:authInfo>
606	   C:          <domain:pw>2fooBAR</domain:pw>
607	   C:        </domain:authInfo>
608	   C:      </domain:info>
609	   C:    </info>
610	   C:    <extension>
611	   C:      <verificationCode:info
612	   C:        xmlns:verificationCode=
613	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"/>
614	   C:    </extension>
615	   C:    <clTRID>ABC-12345</clTRID>
616	   C:  </command>
617	   C:</epp>
618	   Example <info> domain command with the <verificationCode:info>
619	   extension to retrieve the verification information for the domain
620	   "domain.example", using the the "sample" profile:

622	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
623	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
624	   C:  <command>
625	   C:    <info>
626	   C:      <domain:info
627	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
628	   C:        <domain:name>domain.example</domain:name>
629	   C:      </domain:info>
630	   C:    </info>
631	   C:    <extension>
632	   C:      <verificationCode:info
633	   C:        xmlns:verificationCode=
634	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"
635	   C:        profile="sample"/>
636	   C:    </extension>
637	   C:    <clTRID>ABC-12345</clTRID>
638	   C:  </command>
639	   C:</epp>

641	   If the query was successful, the server replies with a
642	   <verificationCode:infData> element along with the regular EPP
643	   <resData>.  The <verificationCode:infData> element contains the
644	   following child elements:

646	   <verificationCode:status>  The status of the verification for the
647	       object, using all of the verification profiles assigned to the
648	       client.  There are four possible values for the status:

650	       notApplicable  The status is not applicable to the client since
651	           there is no assigned verification profile.
652	       nonCompliant  The object is non-compliant according to the
653	           verification profiles.  If at least one of the profiles is
654	           "nonCompliant", the object is "nonCompliant".
655	       pendingCompliance  The object is not in compliance with the
656	           verification profiles, but has a grace period to set the
657	           required set of verification codes, as reflected by the due
658	           date of the verification code type.  If at least one of the
659	           profiles is "pendingCompliance" and none of the profiles is
660	           "nonCompliant", the object is "pendingCompliance".
661	       compliant  The object is compliant with the verification
662	           profiles.  If All of the profiles for the object are
663	           "compliant" or if the object has no assignd profiles, the
664	           object is "compliant".

666	   <verificationCode:profile>  Zero or more OPTIONAL
667	       <verificationCode:profile> elements that defines the verification
668	       status of the object based on the profile.  The required "name"
669	       attribute defines the name of the profile.  The
670	       <verificationCode:profile> element contains the following child
671	       elements:

673	       <verificationCode:status>  The status of the verification for the
674	           object and the profile.  There are four possible values for
675	           the status:

677	           notApplicable  The profile status is not applicable to the
678	               client based on the assigned verification profiles or the
679	               profile specified.
680	           nonCompliant  The object is non-compliant according to the
681	               verification profile.
682	           pendingCompliance  The object is not in compliance with the
683	               verification profile, but has a grace period to set the
684	               required set of verification codes, as reflected by the
685	               due date of the verification code type.
686	           compliant  The object is compliant with the verification
687	               profile.
688	       <verificationCode:missing>  OPTIONAL list of missing verification
689	           code types.  The <verificationCode:missing> element is
690	           returned only if there is at least one missing verification
691	           code type and based on server policy.  The
692	           <verificationCode:missing> element contains the following
693	           child elements:

695	           <verificationCode:code>  One or more <verificationCode:code>
696	               elements that is empty with the REQUIRED "type" attribute
697	               that indicates the verification code type and the
698	               REQUIRED "due" attribute that indicates when the
699	               verification code type was or is due.  Past due
700	               verification code types will result in the
701	               <verificationCode:status> element being set to
702	               "nonCompliant".
703	       <verificationCode:set>  OPTIONAL list of set verification codes.
704	           The <verificationCode:set> element is returned only if there
705	           is at least one set verification code.  The
706	           <verificationCode:set> element contains the following child
707	           elements:

709	           <verificationCode:code>  One or more <verificationCode:code>
710	               elements containing the verification code with a REQUIRED
711	               "type" attribute that indicates the code type and a
712	               REQUIRED "date" attribute that indicates when the
713	               verification code was set.  The inclusion of the code
714	               value is up server policy, so if the server determines
715	               that the code value cannot be exposed to a non-sponsoring
716	               client, the <verificationCode:code> element MUST be
717	               empty.

719	   Example <info> domain response using the <verificationCode:infData>
720	   extension for a compliant domain using the "sample" profile, and with
721	   the two verification codes, from the sponsoring or authorized client:

723	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
724	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
725	   S:  <response>
726	   S:    <result code="1000">
727	   S:      <msg>Command completed successfully</msg>
728	   S:    </result>
729	   S:    <resData>
730	   S:      <domain:infData
731	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
732	   S:        <domain:name>domain.example</domain:name>
733	   S:        <domain:roid>DOMAIN-REP</domain:roid>
734	   S:        <domain:status s="ok"/>
735	   S:        <domain:clID>ClientX</domain:clID>
736	   S:        <domain:crID>ClientY</domain:crID>
737	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
738	   S:        </domain:crDate>
739	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
740	   S:        </domain:exDate>
741	   S:        <domain:authInfo>
742	   S:          <domain:pw>2fooBAR</domain:pw>
743	   S:        </domain:authInfo>
744	   S:      </domain:infData>
745	   S:    </resData>
746	   S:    <extension>
747	   S:      <verificationCode:infData
748	   S:        xmlns:verificationCode=
749	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
750	   S:        <verificationCode:status>compliant
751	   S:        </verificationCode:status>
752	   S:        <verificationCode:profile name="sample">
753	   S:          <verificationCode:status>compliant
754	   S:          </verificationCode:status>
755	   S:          <verificationCode:set>
756	   S:            <verificationCode:code type="domain"
757	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
758	   S:            </verificationCode:code>
759	   S:            <verificationCode:code type="registrant"
760	   S:              date="2010-04-03T22:00:00.0Z">1-abc444
761	   S:            </verificationCode:code>
762	   S:          </verificationCode:set>
763	   S:        </verificationCode:profile>
764	   S:      </verificationCode:infData>
765	   S:    </extension>
766	   S:    <trID>
767	   S:      <clTRID>ABC-12345</clTRID>
768	   S:      <svTRID>54322-XYZ</svTRID>
769	   S:    </trID>
770	   S:  </response>
771	   S:</epp>

773	   Example <info> domain response using the <verificationCode:infData>
774	   extension for a compliant domain using the "sample" profile, and with
775	   the two verification codes, from the sponsoring or authorized client
776	   that also includes codes set for the "sample2" profile:

778	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
779	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
780	   S:  <response>
781	   S:    <result code="1000">
782	   S:      <msg>Command completed successfully</msg>
783	   S:    </result>
784	   S:    <resData>
785	   S:      <domain:infData
786	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
787	   S:        <domain:name>domain.example</domain:name>
788	   S:        <domain:roid>DOMAIN-REP</domain:roid>
789	   S:        <domain:status s="ok"/>
790	   S:        <domain:clID>ClientX</domain:clID>
791	   S:        <domain:crID>ClientY</domain:crID>
792	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
793	   S:        </domain:crDate>
794	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
795	   S:        </domain:exDate>
796	   S:        <domain:authInfo>
797	   S:          <domain:pw>2fooBAR</domain:pw>
798	   S:        </domain:authInfo>
799	   S:      </domain:infData>
800	   S:    </resData>
801	   S:    <extension>
802	   S:      <verificationCode:infData
803	   S:        xmlns:verificationCode=
804	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
805	   S:        <verificationCode:status>compliant
806	   S:        </verificationCode:status>
807	   S:        <verificationCode:profile name="sample">
808	   S:          <verificationCode:status>compliant
809	   S:          </verificationCode:status>
810	   S:          <verificationCode:set>
811	   S:            <verificationCode:code type="domain"
812	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
813	   S:            </verificationCode:code>
814	   S:            <verificationCode:code type="registrant"
815	   S:              date="2010-04-03T22:00:00.0Z">1-abc444
816	   S:            </verificationCode:code>
817	   S:          </verificationCode:set>
818	   S:        </verificationCode:profile>
819	   S:        <verificationCode:profile name="sample2">
820	   S:          <verificationCode:status>notApplicable
821	   S:          </verificationCode:status>
822	   S:          <verificationCode:set>
823	   S:            <verificationCode:code type="domain"
824	   S:              date="2010-04-03T22:00:00.0Z">2-abc555
825	   S:            </verificationCode:code>
826	   S:          </verificationCode:set>
827	   S:        </verificationCode:profile>
828	   S:      </verificationCode:infData>
829	   S:    </extension>
830	   S:    <trID>
831	   S:      <clTRID>ABC-12345</clTRID>
832	   S:      <svTRID>54322-XYZ</svTRID>
833	   S:    </trID>
834	   S:  </response>
835	   S:</epp>
836	   Example <info> domain response using the <verificationCode:infData>
837	   extension for a compliant domain using the "sample" profile, and with
838	   the two verification code types, from the non-sponsoring client:

840	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
841	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
842	   S:  <response>
843	   S:    <result code="1000">
844	   S:      <msg>Command completed successfully</msg>
845	   S:    </result>
846	   S:    <resData>
847	   S:      <domain:infData
848	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
849	   S:        <domain:name>domain.example</domain:name>
850	   S:        <domain:roid>DOMAIN-REP</domain:roid>
851	   S:        <domain:status s="ok"/>
852	   S:        <domain:clID>ClientX</domain:clID>
853	   S:        <domain:crID>ClientY</domain:crID>
854	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
855	   S:        </domain:crDate>
856	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
857	   S:        </domain:exDate>
858	   S:      </domain:infData>
859	   S:    </resData>
860	   S:    <extension>
861	   S:      <verificationCode:infData
862	   S:        xmlns:verificationCode=
863	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
864	   S:        <verificationCode:status>compliant
865	   S:        </verificationCode:status>
866	   S:        <verificationCode:profile name="sample">
867	   S:          <verificationCode:status>compliant
868	   S:          </verificationCode:status>
869	   S:          <verificationCode:set>
870	   S:            <verificationCode:code type="domain"
871	   S:              date="2010-04-03T22:00:00.0Z"/>
872	   S:            <verificationCode:code type="registrant"
873	   S:              date="2010-04-03T22:00:00.0Z"/>
874	   S:          </verificationCode:set>
875	   S:        </verificationCode:profile>
876	   S:      </verificationCode:infData>
877	   S:    </extension>
878	   S:    <trID>
879	   S:      <clTRID>ABC-12345</clTRID>
880	   S:      <svTRID>54322-XYZ</svTRID>
881	   S:    </trID>
882	   S:  </response>
883	   S:</epp>
884	   Example <info> domain response using the <verificationCode:infData>
885	   extension for a non-compliant domain using the "sample" profile, and
886	   with the verification code types missing along with their due dates:

888	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
889	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
890	   S:  <response>
891	   S:    <result code="1000">
892	   S:      <msg>Command completed successfully</msg>
893	   S:    </result>
894	   S:    <resData>
895	   S:      <domain:infData
896	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
897	   S:        <domain:name>domain.example</domain:name>
898	   S:        <domain:roid>DOMAIN-REP</domain:roid>
899	   S:        <domain:status s="serverHold"/>
900	   S:        <domain:clID>ClientX</domain:clID>
901	   S:        <domain:crID>ClientY</domain:crID>
902	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
903	   S:        </domain:crDate>
904	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
905	   S:        </domain:exDate>
906	   S:      </domain:infData>
907	   S:    </resData>
908	   S:    <extension>
909	   S:      <verificationCode:infData
910	   S:        xmlns:verificationCode=
911	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
912	   S:        <verificationCode:status>nonCompliant
913	   S:        </verificationCode:status>
914	   S:        <verificationCode:profile name="sample">
915	   S:          <verificationCode:status>nonCompliant
916	   S:          </verificationCode:status>
917	   S:          <verificationCode:missing>
918	   S:            <verificationCode:code
919	   S:              type="domain"
920	   S:              due="2010-04-03T22:00:00.0Z"/>
921	   S:            <verificationCode:code
922	   S:              type="registrant"
923	   S:              due="2010-04-08T22:00:00.0Z"/>
924	   S:          </verificationCode:missing>
925	   S:        </verificationCode:profile>
926	   S:      </verificationCode:infData>
927	   S:    </extension>
928	   S:    <trID>
929	   S:      <clTRID>ABC-12345</clTRID>
930	   S:      <svTRID>54322-XYZ</svTRID>
931	   S:    </trID>
932	   S:  </response>
933	   S:</epp>

935	   Example <info> domain response using the <verificationCode:infData>
936	   extension for a pending compliance domain using the "sample" profile,
937	   with the verification code type missing along with the due date, and
938	   with set verification code:

940	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
941	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
942	   S:  <response>
943	   S:    <result code="1000">
944	   S:      <msg>Command completed successfully</msg>
945	   S:    </result>
946	   S:    <resData>
947	   S:      <domain:infData
948	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
949	   S:        <domain:name>domain.example</domain:name>
950	   S:        <domain:roid>DOMAIN-REP</domain:roid>
951	   S:        <domain:status s="ok"/>
952	   S:        <domain:clID>ClientX</domain:clID>
953	   S:        <domain:crID>ClientY</domain:crID>
954	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
955	   S:        </domain:crDate>
956	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
957	   S:        </domain:exDate>
958	   S:      </domain:infData>
959	   S:    </resData>
960	   S:    <extension>
961	   S:      <verificationCode:infData
962	   S:        xmlns:verificationCode=
963	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
964	   S:        <verificationCode:status>pendingCompliance
965	   S:        </verificationCode:status>
966	   S:        <verificationCode:profile name="sample">
967	   S:          <verificationCode:status>pendingCompliance
968	   S:          </verificationCode:status>
969	   S:          <verificationCode:missing>
970	   S:            <verificationCode:code
971	   S:              type="registrant"
972	   S:              due="2010-04-08T22:00:00.0Z"/>
973	   S:          </verificationCode:missing>
974	   S:          <verificationCode:set>
975	   S:            <verificationCode:code type="domain"
976	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
977	   S:            </verificationCode:code>
978	   S:          </verificationCode:set>
979	   S:        </verificationCode:profile>
980	   S:      </verificationCode:infData>
981	   S:    </extension>
982	   S:    <trID>
983	   S:      <clTRID>ABC-12345</clTRID>
984	   S:      <svTRID>54322-XYZ</svTRID>
985	   S:    </trID>
986	   S:  </response>
987	   S:</epp>
988	   Example <info> domain response using the <verificationCode:infData>
989	   extension for a client that does not have a verification profile
990	   assigned:

992	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
993	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
994	   S:  <response>
995	   S:    <result code="1000">
996	   S:      <msg>Command completed successfully</msg>
997	   S:    </result>
998	   S:    <resData>
999	   S:      <domain:infData
1000	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
1001	   S:        <domain:name>domain.example</domain:name>
1002	   S:        <domain:roid>DOMAIN-REP</domain:roid>
1003	   S:        <domain:status s="ok"/>
1004	   S:        <domain:clID>ClientX</domain:clID>
1005	   S:        <domain:crID>ClientY</domain:crID>
1006	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
1007	   S:        </domain:crDate>
1008	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
1009	   S:        </domain:exDate>
1010	   S:      </domain:infData>
1011	   S:    </resData>
1012	   S:    <extension>
1013	   S:      <verificationCode:infData
1014	   S:        xmlns:verificationCode=
1015	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
1016	   S:        <verificationCode:status>notApplicable
1017	   S:        </verificationCode:status>
1018	   S:      </verificationCode:infData>
1019	   S:    </extension>
1020	   S:    <trID>
1021	   S:      <clTRID>ABC-12345</clTRID>
1022	   S:      <svTRID>54322-XYZ</svTRID>
1023	   S:    </trID>
1024	   S:  </response>
1025	   S:</epp>

1027	3.1.3.  EPP <transfer> Command

1029	   This extension does not add any elements to the EPP <transfer> query
1030	   command or <transfer> response described in the [RFC5730].

1032	3.2.  EPP Transform Commands

1034	   EPP provides five commands to transform objects: <create> to create
1035	   an instance of an object, <delete> to delete an instance of an
1036	   object, <renew> to extend the validity period of an object,
1037	   <transfer> to manage object sponsorship changes, and <update> to
1038	   change information associated with an object.

1040	3.2.1.  EPP <create> Command

1042	   This extension defines additional elements to extend the EPP <create>
1043	   command of an object mapping like the EPP domain name mapping
1044	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
1045	   [RFC5733].

1047	   The EPP <create> command provides a transform operation that allows a
1048	   client to create an object.  In addition to the EPP command elements
1049	   described in an object mapping like [RFC5731], the command MAY
1050	   contain a child <verificationCode:encodedSignedCode> element, as
1051	   defined in Section 2.1.2, that identifies the extension namespace for
1052	   the client to provide proof of verification by a Verification Service
1053	   Provider (VSP).  The server MAY support multiple policies for the
1054	   passing of the <verificationCode:encodedSignedCode> element based on
1055	   the client profile, which include:

1057	   required  The client MUST pass a valid
1058	       <verificationCode:encodedSignedCode> element containing the
1059	       required set of verification codes.  If a
1060	       <verificationCode:encodedSignedCode> element is not passed or the
1061	       required set of verification codes is not included, the server
1062	       MUST return an EPP error result code of 2306.  If an invalid
1063	       <verificationCode:encodedSignedCode> element is passed, the
1064	       server MUST return an EPP error result code of 2005.
1065	   optional  The client MAY pass a valid
1066	       <verificationCode:encodedSignedCode> element.  If an invalid
1067	       <verificationCode:encodedSignedCode> element is passed, the
1068	       server MUST return an EPP error result code of 2005.
1069	   not supported  The client MUST NOT pass a
1070	       <verificationCode:encodedSignedCode> element.  If a
1071	       <verificationCode:encodedSignedCode> element is passed, the
1072	       server MUST return an EPP error result code of 2102.

1074	   Example <create> command to create a domain object with a
1075	   verification code:

1077	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
1078	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
1079	   C:  <command>
1080	   C:    <create>
1081	   C:      <domain:create
1082	   C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
1083	   C:        <domain:name>domain.example</domain:name>
1084	   C:        <domain:registrant>jd1234</domain:registrant>
1085	   C:        <domain:contact type="admin">sh8013</domain:contact>
1086	   C:        <domain:contact type="tech">sh8013</domain:contact>
1087	   C:        <domain:authInfo>
1088	   C:          <domain:pw>2fooBAR</domain:pw>
1089	   C:        </domain:authInfo>
1090	   C:      </domain:create>
1091	   C:    </create>
1092	   C:    <extension>
1093	   C:      <verificationCode:encodedSignedCode
1094	   C:        xmlns:verificationCode=
1095	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0">
1096	   C:        <verificationCode:code>
1097	   C:ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
1098	   C:OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
1099	   C:bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
1100	   C:b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
1101	   C:ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
1102	   C:dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
1103	   C:PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
1104	   C:My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
1105	   C:aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
1106	   C:Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
1107	   C:Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
1108	   C:aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
1109	   C:ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
1110	   C:dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
1111	   C:YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
1112	   C:UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
1113	   C:ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
1114	   C:UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
1115	   C:Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
1116	   C:amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
1117	   C:bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
1118	   C:CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
1119	   C:d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
1120	   C:SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
1121	   C:VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
1122	   C:CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
1123	   C:ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
1124	   C:d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
1125	   C:bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
1126	   C:eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
1127	   C:d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
1128	   C:R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
1129	   C:UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
1130	   C:c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
1131	   C:QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
1132	   C:cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
1133	   C:NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
1134	   C:MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
1135	   C:ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
1136	   C:WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
1137	   C:QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
1138	   C:Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
1139	   C:Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
1140	   C:SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
1141	   C:LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
1142	   C:VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
1143	   C:R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
1144	   C:SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
1145	   C:Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
1146	   C:bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
1147	   C:MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
1148	   C:REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
1149	   C:aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
1150	   C:N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
1151	   C:aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
1152	   C:L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
1153	   C:TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
1154	   C:UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
1155	   C:YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
1156	   C:b25Db2RlOnNpZ25lZENvZGU+Cg==
1157	   C:        </verificationCode:code>
1158	   C:      </verificationCode:encodedSignedCode>
1159	   C:    </extension>
1160	   C:    <clTRID>ABC-12345</clTRID>
1161	   C:  </command>
1162	   C:</epp>

1164	   This extension does not add any elements to the EPP <create> response
1165	   described in the [RFC5730].

1167	3.2.2.  EPP <delete> Command

1169	   This extension defines additional elements to extend the EPP <delete>
1170	   command and response in the same fashion as defined for the EPP
1171	   <create> Command (Section 3.2.1).

1173	3.2.3.  EPP <renew> Command

1175	   This extension defines additional elements to extend the EPP <renew>
1176	   command and response in the same fashion as defined for the EPP
1177	   <create> Command (Section 3.2.1).

1179	3.2.4.  EPP <transfer> Command

1181	   This extension defines additional elements to extend the EPP
1182	   <transfer> command and response in the same fashion as defined for
1183	   the EPP <create> Command (Section 3.2.1).

1185	3.2.5.  EPP <update> Command

1187	   This extension defines additional elements to extend the EPP <update>
1188	   command and response in the same fashion as defined for the EPP
1189	   <create> Command (Section 3.2.1).

1191	4.  Formal Syntax

1193	   One schema is presented here that is the EPP Verification Code
1194	   Extension schema.

1196	   The formal syntax presented here is a complete schema representation
1197	   of the object mapping suitable for automated validation of EPP XML
1198	   instances.  The BEGIN and END tags are not part of the schema; they
1199	   are used to note the beginning and ending of the schema for URI
1200	   registration purposes.

1202	4.1.  Verification Code Extension Schema

1204	   BEGIN
1205	   <?xml version="1.0" encoding="UTF-8"?>
1206	   <schema
1207	     targetNamespace=
1208	       "urn:ietf:params:xml:ns:verificationCode-1.0"
1209	     xmlns:verificationCode=
1210	       "urn:ietf:params:xml:ns:verificationCode-1.0"
1211	     xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
1212	     xmlns="http://www.w3.org/2001/XMLSchema"
1213	     elementFormDefault="qualified">

1215	     <annotation>
1216	       <documentation>
1217	         Extensible Provisioning Protocol v1.0
1218	         Verification Code Extension.
1219	       </documentation>
1220	     </annotation>
1221	     <import namespace="http://www.w3.org/2000/09/xmldsig#"
1222	       schemaLocation="xmldsig-core-schema.xsd"/>

1224	     <!-- Abstract signed code for substitution -->
1225	     <element name="abstractSignedCode"
1226	       type="verificationCode:abstractSignedCodeType"
1227	       abstract="true"/>

1229	     <!-- Empty type for use in extending for a signed code -->
1230	     <complexType name="abstractSignedCodeType"/>

1232	     <!-- Definition of concrete signed code -->
1233	     <element name="signedCode"
1234	       type="verificationCode:signedCodeType"
1235	       substitutionGroup="verificationCode:abstractSignedCode"/>

1237	     <complexType name="signedCodeType">
1238	       <complexContent>
1239	         <extension base="verificationCode:abstractSignedCodeType">
1240	           <sequence>
1241	             <element name="code"
1242	               type="verificationCode:verificationCodeType"/>
1243	             <element ref="dsig:Signature"/>
1244	           </sequence>
1245	           <attribute name="id" type="ID" use="required"/>
1246	         </extension>
1247	       </complexContent>
1248	     </complexType>

1250	     <simpleType name="verificationCodeValueType">
1251	       <restriction base="token">
1252	           <pattern value="\d+-[A-Za-z0-9]+"/>
1253	       </restriction>
1254	     </simpleType>

1256	     <complexType name="verificationCodeType">
1257	       <simpleContent>
1258	         <extension base=
1259	           "verificationCode:verificationCodeValueType">
1260	           <attribute name="type" type="token"
1261	             use="required"/>
1262	         </extension>
1263	       </simpleContent>
1264	     </complexType>

1266	     <!-- Definition of an encoded signed code -->
1267	     <element name="encodedSignedCode"
1268	       type="verificationCode:encodedSignedCodeListType"/>

1270	     <complexType name="encodedSignedCodeListType">
1271	       <sequence>
1272	          <element name="code"
1273	             type="verificationCode:encodedSignedCodeType"
1274	             minOccurs="1" maxOccurs="unbounded"/>
1275	       </sequence>
1276	     </complexType>

1278	     <complexType name="encodedSignedCodeType">
1279	       <simpleContent>
1280	         <extension base="token">
1281	           <attribute name="encoding"
1282	             type="token" default="base64"/>
1283	         </extension>
1284	       </simpleContent>
1285	     </complexType>

1287	     <!-- info command extension elements -->
1288	     <element name="info" type="verificationCode:infoType"/>

1290	     <complexType name="infoType">
1291	       <simpleContent>
1292	         <extension base="token">
1293	            <attribute name="profile" type="token"/>
1294	         </extension>
1295	       </simpleContent>
1296	     </complexType>

1298	     <!-- info response extension elements -->
1299	     <element name="infData" type="verificationCode:infDataType"/>

1301	     <complexType name="infDataType">
1302	       <sequence>
1303	         <element name="status"
1304	           type="verificationCode:statusEnum"/>
1305	         <element name="profile"
1306	           type="verificationCode:profileDataType"
1307	           minOccurs="0" maxOccurs="unbounded"/>
1308	       </sequence>
1309	     </complexType>

1311	     <complexType name="profileDataType">
1312	       <sequence>
1313	         <element name="status"
1314	           type="verificationCode:statusEnum"/>
1315	         <element name="missing"
1316	           type="verificationCode:missingCodes"
1317	           minOccurs="0"/>
1318	         <element name="set"
1319	           type="verificationCode:codesType"
1320	           minOccurs="0"/>
1321	       </sequence>
1322	       <attribute name="name" type="token"/>
1323	     </complexType>

1325	     <simpleType name="statusEnum">
1326	       <restriction base="token">
1327	         <enumeration value="notApplicable"/>
1328	         <enumeration value="nonCompliant"/>
1329	         <enumeration value="pendingCompliance"/>
1330	         <enumeration value="compliant"/>
1331	       </restriction>
1332	     </simpleType>

1334	     <complexType name="missingVerificationCode">
1335	       <simpleContent>
1336	         <extension base="token">
1337	           <attribute name="type" type="token"
1338	             use="required"/>
1339	           <attribute name="due" type="dateTime"
1340	             use="required"/>
1341	         </extension>
1342	       </simpleContent>
1343	     </complexType>

1345	     <complexType name="missingCodes">
1346	       <sequence>
1347	         <element name="code"
1348	           type="verificationCode:missingVerificationCode"
1349	           minOccurs="1" maxOccurs="unbounded"/>
1350	       </sequence>
1351	     </complexType>

1353	     <complexType name="infoVerificationCodeType">
1354	       <simpleContent>
1355	         <extension base="token">
1356	           <attribute name="type" type="token"
1357	             use="required"/>
1358	           <attribute name="date" type="dateTime"
1359	             use="required"/>
1360	         </extension>
1361	       </simpleContent>
1362	     </complexType>

1364	     <complexType name="codesType">
1365	       <sequence>
1366	         <element name="code"
1367	           type="verificationCode:infoVerificationCodeType"
1368	           minOccurs="1" maxOccurs="unbounded"/>
1369	       </sequence>
1370	     </complexType>

1372	   </schema>
1373	   END

1375	5.  IANA Considerations

1377	5.1.  XML Namespace

1379	   This document uses URNs to describe XML namespaces and XML schemas
1380	   conforming to a registry mechanism described in [RFC3688].

1382	   Registration request for the verificationCode namespace:

1384	      URI: ietf:params:xml:ns:verificationCode-1.0
1385	      Registrant Contact: See the "Author's Address" section of this
1386	      document.
1387	      XML: None.  Namespace URIs do not represent an XML specification.

1389	   Registration request for the verificationCode XML schema:

1391	      URI: ietf:params:xml:ns:verificationCode-1.0
1392	      Registrant Contact: See the "Author's Address" section of this
1393	      document.
1394	      XML: See the "Formal Syntax" section of this document.

1396	5.2.  EPP Extension Registry

1398	   The EPP extension described in this document should be registered by
1399	   the IANA in the EPP Extension Registry described in [RFC7451].  The
1400	   details of the registration are as follows:

1402	   Name of Extension: "Verification Code Extension for the Extensible
1403	   Provisioning Protocol (EPP)"

1405	   Document status: Standards Track

1407	   Reference: (insert reference to RFC version of this document)

1409	   Registrant Name and Email Address: IESG, <iesg@ietf.org>

1411	   TLDs: Any
1412	   IPR Disclosure: None

1414	   Status: Active

1416	   Notes: None

1418	6.  Security Considerations

1420	   The mapping extension described in this document is based on the
1421	   security services described by EPP [RFC5730] and protocol layers used
1422	   by EPP.  The security considerations described in these other
1423	   specifications apply to this specification as well.

1425	   XML Signature [W3C.CR-xmldsig-core2-20120124] is used in this
1426	   extension to verify that the Verification Code originated from a
1427	   trusted Verification Service Provider (VSP) and that it wasn't
1428	   tampered with in transit from the VSP to the client to the server.
1429	   To support multiple VSP keys, the VSP certificate chain MUST be
1430	   included in the <X509Certificate> elements of the Signed Code
1431	   (Section 2.1.1) and MUST chain up and be verified by the server
1432	   against a set of trusted certificates.

1434	   It is RECOMMENDED that signed codes do not include white-spaces
1435	   between the XML elements in order to mitigate risks of invalidating
1436	   the digital signature when transferring of signed codes between
1437	   applications takes place.

1439	   Use of XML canonicalization SHOULD be used when generating the signed
1440	   code.  SHA256/RSA-SHA256 SHOULD be used for digesting and signing.
1441	   The size of the RSA key SHOULD be at least 2048 bits.

1443	7.  Normative References

1445	   [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1446	              Extensions (MIME) Part One: Format of Internet Message
1447	              Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
1448	              <https://www.rfc-editor.org/info/rfc2045>.

1450	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1451	              Requirement Levels", BCP 14, RFC 2119,
1452	              DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
1453	              editor.org/info/rfc2119>.

1455	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1456	              DOI 10.17487/RFC3688, January 2004, <https://www.rfc-
1457	              editor.org/info/rfc3688>.

1459	   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
1460	              Specifications: ABNF", STD 68, RFC 5234,
1461	              DOI 10.17487/RFC5234, January 2008, <https://www.rfc-
1462	              editor.org/info/rfc5234>.

1464	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
1465	              STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
1466	              <https://www.rfc-editor.org/info/rfc5730>.

1468	   [RFC5731]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1469	              Domain Name Mapping", STD 69, RFC 5731,
1470	              DOI 10.17487/RFC5731, August 2009, <https://www.rfc-
1471	              editor.org/info/rfc5731>.

1473	   [RFC5732]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1474	              Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732,
1475	              August 2009, <https://www.rfc-editor.org/info/rfc5732>.

1477	   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1478	              Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,
1479	              August 2009, <https://www.rfc-editor.org/info/rfc5733>.

1481	   [RFC7451]  Hollenbeck, S., "Extension Registry for the Extensible
1482	              Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451,
1483	              February 2015, <https://www.rfc-editor.org/info/rfc7451>.

1485	   [W3C.CR-xmldsig-core2-20120124]
1486	              Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle,
1487	              J., Solo, D., Datta, P., and F. Hirsch, "XML Signature
1488	              Syntax and Processing Version 2.0", World Wide Web
1489	              Consortium CR CR-xmldsig-core2-20120124, January 2012,
1490	              <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>.

1492	Appendix A.  Acknowledgements

1494	Appendix B.  Change History

1496	B.1.  Change from 00 to 01

1498	   1.  Fixed pendingComplaince and complaint to pendingCompliance and
1499	       compliant in text.
1500	   2.  Fixed verificaton to verification.

1502	B.2.  Change from 01 to 02

1504	   1.  Added support for the notApplicable status value.

1506	B.3.  Change from 02 to 03

1508	   1.  Added regular expression pattern for the format of the
1509	       verification code token value in the XML schema.

1511	B.4.  Change from 03 to 04

1513	   1.  Ping update.

1515	B.5.  Change from 04 to REGEXT 00

1517	   1.  Changed to regext working group draft by changing draft-gould-
1518	       eppext-verificationcode to draft-ietf-regext-verificationcode.

1520	B.6.  Change from REGEXT 00 to REGEXT 01

1522	   1.  Ping update.

1524	B.7.  Change from REGEXT 01 to REGEXT 02

1526	   1.  Ping update.

1528	Author's Address

1530	   James Gould
1531	   VeriSign, Inc.
1532	   12061 Bluemont Way
1533	   Reston, VA  20190
1534	   US

1536	   Email: jgould@verisign.com
1537	   URI:   http://www.verisign.com