idnits 2.17.1 

draft-ietf-regext-verificationcode-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

     No issues found here.

  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (October 8, 2018) is 2026 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

     No issues found here.

     Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Network Working Group                                           J. Gould
3	Internet-Draft                                            VeriSign, Inc.
4	Intended status: Standards Track                         October 8, 2018
5	Expires: April 11, 2019

7	  Verification Code Extension for the Extensible Provisioning Protocol
8	                                 (EPP)
9	                 draft-ietf-regext-verificationcode-04

11	Abstract

13	   This document describes an Extensible Provisioning Protocol (EPP)
14	   extension for including a verification code for marking the data for
15	   a transform command as being verified by a 3rd party, which is
16	   referred to as the Verification Service Provider (VSP).  The
17	   verification code is digitally signed by the VSP using XML Signature
18	   and is "base64" encoded.  The XML Signature includes the VSP signer
19	   certificate, so the server can verify that the verification code
20	   originated from the VSP.

22	Status of This Memo

24	   This Internet-Draft is submitted in full conformance with the
25	   provisions of BCP 78 and BCP 79.

27	   Internet-Drafts are working documents of the Internet Engineering
28	   Task Force (IETF).  Note that other groups may also distribute
29	   working documents as Internet-Drafts.  The list of current Internet-
30	   Drafts is at http://datatracker.ietf.org/drafts/current/.

32	   Internet-Drafts are draft documents valid for a maximum of six months
33	   and may be updated, replaced, or obsoleted by other documents at any
34	   time.  It is inappropriate to use Internet-Drafts as reference
35	   material or to cite them other than as "work in progress."

37	   This Internet-Draft will expire on April 11, 2019.

39	Copyright Notice

41	   Copyright (c) 2018 IETF Trust and the persons identified as the
42	   document authors.  All rights reserved.

44	   This document is subject to BCP 78 and the IETF Trust's Legal
45	   Provisions Relating to IETF Documents
46	   (http://trustee.ietf.org/license-info) in effect on the date of
47	   publication of this document.  Please review these documents
48	   carefully, as they describe your rights and restrictions with respect
49	   to this document.  Code Components extracted from this document must
50	   include Simplified BSD License text as described in Section 4.e of
51	   the Trust Legal Provisions and are provided without warranty as
52	   described in the Simplified BSD License.

54	Table of Contents

56	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
57	     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
58	   2.  Object Attributes . . . . . . . . . . . . . . . . . . . . . .   4
59	     2.1.  Verification Code . . . . . . . . . . . . . . . . . . . .   4
60	       2.1.1.  Signed Code . . . . . . . . . . . . . . . . . . . . .   4
61	       2.1.2.  Encoded Signed Code . . . . . . . . . . . . . . . . .   7
62	     2.2.  Verification Profile  . . . . . . . . . . . . . . . . . .  11
63	   3.  EPP Command Mapping . . . . . . . . . . . . . . . . . . . . .  12
64	     3.1.  EPP Query Commands  . . . . . . . . . . . . . . . . . . .  12
65	       3.1.1.  EPP <check> Command . . . . . . . . . . . . . . . . .  12
66	       3.1.2.  EPP <info> Command  . . . . . . . . . . . . . . . . .  12
67	       3.1.3.  EPP <transfer> Command  . . . . . . . . . . . . . . .  24
68	     3.2.  EPP Transform Commands  . . . . . . . . . . . . . . . . .  25
69	       3.2.1.  EPP <create> Command  . . . . . . . . . . . . . . . .  25
70	       3.2.2.  EPP <delete> Command  . . . . . . . . . . . . . . . .  27
71	       3.2.3.  EPP <renew> Command . . . . . . . . . . . . . . . . .  28
72	       3.2.4.  EPP <transfer> Command  . . . . . . . . . . . . . . .  28
73	       3.2.5.  EPP <update> Command  . . . . . . . . . . . . . . . .  28
74	   4.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  28
75	     4.1.  Verification Code Extension Schema  . . . . . . . . . . .  28
76	   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  32
77	     5.1.  XML Namespace . . . . . . . . . . . . . . . . . . . . . .  32
78	     5.2.  EPP Extension Registry  . . . . . . . . . . . . . . . . .  32
79	   6.  Implementation Status . . . . . . . . . . . . . . . . . . . .  33
80	     6.1.  Verisign EPP SDK  . . . . . . . . . . . . . . . . . . . .  33
81	     6.2.  Net::DRI  . . . . . . . . . . . . . . . . . . . . . . . .  34
82	   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  34
83	   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  35
84	     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  35
85	     8.2.  Informative References  . . . . . . . . . . . . . . . . .  36
86	   Appendix A.  Acknowledgements . . . . . . . . . . . . . . . . . .  36
87	   Appendix B.  Change History . . . . . . . . . . . . . . . . . . .  36
88	     B.1.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .  36
89	     B.2.  Change from 01 to 02  . . . . . . . . . . . . . . . . . .  36
90	     B.3.  Change from 02 to 03  . . . . . . . . . . . . . . . . . .  36
91	     B.4.  Change from 03 to 04  . . . . . . . . . . . . . . . . . .  36
92	     B.5.  Change from 04 to REGEXT 00 . . . . . . . . . . . . . . .  37
93	     B.6.  Change from REGEXT 00 to REGEXT 01  . . . . . . . . . . .  37
94	     B.7.  Change from REGEXT 01 to REGEXT 02  . . . . . . . . . . .  37
95	     B.8.  Change from REGEXT 02 to REGEXT 03  . . . . . . . . . . .  37
96	     B.9.  Change from REGEXT 03 to REGEXT 04  . . . . . . . . . . .  37

98	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  37

100	1.  Introduction

102	   This document describes an extension mapping for version 1.0 of the
103	   Extensible Provisioning Protocol (EPP) [RFC5730].  This mapping, an
104	   extension to EPP object mappings like the EPP domain name mapping
105	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
106	   [RFC5733], can be used to pass a verification code to one of the EPP
107	   transform commands.  The domain name object is used for examples in
108	   the document.  The verification code is signed using XML Signature
109	   [W3C.CR-xmldsig-core2-20120124] and is "base64" encoded.  The
110	   "base64" encoded text of the verification code MUST conform to
111	   [RFC2045].  The verification code demonstrates that verification was
112	   done by a Verification Service Provider (VSP).

114	   The Verification Service Provider (VSP) is a certified party to
115	   verify that data is in compliance with the policies of a locality.  A
116	   locality MAY require the client to have data verified in accordance
117	   with local regulations or laws utilizing data sources not available
118	   to the server.  The VSP has access to the local data sources and is
119	   authorized to verify the data.  Examples include verifying that the
120	   domain name is not prohibited and verifying that the domain name
121	   registrant is a valid individual, organization, or business in the
122	   locality.  The data verified, and the objects and operations that
123	   require the verification code to be passed to the server, is up to
124	   the policies of the locality.  The verification code represents a
125	   marker that the verification was completed.  The VSP MUST store the
126	   proof of verification and the generated verification code; and MAY
127	   store the verified data.  The signer certificate and the digital
128	   signature of the verification code MUST be verified by the server.

130	1.1.  Conventions Used in This Document

132	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
133	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
134	   "OPTIONAL" in this document are to be interpreted as described in BCP
135	   14 [RFC2119] [RFC8174] when, and only when, they appear in all
136	   capitals, as shown here.

138	   XML is case sensitive.  Unless stated otherwise, XML specifications
139	   and examples provided in this document MUST be interpreted in the
140	   character case presented in order to develop a conforming
141	   implementation.

143	   In examples, "C:" represents lines sent by a protocol client and "S:"
144	   represents lines returned by a protocol server.  Indentation and
145	   white space in examples are provided only to illustrate element
146	   relationships and are not a REQUIRED feature of this protocol.

148	   "verificationCode-1.0" is used as an abbreviation for
149	   "urn:ietf:params:xml:ns:verificationCode-1.0".  The XML namespace
150	   prefix "verificationCode" is used, but implementations MUST NOT
151	   depend on it and instead employ a proper namespace-aware XML parser
152	   and serializer to interpret and output the XML documents.

154	2.  Object Attributes

156	   This extension adds additional elements to EPP object mappings like
157	   the EPP domain name mapping [RFC5731], EPP host mapping [RFC5732],
158	   and EPP contact mapping [RFC5733].  Only those new elements are
159	   described here.

161	2.1.  Verification Code

163	   The Verification Code is a formatted token, referred to as the
164	   Verification Code Token, that is digitally signed by a Verification
165	   Service Provider (VSP) using XML Signature
166	   [W3C.CR-xmldsig-core2-20120124], using the process described in
167	   Section 2.1.1, and is then "base64" encoded, as defined in
168	   Section 2.1.2.  The Verification Code Token syntax is specified using
169	   Augmented Backus-Naur Form (ABNF) grammar [RFC5234] as follows:

171	   Verification Code Token ABNF

173	   token     = vsp-id "-" verification-id ; Verification Code Token
174	   vsp-id    = 1*DIGIT                    ; VSP Identifier
175	   verification-id = 1*(DIGIT / ALPHA)    ; Verification Identifier

177	   For a VSP given VSP Identifier "1" and with a Verification Identifier
178	   of "abc123", the resulting Verification Code Token is "1-abc123".
179	   The Verification Identifier MUST be unique within a VSP and the VSP
180	   Identifier MUST be unique across supporting VSP's, so the
181	   Verification Code Token MUST be unique to an individual verification.
182	   The VSP Identifiers MAY require registration within an IANA registry.

184	2.1.1.  Signed Code

186	   The <verificationCode:signedCode> is the fragment of XML that is
187	   digitally signed using XML Signature [W3C.CR-xmldsig-core2-20120124].
188	   The <verificationCode:signedCode> element includes a required "id"
189	   attribute of type XSD ID for use with an IDREF URI from the Signature
190	   element.  The certificate of the issuer MUST be included with the
191	   Signature so it can be chained with the issuer's certificate by the
192	   validating client.

194	   The <verificationCode:signedCode> element includes a REQUIRED "type"
195	   attribute for use in defining the type of the signed code.  It is up
196	   to the VSP and the server to define the valid values for the "type"
197	   attribute.  Examples of possible "type" attribute values include
198	   "domain" for verification of the domain name, "registrant" for
199	   verification of the registrant contact, or "domain-registrant" for
200	   verification of both the domain name and the registrant.  The typed
201	   signed code is used to indicate the verifications that are done by
202	   the VSP.  The "type" attribute values MAY require registration within
203	   an IANA registry.

205	   A <verificationCode:signedCode> element substitutes for the
206	   <verificationCode:abstractSignedCode> abstract element to define a
207	   concrete definition of a signed code.  The
208	   <verificationCode:abstractSignedCode> element can be replaced by
209	   other signed code definitions using the XML schema substitution
210	   groups feature.

212	   The child elements of the <verificationCode:signedCode> element
213	   include:

215	   <verificationCode:code>  Contains the Verification Code Token as
216	       defined by the ABNF in Section 2.1.
217	   <Signature>  XML Signature [W3C.CR-xmldsig-core2-20120124] for the
218	       <verificationCode:signedCode>.  Use of a namespace prefix, like
219	       "dsig", is recommended for the XML Signature
220	       [W3C.CR-xmldsig-core2-20120124] elements.

222	   Example of a "domain" typed signed code using the
223	   <verificationCode:signedCode> element and XML Signature
224	   [W3C.CR-xmldsig-core2-20120124]:

226	   <verificationCode:signedCode
227	     xmlns:verificationCode=
228	     "urn:ietf:params:xml:ns:verificationCode-1.0"
229	     id="signedCode">
230	     <verificationCode:code type="domain">1-abc111
231	     </verificationCode:code>
232	     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
233	      <SignedInfo>
234	       <CanonicalizationMethod
235	    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
236	       <SignatureMethod
237	    Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
238	       <Reference URI="#signedCode">
239	        <Transforms>
240	         <Transform
241	    Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
242	        </Transforms>
243	        <DigestMethod
244	    Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
245	    <DigestValue>wgyW3nZPoEfpptlhRILKnOQnbdtU6ArM7ShrAfHgDFg=
246	    </DigestValue>
247	       </Reference>
248	      </SignedInfo>
249	      <SignatureValue>
250	    jMu4PfyQGiJBF0GWSEPFCJjmywCEqR2h4LD+ge6XQ+JnmKFFCuCZS/3SLKAx0L1w
251	    QDFO2e0Y69k2G7/LGE37X3vOflobFM1oGwja8+GMVraoto5xAd4/AF7eHukgAymD
252	    o9toxoa2h0yV4A4PmXzsU6S86XtCcUE+S/WM72nyn47zoUCzzPKHZBRyeWehVFQ+
253	    jYRMIAMzM57HHQA+6eaXefRvtPETgUO4aVIVSugc4OUAZZwbYcZrC6wOaQqqqAZi
254	    30aPOBYbAvHMSmWSS+hFkbshomJfHxb97TD2grlYNrQIzqXk7WbHWy2SYdA+sI/Z
255	    ipJsXNa6osTUw1CzA7jfwA==
256	      </SignatureValue>
257	      <KeyInfo>
258	       <X509Data>
259	       <X509Certificate>
260	    MIIESTCCAzGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEL
261	    MAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJQ0FO
262	    TiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0EwHhcNMTMwMjA4MDAw
263	    MDAwWhcNMTgwMjA3MjM1OTU5WjBsMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
264	    FDASBgNVBAcTC0xvcyBBbmdlbGVzMRcwFQYDVQQKEw5WYWxpZGF0b3IgVE1DSDEh
265	    MB8GA1UEAxMYVmFsaWRhdG9yIFRNQ0ggVEVTVCBDRVJUMIIBIjANBgkqhkiG9w0B
266	    AQEFAAOCAQ8AMIIBCgKCAQEAo/cwvXhbVYl0RDWWvoyeZpETVZVVcMCovUVNg/sw
267	    WinuMgEWgVQFrz0xA04pEhXCFVv4evbUpekJ5buqU1gmQyOsCKQlhOHTdPjvkC5u
268	    pDqa51Flk0TMaMkIQjs7aUKCmA4RG4tTTGK/EjR1ix8/D0gHYVRldy1YPrMP+ou7
269	    5bOVnIos+HifrAtrIv4qEqwLL4FTZAUpaCa2BmgXfy2CSRQbxD5Or1gcSa3vurh5
270	    sPMCNxqaXmIXmQipS+DuEBqMM8tldaN7RYojUEKrGVsNk5i9y2/7sjn1zyyUPf7v
271	    L4GgDYqhJYWV61DnXgx/Jd6CWxvsnDF6scscQzUTEl+hywIDAQABo4H/MIH8MAwG
272	    A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPZEcIQcD/Bj2IFz/LERuo2ADJviMIGMBgNV
273	    HSMEgYQwgYGAFO0/7kEh3FuEKS+Q/kYHaD/W6wihoWakZDBiMQswCQYDVQQGEwJV
274	    UzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJ
275	    Q0FOTiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0GCAQEwDgYDVR0P
276	    AQH/BAQDAgeAMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jcmwuaWNhbm4ub3Jn
277	    L3RtY2guY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB2qSy7ui+43cebKUKwWPrzz9y/
278	    IkrMeJGKjo40n+9uekaw3DJ5EqiOf/qZ4pjBD++oR6BJCb6NQuQKwnoAz5lE4Ssu
279	    y5+i93oT3HfyVc4gNMIoHm1PS19l7DBKrbwbzAea/0jKWVzrvmV7TBfjxD3AQo1R
280	    bU5dBr6IjbdLFlnO5x0G0mrG7x5OUPuurihyiURpFDpwH8KAH1wMcCpXGXFRtGKk
281	    wydgyVYAty7otkl/z3bZkCVT34gPvF70sR6+QxUy8u0LzF5A/beYaZpxSYG31amL
282	    AdXitTWFipaIGea9lEGFM0L9+Bg7XzNn4nVLXokyEB3bgS4scG6QznX23FGk
283	      </X509Certificate>
284	      </X509Data>
285	      </KeyInfo>
286	     </Signature>
287	   </verificationCode:signedCode>

289	2.1.2.  Encoded Signed Code

291	   The <verificationCode:encodedSignedCode> element contains one or more
292	   encoded form of the digitally signed <verificationCode:signedCode>
293	   element, described in Section 2.1.1.

295	   The child elements of the <verificationCode:encodedSignedCode>
296	   element include:

298	   <verificationCode:code>  One or more <verificationCode:code> elements
299	       that is an encoded form of the digitally signed
300	       <verificationCode:signedCode> element, described in
301	       Section 2.1.1, with the encoding defined by the "encoding"
302	       attribute with the default "encoding" value of "base64".  The
303	       "base64" encoded text of the <verificationCode:code> element MUST
304	       conform to [RFC2045].

306	   Example <verificationCode:encodedSignedCode> element that contains
307	   one "base64" encoded <verificationCode:signedCode> contained in the
308	   <verificationCode:code> element:

310	   <verificationCode:encodedSignedCode
311	     xmlns:verificationCode=
312	       "urn:ietf:params:xml:ns:verificationCode-1.0">
313	     <verificationCode:code>
314	   ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
315	   OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
316	   bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
317	   b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
318	   ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
319	   dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
320	   PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
321	   My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
322	   aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
323	   Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
324	   Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
325	   aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
326	   ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
327	   dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
328	   YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
329	   UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
330	   ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
331	   UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
332	   Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
333	   amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
334	   bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
335	   CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
336	   d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
337	   SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
338	   VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
339	   CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
340	   ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
341	   d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
342	   bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
343	   eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
344	   d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
345	   R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
346	   UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
347	   c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
348	   QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
349	   cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
350	   NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
351	   MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
352	   ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
353	   WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
354	   QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
355	   Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
356	   Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
357	   SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
358	   LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
359	   VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
360	   R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
361	   SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
362	   Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
363	   bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
364	   MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
365	   REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
366	   aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
367	   N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
368	   aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
369	   L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
370	   TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
371	   UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
372	   YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
373	   b25Db2RlOnNpZ25lZENvZGU+Cg==
374	     </verificationCode:code>
375	   </verificationCode:encodedSignedCode>

377	   Example <verificationCode:encodedSignedCode> element that contains
378	   two <verificationCode:code> elements ;.

380	   <?xml version="1.0" encoding="UTF-8" standalone="no"?>
381	   <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
382	     <command>
383	       <create>
384	         <domain:create
385	          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
386	           <domain:name>domain.example</domain:name>
387	           <domain:registrant>jd1234</domain:registrant>
388	           <domain:contact type="admin">sh8013</domain:contact>
389	           <domain:contact type="tech">sh8013</domain:contact>
390	           <domain:authInfo>
391	             <domain:pw>2fooBAR</domain:pw>
392	           </domain:authInfo>
393	         </domain:create>
394	       </create>
395	       <extension>
396	         <verificationCode:encodedSignedCode
397	           xmlns:verificationCode=
398	             "urn:ietf:params:xml:ns:verificationCode-1.0">
399	           <verificationCode:code>
400	   ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
401	   OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
402	   bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
403	   b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
404	   ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
405	   dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
406	   PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
407	   My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
408	   aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
409	   Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
410	   Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
411	   aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
412	   ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
413	   dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
414	   YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
415	   UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
416	   ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
417	   UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
418	   Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
419	   amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
420	   bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
421	   CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
422	   d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
423	   SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
424	   VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
425	   CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
426	   ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
427	   d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
428	   bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
429	   eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
430	   d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
431	   R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
432	   UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
433	   c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
434	   QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
435	   cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
436	   NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
437	   MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
438	   ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
439	   WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
440	   QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
441	   Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
442	   Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
443	   SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
444	   LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
445	   VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
446	   R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
447	   SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
448	   Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
449	   bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
450	   MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
451	   REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
452	   aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
453	   N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
454	   aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
455	   L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
456	   TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
457	   UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
458	   YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
459	   b25Db2RlOnNpZ25lZENvZGU+Cg==
460	           </verificationCode:code>
461	           <verificationCode:code>
462	   PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48dmVyaWZpY2F0
463	   aW9uQ29kZTpzaWduZWRDb2RlIHhtbG5zOnZlcmlmaWNhdGlvbkNvZGU9InVybjpp
464	   ZXRmOnBhcmFtczp4bWw6bnM6dmVyaWZpY2F0aW9uQ29kZS0xLjAiIGlkPSJzaWdu
465	   ZWRDb2RlIiB0eXBlPSJyZWdpc3RyYW50Ij48dmVyaWZpY2F0aW9uQ29kZTpjb2Rl
466	   PjEtYWJjMjIyPC92ZXJpZmljYXRpb25Db2RlOmNvZGU+PGRzaWc6U2lnbmF0dXJl
467	   IHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMi
468	   Pjxkc2lnOlNpZ25lZEluZm8+PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBB
469	   bGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRu
470	   LTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBB
471	   bGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Et
472	   c2hhMSIvPjxkc2lnOlJlZmVyZW5jZSBVUkk9IiNzaWduZWRDb2RlIj48ZHNpZzpU
473	   cmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cu
474	   dzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9k
475	   c2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0
476	   cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGln
477	   ZXN0VmFsdWU+SFg2TU1WUWdnSStzNG9tT3haYjBGTW1VSlBRdk15WmUybDVEdEhh
478	   QlZMND08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6
479	   U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZT5VOUhPNVlYVWE0ZUsyYXRz
480	   U1RuQk1DU3dXM0dWUzZnUEtkaDBZTlZicERud1d4b1BtYlR2YkVsNDE4NFlKZ3Uw
481	   WXB3RkROMmZLY3JVCk1YV0hncE56K0oycTh6MWpTcVJMUEw0UmpnRWw0eGhiOXl5
482	   cExOZC8xQXJXRVlhWWZEdUc1S3FYV05MRG5YVzJoQkEzK0R5Wk82MFQKcTVPd0R5
483	   ZVFSVlNPVWNXVE9FOTJsSlZ4M014Q1V6d1hoL0ZOSTlPbGtXK0ZPNVZNNTZlTmZq
484	   UEhkUlJVdjdzQzRmM0NnWmFaSWFXNQp2RmJnTmJodFJVa0hsSVhnYVNGWDgvcFdV
485	   RXFIY0dLTUxnRU1nbHBnQ3RtOFlIcXVqb0tXUk0yUDNiK2h3ZTRsU0hSWVRjK0pB
486	   eEluClU4RDc1WnliWThnSWFuZUprS2dwVTk2T0tJTGQ5L0l0UVhaeHZnPT08L2Rz
487	   aWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48
488	   ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRGlUQ0NBbkdnQXdJQkFnSUVmcXE2SFRB
489	   TkJna3Foa2lHOXcwQkFRc0ZBREIxTVJBd0RnWURWUVFHRXdkVmJtdHViM2R1TVJB
490	   dwpEZ1lEVlFRSUV3ZFZibXR1YjNkdU1SQXdEZ1lEVlFRSEV3ZFZibXR1YjNkdU1S
491	   QXdEZ1lEVlFRS0V3ZFZibXR1YjNkdU1SQXdEZ1lEClZRUUxFd2RWYm10dWIzZHVN
492	   Umt3RndZRFZRUURFeEIyWlhKcFptbGpZWFJwYjI1RGIyUmxNQjRYRFRFMU1EWXhO
493	   VEl4TURBeU1sb1gKRFRNMU1EWXhNREl4TURBeU1sb3dkVEVRTUE0R0ExVUVCaE1I
494	   Vlc1cmJtOTNiakVRTUE0R0ExVUVDQk1IVlc1cmJtOTNiakVRTUE0RwpBMVVFQnhN
495	   SFZXNXJibTkzYmpFUU1BNEdBMVVFQ2hNSFZXNXJibTkzYmpFUU1BNEdBMVVFQ3hN
496	   SFZXNXJibTkzYmpFWk1CY0dBMVVFCkF4TVFkbVZ5YVdacFkyRjBhVzl1UTI5a1pU
497	   Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpjY2pY
498	   cmsKUWFJL2lHUEZ3WmVITjFnRFVhcTltVnJmQis2eWR5Qmdoc2FHVFZoaERIOFNO
499	   TmtpamxIMkxCQ3J3TjhjVjhQZ1BPOXRwbG9rR2F5UwpxNktFaHZtTk03b1dsZk5L
500	   SkdSdGNidGMzTnJuYzhiUUJacU1xcFo0UlNRTmh5QWh6Ri85UmErd3RFc0JWeGF3
501	   VDc1L2J0SDZ1YytmClJOdE5FcmhJdVlJUmN0WTZIRmRaR3BlS3cxYnlYK0RsNkJP
502	   L3ZLdnQ4NDllY1R3aEZIcDUwWGh2NFVTL0Z5aWVLaGs3dDdHRnJGRlQKL2NCTGsy
503	   WmxFa1lLcFlEU2dlc2lseFg2QkpTZVdCbXZLQzlTL2pBZDhNWmRHVUg2aHNHRXBl
504	   U1BmZkZQV3FWcXl6V0p5bG91OXF4ZQpnUTZjOFo2SVpXZkUzakxSOUVySDhzOTFD
505	   Mm1pTFZrQ0F3RUFBYU1oTUI4d0hRWURWUjBPQkJZRUZIY0JLdk03dmk3dUZNTUx5
506	   ZE43CmVGVXF2YzVVTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFBVjB2cmlrSWRB
507	   d2l4THZ0NUx5eXpTNFdTU1d0dVlWL2JQMVg3NzVMRmYKSWh3a2xoMENidk5rYXlK
508	   Tms2Tnp0eDlSc1AwNWZndkxrZER1N0V5cnRzY3I1ZVdETG1WMGtKMWE1N1Z4bnJh
509	   aEdLTnM2Wit1Ui9pSApMaTJXb3liWEpFT2N0NWtJSjFzL05CeUUrdkdGdjFoTmJz
510	   dVVVUEVCYWVtaWpYUFROOWxxZE9uM1FIbktobXhsa1czYS9KbmhtT20vCkRWYTE0
511	   NDJXTVVUSlUyVFlWVldtdUs2NFkwQXFrN2FldzkvVzIzZEcrT2xhOW9VYnBrSXJr
512	   dDRDN3hRa0d5SXN2eUo3bi91OFhBRDIKbno1T1cvek5GWnlrZDAzT2N3M240NkZx
513	   c1IwVDlBbFBEWHQxUjlmMjZMd1lxdjk3dWtVNEcrMVRJNHorV0F2TCtVRk9FVnNu
514	   PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktl
515	   eUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3ZlcmlmaWNhdGlvbkNvZGU6c2lnbmVk
516	   Q29kZT4=
517	           </verificationCode:code>
518	       </verificationCode:encodedSignedCode>
519	       </extension>
520	       <clTRID>ABC-12345</clTRID>
521	     </command>
522	   </epp>

524	2.2.  Verification Profile

526	   A Verification Profile defines the set of verification code types,
527	   the commands that the verification code types are required,
528	   supported, or not supported, and the grace period by which the
529	   verification code types MUST be set.  A server MAY support many
530	   verification profiles, each with a unique name and a unique
531	   verification policy that is implemented by the server.  Each client
532	   MAY have zero or more server assigned verification profiles that will
533	   enforce the required verification policies.  Most likely a client
534	   will be assigned zero or one server assigned verification profile,
535	   but overlapping profiles is possible.  Overlapping verification
536	   profiles MUST be treated as a logical "and" of the policies by the
537	   server.  If no verification profile is assigned to the client, no
538	   additional verification is required by the client.

540	3.  EPP Command Mapping

542	   A detailed description of the EPP syntax and semantics can be found
543	   in the EPP core protocol specification [RFC5730].

545	3.1.  EPP Query Commands

547	   EPP provides three commands to retrieve object information: <check>
548	   to determine if an object is known to the server, <info> to retrieve
549	   detailed information associated with an object, and <transfer> to
550	   retrieve object transfer status information.

552	3.1.1.  EPP <check> Command

554	   This extension does not add any elements to the EPP <check> command
555	   or <check> response described in the [RFC5730].

557	3.1.2.  EPP <info> Command

559	   This extension defines additional elements to extend the EPP <info>
560	   command of an object mapping like the EPP domain name mapping
561	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
562	   [RFC5733].

564	   The EPP <info> command is used to retrieve the verification
565	   information.  The verification information is based on the
566	   verification profile, as defined in Section 2.2, set in the server
567	   for the client.  The <verificationCode:info> element is an empty
568	   element that indicates that the client requests the verification
569	   information.  The OPTIONAL "profile" attribute can be used by the
570	   client to explicitly specify a verification profile, as defined in
571	   Section 2.2, to base the verification information on.  It is up to
572	   server policy on the set of verification profiles that the client is
573	   allowed to explicitly specify, and if the client is not allowed, the
574	   server MUST return the 2201 error response.

576	   Example <info> domain command with the <verificationCode:info>
577	   extension to retrieve the verification information for the domain
578	   "domain.example", using the profiles associated with the client:

580	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
581	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
582	   C:  <command>
583	   C:    <info>
584	   C:      <domain:info
585	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
586	   C:        <domain:name>domain.example</domain:name>
587	   C:      </domain:info>
588	   C:    </info>
589	   C:    <extension>
590	   C:      <verificationCode:info
591	   C:        xmlns:verificationCode=
592	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"/>
593	   C:    </extension>
594	   C:    <clTRID>ABC-12345</clTRID>
595	   C:  </command>
596	   C:</epp>

598	   Example <info> domain command with the <verificationCode:info>
599	   extension to retrieve the verification information for the domain
600	   "domain.example", using the profiles associated with the client and
601	   with the authorization information to retrieve the verification codes
602	   from the non-sponsoring client:

604	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
605	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
606	   C:  <command>
607	   C:    <info>
608	   C:      <domain:info
609	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
610	   C:        <domain:name>domain.example</domain:name>
611	   C:        <domain:authInfo>
612	   C:          <domain:pw>2fooBAR</domain:pw>
613	   C:        </domain:authInfo>
614	   C:      </domain:info>
615	   C:    </info>
616	   C:    <extension>
617	   C:      <verificationCode:info
618	   C:        xmlns:verificationCode=
619	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"/>
620	   C:    </extension>
621	   C:    <clTRID>ABC-12345</clTRID>
622	   C:  </command>
623	   C:</epp>
624	   Example <info> domain command with the <verificationCode:info>
625	   extension to retrieve the verification information for the domain
626	   "domain.example", using the the "sample" profile:

628	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
629	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
630	   C:  <command>
631	   C:    <info>
632	   C:      <domain:info
633	   C:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
634	   C:        <domain:name>domain.example</domain:name>
635	   C:      </domain:info>
636	   C:    </info>
637	   C:    <extension>
638	   C:      <verificationCode:info
639	   C:        xmlns:verificationCode=
640	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0"
641	   C:        profile="sample"/>
642	   C:    </extension>
643	   C:    <clTRID>ABC-12345</clTRID>
644	   C:  </command>
645	   C:</epp>

647	   If the query was successful, the server replies with a
648	   <verificationCode:infData> element along with the regular EPP
649	   <resData>.  The <verificationCode:infData> element contains the
650	   following child elements:

652	   <verificationCode:status>  The status of the verification for the
653	       object, using all of the verification profiles assigned to the
654	       client.  There are four possible values for the status:

656	       notApplicable  The status is not applicable to the client since
657	           there is no assigned verification profile.
658	       nonCompliant  The object is non-compliant according to the
659	           verification profiles.  If at least one of the profiles is
660	           "nonCompliant", the object is "nonCompliant".
661	       pendingCompliance  The object is not in compliance with the
662	           verification profiles, but has a grace period to set the
663	           required set of verification codes, as reflected by the due
664	           date of the verification code type.  If at least one of the
665	           profiles is "pendingCompliance" and none of the profiles is
666	           "nonCompliant", the object is "pendingCompliance".
667	       compliant  The object is compliant with the verification
668	           profiles.  If All of the profiles for the object are
669	           "compliant" or if the object has no assignd profiles, the
670	           object is "compliant".

672	   <verificationCode:profile>  Zero or more OPTIONAL
673	       <verificationCode:profile> elements that defines the verification
674	       status of the object based on the profile.  The required "name"
675	       attribute defines the name of the profile.  The
676	       <verificationCode:profile> element contains the following child
677	       elements:

679	       <verificationCode:status>  The status of the verification for the
680	           object and the profile.  There are four possible values for
681	           the status:

683	           notApplicable  The profile status is not applicable to the
684	               client based on the assigned verification profiles or the
685	               profile specified.
686	           nonCompliant  The object is non-compliant according to the
687	               verification profile.
688	           pendingCompliance  The object is not in compliance with the
689	               verification profile, but has a grace period to set the
690	               required set of verification codes, as reflected by the
691	               due date of the verification code type.
692	           compliant  The object is compliant with the verification
693	               profile.
694	       <verificationCode:missing>  OPTIONAL list of missing verification
695	           code types.  The <verificationCode:missing> element is
696	           returned only if there is at least one missing verification
697	           code type and based on server policy.  The
698	           <verificationCode:missing> element contains the following
699	           child elements:

701	           <verificationCode:code>  One or more <verificationCode:code>
702	               elements that is empty with the REQUIRED "type" attribute
703	               that indicates the verification code type and the
704	               REQUIRED "due" attribute that indicates when the
705	               verification code type was or is due.  Past due
706	               verification code types will result in the
707	               <verificationCode:status> element being set to
708	               "nonCompliant".
709	       <verificationCode:set>  OPTIONAL list of set verification codes.
710	           The <verificationCode:set> element is returned only if there
711	           is at least one set verification code.  The
712	           <verificationCode:set> element contains the following child
713	           elements:

715	           <verificationCode:code>  One or more <verificationCode:code>
716	               elements containing the verification code with a REQUIRED
717	               "type" attribute that indicates the code type and a
718	               REQUIRED "date" attribute that indicates when the
719	               verification code was set.  The inclusion of the code
720	               value is up server policy, so if the server determines
721	               that the code value cannot be exposed to a non-sponsoring
722	               client, the <verificationCode:code> element MUST be
723	               empty.

725	   Example <info> domain response using the <verificationCode:infData>
726	   extension for a compliant domain using the "sample" profile, and with
727	   the two verification codes, from the sponsoring or authorized client:

729	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
730	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
731	   S:  <response>
732	   S:    <result code="1000">
733	   S:      <msg>Command completed successfully</msg>
734	   S:    </result>
735	   S:    <resData>
736	   S:      <domain:infData
737	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
738	   S:        <domain:name>domain.example</domain:name>
739	   S:        <domain:roid>DOMAIN-REP</domain:roid>
740	   S:        <domain:status s="ok"/>
741	   S:        <domain:clID>ClientX</domain:clID>
742	   S:        <domain:crID>ClientY</domain:crID>
743	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
744	   S:        </domain:crDate>
745	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
746	   S:        </domain:exDate>
747	   S:        <domain:authInfo>
748	   S:          <domain:pw>2fooBAR</domain:pw>
749	   S:        </domain:authInfo>
750	   S:      </domain:infData>
751	   S:    </resData>
752	   S:    <extension>
753	   S:      <verificationCode:infData
754	   S:        xmlns:verificationCode=
755	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
756	   S:        <verificationCode:status>compliant
757	   S:        </verificationCode:status>
758	   S:        <verificationCode:profile name="sample">
759	   S:          <verificationCode:status>compliant
760	   S:          </verificationCode:status>
761	   S:          <verificationCode:set>
762	   S:            <verificationCode:code type="domain"
763	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
764	   S:            </verificationCode:code>
765	   S:            <verificationCode:code type="registrant"
766	   S:              date="2010-04-03T22:00:00.0Z">1-abc444
767	   S:            </verificationCode:code>
768	   S:          </verificationCode:set>
769	   S:        </verificationCode:profile>
770	   S:      </verificationCode:infData>
771	   S:    </extension>
772	   S:    <trID>
773	   S:      <clTRID>ABC-12345</clTRID>
774	   S:      <svTRID>54322-XYZ</svTRID>
775	   S:    </trID>
776	   S:  </response>
777	   S:</epp>

779	   Example <info> domain response using the <verificationCode:infData>
780	   extension for a compliant domain using the "sample" profile, and with
781	   the two verification codes, from the sponsoring or authorized client
782	   that also includes codes set for the "sample2" profile:

784	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
785	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
786	   S:  <response>
787	   S:    <result code="1000">
788	   S:      <msg>Command completed successfully</msg>
789	   S:    </result>
790	   S:    <resData>
791	   S:      <domain:infData
792	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
793	   S:        <domain:name>domain.example</domain:name>
794	   S:        <domain:roid>DOMAIN-REP</domain:roid>
795	   S:        <domain:status s="ok"/>
796	   S:        <domain:clID>ClientX</domain:clID>
797	   S:        <domain:crID>ClientY</domain:crID>
798	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
799	   S:        </domain:crDate>
800	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
801	   S:        </domain:exDate>
802	   S:        <domain:authInfo>
803	   S:          <domain:pw>2fooBAR</domain:pw>
804	   S:        </domain:authInfo>
805	   S:      </domain:infData>
806	   S:    </resData>
807	   S:    <extension>
808	   S:      <verificationCode:infData
809	   S:        xmlns:verificationCode=
810	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
811	   S:        <verificationCode:status>compliant
812	   S:        </verificationCode:status>
813	   S:        <verificationCode:profile name="sample">
814	   S:          <verificationCode:status>compliant
815	   S:          </verificationCode:status>
816	   S:          <verificationCode:set>
817	   S:            <verificationCode:code type="domain"
818	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
819	   S:            </verificationCode:code>
820	   S:            <verificationCode:code type="registrant"
821	   S:              date="2010-04-03T22:00:00.0Z">1-abc444
822	   S:            </verificationCode:code>
823	   S:          </verificationCode:set>
824	   S:        </verificationCode:profile>
825	   S:        <verificationCode:profile name="sample2">
826	   S:          <verificationCode:status>notApplicable
827	   S:          </verificationCode:status>
828	   S:          <verificationCode:set>
829	   S:            <verificationCode:code type="domain"
830	   S:              date="2010-04-03T22:00:00.0Z">2-abc555
831	   S:            </verificationCode:code>
832	   S:          </verificationCode:set>
833	   S:        </verificationCode:profile>
834	   S:      </verificationCode:infData>
835	   S:    </extension>
836	   S:    <trID>
837	   S:      <clTRID>ABC-12345</clTRID>
838	   S:      <svTRID>54322-XYZ</svTRID>
839	   S:    </trID>
840	   S:  </response>
841	   S:</epp>
842	   Example <info> domain response using the <verificationCode:infData>
843	   extension for a compliant domain using the "sample" profile, and with
844	   the two verification code types, from the non-sponsoring client:

846	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
847	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
848	   S:  <response>
849	   S:    <result code="1000">
850	   S:      <msg>Command completed successfully</msg>
851	   S:    </result>
852	   S:    <resData>
853	   S:      <domain:infData
854	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
855	   S:        <domain:name>domain.example</domain:name>
856	   S:        <domain:roid>DOMAIN-REP</domain:roid>
857	   S:        <domain:status s="ok"/>
858	   S:        <domain:clID>ClientX</domain:clID>
859	   S:        <domain:crID>ClientY</domain:crID>
860	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
861	   S:        </domain:crDate>
862	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
863	   S:        </domain:exDate>
864	   S:      </domain:infData>
865	   S:    </resData>
866	   S:    <extension>
867	   S:      <verificationCode:infData
868	   S:        xmlns:verificationCode=
869	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
870	   S:        <verificationCode:status>compliant
871	   S:        </verificationCode:status>
872	   S:        <verificationCode:profile name="sample">
873	   S:          <verificationCode:status>compliant
874	   S:          </verificationCode:status>
875	   S:          <verificationCode:set>
876	   S:            <verificationCode:code type="domain"
877	   S:              date="2010-04-03T22:00:00.0Z"/>
878	   S:            <verificationCode:code type="registrant"
879	   S:              date="2010-04-03T22:00:00.0Z"/>
880	   S:          </verificationCode:set>
881	   S:        </verificationCode:profile>
882	   S:      </verificationCode:infData>
883	   S:    </extension>
884	   S:    <trID>
885	   S:      <clTRID>ABC-12345</clTRID>
886	   S:      <svTRID>54322-XYZ</svTRID>
887	   S:    </trID>
888	   S:  </response>
889	   S:</epp>
890	   Example <info> domain response using the <verificationCode:infData>
891	   extension for a non-compliant domain using the "sample" profile, and
892	   with the verification code types missing along with their due dates:

894	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
895	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
896	   S:  <response>
897	   S:    <result code="1000">
898	   S:      <msg>Command completed successfully</msg>
899	   S:    </result>
900	   S:    <resData>
901	   S:      <domain:infData
902	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
903	   S:        <domain:name>domain.example</domain:name>
904	   S:        <domain:roid>DOMAIN-REP</domain:roid>
905	   S:        <domain:status s="serverHold"/>
906	   S:        <domain:clID>ClientX</domain:clID>
907	   S:        <domain:crID>ClientY</domain:crID>
908	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
909	   S:        </domain:crDate>
910	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
911	   S:        </domain:exDate>
912	   S:      </domain:infData>
913	   S:    </resData>
914	   S:    <extension>
915	   S:      <verificationCode:infData
916	   S:        xmlns:verificationCode=
917	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
918	   S:        <verificationCode:status>nonCompliant
919	   S:        </verificationCode:status>
920	   S:        <verificationCode:profile name="sample">
921	   S:          <verificationCode:status>nonCompliant
922	   S:          </verificationCode:status>
923	   S:          <verificationCode:missing>
924	   S:            <verificationCode:code
925	   S:              type="domain"
926	   S:              due="2010-04-03T22:00:00.0Z"/>
927	   S:            <verificationCode:code
928	   S:              type="registrant"
929	   S:              due="2010-04-08T22:00:00.0Z"/>
930	   S:          </verificationCode:missing>
931	   S:        </verificationCode:profile>
932	   S:      </verificationCode:infData>
933	   S:    </extension>
934	   S:    <trID>
935	   S:      <clTRID>ABC-12345</clTRID>
936	   S:      <svTRID>54322-XYZ</svTRID>
937	   S:    </trID>
938	   S:  </response>
939	   S:</epp>

941	   Example <info> domain response using the <verificationCode:infData>
942	   extension for a pending compliance domain using the "sample" profile,
943	   with the verification code type missing along with the due date, and
944	   with set verification code:

946	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
947	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
948	   S:  <response>
949	   S:    <result code="1000">
950	   S:      <msg>Command completed successfully</msg>
951	   S:    </result>
952	   S:    <resData>
953	   S:      <domain:infData
954	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
955	   S:        <domain:name>domain.example</domain:name>
956	   S:        <domain:roid>DOMAIN-REP</domain:roid>
957	   S:        <domain:status s="ok"/>
958	   S:        <domain:clID>ClientX</domain:clID>
959	   S:        <domain:crID>ClientY</domain:crID>
960	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
961	   S:        </domain:crDate>
962	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
963	   S:        </domain:exDate>
964	   S:      </domain:infData>
965	   S:    </resData>
966	   S:    <extension>
967	   S:      <verificationCode:infData
968	   S:        xmlns:verificationCode=
969	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
970	   S:        <verificationCode:status>pendingCompliance
971	   S:        </verificationCode:status>
972	   S:        <verificationCode:profile name="sample">
973	   S:          <verificationCode:status>pendingCompliance
974	   S:          </verificationCode:status>
975	   S:          <verificationCode:missing>
976	   S:            <verificationCode:code
977	   S:              type="registrant"
978	   S:              due="2010-04-08T22:00:00.0Z"/>
979	   S:          </verificationCode:missing>
980	   S:          <verificationCode:set>
981	   S:            <verificationCode:code type="domain"
982	   S:              date="2010-04-03T22:00:00.0Z">1-abc333
983	   S:            </verificationCode:code>
984	   S:          </verificationCode:set>
985	   S:        </verificationCode:profile>
986	   S:      </verificationCode:infData>
987	   S:    </extension>
988	   S:    <trID>
989	   S:      <clTRID>ABC-12345</clTRID>
990	   S:      <svTRID>54322-XYZ</svTRID>
991	   S:    </trID>
992	   S:  </response>
993	   S:</epp>
994	   Example <info> domain response using the <verificationCode:infData>
995	   extension for a client that does not have a verification profile
996	   assigned:

998	   S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
999	   S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
1000	   S:  <response>
1001	   S:    <result code="1000">
1002	   S:      <msg>Command completed successfully</msg>
1003	   S:    </result>
1004	   S:    <resData>
1005	   S:      <domain:infData
1006	   S:        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
1007	   S:        <domain:name>domain.example</domain:name>
1008	   S:        <domain:roid>DOMAIN-REP</domain:roid>
1009	   S:        <domain:status s="ok"/>
1010	   S:        <domain:clID>ClientX</domain:clID>
1011	   S:        <domain:crID>ClientY</domain:crID>
1012	   S:        <domain:crDate>2010-04-03T22:00:00.0Z
1013	   S:        </domain:crDate>
1014	   S:        <domain:exDate>2015-04-03T22:00:00.0Z
1015	   S:        </domain:exDate>
1016	   S:      </domain:infData>
1017	   S:    </resData>
1018	   S:    <extension>
1019	   S:      <verificationCode:infData
1020	   S:        xmlns:verificationCode=
1021	   S:        "urn:ietf:params:xml:ns:verificationCode-1.0">
1022	   S:        <verificationCode:status>notApplicable
1023	   S:        </verificationCode:status>
1024	   S:      </verificationCode:infData>
1025	   S:    </extension>
1026	   S:    <trID>
1027	   S:      <clTRID>ABC-12345</clTRID>
1028	   S:      <svTRID>54322-XYZ</svTRID>
1029	   S:    </trID>
1030	   S:  </response>
1031	   S:</epp>

1033	3.1.3.  EPP <transfer> Command

1035	   This extension does not add any elements to the EPP <transfer> query
1036	   command or <transfer> response described in the [RFC5730].

1038	3.2.  EPP Transform Commands

1040	   EPP provides five commands to transform objects: <create> to create
1041	   an instance of an object, <delete> to delete an instance of an
1042	   object, <renew> to extend the validity period of an object,
1043	   <transfer> to manage object sponsorship changes, and <update> to
1044	   change information associated with an object.

1046	3.2.1.  EPP <create> Command

1048	   This extension defines additional elements to extend the EPP <create>
1049	   command of an object mapping like the EPP domain name mapping
1050	   [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping
1051	   [RFC5733].

1053	   The EPP <create> command provides a transform operation that allows a
1054	   client to create an object.  In addition to the EPP command elements
1055	   described in an object mapping like [RFC5731], the command MAY
1056	   contain a child <verificationCode:encodedSignedCode> element, as
1057	   defined in Section 2.1.2, that identifies the extension namespace for
1058	   the client to provide proof of verification by a Verification Service
1059	   Provider (VSP).  The server MAY support multiple policies for the
1060	   passing of the <verificationCode:encodedSignedCode> element based on
1061	   the client profile, which include:

1063	   required  The client MUST pass a valid
1064	       <verificationCode:encodedSignedCode> element containing the
1065	       required set of verification codes.  If a
1066	       <verificationCode:encodedSignedCode> element is not passed or the
1067	       required set of verification codes is not included, the server
1068	       MUST return an EPP error result code of 2306.  If an invalid
1069	       <verificationCode:encodedSignedCode> element is passed, the
1070	       server MUST return an EPP error result code of 2005.
1071	   optional  The client MAY pass a valid
1072	       <verificationCode:encodedSignedCode> element.  If an invalid
1073	       <verificationCode:encodedSignedCode> element is passed, the
1074	       server MUST return an EPP error result code of 2005.
1075	   not supported  The client MUST NOT pass a
1076	       <verificationCode:encodedSignedCode> element.  If a
1077	       <verificationCode:encodedSignedCode> element is passed, the
1078	       server MUST return an EPP error result code of 2102.

1080	   Example <create> command to create a domain object with a
1081	   verification code:

1083	   C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
1084	   C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
1085	   C:  <command>
1086	   C:    <create>
1087	   C:      <domain:create
1088	   C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
1089	   C:        <domain:name>domain.example</domain:name>
1090	   C:        <domain:registrant>jd1234</domain:registrant>
1091	   C:        <domain:contact type="admin">sh8013</domain:contact>
1092	   C:        <domain:contact type="tech">sh8013</domain:contact>
1093	   C:        <domain:authInfo>
1094	   C:          <domain:pw>2fooBAR</domain:pw>
1095	   C:        </domain:authInfo>
1096	   C:      </domain:create>
1097	   C:    </create>
1098	   C:    <extension>
1099	   C:      <verificationCode:encodedSignedCode
1100	   C:        xmlns:verificationCode=
1101	   C:          "urn:ietf:params:xml:ns:verificationCode-1.0">
1102	   C:        <verificationCode:code>
1103	   C:ICAgICAgPHZlcmlmaWNhdGlvbkNvZGU6c2lnbmVkQ29kZQogICAgICAgIHhtbG5z
1104	   C:OnZlcmlmaWNhdGlvbkNvZGU9CiAgICAgICAgICAidXJuOmlldGY6cGFyYW1zOnht
1105	   C:bDpuczp2ZXJpZmljYXRpb25Db2RlLTEuMCIKICAgICAgICAgIGlkPSJzaWduZWRD
1106	   C:b2RlIj4KICAgCQk8dmVyaWZpY2F0aW9uQ29kZTpjb2RlPjEtYWJjMTIzPC92ZXJp
1107	   C:ZmljYXRpb25Db2RlOmNvZGU+CiAgPFNpZ25hdHVyZSB4bWxucz0iaHR0cDovL3d3
1108	   C:dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+CiAgIDxTaWduZWRJbmZvPgogICAg
1109	   C:PENhbm9uaWNhbGl6YXRpb25NZXRob2QKIEFsZ29yaXRobT0iaHR0cDovL3d3dy53
1110	   C:My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+CiAgICA8U2lnbmF0dXJlTWV0
1111	   C:aG9kCiBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNp
1112	   C:Zy1tb3JlI3JzYS1zaGEyNTYiLz4KICAgIDxSZWZlcmVuY2UgVVJJPSIjc2lnbmVk
1113	   C:Q29kZSI+CiAgICAgPFRyYW5zZm9ybXM+CiAgICAgIDxUcmFuc2Zvcm0KIEFsZ29y
1114	   C:aXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3Bl
1115	   C:ZC1zaWduYXR1cmUiLz4KICAgICA8L1RyYW5zZm9ybXM+CiAgICAgPERpZ2VzdE1l
1116	   C:dGhvZAogQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVu
1117	   C:YyNzaGEyNTYiLz4KIDxEaWdlc3RWYWx1ZT53Z3lXM25aUG9FZnBwdGxoUklMS25P
1118	   C:UW5iZHRVNkFyTTdTaHJBZkhnREZnPTwvRGlnZXN0VmFsdWU+CiAgICA8L1JlZmVy
1119	   C:ZW5jZT4KICAgPC9TaWduZWRJbmZvPgogICA8U2lnbmF0dXJlVmFsdWU+CiBqTXU0
1120	   C:UGZ5UUdpSkJGMEdXU0VQRkNKam15d0NFcVIyaDRMRCtnZTZYUStKbm1LRkZDdUNa
1121	   C:Uy8zU0xLQXgwTDF3CiBRREZPMmUwWTY5azJHNy9MR0UzN1gzdk9mbG9iRk0xb0d3
1122	   C:amE4K0dNVnJhb3RvNXhBZDQvQUY3ZUh1a2dBeW1ECiBvOXRveG9hMmgweVY0QTRQ
1123	   C:bVh6c1U2Uzg2WHRDY1VFK1MvV003Mm55bjQ3em9VQ3p6UEtIWkJSeWVXZWhWRlEr
1124	   C:CiBqWVJNSUFNek01N0hIUUErNmVhWGVmUnZ0UEVUZ1VPNGFWSVZTdWdjNE9VQVpa
1125	   C:d2JZY1pyQzZ3T2FRcXFxQVppCiAzMGFQT0JZYkF2SE1TbVdTUytoRmtic2hvbUpm
1126	   C:SHhiOTdURDJncmxZTnJRSXpxWGs3V2JIV3kyU1lkQStzSS9aCiBpcEpzWE5hNm9z
1127	   C:VFV3MUN6QTdqZndBPT0KICAgPC9TaWduYXR1cmVWYWx1ZT4KICAgPEtleUluZm8+
1128	   C:CiAgICA8WDUwOURhdGE+CiAgICA8WDUwOUNlcnRpZmljYXRlPgogTUlJRVNUQ0NB
1129	   C:ekdnQXdJQkFnSUJBakFOQmdrcWhraUc5dzBCQVFzRkFEQmlNUXN3Q1FZRFZRUUdF
1130	   C:d0pWVXpFTAogTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1k
1131	   C:bGJHVnpNUk13RVFZRFZRUUtFd3BKUTBGTwogVGlCVVRVTklNUnN3R1FZRFZRUURF
1132	   C:eEpKUTBGT1RpQlVUVU5JSUZSRlUxUWdRMEV3SGhjTk1UTXdNakE0TURBdwogTURB
1133	   C:d1doY05NVGd3TWpBM01qTTFPVFU1V2pCc01Rc3dDUVlEVlFRR0V3SlZVekVMTUFr
1134	   C:R0ExVUVDQk1DUTBFeAogRkRBU0JnTlZCQWNUQzB4dmN5QkJibWRsYkdWek1SY3dG
1135	   C:UVlEVlFRS0V3NVdZV3hwWkdGMGIzSWdWRTFEU0RFaAogTUI4R0ExVUVBeE1ZVm1G
1136	   C:c2FXUmhkRzl5SUZSTlEwZ2dWRVZUVkNCRFJWSlVNSUlCSWpBTkJna3Foa2lHOXcw
1137	   C:QgogQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBby9jd3ZYaGJWWWwwUkRXV3ZveWVa
1138	   C:cEVUVlpWVmNNQ292VVZOZy9zdwogV2ludU1nRVdnVlFGcnoweEEwNHBFaFhDRlZ2
1139	   C:NGV2YlVwZWtKNWJ1cVUxZ21ReU9zQ0tRbGhPSFRkUGp2a0M1dQogcERxYTUxRmxr
1140	   C:MFRNYU1rSVFqczdhVUtDbUE0Ukc0dFRUR0svRWpSMWl4OC9EMGdIWVZSbGR5MVlQ
1141	   C:ck1QK291NwogNWJPVm5Jb3MrSGlmckF0ckl2NHFFcXdMTDRGVFpBVXBhQ2EyQm1n
1142	   C:WGZ5MkNTUlFieEQ1T3IxZ2NTYTN2dXJoNQogc1BNQ054cWFYbUlYbVFpcFMrRHVF
1143	   C:QnFNTTh0bGRhTjdSWW9qVUVLckdWc05rNWk5eTIvN3NqbjF6eXlVUGY3dgogTDRH
1144	   C:Z0RZcWhKWVdWNjFEblhneC9KZDZDV3h2c25ERjZzY3NjUXpVVEVsK2h5d0lEQVFB
1145	   C:Qm80SC9NSUg4TUF3RwogQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZQWkVj
1146	   C:SVFjRC9CajJJRnovTEVSdW8yQURKdmlNSUdNQmdOVgogSFNNRWdZUXdnWUdBRk8w
1147	   C:LzdrRWgzRnVFS1MrUS9rWUhhRC9XNndpaG9XYWtaREJpTVFzd0NRWURWUVFHRXdK
1148	   C:VgogVXpFTE1Ba0dBMVVFQ0JNQ1EwRXhGREFTQmdOVkJBY1RDMHh2Y3lCQmJtZGxi
1149	   C:R1Z6TVJNd0VRWURWUVFLRXdwSgogUTBGT1RpQlVUVU5JTVJzd0dRWURWUVFERXhK
1150	   C:SlEwRk9UaUJVVFVOSUlGUkZVMVFnUTBHQ0FRRXdEZ1lEVlIwUAogQVFIL0JBUURB
1151	   C:Z2VBTUM0R0ExVWRId1FuTUNVd0k2QWhvQitHSFdoMGRIQTZMeTlqY213dWFXTmhi
1152	   C:bTR1YjNKbgogTDNSdFkyZ3VZM0pzTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFC
1153	   C:MnFTeTd1aSs0M2NlYktVS3dXUHJ6ejl5LwogSWtyTWVKR0tqbzQwbis5dWVrYXcz
1154	   C:REo1RXFpT2YvcVo0cGpCRCsrb1I2QkpDYjZOUXVRS3dub0F6NWxFNFNzdQogeTUr
1155	   C:aTkzb1QzSGZ5VmM0Z05NSW9IbTFQUzE5bDdEQktyYndiekFlYS8waktXVnpydm1W
1156	   C:N1RCZmp4RDNBUW8xUgogYlU1ZEJyNklqYmRMRmxuTzV4MEcwbXJHN3g1T1VQdXVy
1157	   C:aWh5aVVScEZEcHdIOEtBSDF3TWNDcFhHWEZSdEdLawogd3lkZ3lWWUF0eTdvdGts
1158	   C:L3ozYlprQ1ZUMzRnUHZGNzBzUjYrUXhVeTh1MEx6RjVBL2JlWWFacHhTWUczMWFt
1159	   C:TAogQWRYaXRUV0ZpcGFJR2VhOWxFR0ZNMEw5K0JnN1h6Tm40blZMWG9reUVCM2Jn
1160	   C:UzRzY0c2UXpuWDIzRkdrCiAgIDwvWDUwOUNlcnRpZmljYXRlPgogICA8L1g1MDlE
1161	   C:YXRhPgogICA8L0tleUluZm8+CiAgPC9TaWduYXR1cmU+CgkJPC92ZXJpZmljYXRp
1162	   C:b25Db2RlOnNpZ25lZENvZGU+Cg==
1163	   C:        </verificationCode:code>
1164	   C:      </verificationCode:encodedSignedCode>
1165	   C:    </extension>
1166	   C:    <clTRID>ABC-12345</clTRID>
1167	   C:  </command>
1168	   C:</epp>

1170	   This extension does not add any elements to the EPP <create> response
1171	   described in the [RFC5730].

1173	3.2.2.  EPP <delete> Command

1175	   This extension defines additional elements to extend the EPP <delete>
1176	   command and response in the same fashion as defined for the EPP
1177	   <create> Command (Section 3.2.1).

1179	3.2.3.  EPP <renew> Command

1181	   This extension defines additional elements to extend the EPP <renew>
1182	   command and response in the same fashion as defined for the EPP
1183	   <create> Command (Section 3.2.1).

1185	3.2.4.  EPP <transfer> Command

1187	   This extension defines additional elements to extend the EPP
1188	   <transfer> command and response in the same fashion as defined for
1189	   the EPP <create> Command (Section 3.2.1).

1191	3.2.5.  EPP <update> Command

1193	   This extension defines additional elements to extend the EPP <update>
1194	   command and response in the same fashion as defined for the EPP
1195	   <create> Command (Section 3.2.1).

1197	4.  Formal Syntax

1199	   One schema is presented here that is the EPP Verification Code
1200	   Extension schema.

1202	   The formal syntax presented here is a complete schema representation
1203	   of the object mapping suitable for automated validation of EPP XML
1204	   instances.  The BEGIN and END tags are not part of the schema; they
1205	   are used to note the beginning and ending of the schema for URI
1206	   registration purposes.

1208	4.1.  Verification Code Extension Schema

1210	   BEGIN
1211	   <?xml version="1.0" encoding="UTF-8"?>
1212	   <schema
1213	     targetNamespace=
1214	       "urn:ietf:params:xml:ns:verificationCode-1.0"
1215	     xmlns:verificationCode=
1216	       "urn:ietf:params:xml:ns:verificationCode-1.0"
1217	     xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
1218	     xmlns="http://www.w3.org/2001/XMLSchema"
1219	     elementFormDefault="qualified">

1221	     <annotation>
1222	       <documentation>
1223	         Extensible Provisioning Protocol v1.0
1224	         Verification Code Extension.
1225	       </documentation>
1226	     </annotation>
1227	     <import namespace="http://www.w3.org/2000/09/xmldsig#"
1228	       schemaLocation="xmldsig-core-schema.xsd"/>

1230	     <!-- Abstract signed code for substitution -->
1231	     <element name="abstractSignedCode"
1232	       type="verificationCode:abstractSignedCodeType"
1233	       abstract="true"/>

1235	     <!-- Empty type for use in extending for a signed code -->
1236	     <complexType name="abstractSignedCodeType"/>

1238	     <!-- Definition of concrete signed code -->
1239	     <element name="signedCode"
1240	       type="verificationCode:signedCodeType"
1241	       substitutionGroup="verificationCode:abstractSignedCode"/>

1243	     <complexType name="signedCodeType">
1244	       <complexContent>
1245	         <extension base="verificationCode:abstractSignedCodeType">
1246	           <sequence>
1247	             <element name="code"
1248	               type="verificationCode:verificationCodeType"/>
1249	             <element ref="dsig:Signature"/>
1250	           </sequence>
1251	           <attribute name="id" type="ID" use="required"/>
1252	         </extension>
1253	       </complexContent>
1254	     </complexType>

1256	     <simpleType name="verificationCodeValueType">
1257	       <restriction base="token">
1258	           <pattern value="\d+-[A-Za-z0-9]+"/>
1259	       </restriction>
1260	     </simpleType>

1262	     <complexType name="verificationCodeType">
1263	       <simpleContent>
1264	         <extension base=
1265	           "verificationCode:verificationCodeValueType">
1266	           <attribute name="type" type="token"
1267	             use="required"/>
1268	         </extension>
1269	       </simpleContent>
1270	     </complexType>

1272	     <!-- Definition of an encoded signed code -->
1273	     <element name="encodedSignedCode"
1274	       type="verificationCode:encodedSignedCodeListType"/>

1276	     <complexType name="encodedSignedCodeListType">
1277	       <sequence>
1278	          <element name="code"
1279	             type="verificationCode:encodedSignedCodeType"
1280	             minOccurs="1" maxOccurs="unbounded"/>
1281	       </sequence>
1282	     </complexType>

1284	     <complexType name="encodedSignedCodeType">
1285	       <simpleContent>
1286	         <extension base="token">
1287	           <attribute name="encoding"
1288	             type="token" default="base64"/>
1289	         </extension>
1290	       </simpleContent>
1291	     </complexType>

1293	     <!-- info command extension elements -->
1294	     <element name="info" type="verificationCode:infoType"/>

1296	     <complexType name="infoType">
1297	       <simpleContent>
1298	         <extension base="token">
1299	            <attribute name="profile" type="token"/>
1300	         </extension>
1301	       </simpleContent>
1302	     </complexType>

1304	     <!-- info response extension elements -->
1305	     <element name="infData" type="verificationCode:infDataType"/>

1307	     <complexType name="infDataType">
1308	       <sequence>
1309	         <element name="status"
1310	           type="verificationCode:statusEnum"/>
1311	         <element name="profile"
1312	           type="verificationCode:profileDataType"
1313	           minOccurs="0" maxOccurs="unbounded"/>
1314	       </sequence>
1315	     </complexType>

1317	     <complexType name="profileDataType">
1318	       <sequence>
1319	         <element name="status"
1320	           type="verificationCode:statusEnum"/>
1321	         <element name="missing"
1322	           type="verificationCode:missingCodes"
1323	           minOccurs="0"/>
1324	         <element name="set"
1325	           type="verificationCode:codesType"
1326	           minOccurs="0"/>
1327	       </sequence>
1328	       <attribute name="name" type="token"/>
1329	     </complexType>

1331	     <simpleType name="statusEnum">
1332	       <restriction base="token">
1333	         <enumeration value="notApplicable"/>
1334	         <enumeration value="nonCompliant"/>
1335	         <enumeration value="pendingCompliance"/>
1336	         <enumeration value="compliant"/>
1337	       </restriction>
1338	     </simpleType>

1340	     <complexType name="missingVerificationCode">
1341	       <simpleContent>
1342	         <extension base="token">
1343	           <attribute name="type" type="token"
1344	             use="required"/>
1345	           <attribute name="due" type="dateTime"
1346	             use="required"/>
1347	         </extension>
1348	       </simpleContent>
1349	     </complexType>

1351	     <complexType name="missingCodes">
1352	       <sequence>
1353	         <element name="code"
1354	           type="verificationCode:missingVerificationCode"
1355	           minOccurs="1" maxOccurs="unbounded"/>
1356	       </sequence>
1357	     </complexType>

1359	     <complexType name="infoVerificationCodeType">
1360	       <simpleContent>
1361	         <extension base="token">
1362	           <attribute name="type" type="token"
1363	             use="required"/>
1364	           <attribute name="date" type="dateTime"
1365	             use="required"/>
1366	         </extension>
1367	       </simpleContent>
1368	     </complexType>

1370	     <complexType name="codesType">
1371	       <sequence>
1372	         <element name="code"
1373	           type="verificationCode:infoVerificationCodeType"
1374	           minOccurs="1" maxOccurs="unbounded"/>
1375	       </sequence>
1376	     </complexType>

1378	   </schema>
1379	   END

1381	5.  IANA Considerations

1383	5.1.  XML Namespace

1385	   This document uses URNs to describe XML namespaces and XML schemas
1386	   conforming to a registry mechanism described in [RFC3688].

1388	   Registration request for the verificationCode namespace:

1390	      URI: ietf:params:xml:ns:verificationCode-1.0
1391	      Registrant Contact: IESG
1392	      XML: None.  Namespace URIs do not represent an XML specification.

1394	   Registration request for the verificationCode XML schema:

1396	      URI: ietf:params:xml:ns:verificationCode-1.0
1397	      Registrant Contact: IESG
1398	      XML: See the "Formal Syntax" section of this document.

1400	5.2.  EPP Extension Registry

1402	   The EPP extension described in this document should be registered by
1403	   the IANA in the EPP Extension Registry described in [RFC7451].  The
1404	   details of the registration are as follows:

1406	   Name of Extension: "Verification Code Extension for the Extensible
1407	   Provisioning Protocol (EPP)"

1409	   Document status: Standards Track

1411	   Reference: (insert reference to RFC version of this document)

1413	   Registrant Name and Email Address: IESG, <iesg@ietf.org>

1415	   TLDs: Any

1417	   IPR Disclosure: None
1418	   Status: Active

1420	   Notes: None

1422	6.  Implementation Status

1424	   Note to RFC Editor: Please remove this section and the reference to
1425	   RFC 7942 [RFC7942] before publication.

1427	   This section records the status of known implementations of the
1428	   protocol defined by this specification at the time of posting of this
1429	   Internet-Draft, and is based on a proposal described in RFC 7942
1430	   [RFC7942].  The description of implementations in this section is
1431	   intended to assist the IETF in its decision processes in progressing
1432	   drafts to RFCs.  Please note that the listing of any individual
1433	   implementation here does not imply endorsement by the IETF.
1434	   Furthermore, no effort has been spent to verify the information
1435	   presented here that was supplied by IETF contributors.  This is not
1436	   intended as, and must not be construed to be, a catalog of available
1437	   implementations or their features.  Readers are advised to note that
1438	   other implementations may exist.

1440	   According to RFC 7942 [RFC7942], "this will allow reviewers and
1441	   working groups to assign due consideration to documents that have the
1442	   benefit of running code, which may serve as evidence of valuable
1443	   experimentation and feedback that have made the implemented protocols
1444	   more mature.  It is up to the individual working groups to use this
1445	   information as they see fit".

1447	6.1.  Verisign EPP SDK

1449	   Organization: Verisign Inc.

1451	   Name: Verisign EPP SDK

1453	   Description: The Verisign EPP SDK includes both a full client
1454	   implementation and a full server stub implementation of draft-ietf-
1455	   regext-verificationcode.

1457	   Level of maturity: Production

1459	   Coverage: All aspects of the protocol are implemented.

1461	   Licensing: GNU Lesser General Public License

1463	   Contact: jgould@verisign.com
1464	   URL: https://www.verisign.com/en_US/channel-resources/domain-
1465	   registry-products/epp-sdks

1467	6.2.  Net::DRI

1469	   Organization: Dot and Co

1471	   Name: Net::DRI

1473	   Description: Net::DRI implements the client-side of draft-ietf-
1474	   regext-verificationcode.

1476	   Level of maturity: Production

1478	   Coverage: All client-side aspects of the protocol are implemented.

1480	   Licensing: GNU Lesser General Public License

1482	   Contact: netdri@dotandco.com

1484	7.  Security Considerations

1486	   The mapping extension described in this document is based on the
1487	   security services described by EPP [RFC5730] and protocol layers used
1488	   by EPP.  The security considerations described in these other
1489	   specifications apply to this specification as well.

1491	   XML Signature [W3C.CR-xmldsig-core2-20120124] is used in this
1492	   extension to verify that the Verification Code originated from a
1493	   trusted Verification Service Provider (VSP) and that it wasn't
1494	   tampered with in transit from the VSP to the client to the server.
1495	   To support multiple VSP keys, the VSP certificate chain MUST be
1496	   included in the <X509Certificate> elements of the Signed Code
1497	   (Section 2.1.1) and MUST chain up and be verified by the server
1498	   against a set of trusted certificates.

1500	   It is RECOMMENDED that signed codes do not include white-spaces
1501	   between the XML elements in order to mitigate risks of invalidating
1502	   the digital signature when transferring of signed codes between
1503	   applications takes place.

1505	   Use of XML canonicalization SHOULD be used when generating the signed
1506	   code.  SHA256/RSA-SHA256 SHOULD be used for digesting and signing.
1507	   The size of the RSA key SHOULD be at least 2048 bits.

1509	   The Verification Service Provider (VSP) MUST store the verification
1510	   data in compliance with the applicable privacy laws and regulations.

1512	8.  References

1514	8.1.  Normative References

1516	   [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
1517	              Extensions (MIME) Part One: Format of Internet Message
1518	              Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996,
1519	              <https://www.rfc-editor.org/info/rfc2045>.

1521	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
1522	              Requirement Levels", BCP 14, RFC 2119,
1523	              DOI 10.17487/RFC2119, March 1997, <https://www.rfc-
1524	              editor.org/info/rfc2119>.

1526	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
1527	              DOI 10.17487/RFC3688, January 2004, <https://www.rfc-
1528	              editor.org/info/rfc3688>.

1530	   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
1531	              Specifications: ABNF", STD 68, RFC 5234,
1532	              DOI 10.17487/RFC5234, January 2008, <https://www.rfc-
1533	              editor.org/info/rfc5234>.

1535	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
1536	              STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
1537	              <https://www.rfc-editor.org/info/rfc5730>.

1539	   [RFC5731]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1540	              Domain Name Mapping", STD 69, RFC 5731,
1541	              DOI 10.17487/RFC5731, August 2009, <https://www.rfc-
1542	              editor.org/info/rfc5731>.

1544	   [RFC5732]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1545	              Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732,
1546	              August 2009, <https://www.rfc-editor.org/info/rfc5732>.

1548	   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
1549	              Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,
1550	              August 2009, <https://www.rfc-editor.org/info/rfc5733>.

1552	   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
1553	              Code: The Implementation Status Section", BCP 205,
1554	              RFC 7942, DOI 10.17487/RFC7942, July 2016,
1555	              <https://www.rfc-editor.org/info/rfc7942>.

1557	   [W3C.CR-xmldsig-core2-20120124]
1558	              Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle,
1559	              J., Solo, D., Datta, P., and F. Hirsch, "XML Signature
1560	              Syntax and Processing Version 2.0", World Wide Web
1561	              Consortium CR CR-xmldsig-core2-20120124, January 2012,
1562	              <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>.

1564	8.2.  Informative References

1566	   [RFC7451]  Hollenbeck, S., "Extension Registry for the Extensible
1567	              Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451,
1568	              February 2015, <https://www.rfc-editor.org/info/rfc7451>.

1570	   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
1571	              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
1572	              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

1574	Appendix A.  Acknowledgements

1576	   The authors wish to thank the following persons for their feedback
1577	   and suggestions:

1579	   o  Gurshabad Grover

1581	Appendix B.  Change History

1583	B.1.  Change from 00 to 01

1585	   1.  Fixed pendingComplaince and complaint to pendingCompliance and
1586	       compliant in text.
1587	   2.  Fixed verificaton to verification.

1589	B.2.  Change from 01 to 02

1591	   1.  Added support for the notApplicable status value.

1593	B.3.  Change from 02 to 03

1595	   1.  Added regular expression pattern for the format of the
1596	       verification code token value in the XML schema.

1598	B.4.  Change from 03 to 04

1600	   1.  Ping update.

1602	B.5.  Change from 04 to REGEXT 00

1604	   1.  Changed to regext working group draft by changing draft-gould-
1605	       eppext-verificationcode to draft-ietf-regext-verificationcode.

1607	B.6.  Change from REGEXT 00 to REGEXT 01

1609	   1.  Ping update.

1611	B.7.  Change from REGEXT 01 to REGEXT 02

1613	   1.  Ping update.

1615	B.8.  Change from REGEXT 02 to REGEXT 03

1617	   1.  Moved RFC 7451 to an informational reference based on a check
1618	       done by the Idnits Tool.
1619	   2.  Replaced the IANA Registrant Contact to be "IESG".

1621	B.9.  Change from REGEXT 03 to REGEXT 04

1623	   1.  Added the Implementation Status section.
1624	   2.  Revised the sentence "The data verified by the VSP MUST be stored
1625	       by the VSP along with the generated verification code to address
1626	       any compliance issues." to "The VSP MUST store the proof of
1627	       verification and the generated verification code; and MAY store
1628	       the verified data.", and added text to the Security
1629	       Considerations section associated with storing the verification
1630	       data, based on feedback from Gurshabad Grover.

1632	Author's Address

1634	   James Gould
1635	   VeriSign, Inc.
1636	   12061 Bluemont Way
1637	   Reston, VA  20190
1638	   US

1640	   Email: jgould@verisign.com
1641	   URI:   http://www.verisign.com