idnits 2.17.1 

draft-wisser-registrylock-00.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 14 instances of too long lines in the document, the longest
     one being 13 characters in excess of 72.

  ** The abstract seems to contain references ([RFC5731], [RFC5732],
     [RFC5733]), which it shouldn't.  Please replace those with straight
     textual mentions of the documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (March 23, 2019) is 1859 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 7451


     Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                          U. Wisser
3	Internet-Draft            The Swedish Internet Infrastructure Foundation
4	Intended status: Standards Track                          March 23, 2019
5	Expires: September 24, 2019

7	 Registry Lock Extension for the Extensible Provisioning Protocol (EPP)
8	                      draft-wisser-registrylock-00

10	Abstract

12	   This extensions defines an additional protective layer for changes to
13	   domain [RFC5731], host [RFC5732] and contact [RFC5733] objects
14	   managed through EPP.

16	   EPP allows changes to objects only by the sponsoring client.  EPP
17	   objects are usually managed by the sponsoring client on behalf of the
18	   sponsoring clients customers.  There is no protection in EPP to
19	   changes to an object by the sponsoring client that are not authorized
20	   by the the customer.

22	   This extension defines a protective layer that aims to break
23	   automated changes and work flows by requiring manual intervention by
24	   the sponsoring client or it's customers.

26	Status of This Memo

28	   This Internet-Draft is submitted in full conformance with the
29	   provisions of BCP 78 and BCP 79.

31	   Internet-Drafts are working documents of the Internet Engineering
32	   Task Force (IETF).  Note that other groups may also distribute
33	   working documents as Internet-Drafts.  The list of current Internet-
34	   Drafts is at https://datatracker.ietf.org/drafts/current/.

36	   Internet-Drafts are draft documents valid for a maximum of six months
37	   and may be updated, replaced, or obsoleted by other documents at any
38	   time.  It is inappropriate to use Internet-Drafts as reference
39	   material or to cite them other than as "work in progress."

41	   This Internet-Draft will expire on September 24, 2019.

43	Copyright Notice

45	   Copyright (c) 2019 IETF Trust and the persons identified as the
46	   document authors.  All rights reserved.

48	   This document is subject to BCP 78 and the IETF Trust's Legal
49	   Provisions Relating to IETF Documents
50	   (https://trustee.ietf.org/license-info) in effect on the date of
51	   publication of this document.  Please review these documents
52	   carefully, as they describe your rights and restrictions with respect
53	   to this document.  Code Components extracted from this document must
54	   include Simplified BSD License text as described in Section 4.e of
55	   the Trust Legal Provisions and are provided without warranty as
56	   described in the Simplified BSD License.

58	Table of Contents

60	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
61	     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
62	   2.  Object Protection . . . . . . . . . . . . . . . . . . . . . .   3
63	     2.1.  In-band Authorization . . . . . . . . . . . . . . . . . .   4
64	     2.2.  Out-of-band Authorization . . . . . . . . . . . . . . . .   4
65	     2.3.  Command Execution Restrictions  . . . . . . . . . . . . .   4
66	   3.  Object Attributes . . . . . . . . . . . . . . . . . . . . . .   4
67	     3.1.  Locking Status  . . . . . . . . . . . . . . . . . . . . .   4
68	   4.  EPP Command Mapping . . . . . . . . . . . . . . . . . . . . .   5
69	     4.1.  EPP Query Commands  . . . . . . . . . . . . . . . . . . .   5
70	       4.1.1.  EPP <check> Command . . . . . . . . . . . . . . . . .   5
71	       4.1.2.  EPP <info> Command  . . . . . . . . . . . . . . . . .   5
72	       4.1.3.  EPP <transfer> Command  . . . . . . . . . . . . . . .   8
73	     4.2.  EPP Transform Commands  . . . . . . . . . . . . . . . . .   8
74	       4.2.1.  EPP <create> Command  . . . . . . . . . . . . . . . .   8
75	       4.2.2.  EPP <delete> Command  . . . . . . . . . . . . . . . .  10
76	       4.2.3.  EPP <renew> Command . . . . . . . . . . . . . . . . .  11
77	       4.2.4.  EPP <transfer> Command  . . . . . . . . . . . . . . .  11
78	       4.2.5.  EPP <update> Command  . . . . . . . . . . . . . . . .  11
79	   5.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  13
80	     5.1.  Registry Lock Extension Schema  . . . . . . . . . . . . .  13
81	   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
82	     6.1.  XML Namespace . . . . . . . . . . . . . . . . . . . . . .  14
83	     6.2.  EPP Extension Registry  . . . . . . . . . . . . . . . . .  15
84	   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .  15
85	   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
86	   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  16
87	   10. Normative References  . . . . . . . . . . . . . . . . . . . .  16
88	   Appendix A.  Change History . . . . . . . . . . . . . . . . . . .  17
89	     A.1.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .  17
90	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  17

92	1.  Introduction

94	   This extensions defines an additional protective layer for changes to
95	   domain [RFC5731], host [RFC5732] and contact [RFC5733] objects
96	   managed through EPP.

98	   EPP allows changes to objects only by the sponsoring client.  EPP
99	   objects are usually managed by the sponsoring client on behalf of the
100	   sponsoring clients customers.  There is no protection in EPP to
101	   changes to an object by the sponsoring client that are not authorized
102	   by the the customer.

104	   This extension defines a protective layer that aims to break
105	   automated changes and work flows by requiring manual intervention by
106	   the sponsoring client or it's customers.

108	1.1.  Conventions Used in This Document

110	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
111	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
112	   document are to be interpreted as described in RFC 2119 [RFC2119].

114	   XML is case sensitive.  Unless stated otherwise, XML specifications
115	   and examples provided in this document MUST be interpreted in the
116	   character case presented in order to develop a conforming
117	   implementation.

119	   In examples, "C:" represents lines sent by a protocol client and "S:"
120	   represents lines returned by a protocol server.  Indentation and
121	   white space in examples are provided only to illustrate element
122	   relationships and are not a REQUIRED feature of this protocol.

124	   "regLock" is used as an abbreviation for
125	   "urn:ietf:params:xml:ns:epp:registryLock-1.0".  The XML namespace
126	   prefix "reglock" is used, but implementations MUST NOT depend on it
127	   and instead employ a proper namespace-aware XML parser and serializer
128	   to interpret and output the XML documents.

130	2.  Object Protection

132	   This extension provides additional protection to objects managed by a
133	   sponsoring client on behalf of a registrant.  This is achieved by
134	   requiring additional authorization for transform commands.

136	   Solutions can be broadly categorized as in-band or out-of-band
137	   authorizations.  Where in-band authorizations would provide
138	   authorization through EPP.  Whereas out-of-band solutions provide
139	   authorization by some other means.

141	2.1.  In-band Authorization

143	   In-band authorization uses the authorization possibilities provided
144	   by EPP Standards [RFC5730], [RFC5731], [RFC5732] and [RFC5733].

146	2.2.  Out-of-band Authorization

148	   Out-of-band Authorization is not covered in this document.  By
149	   definition out of band authorization will not use EPP and therefor is
150	   not subject of consideration here.

152	2.3.  Command Execution Restrictions

154	   Once an object has Registry Lock enabled all transform commands
155	   except <renew> MUST only be executed if

157	      proper authorization is provided
158	      the object is unlocked out-of-band

160	   Otherwise the command MUST be rejected with EPP result code 2201
161	   "Authorization error" [RFC5730] section 3.

163	   Additionally the following EPP flags [RFC5731], [RFC5731], [RFC5731]
164	   must be set.

166	      serverDeleteProhibited
167	      serverTransferProhibited
168	      serverUpdateProhibited

170	   If the object is unlocked the flags SHOULD be cleared and the server
171	   should answer to an <info> request with the according information.
172	   However, if the object is only temporarily unlocked, the flags SHOULD
173	   be cleared, but in an <info> response the server should still
174	   indicate that the object is under registry lock.

176	   OPEN QUESTION: If a domain is under registry lock, can a subordinate
177	   host be update?

179	3.  Object Attributes

181	3.1.  Locking Status

183	   Locking Status information indicates if the additional protection of
184	   Registry Lock is enabled for an object.

186	   Boolean values MUST be represented in the XML Schema format described
187	   in Part 2 of the W3C XML Schema recommendation [W3C.REC-xmlschema-
188	   2-20010502].

190	4.  EPP Command Mapping

192	   A detailed description of the EPP syntax and semantics can be found
193	   in the EPP core protocol specification [RFC5730].

195	4.1.  EPP Query Commands

197	4.1.1.  EPP <check> Command

199	   This extension does not add any elements to the EPP <check> command
200	   or <check> response described in the EPP mappings [RFC5731],
201	   [RFC5732] or [RFC5733].

203	4.1.2.  EPP <info> Command

205	   This extension does not add any elements to the EPP <info> command
206	   described in the EPP domain mapping [RFC5731], host mapping [RFC5732]
207	   or contact mapping [RFC5733] However, additional elements are defined
208	   for the <info> response.

210	   When an <info> command has been processed successfully, the EPP
211	   <resData> element MUST contain child elements as described in the EPP
212	   object mappings.

214	   In addition, the EPP <extension> element SHOULD contain a child
215	   <regLock:infData> element that identifies the extension namespace the
216	   epp client has indicated support for the extension in the <login>
217	   command.

219	   The <regLock:infData> element contains the following child elements:

221	      Exactly one <locked> element that indicates if Registry Lock is
222	      enabled for the object.
223	      An OPTIONAL <unlockedUntil> element if the object currently can be
224	      changed by the sponsoring client.  The field indicates the time
225	      stamp when further changes will be impossible.

227	   Example <domain:info> Response

229	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
230	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
231	S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
232	S:  <response>
233	S:    <result code="1000">
234	S:      <msg>Command completed successfully</msg>
235	S:    </result>
236	S:    <resData>
237	S:      <domain:infData
238	...
239	S:      </domain:infData>
240	S:    </resData>
241	S:    <extension>
242	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
243	S:        <regLock:locked>1</regLock:locked>
244	S:        <regLock:unlockedUntil>20000101T000000+0000</regLock:unlockedUntil>
245	S:      </regLock:infData>
246	S:    </extension>
247	S:    <trID>
248	S:      <clTRID>ABC-12345</clTRID>
249	S:      <svTRID>54322-XYZ</svTRID>
250	S:    </trID>
251	S:  </response>
252	S:</epp>

254	   Example <host:info> Response

256	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
257	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
258	S:  <response>
259	S:    <result code="1000">
260	S:      <msg>Command completed successfully</msg>
261	S:    </result>
262	S:    <resData>
263	S:      <host:infData
264	S:       xmlns:host="urn:ietf:params:xml:ns:host-1.0">
265	...
266	S:      </host:infData>
267	S:    </resData>
268	S:    <extension>
269	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
270	S:        <regLock:locked>1</regLock:locked>
271	S:        <regLock:unlockedUntil>20000101T000000+0000</regLock:unlockedUntil>
272	S:      </regLock:infData>
273	S:    </extension>
274	S:    <trID>
275	S:      <clTRID>ABC-12345</clTRID>
276	S:      <svTRID>54322-XYZ</svTRID>
277	S:    </trID>
278	S:  </response>
279	S:</epp>

281	   Example <contact:info> Response

283	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
284	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
285	S:  <response>
286	S:    <result code="1000">
287	S:      <msg>Command completed successfully</msg>
288	S:    </result>
289	S:    <resData>
290	S:      <contact:infData
291	...
292	S:      </contact:infData>
293	S:    </resData>
294	S:    <extension>
295	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
296	S:        <regLock:locked>1</regLock:locked>
297	S:        <regLock:unlockedUntil>20000101T000000+0000</regLock:unlockedUntil>
298	S:      </regLock:infData>
299	S:    </extension>
300	S:    <trID>
301	S:      <clTRID>ABC-12345</clTRID>
302	S:      <svTRID>54322-XYZ</svTRID>
303	S:    </trID>
304	S:  </response>
305	S:</epp>

307	4.1.3.  EPP <transfer> Command

309	   This extension does not add any elements to the EPP <transfer>
310	   command or <transfer> response described in the EPP domain mapping
311	   [RFC5731], [RFC5732] or [RFC5733].

313	4.2.  EPP Transform Commands

315	4.2.1.  EPP <create> Command

317	   This extension does not add any elements to the EPP <create> response
318	   described in the EPP mappings [RFC5731], [RFC5732] or [RFC5733].

320	   If the object is locked, the EPP <create> command MUST be rejected
321	   with EPP response code 2201 "Authorization error" [RFC5730] section
322	   3.  See Section 2.3

324	   Example <domain:create> command

326	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
327	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
328	C:  <command>
329	C:    <create>
330	C:      <domain:create
331	C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
332	C:        <domain:name>example.com</domain:name>
333	C:        <domain:period unit="y">2</domain:period>
334	C:        <domain:ns>
335	C:          <domain:hostObj>ns1.example.net</domain:hostObj>
336	C:          <domain:hostObj>ns2.example.net</domain:hostObj>
337	C:        </domain:ns>
338	C:        <domain:registrant>jd1234</domain:registrant>
339	C:        <domain:contact type="admin">sh8013</domain:contact>
340	C:        <domain:contact type="tech">sh8013</domain:contact>
341	C:        <domain:authInfo>
342	C:          <domain:pw>2fooBAR</domain:pw>
343	C:        </domain:authInfo>
344	C:      </domain:create>
345	C:    </create>
346	C:    <extension>
347	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
348	C:        <regLock:unlock>outofband</locked>
349	C:      </regLock:lock>
350	C:    </extension>
351	C:    <clTRID>ABC-12345</clTRID>
352	C:  </command>
353	C:</epp>

355	   Example <host:create> command

357	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
358	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
359	C:  <command>
360	C:    <create>
361	C:      <host:create
362	C:       xmlns:host="urn:ietf:params:xml:ns:host-1.0">
363	C:        <host:name>ns1.example.com</host:name>
364	C:        <host:addr ip="v4">192.0.2.2</host:addr>
365	C:        <host:addr ip="v4">192.0.2.29</host:addr>
366	C:        <host:addr ip="v6">1080:0:0:0:8:800:200C:417A</host:addr>
367	C:      </host:create>
368	C:    </create>
369	C:    <extension>
370	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
371	C:        <regLock:unlock>outofband</locked>
372	C:      </regLock:lock>
373	C:    </extension>
374	C:    <clTRID>ABC-12345</clTRID>
375	C:  </command>
376	C:</epp>

378	   Example <contact:create> command

380	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
381	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
382	C:  <command>
383	C:    <create>
384	C:      <contact:create
385	C:       xmlns:contact="urn:ietf:params:xml:ns:contact-1.0">
386	...
387	C:      </contact:create>
388	C:    </create>
389	C:    <extension>
390	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
391	C:        <regLock:unlock>outofband</locked>
392	C:      </regLock:lock>
393	C:    </extension>
394	C:    <clTRID>ABC-12345</clTRID>
395	C:  </command>
396	C:</epp>

398	4.2.2.  EPP <delete> Command

400	   This extension does not add any elements to the EPP <delete> command
401	   or <delete> response described in the EPP mappings [RFC5731],
402	   [RFC5732] or [RFC5733].

404	   The EPP <delete> command MUST be rejected with EPP response code 2201
405	   "Authorization error" [RFC5730] section 3.  See Section 2.3

407	4.2.3.  EPP <renew> Command

409	   This extension does not add any elements to the EPP <renew> command
410	   or <renew> response described in the EPP mappings [RFC5731],
411	   [RFC5732] or [RFC5733].

413	   Execution of the EPP <renew> command is not restricted by this
414	   extension.

416	4.2.4.  EPP <transfer> Command

418	   This extension does not add any elements to the EPP <transfer>
419	   command or <transfer> response described in the EPP mappings
420	   [RFC5731], [RFC5732] or [RFC5733].

422	   The EPP <transfer> command MUST be rejected with EPP response code
423	   2201 "Authorization error" [RFC5730] section 3.  See Section 2.3

425	4.2.5.  EPP <update> Command

427	   This extension does not add any elements to the EPP <update> response
428	   described in the EPP mappings [RFC5731], [RFC5732] or [RFC5733].

430	   If the object is locked, the EPP <update> command MUST be rejected
431	   with EPP response code 2201 "Authorization error" [RFC5730] section
432	   3.  See Section 2.3

434	   Example <domain:update> Response

436	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
437	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
438	C:  <command>
439	C:    <update>
440	C:      <domain:update
441	C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
442	C:        <domain:name>example.com</domain:name>
443	C:      </domain:update>
444	C:    </update>
445	C:    <extension>
446	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
447	C:        <regLock:unlock>outofband</locked>
448	C:      </regLock:lock>
449	C:    </extension>
450	C:    <clTRID>ABC-12345</clTRID>
451	C:  </command>
452	C:</epp>

454	   Example <host:update> Response

456	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
457	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
458	C:  <command>
459	C:    <update>
460	C:      <host:update
461	C:       xmlns:host="urn:ietf:params:xml:ns:host-1.0">
462	C:        <host:name>ns1.example.com</host:name>
463	C:      </host:update>
464	C:    </update>
465	C:    <extension>
466	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
467	C:        <regLock:unlock>outofband</locked>
468	C:      </regLock:lock>
469	C:    </extension>
470	C:    <clTRID>ABC-12345</clTRID>
471	C:  </command>
472	C:</epp>

474	   Example <contact:update> Response

476	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
477	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
478	C:  <command>
479	C:    <update>
480	C:      <contact:update
481	C:       xmlns:contact="urn:ietf:params:xml:ns:contact-1.0">
482	C:        <contact:id>sh8013</contact:id>
483	C:      </contact:update>
484	C:    </update>
485	C:    <extension>
486	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
487	C:        <regLock:unlock>outofband</locked>
488	C:      </regLock:lock>
489	C:    </extension>
490	C:    <clTRID>ABC-12345</clTRID>
491	C:  </command>
492	C:</epp>

494	5.  Formal Syntax

496	   One schema is presented here that is the EPP Registry Lock Extension
497	   schema.

499	   The formal syntax presented here is a complete schema representation
500	   of the object mapping suitable for automated validation of EPP XML
501	   instances.  The BEGIN and END tags are not part of the schema; they
502	   are used to note the beginning and ending of the schema for URI
503	   registration purposes.

505	5.1.  Registry Lock Extension Schema
506	BEGIN
507	<?xml version="1.0" encoding="UTF-8"?>
508	<xs:schema targetNamespace="urn:se:iis:xml:epp:registryLock-1.0"
509	          xmlns:registryLock="urn:se:iis:xml:epp:registryLock-1.0"
510	          xmlns:xs="http://www.w3.org/2001/XMLSchema"
511	          elementFormDefault="qualified">

513	    <xs:annotation>
514	      <xs:documentation>
515	        Registry Lock Extension to the Extensible Provisioning Protocol v1.0
516	      </xs:documentation>
517	    </xs:annotation>

519	    <xs:element name="lock" type="registryLock:lockType" />

521	    <xs:complexType name="lockType">
522	      <xs:sequence>
523	            <simpleType name="unlock">
524	          <restriction base="token">
525	            <enumeration value="outofband"/>
526	            <enumeration value="password"/>
527	          </restriction>
528	        </simpleType>
529	      </xs:sequence>
530	    </xs:complexType>

532	    <xs:element name="infData" type="registryLock:infDataType"/>

534	    <xs:complexType name="infDataType">
535	      <xs:sequence>
536	        <xs:element name="locked" type="xs:boolean" />
537	        <xs:element name="unlockedUntil" type="xs:dateTime" minOccurs="0" />
538	      </xs:sequence>
539	    </xs:complexType>

541	</xs:schema>
542	END

544	6.  IANA Considerations

546	6.1.  XML Namespace

548	   This document uses URNs to describe XML namespaces and XML schemas
549	   conforming to a registry mechanism described in [RFC3688].  The
550	   following URI assignment is requested of IANA:

552	   Registration request for the registryLock namespace:

554	      URI: urn:ietf:params:xml:ns:epp:registryLock-1.0
555	      Registrant Contact: IESG
556	      XML: None.  Namespace URIs do not represent an XML specification.

558	   Registration request for the registryLock XML schema:

560	      URI: urn:ietf:params:xml:schema:epp:registryLock-1.0
561	      Registrant Contact: IESG
562	      XML: See the "Formal Syntax" section of this document.

564	6.2.  EPP Extension Registry

566	   The EPP extension described in this document should be registered by
567	   the IANA in the EPP Extension Registry described in [RFC7451].  The
568	   details of the registration are as follows:

570	   Name of Extension: "Registry Lock Extension for the Extensible
571	   Provisioning Protocol (EPP)"

573	   Document status: Standards Track

575	   Reference: (insert reference to RFC version of this document)

577	   Registrant Name and Email Address: IESG, <iesg@ietf.org>

579	   TLDs: Any

581	   IPR Disclosure: None

583	   Status: Active

585	   Notes: None

587	7.  Implementation Status

589	   Note to RFC Editor: Please remove this section and the reference to
590	   RFC 7942 [RFC7942] before publication.

592	   TBD

594	8.  Security Considerations

596	   The security properties of EPP from [RFC5730] are preserved.

598	   This extensions introduces an additional security layer for changes
599	   of objects managed through EPP.  The overall security of these
600	   measures depends on policies and procedures not covered in this
601	   document.

603	9.  Acknowledgements

605	   The authors wish to thank the following persons for their feedback
606	   and suggestions:

608	10.  Normative References

610	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
611	              Requirement Levels", BCP 14, RFC 2119,
612	              DOI 10.17487/RFC2119, March 1997,
613	              <https://www.rfc-editor.org/info/rfc2119>.

615	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
616	              DOI 10.17487/RFC3688, January 2004,
617	              <https://www.rfc-editor.org/info/rfc3688>.

619	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
620	              STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
621	              <https://www.rfc-editor.org/info/rfc5730>.

623	   [RFC5731]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
624	              Domain Name Mapping", STD 69, RFC 5731,
625	              DOI 10.17487/RFC5731, August 2009,
626	              <https://www.rfc-editor.org/info/rfc5731>.

628	   [RFC5732]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
629	              Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732,
630	              August 2009, <https://www.rfc-editor.org/info/rfc5732>.

632	   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
633	              Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,
634	              August 2009, <https://www.rfc-editor.org/info/rfc5733>.

636	   [RFC7451]  Hollenbeck, S., "Extension Registry for the Extensible
637	              Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451,
638	              February 2015, <https://www.rfc-editor.org/info/rfc7451>.

640	   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
641	              Code: The Implementation Status Section", BCP 205,
642	              RFC 7942, DOI 10.17487/RFC7942, July 2016,
643	              <https://www.rfc-editor.org/info/rfc7942>.

645	   [W3C.REC-xmlschema-2-20041028]
646	              Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes
647	              Second Edition", World Wide Web Consortium Recommendation
648	              REC-xmlschema-2-20041028, October 2004,
649	              <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.

651	Appendix A.  Change History

653	A.1.  Change from 00 to 01

655	   1.  None yet :-)

657	Author's Address

659	   Ulrich Wisser
660	   The Swedish Internet Infrastructure Foundation
661	   Box 92073
662	   Stockholm  12007
663	   SE

665	   Email: ulrich.wisser@internetstiftelsen.se
666	   URI:   https://www.internetstiftelsen.se