idnits 2.17.1 

draft-wisser-registrylock-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There are 17 instances of too long lines in the document, the longest
     one being 13 characters in excess of 72.

  ** The abstract seems to contain references ([RFC5731], [RFC5732],
     [RFC5733]), which it shouldn't.  Please replace those with straight
     textual mentions of the documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  -- The document date (March 24, 2020) is 1493 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 7451


     Summary: 3 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Registration Protocols Extensions                              U. Wisser
3	Internet-Draft            The Swedish Internet Infrastructure Foundation
4	Intended status: Standards Track                          March 24, 2020
5	Expires: September 25, 2020

7	 Registry Lock Extension for the Extensible Provisioning Protocol (EPP)
8	                      draft-wisser-registrylock-01

10	Abstract

12	   This extensions defines an additional protective layer for changes to
13	   domain [RFC5731], host [RFC5732] and contact [RFC5733] objects
14	   managed through EPP.

16	   EPP allows changes to objects only by the sponsoring client.  EPP
17	   objects are usually managed by the sponsoring client on behalf of the
18	   sponsoring clients customers.  All of these interactions are ususally
19	   fully automated.

21	   In case of a system breach, there is no protection in EPP to changes
22	   to any object by the intruder.

24	   This extension defines a protective layer that aims to break
25	   automated changes and work flows by requiring manual intervention by
26	   the sponsoring client or it's customers.

28	Status of This Memo

30	   This Internet-Draft is submitted in full conformance with the
31	   provisions of BCP 78 and BCP 79.

33	   Internet-Drafts are working documents of the Internet Engineering
34	   Task Force (IETF).  Note that other groups may also distribute
35	   working documents as Internet-Drafts.  The list of current Internet-
36	   Drafts is at https://datatracker.ietf.org/drafts/current/.

38	   Internet-Drafts are draft documents valid for a maximum of six months
39	   and may be updated, replaced, or obsoleted by other documents at any
40	   time.  It is inappropriate to use Internet-Drafts as reference
41	   material or to cite them other than as "work in progress."

43	   This Internet-Draft will expire on September 25, 2020.

45	Copyright Notice

47	   Copyright (c) 2020 IETF Trust and the persons identified as the
48	   document authors.  All rights reserved.

50	   This document is subject to BCP 78 and the IETF Trust's Legal
51	   Provisions Relating to IETF Documents
52	   (https://trustee.ietf.org/license-info) in effect on the date of
53	   publication of this document.  Please review these documents
54	   carefully, as they describe your rights and restrictions with respect
55	   to this document.  Code Components extracted from this document must
56	   include Simplified BSD License text as described in Section 4.e of
57	   the Trust Legal Provisions and are provided without warranty as
58	   described in the Simplified BSD License.

60	Table of Contents

62	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
63	     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
64	   2.  Object Protection . . . . . . . . . . . . . . . . . . . . . .   3
65	     2.1.  Password Authorization  . . . . . . . . . . . . . . . . .   4
66	     2.2.  Out-of-band Authorization . . . . . . . . . . . . . . . .   4
67	     2.3.  Command Execution Restrictions  . . . . . . . . . . . . .   4
68	   3.  Object Attributes . . . . . . . . . . . . . . . . . . . . . .   5
69	     3.1.  Locking Status  . . . . . . . . . . . . . . . . . . . . .   5
70	   4.  EPP Command Mapping . . . . . . . . . . . . . . . . . . . . .   5
71	     4.1.  EPP Query Commands  . . . . . . . . . . . . . . . . . . .   5
72	       4.1.1.  EPP <check> Command . . . . . . . . . . . . . . . . .   5
73	       4.1.2.  EPP <info> Command  . . . . . . . . . . . . . . . . .   5
74	       4.1.3.  EPP <transfer> Command  . . . . . . . . . . . . . . .   8
75	     4.2.  EPP Transform Commands  . . . . . . . . . . . . . . . . .   8
76	       4.2.1.  EPP <create> Command  . . . . . . . . . . . . . . . .   8
77	       4.2.2.  EPP <delete> Command  . . . . . . . . . . . . . . . .   9
78	       4.2.3.  EPP <renew> Command . . . . . . . . . . . . . . . . .  10
79	       4.2.4.  EPP <transfer> Command  . . . . . . . . . . . . . . .  10
80	       4.2.5.  EPP <update> Command  . . . . . . . . . . . . . . . .  10
81	   5.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  13
82	     5.1.  Registry Lock Extension Schema  . . . . . . . . . . . . .  13
83	   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  14
84	     6.1.  XML Namespace . . . . . . . . . . . . . . . . . . . . . .  14
85	     6.2.  EPP Extension Registry  . . . . . . . . . . . . . . . . .  15
86	   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .  15
87	   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
88	   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  16
89	   10. Normative References  . . . . . . . . . . . . . . . . . . . .  16
90	   Appendix A.  Change History . . . . . . . . . . . . . . . . . . .  17
91	     A.1.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .  17
92	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  17

94	1.  Introduction

96	   This extensions defines an additional protective layer for changes to
97	   domain [RFC5731], host [RFC5732] and contact [RFC5733] objects
98	   managed through EPP.

100	   EPP allows changes to objects only by the sponsoring client.  EPP
101	   objects are usually managed by the sponsoring client on behalf of the
102	   sponsoring clients customers.  All of these interactions are ususally
103	   fully automated.

105	   In case of a system breach, there is no protection in EPP to changes
106	   to any object by the intruder.

108	   This extension defines a protective layer that aims to break
109	   automated changes and work flows by requiring manual intervention by
110	   the sponsoring client or it's customers.

112	1.1.  Conventions Used in This Document

114	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
115	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
116	   document are to be interpreted as described in RFC 2119 [RFC2119].

118	   XML is case sensitive.  Unless stated otherwise, XML specifications
119	   and examples provided in this document MUST be interpreted in the
120	   character case presented in order to develop a conforming
121	   implementation.

123	   In examples, "C:" represents lines sent by a protocol client and "S:"
124	   represents lines returned by a protocol server.  Indentation and
125	   white space in examples are provided only to illustrate element
126	   relationships and are not a REQUIRED feature of this protocol.

128	   "regLock" is used as an abbreviation for
129	   "urn:ietf:params:xml:ns:epp:registryLock-1.0".  The XML namespace
130	   prefix "reglock" is used, but implementations MUST NOT depend on it
131	   and instead employ a proper namespace-aware XML parser and serializer
132	   to interpret and output the XML documents.

134	2.  Object Protection

136	   This extension provides additional protection to objects managed by a
137	   sponsoring client on behalf of a registrant.  This is achieved by
138	   requiring additional authorization for transform commands.

140	   Solutions can be broadly categorized as in-band or out-of-band
141	   authorizations.  Where in-band authorizations would provide
142	   authorization through EPP.  Whereas out-of-band solutions provide
143	   authorization by some other means.

145	2.1.  Password Authorization

147	   In-band authorization uses the authorization possibilities provided
148	   by EPP Standards [RFC5730], [RFC5731], [RFC5732] and [RFC5733].

150	   Registries implementing in-band authorization should consider to
151	   require more secure passwords as specified in draft-ietf-regext-
152	   login-security.

154	2.2.  Out-of-band Authorization

156	   Out-of-band Authorization is not covered in this document.  By
157	   definition out of band authorization will not use EPP and therefor is
158	   not subject of consideration here.

160	2.3.  Command Execution Restrictions

162	   Once an object has Registry Lock enabled all transform commands
163	   except <renew> MUST only be executed if

165	      proper authorization is provided
166	      the object is unlocked

168	   Otherwise the command MUST be rejected with EPP result code 2201
169	   "Authorization error" [RFC5730] section 3.

171	   The following EPP flags [RFC5731], [RFC5732], [RFC5733] must be set.

173	      serverDeleteProhibited
174	      serverTransferProhibited
175	      serverUpdateProhibited

177	   If the object is unlocked the flags SHOULD be cleared and the server
178	   should answer to an <info> request with the according information.
179	   However, if the object is only temporarily unlocked, the flags SHOULD
180	   be cleared, but in an <info> response the server should still
181	   indicate that the object is under registry lock.

183	   OPEN QUESTION: If a domain is under registry lock, can a subordinate
184	   host be updated?

186	3.  Object Attributes

188	3.1.  Locking Status

190	   Locking Status information indicates if the additional protection of
191	   Registry Lock is enabled for an object.

193	   Boolean values MUST be represented in the XML Schema format described
194	   in Part 2 of the W3C XML Schema recommendation [W3C.REC-xmlschema-
195	   2-20010502].

197	4.  EPP Command Mapping

199	   A detailed description of the EPP syntax and semantics can be found
200	   in the EPP core protocol specification [RFC5730].

202	4.1.  EPP Query Commands

204	4.1.1.  EPP <check> Command

206	   This extension does not add any elements to the EPP <check> command
207	   or <check> response described in the EPP mappings [RFC5731],
208	   [RFC5732] or [RFC5733].

210	4.1.2.  EPP <info> Command

212	   This extension does not add any elements to the EPP <info> command
213	   described in the EPP domain mapping [RFC5731], host mapping [RFC5732]
214	   or contact mapping [RFC5733] However, additional elements are defined
215	   for the <info> response.

217	   When an <info> command has been processed successfully, the EPP
218	   <resData> element MUST contain child elements as described in the EPP
219	   object mappings.

221	   In addition, the EPP <extension> element SHOULD contain a child
222	   <regLock:infData> element that identifies the extension namespace the
223	   epp client has indicated support for the extension in the <login>
224	   command.

226	   The <regLock:infData> element contains the following child elements:

228	      Exactly one <locked> element that indicates if Registry Lock is
229	      enabled for the object.
230	      An OPTIONAL <unlockedUntil> element if the object currently can be
231	      changed by the sponsoring client.  The field indicates the time
232	      stamp when further changes will be impossible.

234	   Example <domain:info> Response, domain not locked

236	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
237	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
238	S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
239	S:  <response>
240	S:    <result code="1000">
241	S:      <msg>Command completed successfully</msg>
242	S:    </result>
243	S:    <resData>
244	S:      <domain:infData
245	...
246	S:      </domain:infData>
247	S:    </resData>
248	S:    <extension>
249	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
250	S:        <regLock:locked>0</regLock:locked>
251	S:      </regLock:infData>
252	S:    </extension>
253	S:    <trID>
254	S:      <clTRID>ABC-12345</clTRID>
255	S:      <svTRID>54322-XYZ</svTRID>
256	S:    </trID>
257	S:  </response>
258	S:</epp>

260	   Example <domain:info> Response, domain locked

262	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
263	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
264	S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
265	S:  <response>
266	S:    <result code="1000">
267	S:      <msg>Command completed successfully</msg>
268	S:    </result>
269	S:    <resData>
270	S:      <domain:infData
271	...
272	S:      </domain:infData>
273	S:    </resData>
274	S:    <extension>
275	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
276	S:        <regLock:locked>1</regLock:locked>
277	S:        <regLock:unlockedUntil>20000101T000000+0000</regLock:unlockedUntil>
278	S:      </regLock:infData>
279	S:    </extension>
280	S:    <trID>
281	S:      <clTRID>ABC-12345</clTRID>
282	S:      <svTRID>54322-XYZ</svTRID>
283	S:    </trID>
284	S:  </response>
285	S:</epp>

287	   Example <domain:info> Response, domain temporary unlocked

289	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
290	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
291	S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
292	S:  <response>
293	S:    <result code="1000">
294	S:      <msg>Command completed successfully</msg>
295	S:    </result>
296	S:    <resData>
297	S:      <domain:infData
298	...
299	S:      </domain:infData>
300	S:    </resData>
301	S:    <extension>
302	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
303	S:        <regLock:locked>1</regLock:locked>
304	S:        <regLock:unlockedUntil>20000101T000000+0000</regLock:unlockedUntil>
305	S:      </regLock:infData>
306	S:    </extension>
307	S:    <trID>
308	S:      <clTRID>ABC-12345</clTRID>
309	S:      <svTRID>54322-XYZ</svTRID>
310	S:    </trID>
311	S:  </response>
312	S:</epp>

314	4.1.3.  EPP <transfer> Command

316	   This extension does not add any elements to the EPP <transfer>
317	   command or <transfer> response described in the EPP domain mapping
318	   [RFC5731], [RFC5732] or [RFC5733].

320	4.2.  EPP Transform Commands

322	4.2.1.  EPP <create> Command

324	   This extension does add an <resData> element to the EPP <create>
325	   response as described in the EPP [RFC5730].

327	   This extension is inteded to be used within the scope of the object
328	   creation.  It does not define a <create/> command of it's own.

330	   Example <host:create> command

332	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
333	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
334	C:  <command>
335	C:    <create>
336	C:      <host:create
337	C:       xmlns:host="urn:ietf:params:xml:ns:host-1.0">
338	C:        <host:name>ns1.example.com</host:name>
339	C:        <host:addr ip="v4">192.0.2.2</host:addr>
340	C:        <host:addr ip="v4">192.0.2.29</host:addr>
341	C:        <host:addr ip="v6">1080:0:0:0:8:800:200C:417A</host:addr>
342	C:      </host:create>
343	C:    </create>
344	C:    <extension>
345	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
346	C:        <regLock:unlock>outofband</locked>
347	C:      </regLock:lock>
348	C:    </extension>
349	C:    <clTRID>ABC-12345</clTRID>
350	C:  </command>
351	C:</epp>

353	   Example <host:update> response

355	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
356	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
357	S:  <response>
358	S:    <result code="1000">
359	S:      <msg>Command completed successfully</msg>
360	S:    </result>
361	S:    <resData>
362	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
363	S:        <regLock:locked>1</locked>
364	S:      </regLock:infData>
365	S:    </resData>
366	S:    <trID>
367	S:      <clTRID>ABC-12345</clTRID>
368	S:      <svTRID>54321-XYZ</svTRID>
369	S:    </trID>
370	S:  </response>
371	S:</epp>

373	4.2.2.  EPP <delete> Command

375	   This extension does not add any elements to the EPP <delete> command
376	   or <delete> response described in the EPP mappings [RFC5731],
377	   [RFC5732] or [RFC5733].

379	   If the object is locked, the EPP <delete> command MUST be rejected
380	   with EPP response code 2201 "Authorization error" [RFC5730] section
381	   3.  See Section 2.3

383	4.2.3.  EPP <renew> Command

385	   This extension does not add any elements to the EPP <renew> command
386	   or <renew> response described in the EPP mappings [RFC5731],
387	   [RFC5732] or [RFC5733].

389	   Execution of the EPP <renew> command is not restricted by this
390	   extension.

392	4.2.4.  EPP <transfer> Command

394	   This extension does not add any elements to the EPP <transfer>
395	   command or <transfer> response described in the EPP mappings
396	   [RFC5731], [RFC5732] or [RFC5733].

398	   If the object is locked, the EPP <transfer> command MUST be rejected
399	   with EPP response code 2201 "Authorization error" [RFC5730] section
400	   3.  See Section 2.3

402	4.2.5.  EPP <update> Command

404	   This extension does add an elements to the EPP <update:resData>
405	   section of the response as described in [RFC5730].

407	   If the object is locked, the EPP <update> the only allowed <update>
408	   command is a temporary unlock.  All other <update> commands MUST be
409	   rejected with EPP response code 2201 "Authorization error" [RFC5730]
410	   section 3.  See Section 2.3

412	   If the object is temporarily unlocked only <update> commands are
413	   allowed.  <delete> and <transfer> are explicitly not allowed.
414	   Registries can further narrow down allowed changes, e.g. registries
415	   could prohobit changes of registrant for doamins even under temporary
416	   unlock.

418	   IF the object is temporarily unlocked, the SEVER_UPDATE_PROHIBITED
419	   status should be cleared for the time of the temporary unock.

421	   Example <domain:update> command, locking domain

423	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
424	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
425	C:  <command>
426	C:    <update>
427	C:      <domain:update
428	C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
429	C:        <domain:name>example.com</domain:name>
430	C:      </domain:update>
431	C:    </update>
432	C:    <extension>
433	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
434	C:        <regLock:unlock>outofband</locked>
435	C:      </regLock:lock>
436	C:    </extension>
437	C:    <clTRID>ABC-12345</clTRID>
438	C:  </command>
439	C:</epp>

441	   Example <domain:update> response

443	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
444	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
445	S:  <response>
446	S:    <result code="1000">
447	S:      <msg>Command completed successfully</msg>
448	S:    </result>
449	S:    <resData>
450	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
451	S:        <regLock:locked>1</locked>
452	S:      </regLock:infData>
453	S:    </resData>
454	S:    <trID>
455	S:      <clTRID>ABC-12345</clTRID>
456	S:      <svTRID>54321-XYZ</svTRID>
457	S:    </trID>
458	S:  </response>
459	S:</epp>

461	   Example <domain:update> command, for temporary unlock of domain

463	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
464	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
465	C:  <command>
466	C:    <update>
467	C:      <domain:update
468	C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
469	C:        <domain:name>example.com</domain:name>
470	C:        <domain:authInfo>
471	C:          <domain:pw>******</domain:pw>
472	C:        </domain:authInfo>
473	C:      </domain:update>
474	C:    </update>
475	C:    <extension>
476	C:      <regLock:lock xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
477	C:        <regLock:unlockUntil>20000101T000000+0000</regLock:unlockUntil>
478	C:      </regLock:lock>
479	C:    </extension>
480	C:    <clTRID>ABC-12345</clTRID>
481	C:  </command>
482	C:</epp>

484	   Example <domain:update> response, for temporary unlock of domain

486	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
487	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
488	S:  <response>
489	S:    <result code="1000">
490	S:      <msg>Command completed successfully</msg>
491	S:    </result>
492	S:    <resData>
493	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
494	S:        <regLock:locked>1</locked>
495	S:        <regLock:unlockedUntil>20000101T000000+0000</regLock:unlockedUntil>
496	S:      </regLock:infData>
497	S:    </resData>
498	S:    <trID>
499	S:      <clTRID>ABC-12345</clTRID>
500	S:      <svTRID>54321-XYZ</svTRID>
501	S:    </trID>
502	S:  </response>
503	S:</epp>

505	   Example <domain:update> response, for failure of temporary unlock of
506	   domain

508	S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
509	S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
510	S:  <response>
511	S:    <result code="2201">
512	S:      <msg>Authorization error</msg>
513	S:    </result>
514	S:    <resData>
515	S:      <regLock:infData xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
516	S:        <regLock:locked>1</locked>
517	S:      </regLock:infData>
518	S:    </resData>
519	S:    <trID>
520	S:      <clTRID>ABC-12345</clTRID>
521	S:      <svTRID>54321-XYZ</svTRID>
522	S:    </trID>
523	S:  </response>
524	S:</epp>

526	5.  Formal Syntax

528	   One schema is presented here that is the EPP Registry Lock Extension
529	   schema.

531	   The formal syntax presented here is a complete schema representation
532	   of the object mapping suitable for automated validation of EPP XML
533	   instances.  The BEGIN and END tags are not part of the schema; they
534	   are used to note the beginning and ending of the schema for URI
535	   registration purposes.

537	5.1.  Registry Lock Extension Schema
538	BEGIN
539	<?xml version="1.0" encoding="UTF-8"?>
540	<xs:schema targetNamespace="urn:se:iis:xml:epp:registryLock-1.0"
541	          xmlns:registryLock="urn:se:iis:xml:epp:registryLock-1.0"
542	          xmlns:xs="http://www.w3.org/2001/XMLSchema"
543	          elementFormDefault="qualified">

545	    <xs:annotation>
546	      <xs:documentation>
547	        Registry Lock Extension to the Extensible Provisioning Protocol v1.0
548	      </xs:documentation>
549	    </xs:annotation>

551	    <xs:element name="lock" type="registryLock:lockType" />

553	    <xs:complexType name="lockType">
554	      <xs:sequence>
555	            <simpleType name="unlock" minOccurs="0">
556	          <restriction base="token">
557	            <enumeration value="outofband"/>
558	            <enumeration value="password"/>
559	          </restriction>
560	        </simpleType>
561	                <xs:element name="unlockUntil" type="xs:dateTime" minOccurs="0" />
562	      </xs:sequence>
563	    </xs:complexType>

565	    <xs:element name="infData" type="registryLock:infDataType"/>

567	    <xs:complexType name="infDataType">
568	      <xs:sequence>
569	        <xs:element name="locked" type="xs:boolean" />
570	        <xs:element name="unlockedUntil" type="xs:dateTime" minOccurs="0" />
571	      </xs:sequence>
572	    </xs:complexType>

574	</xs:schema>
575	END

577	6.  IANA Considerations

579	6.1.  XML Namespace

581	   This document uses URNs to describe XML namespaces and XML schemas
582	   conforming to a registry mechanism described in [RFC3688].  The
583	   following URI assignment is requested of IANA:

585	   Registration request for the registryLock namespace:

587	      URI: urn:ietf:params:xml:ns:epp:registryLock-1.0
588	      Registrant Contact: IESG
589	      XML: None.  Namespace URIs do not represent an XML specification.

591	   Registration request for the registryLock XML schema:

593	      URI: urn:ietf:params:xml:schema:epp:registryLock-1.0
594	      Registrant Contact: IESG
595	      XML: See the "Formal Syntax" section of this document.

597	6.2.  EPP Extension Registry

599	   The EPP extension described in this document should be registered by
600	   the IANA in the EPP Extension Registry described in [RFC7451].  The
601	   details of the registration are as follows:

603	   Name of Extension: "Registry Lock Extension for the Extensible
604	   Provisioning Protocol (EPP)"

606	   Document status: Standards Track

608	   Reference: (insert reference to RFC version of this document)

610	   Registrant Name and Email Address: IESG, <iesg@ietf.org>

612	   TLDs: Any

614	   IPR Disclosure: None

616	   Status: Active

618	   Notes: None

620	7.  Implementation Status

622	   Note to RFC Editor: Please remove this section and the reference to
623	   RFC 7942 [RFC7942] before publication.

625	   Implemented by .SE since 2019.

627	8.  Security Considerations

629	   The security properties of EPP from [RFC5730] are preserved.

631	   This extensions introduces an additional security layer for changes
632	   of objects managed through EPP.  The overall security of these
633	   measures depends on policies and procedures not covered in this
634	   document.

636	9.  Acknowledgements

638	   The authors wish to thank the following persons for their feedback
639	   and suggestions:

641	10.  Normative References

643	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
644	              Requirement Levels", BCP 14, RFC 2119,
645	              DOI 10.17487/RFC2119, March 1997,
646	              <https://www.rfc-editor.org/info/rfc2119>.

648	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
649	              DOI 10.17487/RFC3688, January 2004,
650	              <https://www.rfc-editor.org/info/rfc3688>.

652	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
653	              STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
654	              <https://www.rfc-editor.org/info/rfc5730>.

656	   [RFC5731]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
657	              Domain Name Mapping", STD 69, RFC 5731,
658	              DOI 10.17487/RFC5731, August 2009,
659	              <https://www.rfc-editor.org/info/rfc5731>.

661	   [RFC5732]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
662	              Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732,
663	              August 2009, <https://www.rfc-editor.org/info/rfc5732>.

665	   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
666	              Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,
667	              August 2009, <https://www.rfc-editor.org/info/rfc5733>.

669	   [RFC7451]  Hollenbeck, S., "Extension Registry for the Extensible
670	              Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451,
671	              February 2015, <https://www.rfc-editor.org/info/rfc7451>.

673	   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
674	              Code: The Implementation Status Section", BCP 205,
675	              RFC 7942, DOI 10.17487/RFC7942, July 2016,
676	              <https://www.rfc-editor.org/info/rfc7942>.

678	   [W3C.REC-xmlschema-2-20041028]
679	              Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes
680	              Second Edition", World Wide Web Consortium Recommendation
681	              REC-xmlschema-2-20041028, October 2004,
682	              <http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.

684	Appendix A.  Change History

686	A.1.  Change from 00 to 01

688	   1.  Corrected information for the <create/> command.
689	   2.  Minor fixes in wording.
690	   3.  Introduces resData element.

692	Author's Address

694	   Ulrich Wisser
695	   The Swedish Internet Infrastructure Foundation
696	   Box 92073
697	   Stockholm  12007
698	   SE

700	   Email: ulrich@wisser.se
701	   URI:   https://www.internetstiftelsen.se