idnits 2.17.1 

draft-wisser-registrylock-04.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** There is 1 instance of too long lines in the document, the longest one
     being 13 characters in excess of 72.

  ** The abstract seems to contain references ([RFC5731], [RFC5732],
     [RFC5733]), which it shouldn't.  Please replace those with straight
     textual mentions of the documents in question.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

  == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD',
     or 'RECOMMENDED' is not an accepted usage according to RFC 2119.  Please
     use uppercase 'NOT' together with RFC 2119 keywords (if that is what you
     mean).
     
     Found 'MUST not' in this paragraph:
     
     Current EPP authorizations schemes are not secure enough to allow
     in-band authorization.  Registries and registrars therefore MUST not
     implent in-band command authorization.

  -- The document date (7 July 2021) is 1023 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  ** Downref: Normative reference to an Informational RFC: RFC 7451


     Summary: 3 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Registration Protocols Extensions                              U. Wisser
3	Internet-Draft                           The Swedish Internet Foundation
4	Intended status: Standards Track                             7 July 2021
5	Expires: 8 January 2022

7	 Registry Lock Extension for the Extensible Provisioning Protocol (EPP)
8	                      draft-wisser-registrylock-04

10	Abstract

12	   This extensions defines an additional protective layer for changes to
13	   domain [RFC5731], host [RFC5732] and contact [RFC5733] objects
14	   managed through EPP.

16	   EPP allows changes to objects only by the sponsoring client.  EPP
17	   objects are usually managed by the sponsoring client on behalf of the
18	   sponsoring clients customers.  All of these interactions are ususally
19	   fully automated.

21	   In case of a system breach, there is no protection in EPP to changes
22	   to any object by the intruder.

24	   This extension defines a protective layer that aims to break
25	   automated changes and work flows by requiring manual intervention.

27	   The actual form of manual intervention is out-of-scope for this
28	   document.  By whom and how changes can be made is up to the registry
29	   and registrars to decide.

31	Status of This Memo

33	   This Internet-Draft is submitted in full conformance with the
34	   provisions of BCP 78 and BCP 79.

36	   Internet-Drafts are working documents of the Internet Engineering
37	   Task Force (IETF).  Note that other groups may also distribute
38	   working documents as Internet-Drafts.  The list of current Internet-
39	   Drafts is at https://datatracker.ietf.org/drafts/current/.

41	   Internet-Drafts are draft documents valid for a maximum of six months
42	   and may be updated, replaced, or obsoleted by other documents at any
43	   time.  It is inappropriate to use Internet-Drafts as reference
44	   material or to cite them other than as "work in progress."

46	   This Internet-Draft will expire on 8 January 2022.

48	Copyright Notice

50	   Copyright (c) 2021 IETF Trust and the persons identified as the
51	   document authors.  All rights reserved.

53	   This document is subject to BCP 78 and the IETF Trust's Legal
54	   Provisions Relating to IETF Documents (https://trustee.ietf.org/
55	   license-info) in effect on the date of publication of this document.
56	   Please review these documents carefully, as they describe your rights
57	   and restrictions with respect to this document.  Code Components
58	   extracted from this document must include Simplified BSD License text
59	   as described in Section 4.e of the Trust Legal Provisions and are
60	   provided without warranty as described in the Simplified BSD License.

62	Table of Contents

64	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
65	     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
66	   2.  Object Protection . . . . . . . . . . . . . . . . . . . . . .   4
67	     2.1.  Out-of-band Authorization . . . . . . . . . . . . . . . .   4
68	     2.2.  In-band Authorization . . . . . . . . . . . . . . . . . .   4
69	     2.3.  Command Execution Restrictions  . . . . . . . . . . . . .   4
70	     2.4.  Temporary Unlock  . . . . . . . . . . . . . . . . . . . .   5
71	   3.  Object Attributes . . . . . . . . . . . . . . . . . . . . . .   6
72	     3.1.  Locking Status  . . . . . . . . . . . . . . . . . . . . .   6
73	   4.  EPP Command Mapping . . . . . . . . . . . . . . . . . . . . .   6
74	     4.1.  EPP Query Commands  . . . . . . . . . . . . . . . . . . .   6
75	       4.1.1.  EPP <check> Command . . . . . . . . . . . . . . . . .   6
76	       4.1.2.  EPP <info> Command  . . . . . . . . . . . . . . . . .   6
77	       4.1.3.  EPP <transfer> Command  . . . . . . . . . . . . . . .   9
78	     4.2.  EPP Transform Commands  . . . . . . . . . . . . . . . . .   9
79	       4.2.1.  EPP <create> Command  . . . . . . . . . . . . . . . .   9
80	       4.2.2.  EPP <delete> Command  . . . . . . . . . . . . . . . .  10
81	       4.2.3.  EPP <renew> Command . . . . . . . . . . . . . . . . .  10
82	       4.2.4.  EPP <transfer> Command  . . . . . . . . . . . . . . .  11
83	       4.2.5.  EPP <update> Command  . . . . . . . . . . . . . . . .  11
84	   5.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . .  12
85	     5.1.  Registry Lock Extension Schema  . . . . . . . . . . . . .  12
86	   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  13
87	     6.1.  XML Namespace . . . . . . . . . . . . . . . . . . . . . .  13
88	     6.2.  EPP Extension Registry  . . . . . . . . . . . . . . . . .  14
89	   7.  Implementation Status . . . . . . . . . . . . . . . . . . . .  14
90	   8.  Security Considerations . . . . . . . . . . . . . . . . . . .  14
91	   9.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  15
92	   10. Normative References  . . . . . . . . . . . . . . . . . . . .  15
93	   Appendix A.  Change History . . . . . . . . . . . . . . . . . . .  16
94	     A.1.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .  16
95	     A.2.  Change from 01 to 02  . . . . . . . . . . . . . . . . . .  16
96	     A.3.  Change from 02 to 03  . . . . . . . . . . . . . . . . . .  16
97	     A.4.  Change from 03 to 04  . . . . . . . . . . . . . . . . . .  16
98	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  16

100	1.  Introduction

102	   This extensions defines an additional protective layer for changes to
103	   domain [RFC5731], host [RFC5732] and contact [RFC5733] objects
104	   managed through EPP.

106	   EPP allows changes to objects only by the sponsoring client.  EPP
107	   objects are usually managed by the sponsoring client on behalf of the
108	   sponsoring clients customers.  All of these interactions are ususally
109	   fully automated.

111	   In case of a system breach, there is no protection in EPP to changes
112	   to any object by the intruder.

114	   This extension defines a protective layer that aims to break
115	   automated changes and work flows by requiring manual intervention.

117	   The actual form of manual intervention is out-of-scope for this
118	   document.  By whom and how changes can be made is up to the registry
119	   and registrars to decide.

121	1.1.  Conventions Used in This Document

123	   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
124	   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
125	   document are to be interpreted as described in [RFC2119].

127	   XML is case sensitive.  Unless stated otherwise, XML specifications
128	   and examples provided in this document MUST be interpreted in the
129	   character case presented in order to develop a conforming
130	   implementation.

132	   In examples, "C:" represents lines sent by a protocol client and "S:"
133	   represents lines returned by a protocol server.  Indentation and
134	   white space in examples are provided only to illustrate element
135	   relationships and are not a REQUIRED feature of this protocol.

137	   "regLock" is used as an abbreviation for
138	   "urn:ietf:params:xml:ns:epp:registryLock-1.0".  The XML namespace
139	   prefix "reglock" is used, but implementations MUST NOT depend on it
140	   and instead employ a proper namespace-aware XML parser and serializer
141	   to interpret and output the XML documents.

143	2.  Object Protection

145	   This extension provides additional protection to objects managed by a
146	   sponsoring client on behalf of a registrant.  This is achieved by
147	   requiring additional authorization for transform commands.

149	   Solutions can be broadly categorized as in-band or out-of-band
150	   authorizations.  Where in-band authorizations would provide
151	   authorization through EPP.  Whereas out-of-band solutions provide
152	   authorization by some other means.

154	   *  either by temporarily unlocking the object for changes
155	   *  or by authorizing pending changes after they have been submitted
156	      to the server

158	2.1.  Out-of-band Authorization

160	   Out-of-band Authorization is not covered in this document.  By
161	   definition out-of-band authorization will not use EPP and therefore
162	   is not subject of consideration here.

164	   Registries must provide means for the registrar or registrant to
165	   temporarily unlock the domain, to remove registry lock or ro
166	   authorize changes submitted to the server through some means than
167	   EPP.

169	2.2.  In-band Authorization

171	   Currently defined authorization schemes are not deemed secure enough
172	   for in-band change authorization.  Therefore this document does not
173	   allow in-band authorization.  This is left as a future development
174	   once secure enough authorization schemes have been defined.

176	   The current defined authorization scheme is based on static
177	   passwords.  This would mean that once a password is known any change
178	   can be made.  Security here is once again dependend on the security
179	   of all automatic systems invloved.

181	2.3.  Command Execution Restrictions

183	   Once an object has Registry Lock enabled all transform commands
184	   except <renew> MUST only be executed if a proper authorization has
185	   been made.

187	   Otherwise the command MUST be rejected with EPP result code 2201
188	   "Authorization error" or 1001 "Command completed successfully; action
189	   pending" [RFC5730] section 3 in depending on the chosen out-of-band
190	   authorization.

192	   if the server has returned a 1001 "Command completed successfully;
193	   action pending" answer, it MUST follow [RFC5731], [RFC5732],
194	   [RFC5733] in handling succeeded or failed commands.

196	   The following EPP flags must be set.

198	   *  serverDeleteProhibited
199	   *  serverTransferProhibited
200	   *  serverUpdateProhibited

202	   If the object is unlocked the flags SHOULD be cleared and the server
203	   should answer to an <info> request with the according information.

205	   OPEN QUESTION: If a domain is under registry lock, can a subordinate
206	   host be updated?

208	   *  I got one "no" answer - hosts might not be owned by domain owner
209	   *  In .se/.nu all subordinary hosts are automatically owned by the
210	      domain owner and locked if the domain is locked.

212	   We need more input!

214	   If the object is temporarily unlocked only <update> commands are
215	   allowed.  <delete> and <transfer> are explicitly not allowed.  For
216	   the time of the temporary unlock the serverUpdateProhibited status
217	   should be cleared.

219	2.4.  Temporary Unlock

221	   While an object is locked some situations could require a change.  To
222	   fully unlock the object would remove all protection and could not
223	   provide any guarantee that the object is protected again after the
224	   desired changes have been made.

226	   Temporarily unlocking the object allows for a more fine grained
227	   security model for all objects.

229	   Any temporary unlocking of the object has to be time limited.  After
230	   that time has passed no further changes are possible.

232	   Additionally the number of allowed EPP commands can be specified to
233	   further limit the changes possible.

235	   Registries and registrars can further limit the possibles changes,
236	   e.g. not allowing owner changes even for temporarily unlocked Domain
237	   objects.

239	   IS THE LAST PARAGRAPH A GOOD IDEA?  INPUT NEEDED!!!
240	   When an object is temporarily unlocked the serverUpdateProhibited
241	   SHOULD be cleared while changes are possible.

243	   When either the time for the temporary unlock has passed or the
244	   maximum amount of EPP changes has been made the object MUST return to
245	   a fully locked status.  The serverUpdateProhibited flag MUST be set
246	   again and the infData response MUST no longer contain a
247	   <unlockedUntil> element.

249	3.  Object Attributes

251	3.1.  Locking Status

253	   Locking Status information indicates if the additional protection of
254	   Registry Lock is enabled for an object.

256	   Boolean values MUST be represented in the XML Schema format described
257	   in Part 2 of the W3C XML Schema recommendation
258	   [W3C.REC-xmlschema-2-20041028].

260	4.  EPP Command Mapping

262	   A detailed description of the EPP syntax and semantics can be found
263	   in the EPP core protocol specification [RFC5730].

265	4.1.  EPP Query Commands

267	4.1.1.  EPP <check> Command

269	   This extension does not add any elements to the EPP <check> command
270	   or <check> response described in the EPP mappings [RFC5731],
271	   [RFC5732] or [RFC5733].

273	4.1.2.  EPP <info> Command

275	   This extension does not add any elements to the EPP <info> command
276	   described in the EPP domain mapping [RFC5731], host mapping [RFC5732]
277	   or contact mapping [RFC5733] However, additional elements are defined
278	   for the <info> response.

280	   When an <info> command has been processed successfully, the EPP
281	   <resData> element MUST contain child elements as described in the EPP
282	   object mappings.

284	   In addition, the EPP <extension> element SHOULD contain a child
285	   <regLock:infData> element that identifies the extension namespace the
286	   epp client has indicated support for the extension in the <login>
287	   command.

289	   The <regLock:infData> element contains the following child elements:

291	   *  Exactly one <locked> element that indicates if Registry Lock is
292	      enabled for the object.
293	   *  An OPTIONAL <unlockedUntil> element if the object currently can be
294	      changed by the sponsoring client.  The field indicates the time
295	      stamp when the lock will become active again.
296	   *  An OPTIONAL <eppCmdCount> attribute that indicates the number of
297	      EPP <update> commands that will be executed.

299	   Example <domain:info> Response, domain not locked

301	  S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
302	  S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
303	  S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
304	  S:  <response>
305	  S:    <result code="1000">
306	  S:      <msg>Command completed successfully</msg>
307	  S:    </result>
308	  S:    <resData>
309	  S:      <domain:infData
310	  ...
311	  S:      </domain:infData>
312	  S:    </resData>
313	  S:    <extension>
314	  S:      <regLock:infData
315	  S:        xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
316	  S:        <regLock:locked>0</regLock:locked>
317	  S:      </regLock:infData>
318	  S:    </extension>
319	  S:    <trID>
320	  S:      <clTRID>ABC-12345</clTRID>
321	  S:      <svTRID>54322-XYZ</svTRID>
322	  S:    </trID>
323	  S:  </response>
324	  S:</epp>

326	   Example <domain:info> Response, domain locked

328	  S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
329	  S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
330	  S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
331	  S:  <response>
332	  S:    <result code="1000">
333	  S:      <msg>Command completed successfully</msg>
334	  S:    </result>
335	  S:    <resData>
336	  S:      <domain:infData
337	  ...
338	  S:      </domain:infData>
339	  S:    </resData>
340	  S:    <extension>
341	  S:      <regLock:infData
342	  S:        xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
343	  S:        <regLock:locked>1</regLock:locked>
344	  S:      </regLock:infData>
345	  S:    </extension>
346	  S:    <trID>
347	  S:      <clTRID>ABC-12345</clTRID>
348	  S:      <svTRID>54322-XYZ</svTRID>
349	  S:    </trID>
350	  S:  </response>
351	  S:</epp>

353	   Example <domain:info> Response, domain temporary unlocked

355	  S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
356	  S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
357	  S:     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
358	  S:  <response>
359	  S:    <result code="1000">
360	  S:      <msg>Command completed successfully</msg>
361	  S:    </result>
362	  S:    <resData>
363	  S:      <domain:infData
364	  ...
365	  S:      </domain:infData>
366	  S:    </resData>
367	  S:    <extension>
368	  S:      <regLock:infData
369	  S:        xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0">
370	  S:        <regLock:locked>1</regLock:locked>
371	  S:<regLock:unlockedUntil eppCmdCount="1">20000101T000000+0000
372	  S:</regLock:unlockedUntil>
373	  S:      </regLock:infData>
374	  S:    </extension>
375	  S:    <trID>
376	  S:      <clTRID>ABC-12345</clTRID>
377	  S:      <svTRID>54322-XYZ</svTRID>
378	  S:    </trID>
379	  S:  </response>
380	  S:</epp>

382	4.1.3.  EPP <transfer> Command

384	   This extension does not add any elements to the EPP <transfer>
385	   command or <transfer> response described in the EPP mapping
386	   [RFC5731], [RFC5732] or [RFC5733].

388	4.2.  EPP Transform Commands

390	4.2.1.  EPP <create> Command

392	   This extension is intended to be used within the scope of the object
393	   creation.  It does not define a <create> command of its own.

395	   This extension adds elements to the EPP <create> command as described
396	   in the EPP [RFC5730].

398	   When submitting a <create> command to the server, the client MAY
399	   include in the <extension> element a <registryLock:lock> element to
400	   create the domain in a locked state.  The extension includes the
401	   following element:

403	   *  A <regLock:lock> element indicating that the domain MUST be
404	      created in a locked state.

406	   When a <create> command has been processed successfully, the EPP
407	   response is as described in the EPP objects mappings [RFC5731],
408	   [RFC5732], [RFC5733].

410	   Example <host:create> command

412	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
413	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
414	C:  <command>
415	C:    <create>
416	C:      <host:create
417	C:       xmlns:host="urn:ietf:params:xml:ns:host-1.0">
418	C:        <host:name>ns1.example.com</host:name>
419	C:        <host:addr ip="v4">192.0.2.2</host:addr>
420	C:        <host:addr ip="v4">192.0.2.29</host:addr>
421	C:        <host:addr ip="v6">1080:0:0:0:8:800:200C:417A</host:addr>
422	C:      </host:create>
423	C:    </create>
424	C:    <extension>
425	C:      <regLock:lock
426	C:        xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0" />
427	C:    </extension>
428	C:    <clTRID>ABC-12345</clTRID>
429	C:  </command>
430	C:</epp>

432	4.2.2.  EPP <delete> Command

434	   This extension does not add any elements to the EPP <delete> command
435	   or <delete> response described in the EPP mappings [RFC5731],
436	   [RFC5732] or [RFC5733].

438	   If the object is locked, the EPP <delete> command MUST be rejected
439	   with EPP response code 2201 "Authorization error" [RFC5730] section
440	   3.  See Section 2.3

442	4.2.3.  EPP <renew> Command

444	   This extension does not add any elements to the EPP <renew> command
445	   or <renew> response described in the EPP mappings [RFC5731],
446	   [RFC5732] or [RFC5733].

448	   Execution of the EPP <renew> command is not restricted by this
449	   extension.

451	4.2.4.  EPP <transfer> Command

453	   This extension does not add any elements to the EPP <transfer>
454	   command or <transfer> response described in the EPP mappings
455	   [RFC5731], [RFC5732] or [RFC5733].

457	   If the object is locked, the EPP <transfer> command MUST be rejected
458	   with EPP response code 2201 "Authorization error" [RFC5730] section
459	   3.  See Section 2.3

461	4.2.5.  EPP <update> Command

463	   This extension adds elements to the EPP <update> command as described
464	   in [RFC5730].

466	   If the object is not locked, the <update> command can be used to lock
467	   the object, similarly to the <create> command.

469	   If the object is in locked state, but temporarily unlocked, the
470	   server MUST execute the command as if the object were unlocked.

472	   If the object is locked the server can handle <update> commands in
473	   two ways

475	   *  answering the command with EPP response code 1001 "Command
476	      completed successfully; action pending" [RFC5730] section 3
477	   *  rejecting with EPP response code 2201 "Authorization error"
478	      [RFC5730] section 3

480	   Registries can narrow down allowed changes when a domain is locked.
481	   Registries could prohobit changes of registrant for doamins even if
482	   the domain is temporatily unlocked or password authorization is
483	   given.

485	   When a <update> command has been processed successfully, the EPP
486	   response is as described in the EPP objects mappings [RFC5731],
487	   [RFC5732], [RFC5733].

489	   Example <domain:update> command, locking domain

491	C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
492	C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
493	C:  <command>
494	C:    <update>
495	C:      <domain:update
496	C:       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
497	C:        <domain:name>example.com</domain:name>
498	C:      </domain:update>
499	C:    </update>
500	C:    <extension>
501	C:      <regLock:lock
502	C:        xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0" />
503	C:    </extension>
504	C:    <clTRID>ABC-12345</clTRID>
505	C:  </command>
506	C:</epp>

508	5.  Formal Syntax

510	   One schema is presented here that is the EPP Registry Lock Extension
511	   schema.

513	   The formal syntax presented here is a complete schema representation
514	   of the object mapping suitable for automated validation of EPP XML
515	   instances.  The BEGIN and END tags are not part of the schema; they
516	   are used to note the beginning and ending of the schema for URI
517	   registration purposes.

519	5.1.  Registry Lock Extension Schema
520	BEGIN
521	<?xml version="1.0" encoding="UTF-8"?>
522	<xs:schema
523	  targetNamespace="urn:ietf:params:xml:ns:epp:registryLock-1.00"
524	  xmlns:regLock="urn:ietf:params:xml:ns:epp:registryLock-1.0"
525	  xmlns:xs="http://www.w3.org/2001/XMLSchema"
526	  elementFormDefault="qualified">

528	  <xs:annotation>
529	    <xs:documentation>
530	      Registry Lock Extension to the
531	      Extensible Provisioning Protocol v1.0
532	    </xs:documentation>
533	  </xs:annotation>

535	  <!-- child elements found in EPP commands -->

537	  <xs:element name="lock" />

539	  <!-- child elements found in EPP responses -->

541	  <xs:element name="infData" type="regLock:infDataType"/>

543	  <!-- child element of the response -->

545	  <xs:complexType name="infDataType">
546	    <xs:sequence>
547	      <xs:element name="locked" type="xs:boolean"/>
548	      <xs:element name="unlockedUntil" type="xs:dateTime" minOccurs="0">
549	        <xs:complexType>
550	          <xs:attribute name="eppCmdCount" type="xs:positiveInteger" minOccurs="0" />
551	        </xs:complexType>
552	      </xs:element>
553	    </xs:sequence>
554	  </xs:complexType>

556	</xs:schema>
557	END

559	6.  IANA Considerations

561	6.1.  XML Namespace

563	   This document uses URNs to describe XML namespaces and XML schemas
564	   conforming to a registry mechanism described in [RFC3688].  The
565	   following URI assignment is requested of IANA:

567	   Registration request for the registryLock namespace:

569	      URI: urn:ietf:params:xml:ns:epp:registryLock-1.0
570	      Registrant Contact: IESG
571	      XML: None.  Namespace URIs do not represent an XML specification.

573	   Registration request for the registryLock XML schema:

575	      URI: urn:ietf:params:xml:schema:epp:registryLock-1.0
576	      Registrant Contact: IESG
577	      XML: See the "Formal Syntax" section of this document.

579	6.2.  EPP Extension Registry

581	   The EPP extension described in this document should be registered by
582	   the IANA in the EPP Extension Registry described in [RFC7451].  The
583	   details of the registration are as follows:

585	   Name of Extension: "Registry Lock Extension for the Extensible
586	   Provisioning Protocol (EPP)"

588	   Document status: Standards Track

590	   Reference: (insert reference to RFC version of this document)

592	   Registrant Name and Email Address: IESG, <iesg@ietf.org>

594	   TLDs: Any

596	   IPR Disclosure: None

598	   Status: Active

600	   Notes: None

602	7.  Implementation Status

604	   Note to RFC Editor: Please remove this section and the reference to
605	   RFC 7942 [RFC7942] before publication.

607	   Implemented by .SE since 2019.

609	8.  Security Considerations

611	   The security properties of EPP from [RFC5730] are preserved.

613	   This extensions introduces an additional security layer for changes
614	   of objects managed through EPP.  The overall security of these
615	   measures depends on the security of the out-of-band authorization.
616	   Registries and registrars are therefore adviced to select secure
617	   forms of authorization.

619	   Current EPP authorizations schemes are not secure enough to allow in-
620	   band authorization.  Registries and registrars therefore MUST not
621	   implent in-band command authorization.

623	9.  Acknowledgements

625	   The authors wish to thank the following persons for their feedback
626	   and suggestions:

628	10.  Normative References

630	   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
631	              Requirement Levels", BCP 14, RFC 2119,
632	              DOI 10.17487/RFC2119, March 1997,
633	              <https://www.rfc-editor.org/info/rfc2119>.

635	   [RFC3688]  Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
636	              DOI 10.17487/RFC3688, January 2004,
637	              <https://www.rfc-editor.org/info/rfc3688>.

639	   [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
640	              STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,
641	              <https://www.rfc-editor.org/info/rfc5730>.

643	   [RFC5731]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
644	              Domain Name Mapping", STD 69, RFC 5731,
645	              DOI 10.17487/RFC5731, August 2009,
646	              <https://www.rfc-editor.org/info/rfc5731>.

648	   [RFC5732]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
649	              Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732,
650	              August 2009, <https://www.rfc-editor.org/info/rfc5732>.

652	   [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
653	              Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,
654	              August 2009, <https://www.rfc-editor.org/info/rfc5733>.

656	   [RFC7451]  Hollenbeck, S., "Extension Registry for the Extensible
657	              Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451,
658	              February 2015, <https://www.rfc-editor.org/info/rfc7451>.

660	   [RFC7942]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
661	              Code: The Implementation Status Section", BCP 205,
662	              RFC 7942, DOI 10.17487/RFC7942, July 2016,
663	              <https://www.rfc-editor.org/info/rfc7942>.

665	   [W3C.REC-xmlschema-2-20041028]
666	              Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes
667	              Second Edition", World Wide Web Consortium Recommendation
668	              REC-xmlschema-2-20041028, 28 October 2004,
669	              <https://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.

671	Appendix A.  Change History

673	A.1.  Change from 00 to 01

675	   1.  Corrected information for the <create/> command.
676	   2.  Minor fixes in wording.
677	   3.  Introduces resData element.

679	A.2.  Change from 01 to 02

681	   1.  Multiple spelling errors fixed.
682	   2.  Moved response from resData to extension part of the EPP
683	       response.
684	   3.  Clarification of password and out-of-band usage.
685	   4.  Updated XML schema and examples
686	   5.  Changed security considerations for password authorization.
687	   6.  Added unlockUntil to create command
688	   7.  Forbid temporarily unlock for password authorization.

690	A.3.  Change from 02 to 03

692	   1.  Fix list styles for better readability
693	   2.  Fix reference to W3C XML Schema

695	A.4.  Change from 03 to 04

697	   1.  Remove references to in-band authorization
698	   2.  Remove special response elements
699	   3.  Add command counter to temporary unlock
700	   4.  Fix formatting and XML schema

702	Author's Address
703	   Ulrich Wisser
704	   The Swedish Internet Foundation
705	   Box 92073
706	   SE-12007 Stockholm
707	   Sweden

709	   Email: ulrich@wisser.se
710	   URI:   https://www.internetstiftelsen.se