draft-ietf-regext-data-escrow-09.txt   draft-ietf-regext-data-escrow-10.txt 
Network Working Group G. Lozano Network Working Group G. Lozano
Internet-Draft ICANN Internet-Draft ICANN
Intended status: Standards Track May 12, 2020 Intended status: Standards Track Jun 1, 2020
Expires: November 13, 2020 Expires: December 3, 2020
Registry Data Escrow Specification Registry Data Escrow Specification
draft-ietf-regext-data-escrow-09 draft-ietf-regext-data-escrow-10
Abstract Abstract
This document specifies the format and contents of data escrow This document specifies the format and contents of data escrow
deposits targeted primarily for domain name registries. The deposits targeted primarily for domain name registries. The
specification is designed to be independent of the underlying objects specification is designed to be independent of the underlying objects
that are being escrowed and therefore it could also be used for that are being escrowed and therefore it could also be used for
purposes other than domain name registries. purposes other than domain name registries.
Status of This Memo Status of This Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 13, 2020. This Internet-Draft will expire on December 3, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 5 3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Conventions Used in This Document . . . . . . . . . . . . . . 6 4. Conventions Used in This Document . . . . . . . . . . . . . . 6
4.1. Date and Time . . . . . . . . . . . . . . . . . . . . . . 6 4.1. Date and Time . . . . . . . . . . . . . . . . . . . . . . 6
5. Protocol Description . . . . . . . . . . . . . . . . . . . . 6 5. Protocol Description . . . . . . . . . . . . . . . . . . . . 6
5.1. Root element <deposit> . . . . . . . . . . . . . . . . . 7 5.1. Root element <deposit> . . . . . . . . . . . . . . . . . 7
5.2. Rebuilding the registry from data escrow deposits . . . . 8 5.2. Rebuilding the registry from data escrow deposits . . . . 8
6. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 8 6. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 9
6.1. RDE Schema . . . . . . . . . . . . . . . . . . . . . . . 9 6.1. RDE Schema . . . . . . . . . . . . . . . . . . . . . . . 9
7. Internationalization Considerations . . . . . . . . . . . . . 11 7. Internationalization Considerations . . . . . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
9. Implementation Status . . . . . . . . . . . . . . . . . . . . 11 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 12
9.1. Implementation in the gTLD space . . . . . . . . . . . . 12 9.1. Implementation in the gTLD space . . . . . . . . . . . . 12
10. Security Considerations . . . . . . . . . . . . . . . . . . . 13 10. Security Considerations . . . . . . . . . . . . . . . . . . . 13
11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 13 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 13
12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
13. Change History . . . . . . . . . . . . . . . . . . . . . . . 14 13. Change History . . . . . . . . . . . . . . . . . . . . . . . 14
13.1. Changes from 00 to 01 . . . . . . . . . . . . . . . . . 14 13.1. Changes from 00 to 01 . . . . . . . . . . . . . . . . . 14
13.2. Changes from 01 to 02 . . . . . . . . . . . . . . . . . 15 13.2. Changes from 01 to 02 . . . . . . . . . . . . . . . . . 15
13.3. Changes from 02 to 03 . . . . . . . . . . . . . . . . . 15 13.3. Changes from 02 to 03 . . . . . . . . . . . . . . . . . 16
13.4. Changes from 03 to 04 . . . . . . . . . . . . . . . . . 16 13.4. Changes from 03 to 04 . . . . . . . . . . . . . . . . . 16
13.5. Changes from 04 to 05 . . . . . . . . . . . . . . . . . 16 13.5. Changes from 04 to 05 . . . . . . . . . . . . . . . . . 16
13.6. Changes from 05 to 06 . . . . . . . . . . . . . . . . . 16 13.6. Changes from 05 to 06 . . . . . . . . . . . . . . . . . 16
13.7. Changes from 06 to 07 . . . . . . . . . . . . . . . . . 16 13.7. Changes from 06 to 07 . . . . . . . . . . . . . . . . . 16
13.8. Changes from 07 to 08 . . . . . . . . . . . . . . . . . 16 13.8. Changes from 07 to 08 . . . . . . . . . . . . . . . . . 16
13.9. Changes from 08 to 09 . . . . . . . . . . . . . . . . . 16 13.9. Changes from 08 to 09 . . . . . . . . . . . . . . . . . 17
13.10. Changes from 09 to 10 . . . . . . . . . . . . . . . . . 16 13.10. Changes from 09 to 10 . . . . . . . . . . . . . . . . . 17
13.11. Changes from 10 to 11 . . . . . . . . . . . . . . . . . 16 13.11. Changes from 10 to 11 . . . . . . . . . . . . . . . . . 17
13.12. Changes from 11 to REGEXT 00 . . . . . . . . . . . . . . 17 13.12. Changes from 11 to REGEXT 00 . . . . . . . . . . . . . . 17
13.13. Changes from version REGEXT 00 to REGEXT 01 . . . . . . 17 13.13. Changes from version REGEXT 00 to REGEXT 01 . . . . . . 17
13.14. Changes from version REGEXT 01 to REGEXT 02 . . . . . . 17 13.14. Changes from version REGEXT 01 to REGEXT 02 . . . . . . 17
13.15. Changes from version REGEXT 02 to REGEXT 03 . . . . . . 17 13.15. Changes from version REGEXT 02 to REGEXT 03 . . . . . . 17
13.16. Changes from version REGEXT 03 to REGEXT 04 . . . . . . 17 13.16. Changes from version REGEXT 03 to REGEXT 04 . . . . . . 17
13.17. Changes from version REGEXT 04 to REGEXT 05 . . . . . . 17 13.17. Changes from version REGEXT 04 to REGEXT 05 . . . . . . 18
13.18. Changes from version REGEXT 05 to REGEXT 06 . . . . . . 18 13.18. Changes from version REGEXT 05 to REGEXT 06 . . . . . . 18
13.19. Changes from version REGEXT 06 to REGEXT 07 . . . . . . 18 13.19. Changes from version REGEXT 06 to REGEXT 07 . . . . . . 18
13.20. Changes from version REGEXT 07 to REGEXT 08 . . . . . . 18 13.20. Changes from version REGEXT 07 to REGEXT 08 . . . . . . 18
13.21. Changes from version REGEXT 08 to REGEXT 09 . . . . . . 18 13.21. Changes from version REGEXT 08 to REGEXT 09 . . . . . . 19
14. Example of a Full Deposit . . . . . . . . . . . . . . . . . . 18 13.22. Changes from version REGEXT 09 to REGEXT 10 . . . . . . 19
15. Example of a Differential Deposit . . . . . . . . . . . . . . 19 14. Example of a Full Deposit . . . . . . . . . . . . . . . . . . 19
15. Example of a Differential Deposit . . . . . . . . . . . . . . 20
16. Example of a Incremental Deposit . . . . . . . . . . . . . . 20 16. Example of a Incremental Deposit . . . . . . . . . . . . . . 20
17. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 21
17.1. Normative References . . . . . . . . . . . . . . . . . . 21 17.1. Normative References . . . . . . . . . . . . . . . . . . 21
17.2. Informative References . . . . . . . . . . . . . . . . . 22 17.2. Informative References . . . . . . . . . . . . . . . . . 22
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22
1. Introduction 1. Introduction
Registry Data Escrow is the process by which a registry periodically Registry Data Escrow is the process by which a registry periodically
submits data deposits to a third-party called an escrow agent. These submits data deposits to a third-party called an escrow agent. These
deposits comprise the minimum data needed by a third-party to resume deposits comprise the minimum data needed by a third-party to resume
operations if the registry cannot function and is unable or unwilling operations if the registry cannot function and is unable or unwilling
to facilitate an orderly transfer of service. For example, for a to facilitate an orderly transfer of service. For example, for a
domain name registry or registrar, the data to be deposited would domain name registry or registrar, the data to be deposited would
skipping to change at page 13, line 17 skipping to change at page 13, line 19
This specification does not define the security mechanisms to be used This specification does not define the security mechanisms to be used
in the transmission of the data escrow deposits, since it only in the transmission of the data escrow deposits, since it only
specifies the minimum necessary to enable the rebuilding of a specifies the minimum necessary to enable the rebuilding of a
registry from deposits without intervention from the original registry from deposits without intervention from the original
registry. registry.
Depending on local policies, some elements, or, most likely, the Depending on local policies, some elements, or, most likely, the
whole deposit will be considered confidential. As such, the parties whole deposit will be considered confidential. As such, the parties
SHOULD take all the necessary precautions such as encrypting the data SHOULD take all the necessary precautions such as encrypting the data
at rest and in transit to avoid inadvertent disclosure of private at rest and in transit to avoid inadvertent disclosure of private
data. data. Regardless of the precautions taken by the parties regarding
data at rest and in transit, authentication credentials MUST NOT be
escrowed.
Authentication of the parties passing data escrow deposit files is Authentication of the parties passing data escrow deposit files is
also of the utmost importance. The escrow agent MUST properly also of the utmost importance. The escrow agent MUST properly
authenticate the identity of the registry before accepting data authenticate the identity of the registry before accepting data
escrow deposits. In a similar manner, the registry MUST authenticate escrow deposits. In a similar manner, the registry MUST authenticate
the identity of the escrow agent before submitting any data. the identity of the escrow agent before submitting any data.
Additionally, the registry and the escrow agent MUST use integrity Additionally, the registry and the escrow agent MUST use integrity
checking mechanisms to ensure the data transmitted is what the source checking mechanisms to ensure the data transmitted is what the source
intended. Validation of the contents by the escrow agent is intended. Validation of the contents by the escrow agent is
skipping to change at page 18, line 46 skipping to change at page 19, line 15
13.21. Changes from version REGEXT 08 to REGEXT 09 13.21. Changes from version REGEXT 08 to REGEXT 09
1. Changes based on the feedback provided here: 1. Changes based on the feedback provided here:
https://mailarchive.ietf.org/arch/msg/regext/x_8twvi- https://mailarchive.ietf.org/arch/msg/regext/x_8twvi-
MS4dDDRfAZfNJH92UaQ MS4dDDRfAZfNJH92UaQ
2. Changes based on the feedback provided here: 2. Changes based on the feedback provided here:
https://mailarchive.ietf.org/arch/msg/regext/ https://mailarchive.ietf.org/arch/msg/regext/
B3QTxUCWUE4R_QharAQlA3041j0 B3QTxUCWUE4R_QharAQlA3041j0
13.22. Changes from version REGEXT 09 to REGEXT 10
1. Changes based on the feedback provided here:
https://mailarchive.ietf.org/arch/msg/regext/
UaMNvl1xh60ldjpqHHYc3TNsfhg
14. Example of a Full Deposit 14. Example of a Full Deposit
Example of a Full Deposit with the two example objects rdeObj1 and Example of a Full Deposit with the two example objects rdeObj1 and
rdeObj2: rdeObj2:
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<rde:deposit <rde:deposit
xmlns:rde="urn:ietf:params:xml:ns:rde-1.0" xmlns:rde="urn:ietf:params:xml:ns:rde-1.0"
xmlns:rdeObj1="urn:example:params:xml:ns:rdeObj1-1.0" xmlns:rdeObj1="urn:example:params:xml:ns:rdeObj1-1.0"
xmlns:rdeObj2="urn:example:params:xml:ns:rdeObj2-1.0" xmlns:rdeObj2="urn:example:params:xml:ns:rdeObj2-1.0"
 End of changes. 13 change blocks. 
16 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/