--- 1/draft-ietf-regext-data-escrow-09.txt 2020-06-01 12:13:12.399694481 -0700 +++ 2/draft-ietf-regext-data-escrow-10.txt 2020-06-01 12:13:12.427694855 -0700 @@ -1,18 +1,18 @@ Network Working Group G. Lozano Internet-Draft ICANN -Intended status: Standards Track May 12, 2020 -Expires: November 13, 2020 +Intended status: Standards Track Jun 1, 2020 +Expires: December 3, 2020 Registry Data Escrow Specification - draft-ietf-regext-data-escrow-09 + draft-ietf-regext-data-escrow-10 Abstract This document specifies the format and contents of data escrow deposits targeted primarily for domain name registries. The specification is designed to be independent of the underlying objects that are being escrowed and therefore it could also be used for purposes other than domain name registries. Status of This Memo @@ -23,21 +23,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on November 13, 2020. + This Internet-Draft will expire on December 3, 2020. Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -50,57 +50,59 @@ Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Problem Scope . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Conventions Used in This Document . . . . . . . . . . . . . . 6 4.1. Date and Time . . . . . . . . . . . . . . . . . . . . . . 6 5. Protocol Description . . . . . . . . . . . . . . . . . . . . 6 5.1. Root element . . . . . . . . . . . . . . . . . 7 5.2. Rebuilding the registry from data escrow deposits . . . . 8 - 6. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 8 + 6. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 9 6.1. RDE Schema . . . . . . . . . . . . . . . . . . . . . . . 9 7. Internationalization Considerations . . . . . . . . . . . . . 11 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 - 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 11 + 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 12 9.1. Implementation in the gTLD space . . . . . . . . . . . . 12 10. Security Considerations . . . . . . . . . . . . . . . . . . . 13 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 13 - 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13 + 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14 13. Change History . . . . . . . . . . . . . . . . . . . . . . . 14 13.1. Changes from 00 to 01 . . . . . . . . . . . . . . . . . 14 13.2. Changes from 01 to 02 . . . . . . . . . . . . . . . . . 15 - 13.3. Changes from 02 to 03 . . . . . . . . . . . . . . . . . 15 + 13.3. Changes from 02 to 03 . . . . . . . . . . . . . . . . . 16 13.4. Changes from 03 to 04 . . . . . . . . . . . . . . . . . 16 13.5. Changes from 04 to 05 . . . . . . . . . . . . . . . . . 16 13.6. Changes from 05 to 06 . . . . . . . . . . . . . . . . . 16 13.7. Changes from 06 to 07 . . . . . . . . . . . . . . . . . 16 13.8. Changes from 07 to 08 . . . . . . . . . . . . . . . . . 16 - 13.9. Changes from 08 to 09 . . . . . . . . . . . . . . . . . 16 - 13.10. Changes from 09 to 10 . . . . . . . . . . . . . . . . . 16 - 13.11. Changes from 10 to 11 . . . . . . . . . . . . . . . . . 16 + 13.9. Changes from 08 to 09 . . . . . . . . . . . . . . . . . 17 + 13.10. Changes from 09 to 10 . . . . . . . . . . . . . . . . . 17 + 13.11. Changes from 10 to 11 . . . . . . . . . . . . . . . . . 17 13.12. Changes from 11 to REGEXT 00 . . . . . . . . . . . . . . 17 13.13. Changes from version REGEXT 00 to REGEXT 01 . . . . . . 17 13.14. Changes from version REGEXT 01 to REGEXT 02 . . . . . . 17 13.15. Changes from version REGEXT 02 to REGEXT 03 . . . . . . 17 13.16. Changes from version REGEXT 03 to REGEXT 04 . . . . . . 17 - 13.17. Changes from version REGEXT 04 to REGEXT 05 . . . . . . 17 + 13.17. Changes from version REGEXT 04 to REGEXT 05 . . . . . . 18 13.18. Changes from version REGEXT 05 to REGEXT 06 . . . . . . 18 13.19. Changes from version REGEXT 06 to REGEXT 07 . . . . . . 18 13.20. Changes from version REGEXT 07 to REGEXT 08 . . . . . . 18 - 13.21. Changes from version REGEXT 08 to REGEXT 09 . . . . . . 18 - 14. Example of a Full Deposit . . . . . . . . . . . . . . . . . . 18 - 15. Example of a Differential Deposit . . . . . . . . . . . . . . 19 + 13.21. Changes from version REGEXT 08 to REGEXT 09 . . . . . . 19 + 13.22. Changes from version REGEXT 09 to REGEXT 10 . . . . . . 19 + 14. Example of a Full Deposit . . . . . . . . . . . . . . . . . . 19 + 15. Example of a Differential Deposit . . . . . . . . . . . . . . 20 16. Example of a Incremental Deposit . . . . . . . . . . . . . . 20 17. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 17.1. Normative References . . . . . . . . . . . . . . . . . . 21 17.2. Informative References . . . . . . . . . . . . . . . . . 22 + Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 22 1. Introduction Registry Data Escrow is the process by which a registry periodically submits data deposits to a third-party called an escrow agent. These deposits comprise the minimum data needed by a third-party to resume operations if the registry cannot function and is unable or unwilling to facilitate an orderly transfer of service. For example, for a domain name registry or registrar, the data to be deposited would @@ -580,21 +581,23 @@ This specification does not define the security mechanisms to be used in the transmission of the data escrow deposits, since it only specifies the minimum necessary to enable the rebuilding of a registry from deposits without intervention from the original registry. Depending on local policies, some elements, or, most likely, the whole deposit will be considered confidential. As such, the parties SHOULD take all the necessary precautions such as encrypting the data at rest and in transit to avoid inadvertent disclosure of private - data. + data. Regardless of the precautions taken by the parties regarding + data at rest and in transit, authentication credentials MUST NOT be + escrowed. Authentication of the parties passing data escrow deposit files is also of the utmost importance. The escrow agent MUST properly authenticate the identity of the registry before accepting data escrow deposits. In a similar manner, the registry MUST authenticate the identity of the escrow agent before submitting any data. Additionally, the registry and the escrow agent MUST use integrity checking mechanisms to ensure the data transmitted is what the source intended. Validation of the contents by the escrow agent is @@ -844,20 +847,26 @@ 13.21. Changes from version REGEXT 08 to REGEXT 09 1. Changes based on the feedback provided here: https://mailarchive.ietf.org/arch/msg/regext/x_8twvi- MS4dDDRfAZfNJH92UaQ 2. Changes based on the feedback provided here: https://mailarchive.ietf.org/arch/msg/regext/ B3QTxUCWUE4R_QharAQlA3041j0 +13.22. Changes from version REGEXT 09 to REGEXT 10 + + 1. Changes based on the feedback provided here: + https://mailarchive.ietf.org/arch/msg/regext/ + UaMNvl1xh60ldjpqHHYc3TNsfhg + 14. Example of a Full Deposit Example of a Full Deposit with the two example objects rdeObj1 and rdeObj2: