draft-ietf-regext-verificationcode-02.txt | draft-ietf-regext-verificationcode-03.txt | |||
---|---|---|---|---|
Network Working Group J. Gould | Network Working Group J. Gould | |||
Internet-Draft VeriSign, Inc. | Internet-Draft VeriSign, Inc. | |||
Intended status: Standards Track October 16, 2017 | Intended status: Standards Track April 16, 2018 | |||
Expires: April 19, 2018 | Expires: October 18, 2018 | |||
Verification Code Extension for the Extensible Provisioning Protocol | Verification Code Extension for the Extensible Provisioning Protocol | |||
(EPP) | (EPP) | |||
draft-ietf-regext-verificationcode-02 | draft-ietf-regext-verificationcode-03 | |||
Abstract | Abstract | |||
This document describes an Extensible Provisioning Protocol (EPP) | This document describes an Extensible Provisioning Protocol (EPP) | |||
extension for including a verification code for marking the data for | extension for including a verification code for marking the data for | |||
a transform command as being verified by a 3rd party, which is | a transform command as being verified by a 3rd party, which is | |||
referred to as the Verification Service Provider (VSP). The | referred to as the Verification Service Provider (VSP). The | |||
verification code is digitally signed by the VSP using XML Signature | verification code is digitally signed by the VSP using XML Signature | |||
and is "base64" encoded. The XML Signature includes the VSP signer | and is "base64" encoded. The XML Signature includes the VSP signer | |||
certificate, so the server can verify that the verification code | certificate, so the server can verify that the verification code | |||
skipping to change at page 1, line 38 ¶ | skipping to change at page 1, line 38 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on April 19, 2018. | This Internet-Draft will expire on October 18, 2018. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
described in the Simplified BSD License. | described in the Simplified BSD License. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
1.1. Conventions Used in This Document . . . . . . . . . . . . 3 | 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 | |||
2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 4 | |||
2.1. Verification Code . . . . . . . . . . . . . . . . . . . . 4 | 2.1. Verification Code . . . . . . . . . . . . . . . . . . . . 4 | |||
2.1.1. Signed Code . . . . . . . . . . . . . . . . . . . . . 4 | 2.1.1. Signed Code . . . . . . . . . . . . . . . . . . . . . 4 | |||
2.1.2. Encoded Signed Code . . . . . . . . . . . . . . . . . 6 | 2.1.2. Encoded Signed Code . . . . . . . . . . . . . . . . . 7 | |||
2.2. Verification Profile . . . . . . . . . . . . . . . . . . 11 | 2.2. Verification Profile . . . . . . . . . . . . . . . . . . 11 | |||
3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 12 | 3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 12 | |||
3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 12 | 3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 12 | |||
3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 12 | 3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 12 | |||
3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 12 | 3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 12 | |||
3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 24 | 3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 24 | |||
3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 25 | 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 25 | |||
3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 25 | 3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 25 | |||
3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 27 | 3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 27 | |||
3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 28 | 3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 28 | |||
3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 28 | 3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 28 | |||
3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 28 | 3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 28 | |||
4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 28 | 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 28 | |||
4.1. Verification Code Extension Schema . . . . . . . . . . . 28 | 4.1. Verification Code Extension Schema . . . . . . . . . . . 28 | |||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 32 | |||
5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 32 | 5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 32 | |||
5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 32 | 5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 32 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 33 | |||
7. Normative References . . . . . . . . . . . . . . . . . . . . 33 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 33 | |||
7.1. Normative References . . . . . . . . . . . . . . . . . . 33 | ||||
7.2. Informative References . . . . . . . . . . . . . . . . . 34 | ||||
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 34 | Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 34 | |||
Appendix B. Change History . . . . . . . . . . . . . . . . . . . 34 | Appendix B. Change History . . . . . . . . . . . . . . . . . . . 34 | |||
B.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 34 | B.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 34 | |||
B.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 34 | B.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 35 | |||
B.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 35 | B.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 35 | |||
B.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 35 | B.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 35 | |||
B.5. Change from 04 to REGEXT 00 . . . . . . . . . . . . . . . 35 | B.5. Change from 04 to REGEXT 00 . . . . . . . . . . . . . . . 35 | |||
B.6. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 35 | B.6. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 35 | |||
B.7. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 35 | B.7. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 35 | |||
B.8. Change from REGEXT 02 to REGEXT 03 . . . . . . . . . . . 35 | ||||
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 35 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 35 | |||
1. Introduction | 1. Introduction | |||
This document describes an extension mapping for version 1.0 of the | This document describes an extension mapping for version 1.0 of the | |||
Extensible Provisioning Protocol (EPP) [RFC5730]. This mapping, an | Extensible Provisioning Protocol (EPP) [RFC5730]. This mapping, an | |||
extension to EPP object mappings like the EPP domain name mapping | extension to EPP object mappings like the EPP domain name mapping | |||
[RFC5731], EPP host mapping [RFC5732], and EPP contact mapping | [RFC5731], EPP host mapping [RFC5732], and EPP contact mapping | |||
[RFC5733], can be used to pass a verification code to one of the EPP | [RFC5733], can be used to pass a verification code to one of the EPP | |||
transform commands. The domain name object is used for examples in | transform commands. The domain name object is used for examples in | |||
the document. The verification code is signed using XML Signature | the document. The verification code is signed using XML Signature | |||
[W3C.CR-xmldsig-core2-20120124] and is "base64" encoded. The | [W3C.CR-xmldsig-core2-20120124] and is "base64" encoded. The | |||
"base64" encoded text of the verification code MUST conform to | "base64" encoded text of the verification code MUST conform to | |||
[RFC2045]. The verification code demonstrates that verification was | [RFC2045]. The verification code demonstrates that verification was | |||
done by a Verification Service Provider (VSP). | done by a Verification Service Provider (VSP). | |||
The Verification Service Provider (VSP) is a certified party to | The Verification Service Provider (VSP) is a certified party to | |||
skipping to change at page 32, line 24 ¶ | skipping to change at page 32, line 24 ¶ | |||
5. IANA Considerations | 5. IANA Considerations | |||
5.1. XML Namespace | 5.1. XML Namespace | |||
This document uses URNs to describe XML namespaces and XML schemas | This document uses URNs to describe XML namespaces and XML schemas | |||
conforming to a registry mechanism described in [RFC3688]. | conforming to a registry mechanism described in [RFC3688]. | |||
Registration request for the verificationCode namespace: | Registration request for the verificationCode namespace: | |||
URI: ietf:params:xml:ns:verificationCode-1.0 | URI: ietf:params:xml:ns:verificationCode-1.0 | |||
Registrant Contact: See the "Author's Address" section of this | Registrant Contact: IESG | |||
document. | ||||
XML: None. Namespace URIs do not represent an XML specification. | XML: None. Namespace URIs do not represent an XML specification. | |||
Registration request for the verificationCode XML schema: | Registration request for the verificationCode XML schema: | |||
URI: ietf:params:xml:ns:verificationCode-1.0 | URI: ietf:params:xml:ns:verificationCode-1.0 | |||
Registrant Contact: See the "Author's Address" section of this | Registrant Contact: IESG | |||
document. | ||||
XML: See the "Formal Syntax" section of this document. | XML: See the "Formal Syntax" section of this document. | |||
5.2. EPP Extension Registry | 5.2. EPP Extension Registry | |||
The EPP extension described in this document should be registered by | The EPP extension described in this document should be registered by | |||
the IANA in the EPP Extension Registry described in [RFC7451]. The | the IANA in the EPP Extension Registry described in [RFC7451]. The | |||
details of the registration are as follows: | details of the registration are as follows: | |||
Name of Extension: "Verification Code Extension for the Extensible | Name of Extension: "Verification Code Extension for the Extensible | |||
Provisioning Protocol (EPP)" | Provisioning Protocol (EPP)" | |||
Document status: Standards Track | Document status: Standards Track | |||
Reference: (insert reference to RFC version of this document) | Reference: (insert reference to RFC version of this document) | |||
Registrant Name and Email Address: IESG, <iesg@ietf.org> | Registrant Name and Email Address: IESG, <iesg@ietf.org> | |||
TLDs: Any | TLDs: Any | |||
IPR Disclosure: None | ||||
IPR Disclosure: None | ||||
Status: Active | Status: Active | |||
Notes: None | Notes: None | |||
6. Security Considerations | 6. Security Considerations | |||
The mapping extension described in this document is based on the | The mapping extension described in this document is based on the | |||
security services described by EPP [RFC5730] and protocol layers used | security services described by EPP [RFC5730] and protocol layers used | |||
by EPP. The security considerations described in these other | by EPP. The security considerations described in these other | |||
specifications apply to this specification as well. | specifications apply to this specification as well. | |||
skipping to change at page 33, line 35 ¶ | skipping to change at page 33, line 33 ¶ | |||
It is RECOMMENDED that signed codes do not include white-spaces | It is RECOMMENDED that signed codes do not include white-spaces | |||
between the XML elements in order to mitigate risks of invalidating | between the XML elements in order to mitigate risks of invalidating | |||
the digital signature when transferring of signed codes between | the digital signature when transferring of signed codes between | |||
applications takes place. | applications takes place. | |||
Use of XML canonicalization SHOULD be used when generating the signed | Use of XML canonicalization SHOULD be used when generating the signed | |||
code. SHA256/RSA-SHA256 SHOULD be used for digesting and signing. | code. SHA256/RSA-SHA256 SHOULD be used for digesting and signing. | |||
The size of the RSA key SHOULD be at least 2048 bits. | The size of the RSA key SHOULD be at least 2048 bits. | |||
7. Normative References | 7. References | |||
7.1. Normative References | ||||
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
Extensions (MIME) Part One: Format of Internet Message | Extensions (MIME) Part One: Format of Internet Message | |||
Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, | Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, | |||
<https://www.rfc-editor.org/info/rfc2045>. | <https://www.rfc-editor.org/info/rfc2045>. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | |||
editor.org/info/rfc2119>. | editor.org/info/rfc2119>. | |||
skipping to change at page 34, line 27 ¶ | skipping to change at page 34, line 27 ¶ | |||
editor.org/info/rfc5731>. | editor.org/info/rfc5731>. | |||
[RFC5732] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | [RFC5732] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | |||
Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732, | Host Mapping", STD 69, RFC 5732, DOI 10.17487/RFC5732, | |||
August 2009, <https://www.rfc-editor.org/info/rfc5732>. | August 2009, <https://www.rfc-editor.org/info/rfc5732>. | |||
[RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) | |||
Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733, | Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733, | |||
August 2009, <https://www.rfc-editor.org/info/rfc5733>. | August 2009, <https://www.rfc-editor.org/info/rfc5733>. | |||
[RFC7451] Hollenbeck, S., "Extension Registry for the Extensible | ||||
Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, | ||||
February 2015, <https://www.rfc-editor.org/info/rfc7451>. | ||||
[W3C.CR-xmldsig-core2-20120124] | [W3C.CR-xmldsig-core2-20120124] | |||
Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, | Cantor, S., Roessler, T., Eastlake, D., Yiu, K., Reagle, | |||
J., Solo, D., Datta, P., and F. Hirsch, "XML Signature | J., Solo, D., Datta, P., and F. Hirsch, "XML Signature | |||
Syntax and Processing Version 2.0", World Wide Web | Syntax and Processing Version 2.0", World Wide Web | |||
Consortium CR CR-xmldsig-core2-20120124, January 2012, | Consortium CR CR-xmldsig-core2-20120124, January 2012, | |||
<http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | <http://www.w3.org/TR/2012/CR-xmldsig-core2-20120124>. | |||
7.2. Informative References | ||||
[RFC7451] Hollenbeck, S., "Extension Registry for the Extensible | ||||
Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, | ||||
February 2015, <https://www.rfc-editor.org/info/rfc7451>. | ||||
Appendix A. Acknowledgements | Appendix A. Acknowledgements | |||
Appendix B. Change History | Appendix B. Change History | |||
B.1. Change from 00 to 01 | B.1. Change from 00 to 01 | |||
1. Fixed pendingComplaince and complaint to pendingCompliance and | 1. Fixed pendingComplaince and complaint to pendingCompliance and | |||
compliant in text. | compliant in text. | |||
2. Fixed verificaton to verification. | 2. Fixed verificaton to verification. | |||
skipping to change at page 35, line 27 ¶ | skipping to change at page 35, line 31 ¶ | |||
eppext-verificationcode to draft-ietf-regext-verificationcode. | eppext-verificationcode to draft-ietf-regext-verificationcode. | |||
B.6. Change from REGEXT 00 to REGEXT 01 | B.6. Change from REGEXT 00 to REGEXT 01 | |||
1. Ping update. | 1. Ping update. | |||
B.7. Change from REGEXT 01 to REGEXT 02 | B.7. Change from REGEXT 01 to REGEXT 02 | |||
1. Ping update. | 1. Ping update. | |||
B.8. Change from REGEXT 02 to REGEXT 03 | ||||
1. Moved RFC 7451 to an informational reference based on a check | ||||
done by the Idnits Tool. | ||||
2. Replaced the IANA Registrant Contact to be "IESG". | ||||
Author's Address | Author's Address | |||
James Gould | James Gould | |||
VeriSign, Inc. | VeriSign, Inc. | |||
12061 Bluemont Way | 12061 Bluemont Way | |||
Reston, VA 20190 | Reston, VA 20190 | |||
US | US | |||
Email: jgould@verisign.com | Email: jgould@verisign.com | |||
URI: http://www.verisign.com | URI: http://www.verisign.com | |||
End of changes. 18 change blocks. | ||||
20 lines changed or deleted | 30 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |