Registration Data Access Protocol (RDAP) Extension for Verified Contact Information
draft-loffredo-regext-rdap-verified-contacts-03
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
| Document | Type | Active Internet-Draft (regext WG) | |
|---|---|---|---|
| Authors | Mario Loffredo , Maurizio Martinelli , James Gould , Paweł Kowalik | ||
| Last updated | 2026-04-20 (Latest revision 2026-02-23) | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| Stream | WG state | Candidate for WG Adoption | |
| Document shepherd | (None) | ||
| IESG | IESG state | I-D Exists | |
| Consensus boilerplate | Unknown | ||
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-loffredo-regext-rdap-verified-contacts-03
Network Working Group M. Loffredo
Internet-Draft M. Martinelli
Intended status: Standards Track IIT-CNR/Registro.it
Expires: 27 August 2026 J.G. Gould
VeriSign, Inc.
P. Kowalik
DENIC eG
23 February 2026
Registration Data Access Protocol (RDAP) Extension for Verified Contact
Information
draft-loffredo-regext-rdap-verified-contacts-03
Abstract
This document describes an extension to the Registration Data Access
Protocol (RDAP) that allows the inclusion of verification status
information for contact fields such as email addresses and phone
numbers. The goal is to improve data quality and trustworthiness of
RDAP responses by indicating which pieces of contact data have been
verified and how.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 27 August 2026.
Copyright Notice
Copyright (c) 2026 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Loffredo, et al. Expires 27 August 2026 [Page 1]
Internet-Draft Verifying Contacts in RDAP February 2026
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Revised BSD License text as
described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Revised BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions Used in This Document . . . . . . . . . . . . . . 3
3. RDAP Conformance . . . . . . . . . . . . . . . . . . . . . . 3
4. JSON Structure . . . . . . . . . . . . . . . . . . . . . . . 3
5. verifiedContacts_data Structure . . . . . . . . . . . . . . . 4
6. Combining Evidence and Method . . . . . . . . . . . . . . . . 9
7. Extension Version Identifier . . . . . . . . . . . . . . . . 11
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
8.1. RDAP Extensions Registry . . . . . . . . . . . . . . . . 12
8.2. RDAP JSON Values Registry . . . . . . . . . . . . . . . . 12
9. Security Considerations . . . . . . . . . . . . . . . . . . . 23
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 23
11.1. Normative References . . . . . . . . . . . . . . . . . . 23
11.2. Informative References . . . . . . . . . . . . . . . . . 24
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 24
A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 24
A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 24
A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 25
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25
1. Introduction
The Registration Data Access Protocol (RDAP) provides access to
registration data for domain names, IP addresses, and autonomous
system numbers. However, RDAP responses do not currently include
explicit information about whether contact information such as email
addresses or phone numbers has been verified.
This document defines a simple extension that enables RDAP providers
to include verification status for contact fields. This is useful in
contexts where contact verification may be legally required or
strongly recommended.
In particular, Article 28 of Directive (EU) 2022/2555 ([NIS2])
requires top-level domain (TLD) name registries and domain name
registrars to collect and maintain accurate and complete domain name
registration data. Assuring accuracy and completeness of
registration data may involve verification of contact details and, in
some cases, publishing their verification status—either in a publicly
Loffredo, et al. Expires 27 August 2026 [Page 2]
Internet-Draft Verifying Contacts in RDAP February 2026
accessible RDAP service or in a closed RDAP service requiring prior
authorization for legitimate access seekers or authorities. The
extension defined in this document can support compliance with these
obligations by enabling the inclusion of verification status for
contact fields in RDAP responses in a standardized way.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP
14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here.
3. RDAP Conformance
Servers implementing this extension MUST include the string
"verifiedContacts" in the "rdapConformance" ([RFC9083]) array of all
relevant RDAP responses. The registration of the "verifiedContacts"
extension identifier is described in Section 8.
4. JSON Structure
The verification information is conveyed via a new top-level object
member named "verifiedContacts_data" within the entity objects.
Loffredo, et al. Expires 27 August 2026 [Page 3]
Internet-Draft Verifying Contacts in RDAP February 2026
{
"objectClassName": "entity",
"handle": "ABC123-EXAMPLE",
"rdapConformance": ["rdap_level_0", "verifiedContacts"],
...
"verifiedContacts_data":
{
[
"claims": ["name", "address"],
"verificationDate": "2025-03-15T12:00:00Z",
"trustFramework": "eidas",
"verifierId": "Registro.it",
"verificationId": "verif-20250315-0001",
"evidence": "idcard",
"method": "auth"
],
[
"claims": ["email"],
"verificationDate": "2025-03-10T09:30:00Z",
"trustFramework": "registro.it",
"verifierId": "Registro.it",
"verificationId": "verif-20250310-0001",
"method": "reachability",
"remarks" :
[
{
"description" :
[
"E-mail verification embedded
in onboarding process."
]
}
]
]
...
}
}
Figure 1: Entity object including the "verifiedContacts_data" member
5. verifiedContacts_data Structure
The "verifiedContacts_data" member is an array if objects containing:
"verificationDate": (OPTIONAL) A string with the date and time of
verification, represented as an [RFC3339] date-time profile
format.
Loffredo, et al. Expires 27 August 2026 [Page 4]
Internet-Draft Verifying Contacts in RDAP February 2026
"verifierId": (OPTIONAL) Verifier identifier, that is a server
unique number or a delimited string using a '-' as a separator
character to support a regional or globally unique identifier.
The minimum length is 1 character and the maximum length is 40
characters. The set of verifiers and verifier identifiers is up
to server policy.
"verifierName": (OPTIONAL) Verifier name of the verifier that is a
simple character string, with a minimum length of 1 character and
a maximum length of 40 characters. The set of verifiers and
verifier identifiers is up to server policy.
"verificationId": (OPTIONAL) Verification identifier that
unambigously identifies the verification performed by the
verification provider.
"claims": (OPTIONAL) An array of strings indicating which parts of
the data has been verified in a given process.
The list of allowed values is specified by entries of a type
"verified contact claim" in "RDAP JSON Values Registry" and is
extendible.
This specification defines the following set of values based on
[OpenID]:
"email": E-mail address.
"phone number": Voice phone number.
"fax": Fax phone number.
"address": Address.
"name": Entities full name.
"given name": Given name or first name of the entity.
"family name": Surname or last name of the entity.
"birthdate": Date of birth.
"trustFramework": (OPTIONAL) A string determining the trust
framework governing the identity verification process.
The list of allowed values is specified by entries of a type
"verified contact trust framework" in "RDAP JSON Values Registry"
and is extendible.
Loffredo, et al. Expires 27 August 2026 [Page 5]
Internet-Draft Verifying Contacts in RDAP February 2026
If the verification is conducted according to the policy
framework of server operator, this value SHOULD be specific to
this operator unless external policy has been adopted.
This specification defines the following set of values:
"eidas": The verification has been conducted in accordance with
the EU regulation No 910/2014 (eIDAS).
"private": The verification has been conducted in accordance
private policy framework of server operator.
"method": (OPTIONAL) A string indicating a verification method.
The list of allowed values is specified by entries of a type
"verified contact method" in "RDAP JSON Values Registry" and is
extendible.
This specification defines the following set of values, based on
Check Methods defined in [IDA-Predefined-Values] referred from
[IDA-verified-claims]:
"vpip": Validation that physical evidence is genuine through
inspection of its physical properties in person.
"vpiruv": Validation that physical evidence is genuine through
inspection of its physical properties in person including its
optical characteristics under non-visible light.
"vri": Validation that physical evidence is genuine through the
inspection of an image taken remotely under visible light.
"vdig": Validation that digital/electronic evidence is genuine
by the inspection of its properties and content.
"vcrypt": Validation the cryptographic security features of the
evidence are intact and correct.
"data": Found an existing electronic record that matches the
claims made by the user.
"auth": Verifying the user is the owner of the claims by use of
an electronic authentication process that is linked to the
owner of the claims.
"token": Verifying the user is the owner of the claims by use of
Loffredo, et al. Expires 27 August 2026 [Page 6]
Internet-Draft Verifying Contacts in RDAP February 2026
an electronic authentication token such as hardware token or
smartcard that is linked and issued to the owner of the
claims.
"kbv": Verifying the user is the owner of the claims by
knowledge based challenges/questions that only the owner of
the claims should know how to answer.
"pvp": Physical verification in person by a qualified/authorised
person, the comparison of a physical characteristic (such as
face) of the user with a known image/template of the owner of
the claims.
"pvr": Physical verification by a qualified/authorised person
when the user is remote, the comparison of a physical
characteristic (such as face) from an image or video of the
user with a known image/template of the owner of the claims.
"bvp": Biometric verification by an automated system with the
user physically present to the system and the verifier, the
use of a biometric modality (such as face) to match the user
with a known template of the owner of the claims.
"bvr": Biometric verification by an automated system where the
user and capture device is remote to the verifier, the use of
a biometric modality (such as face) to match the user with a
known template of the owner of the claims.
"reachability": Verification conducted in a way that confirms
the reliability of the chosen communication method, requiring
the recipient to actively acknowledge receipt through an
appropriate confirmation action, such as signing a
confirmation of receipt, entering a code or clicking a link
"evidence": (OPTIONAL) A string indicating an evidence used in the
verification.
The list of allowed values is specified by entries of a type
"verified contact evidence" in "RDAP JSON Values Registry" and is
extendible.
This specification defines the following set of values, based on
Documents, Electronic records and Vouches defined in
[IDA-Predefined-Values] referred from [IDA-verified-claims]:
"idcard": An identity document issued by a country's government
for the purpose of identifying a citizen.
Loffredo, et al. Expires 27 August 2026 [Page 7]
Internet-Draft Verifying Contacts in RDAP February 2026
"passport": A passport is a travel document, usually issued by a
country's government, that certifies the identity and
nationality of its holder primarily for the purpose of
international travel.
"residence permit": Official document permitting an individual
to reside within a particular jurisdiction.
"bank statement": Bank statement from a recognized banking
institution.
"utility statement": Statement from a recognized utility
provider.
"tax statement": Statement from a country's tax authority.
"birth certificate": Official document certifying the
circumstances of a birth.
"birth register": A record from an official register of births.
"population register": A record from an official population
register.
"written attestation": A written/printed statement/letter from a
recognised person or authority regarding the identity of the
entity.
"digital attestation": A statement from a recognised person or
authority regarding the identity of the entiry that was made
and stored electronically.
"email ver transaction log": A digital transaction log of an
appropriate confirmation action of email verification, such
as entering a code or clicking a link.
"postal ver transaction log": A digital transaction log of an
appropriate confirmation action of postal verification, such
as confirmation of receipt, entering a code or clicking a
link.
"address database": Information from a reliable address
database.
"remarks": (OPTIONAL) property, which is an array of remarks (see
Section 4.3 of [RFC9083]).
"extension": (OPTIONAL) property, which is a map of objects.
Loffredo, et al. Expires 27 August 2026 [Page 8]
Internet-Draft Verifying Contacts in RDAP February 2026
The list of allowed values is specified by entries of a type
"verified contact extension" in "RDAP JSON Values Registry" and
is extendible.
This specification does not specify any entries to this registry
leaving it open for other specificiations.
6. Combining Evidence and Method
In most common cases a verification of data consists of comparison
against some authoritative source or document (evidence) using one of
the allowed methods (method) within a defined trust framework. The
same evidence may be verified using different methods, just as the
same method may be applied to different evidences. Therefore, a
description of the verification process typically specifies the
values in a combination.
Real life examples of such combinations:
* Email verification
{
...
"verifiedContacts_data":
{
[
"claims": ["email"],
"method": "reachability",
"evidence": "email ver transaction log",
"remarks" :
[
{
"description" :
[
"Sending a confirmation link to
the specified email address and
requiring user interaction (e.g.,
clicking the link) to confirm
ownership."
]
}
]
]
...
}
}
* Address Verification
Loffredo, et al. Expires 27 August 2026 [Page 9]
Internet-Draft Verifying Contacts in RDAP February 2026
{
...
"verifiedContacts_data":
{
[
"claims": ["address"],
"method": "data",
"evidence": "address database",
"remarks" :
[
{
"description" :
[
"Verification of the postal address using
a geolocation or address validation service
(e.g., Google Maps API, OpenStreetMap,
postal databases)."
]
}
]
]
...
}
}
* Manual review
Loffredo, et al. Expires 27 August 2026 [Page 10]
Internet-Draft Verifying Contacts in RDAP February 2026
{
...
"verifiedContacts_data":
{
[
"claims": ["name", "address"],
"method": "pvr",
"evidence": "idcard",
"remarks" :
[
{
"description" :
[
"Manual review of contact data by a human operator
(e.g., calling the phone number, making a live
video call, inspecting submitted documentation)."
]
}
]
]
...
}
}
7. Extension Version Identifier
This extension supports the following versioning types as defined in
[I-D.ietf-regext-rdap-versioning]:
* Opaque Versioning: The Opaque Extension Version Identifier is
"verifiedContacts".
* Semantic Versioning: The Semantic Extension Version Identifier is
"verifiedContacts-0.3". The Semantic Extension Version Identifier
is "verifiedContacts-0.2" for draft-loffredo-regext-rdap-verified-
contacts-02 and "verifiedContacts-0.1" for draft-loffredo-regext-
rdap-verified-contacts-01. When there are interface changes to
the extension, the Semantic Extension Version Identifier will be
incremented, which may not match the draft version number. When
the draft becomes a working group document and passes Working
Group Last Call (WGLC), the Semantic Extension Version Identifier
will be changed to "verifiedContacts-1.0".
8. IANA Considerations
Loffredo, et al. Expires 27 August 2026 [Page 11]
Internet-Draft Verifying Contacts in RDAP February 2026
8.1. RDAP Extensions Registry
IANA is requested to register the following value in the RDAP
Extensions Registry:
Extension identifier: verifiedContacts
Registry operator: Any
Published specification: This document.
Contact: IETF <iesg@ietf.org>
Intended usage: This extension identifies RDAP extension for
verified contact information.
8.2. RDAP JSON Values Registry
Section 10.2 of [RFC9083] defines the RDAP JSON Values Registry with
pre-defined Type field values and the use of the "Expert Review"
policy defined in [RFC8126]. This specification defines new RDAP
JSON Values Registry Type field values that can be used to register
pre-defined "verified contact claim", "verified contact method",
"verified contact trust framework", "verified contact evidence" and
"verified contact extension" values. IANA is requested to update the
RDAP JSON Values Registry to accept these additional type field
values as follows:
"verified contact claim": Verified contact claim being registered.
The registered "verified contact claim" is referenced using a
sub-field of the verified contacts "verifiedContacts_data" field.
"verified contact method": Verified contact method being registered.
The "verified contact method" is referenced using the "method"
field of the verified contacts detail (e.g., "email", "voice",
"fax", "addr") field.
"verified contact evidence": Verified contact evidence being
registered. The "verified contact evidence" is referenced using
a sub-field of the verified contacts "verifiedContacts_data"
field.
"verified contact trust framework": Verified contact trust framework
registered. The "verified contact trust framework" is referenced
using a sub-field of the verified contacts
"verifiedContacts_data" field.
"verified contact extension": Verified contact extension field being
registered. The "verified contact extension" is referenced using
a sub-field of the verified contacts "verifiedContacts_data"
field.
Loffredo, et al. Expires 27 August 2026 [Page 12]
Internet-Draft Verifying Contacts in RDAP February 2026
IANA is requested to register the following in the RDAP JSON Values
Registry, described in [RFC9083]:
Value: email
Type: verified contact claim
Description: E-mail address.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: phone number
Type: verified contact claim
Description: Voice phone number.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: fax
Type: verified contact claim
Description: Fax phone number.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: address
Type: verified contact claim
Description: Address.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Loffredo, et al. Expires 27 August 2026 [Page 13]
Internet-Draft Verifying Contacts in RDAP February 2026
Value: name
Type: verified contact claim
Description: Entities full name.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: given name
Type: verified contact claim
Description: Given name or first name of the entity.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: family name
Type: verified contact claim
Description: Surname or last name of the entity.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: birthdate
Type: verified contact claim
Description: Date of birth.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: vpip
Type: verified contact method
Description: Validation that physical evidence is genuine through
inspection of its physical properties in person.
Loffredo, et al. Expires 27 August 2026 [Page 14]
Internet-Draft Verifying Contacts in RDAP February 2026
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: vpiruv
Type: verified contact method
Description: Validation that physical evidence is genuine through
inspection of its physical properties in person including its
optical characteristics under non-visible light.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: vri
Type: verified contact method
Description: Validation that physical evidence is genuine through
the inspection of an image taken remotely under visible light.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: vdig
Type: verified contact method
Description: Validation that digital/electronic evidence is genuine
by the inspection of its properties and content.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: vcrypt
Loffredo, et al. Expires 27 August 2026 [Page 15]
Internet-Draft Verifying Contacts in RDAP February 2026
Type: verified contact method
Description: Validation the cryptographic security features of the
evidence are intact and correct.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: data
Type: verified contact method
Description: Found an existing electronic record that matches the
claims made by the user.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: auth
Type: verified contact method
Description: Verifying the user is the owner of the claims by use of
an electronic authentication process that is linked to the owner
of the claims.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: token
Type: verified contact method
Description: Verifying the user is the owner of the claims by use of
an electronic authentication token such as hardware token or
smartcard that is linked and issued to the owner of the claims.
Registrant Name: IETF
Loffredo, et al. Expires 27 August 2026 [Page 16]
Internet-Draft Verifying Contacts in RDAP February 2026
Registrant Contact Information: iesg@ietf.org
Value: kbv
Type: verified contact method
Description: Verifying the user is the owner of the claims by
knowledge based challenges/questions that only the owner of the
claims should know how to answer.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: pvp
Type: verified contact method
Description: Physical verification in person by a qualified/
authorised person, the comparison of a physical characteristic
(such as face) of the user with a known image/template of the
owner of the claims.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: pvr
Type: verified contact method
Description: Physical verification by a qualified/authorised person
when the user is remote, the comparison of a physical
characteristic (such as face) from an image or video of the user
with a known image/template of the owner of the claims.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Loffredo, et al. Expires 27 August 2026 [Page 17]
Internet-Draft Verifying Contacts in RDAP February 2026
Value: bvp
Type: verified contact method
Description: Biometric verification by an automated system with the
user physically present to the system and the verifier, the use
of a biometric modality (such as face) to match the user with a
known template of the owner of the claims.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: bvr
Type: verified contact method
Description: Biometric verification by an automated system where the
user and capture device is remote to the verifier, the use of a
biometric modality (such as face) to match the user with a known
template of the owner of the claims.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: reachability
Type: verified contact method
Description: Verification conducted in a way that confirms the
reliability of the chosen communication method, requiring the
recipient to actively acknowledge receipt through an appropriate
confirmation action, such as signing a confirmation of receipt,
entering a code or clicking a link.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: idcard
Loffredo, et al. Expires 27 August 2026 [Page 18]
Internet-Draft Verifying Contacts in RDAP February 2026
Type: verified contact evidence
Description: An identity document issued by a country's government
for the purpose of identifying a citizen.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: passport
Type: verified contact evidence
Description: A passport is a travel document, usually issued by a
country's government, that certifies the identity and nationality
of its holder primarily for the purpose of international travel.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: residence permit
Type: verified contact evidence
Description: Official document permitting an individual to reside
within a particular jurisdiction.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: bank statement
Type: verified contact evidence
Description: Bank statement from a recognized banking institution.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Loffredo, et al. Expires 27 August 2026 [Page 19]
Internet-Draft Verifying Contacts in RDAP February 2026
Value: utility statement
Type: verified contact evidence
Description: Statement from a recognized utility provider.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: tax statement
Type: verified contact evidence
Description: Statement from a country's tax authority.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: birth certificate
Type: verified contact evidence
Description: Official document certifying the circumstances of a
birth.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: birth register
Type: verified contact evidence
Description: A record from an official register of births.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Loffredo, et al. Expires 27 August 2026 [Page 20]
Internet-Draft Verifying Contacts in RDAP February 2026
Value: population register
Type: verified contact evidence
Description: A record from an official population register.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: written attestation
Type: verified contact evidence
Description: A written/printed statement/letter from a recognised
person or authority regarding the identity of the entity.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: digital attestation
Type: verified contact evidence
Description: A statement from a recognised person or authority
regarding the identity of the entiry that was made and stored
electronically.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: email ver transaction log
Type: verified contact evidence
Description: A digital transaction log of an appropriate
confirmation action of email verification, such as entering a
code or clicking a link.
Registrant Name: IETF
Loffredo, et al. Expires 27 August 2026 [Page 21]
Internet-Draft Verifying Contacts in RDAP February 2026
Registrant Contact Information: iesg@ietf.org
Value: postal ver transaction log
Type: verified contact evidence
Description: A digital transaction log of an appropriate
confirmation action of postal verification, such as confirmation
of receipt, entering a code or clicking a link.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: address database
Type: verified contact evidence
Description: Information from a reliable address database.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: eidas
Type: verified contact trust framework
Description: The verification has been conducted in accordance with
the EU regulation No 910/2014 (eIDAS).
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
Value: private
Type: verified contact trust framework
Description: The verification has been conducted in accordance
Loffredo, et al. Expires 27 August 2026 [Page 22]
Internet-Draft Verifying Contacts in RDAP February 2026
private policy framework of server operator.
Registrant Name: IETF
Registrant Contact Information: iesg@ietf.org
9. Security Considerations
Contact verification data may have privacy implications. Servers
MUST ensure that disclosure of this information complies with
applicable data protection laws and policies.
10. Acknowledgements
The authors wish to thank the following persons for their feedback
and suggestions: Scott Hollenbeck.
11. References
11.1. Normative References
[I-D.ietf-regext-rdap-versioning]
Gould, J., Keathley, D., and M. Loffredo, "Versioning in
the Registration Data Access Protocol (RDAP)", Work in
Progress, Internet-Draft, draft-ietf-regext-rdap-
versioning-04, 11 December 2025,
<https://datatracker.ietf.org/doc/html/draft-ietf-regext-
rdap-versioning-04>.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
[RFC3339] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, DOI 10.17487/RFC3339, July 2002,
<https://www.rfc-editor.org/info/rfc3339>.
[RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for
Writing an IANA Considerations Section in RFCs", BCP 26,
RFC 8126, DOI 10.17487/RFC8126, June 2017,
<https://www.rfc-editor.org/info/rfc8126>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Loffredo, et al. Expires 27 August 2026 [Page 23]
Internet-Draft Verifying Contacts in RDAP February 2026
[RFC9083] Hollenbeck, S. and A. Newton, "JSON Responses for the
Registration Data Access Protocol (RDAP)", STD 95,
RFC 9083, DOI 10.17487/RFC9083, June 2021,
<https://www.rfc-editor.org/info/rfc9083>.
11.2. Informative References
[IDA-Predefined-Values]
OpenID Foundation, "Overview page for predefined values",
2021, <https://openid.net/wg/ekyc-ida/identifiers/>.
[IDA-verified-claims]
Lodderstedt, T., Fett, D., Haine, M., Pulido, A., Lehmann,
K., and K. Koiwai, "OpenID Identity Assurance Schema
Definition", 9 August 2023, <https://openid.net/specs/
openid-ida-verified-claims-1_0.html>.
[NIS2] European Parliament and Council, "Directive (EU) 2022/2555
of the European Parliament and of the Council of 14
December 2022 on measures for a high common level of
cybersecurity across the Union, amending Regulation (EU)
No 910/2014 and Directive (EU) 2018/1972, and repealing
Directive (EU) 2016/1148 (NIS 2 Directive)", December
2022, <https://eur-lex.europa.eu/legal-content/EN/TXT/
PDF/?uri=CELEX:02022L2555-20221227>.
[OpenID] Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., and
C. Mortimore, "OpenID Connect Core 1.0 incorporating
errata set 1", 8 November 2014,
<https://openid.net/specs/openid-connect-core-1_0.html>.
Appendix A. Change History
A.1. Change from 00 to 01
1. Made The "verifiedContacts_data" keys consistent with those
defined in draft-ietf-regext-rdap-jscontact.
2. Further specified the verification methods and changed their
format to CamelCase.
A.2. Change from 01 to 02
1. Added definition of the "verified contact detail" and "verified
contact method" RDAP JSON Values types and added a set of RDAP
JSON Values registrations.
2. Updated the "method" values to be lowercase with a space word
separator to match the requirement for registered RDAP JSON
Values.
Loffredo, et al. Expires 27 August 2026 [Page 24]
Internet-Draft Verifying Contacts in RDAP February 2026
3. Added support for semantic versioning using the versioning
extension and included the semantic versions for the prior draft
versions.
4. Added the "all", "email", "voice", "fax", and "addr" verified
contact detail registration.
5. Added the "verifierId" optional field to reference who performed
the verification.
6. Added the "verificationId" optional field to reference the
unique verification performed by the verification provider.
7. Added the "trustFramework" optional field to reference the
policy framework of the verification
8. Make verification date optional
9. Clarified that the extension can be used in both public and
restricted RDAP services
10. Make possible to have multiple verification objects.
11. Add verification evidence as optional field.
12. Change reference to verified data as an array instead of object
key, to enable multiple verifications referring to the same data
element and avoid same verification object repeated if multiple
data elements were verified.
A.3. Change from 02 to 03
1. Rename "verified contact detail" to "verified contact claim" to
match terminology with [OpenID].
2. Added "verified contact evidence", "verified contact trust
framework" to IANA section.
3. Synchronised "verified contact claim" IANA section with
Section 5.
4. Changed "verified contact method" according to
[IDA-verified-claims]
5. Removed "all" claim as it is ambigous if the whole set of claims
in the registration system is unknown.
6. Refactor introduction to reflect better NIS-2 requirements.
7. Removed ambiguous "all" claim.
8. Added "extension" and "remarks" fields.
9. Added "email ver transaction log" and "postal ver transaction
log" evidence.
10. Added section Combining Evidence and Method as well as needed
values to the lists.
Authors' Addresses
Mario Loffredo
IIT-CNR/Registro.it
Via Moruzzi,1
56124 Pisa
Italy
Loffredo, et al. Expires 27 August 2026 [Page 25]
Internet-Draft Verifying Contacts in RDAP February 2026
Email: mario.loffredo@iit.cnr.it
URI: http://www.iit.cnr.it
Maurizio Martinelli
IIT-CNR/Registro.it
Via Moruzzi,1
56124 Pisa
Italy
Email: maurizio.martinelli@iit.cnr.it
URI: http://www.iit.cnr.it
James Gould
VeriSign, Inc.
12061 Bluemont Way
Reston, VA 20190
United States of America
Email: jgould@verisign.com
URI: http://www.verisigninc.com
P Kowalik
DENIC eG
Theodor-Stern-Kai 1
Frankfurt am Main
Germany
Email: pawel.kowalik@denic.de
URI: https://denic.de
Loffredo, et al. Expires 27 August 2026 [Page 26]