Internet Engineering Task Force S. Hollenbeck
Internet-Draft VeriSign, Inc.
November 10, 2000 Expires: May 10, 2001
Extensible Provisioning Protocol Transport Over TCP
<draft-hollenbeck-epp-tcp-00.txt>
Status of this Memo
This document is an Internet-Draft and is in full conformance with all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Task
Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
Abstract
This document describes how an Extensible Provisioning Protocol (EPP)
session is mapped onto a single Transmission Control Protocol (TCP)
connection.
Conventions Used In This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
Hollenbeck Expires May 10, 2001 [Page 1]
Internet-Draft EPP TCP Transport November 10, 2000
Table of Contents
1. Introduction ................................................. 3
2. Session Management ........................................... 4
3. Message Exchange ............................................. 5
4. Internationalization Considerations .......................... 6
5. IANA Considerations .......................................... 7
6. Security Considerations ...................................... 8
7. References ................................................... 9
8. Author's Address ............................................. 10
9. Full Copyright Statement ..................................... 11
Hollenbeck Expires May 10, 2001 [Page 2]
Internet-Draft EPP TCP Transport November 10, 2000
1. Introduction
This document describes how an EPP session is mapped onto a single TCP
connection. EPP is described in [EPP]. TCP is described in [RFC793].
This document is being discussed on the "rrp" mailing list. To join
the list, send a message to <majordomo@NSIRegistry.net> with the words
"subscribe rrp" in the body of the message. There is a web site for
the list archives at <http://www.NSIRegistry.net/maillist/rrp>.
Hollenbeck Expires May 10, 2001 [Page 3]
Internet-Draft EPP TCP Transport November 10, 2000
2. Session Management
Mapping EPP session management facilities onto the TCP service is
straight forward. An EPP session first requires creation of a TCP
connection between two peers, one that initiates the connection
request and one that responds to the connection request. The
initiating peer is called the "client", and the responding peer is
called the "server". An EPP server MUST listen for TCP connection
requests on a standard TCP port. TCP port 65000 should be used for
development and testing purposes in advance of a port assignment from
IANA.
The client MUST issue an active OPEN call, specifying the TCP port
number on which the server is listening for EPP connection attempts.
The server MUST respond with a passive OPEN call, which the client
MUST acknowledge to establish the connection. The EPP server MUST
return an EPP <greeting> to the client after the TCP session has been
established.
An EPP session is nominally ended by the client issuing an EPP
<logout> command. A server receiving an EPP <logout> command MUST end
the EPP session and close the TCP connection through an active CLOSE
call. The client MUST respond with a passive CLOSE call.
A client MAY end an EPP session by issuing an active CLOSE call. A
server SHOULD respond with a passive CLOSE call.
A server MAY limit the life span of an established TCP connection.
EPP sessions that are inactive for more than 10 minutes MAY be ended
by a server issuing an active CLOSE call. A server MAY close TCP
connections that have been open and active for more than 24 continuous
hours.
Peers SHOULD respond to an active CLOSE call with a passive CLOSE
call. The closing peer MAY issue an ABORT call if the responding peer
does not respond to the active CLOSE call.
Hollenbeck Expires May 10, 2001 [Page 4]
Internet-Draft EPP TCP Transport November 10, 2000
3. Message Exchange
With the exception of the EPP server greeting, EPP messages are
initiated by the EPP client in the form of EPP commands. An EPP
server MUST return an EPP response to an EPP command on the same TCP
connection that carried the command. If the TCP connection is closed
after a server receives and successfully processes a command but
before the response can be returned to the client, the server MUST
undo the effects of the command to ensure a consistent state between
the client and the server.
An EPP client streams EPP commands to an EPP server on an established
TCP connection. A client MAY establish multiple TCP connections to
facilitate multiple command exchange channels. A server MAY limit a
client to a maximum number of TCP connections based on server
capabilities and operational load.
An EPP command MUST be a well-formed XML instance. An EPP command
begins with an OPTIONAL (but RECOMMENDED) XML processing instruction,
followed by an <epp> element, EPP child elements, and ending with an
</epp> element. A server MUST receive data from a client until an
</epp> element is received, signaling the end of a potentially well-
formed XML instance. XML parsing and command processing begins after
the server has received an </epp> element.
A server SHOULD impose a limit of 10 minutes on the amount of time
required for a client to issue a well-formed EPP command. A server
SHOULD end an EPP session and close an open TCP connection if a well-
formed command is not received within the time limit.
Hollenbeck Expires May 10, 2001 [Page 5]
Internet-Draft EPP TCP Transport November 10, 2000
4. Internationalization Considerations
This mapping does not introduce or present any internationalization
issues.
Hollenbeck Expires May 10, 2001 [Page 6]
Internet-Draft EPP TCP Transport November 10, 2000
5. IANA Considerations
Mapping EPP onto TCP requires a TCP port assignment from IANA for
public operation. TCP port 65000 should be used for development and
testing purposes in advance of a port assignment from IANA.
Hollenbeck Expires May 10, 2001 [Page 7]
Internet-Draft EPP TCP Transport November 10, 2000
6. Security Considerations
EPP as-is provides only simple client authentication services using
identifiers and plain text passwords. A passive attack is sufficient
to recover client identifiers and passwords, allowing trivial command
forgery. Protection against all common attacks must be provided by
other protocols.
When layered over TCP, EPP MUST be used with the Transport Layer
Security (TLS) Protocol described in [RFC2246] to prevent
eavesdropping, tampering, command forgery, and replay attacks.
Implementations of TLS often contain a US-exportable cryptographic
mode that SHOULD NOT be used to protect EPP. Clients and servers
desiring high security SHOULD instead use TLS with cryptographic
algorithms that are less susceptible to compromise.
Mutual client and server authentication using the TLS Handshake
Protocol is REQUIRED. EPP service MUST NOT be granted until
successful completion of a TLS handshake, ensuring that both client
and server have been authenticated and cryptographic protections are
in place.
EPP TCP servers are vulnerable to common TCP denial of service attacks
including TCP SYN flooding. Servers SHOULD take steps to minimize the
impact of a denial of service attack using combinations of easily
implemented solutions, such as deployment of firewall technology and
border router filters to restrict inbound server access to known,
trusted clients.
Hollenbeck Expires May 10, 2001 [Page 8]
Internet-Draft EPP TCP Transport November 10, 2000
7. References
[EPP] S. Hollenbeck: "Extensible Provisioning Protocol", draft-
hollenbeck-epp-00.txt, work in progress.
[RFC793] J. Postel: "Transmission Control Protocol", STD 7, RFC 793,
September 1981.
[RFC2119] S. Bradner: "Key Words for Use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2246] T. Dierks and C. Allen: "The TLS Protocol Version 1.0", RFC
2246, January 1999.
Hollenbeck Expires May 10, 2001 [Page 9]
Internet-Draft EPP TCP Transport November 10, 2000
8. Author's Address
Scott Hollenbeck
VeriSign Global Registry Services
21345 Ridgetop Circle
Dulles, VA 20166-6503
USA
shollenbeck@verisign.com
Hollenbeck Expires May 10, 2001 [Page 10]
Internet-Draft EPP TCP Transport November 10, 2000
9. Full Copyright Statement
Copyright (C) The Internet Society 2000. All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published and
distributed, in whole or in part, without restriction of any kind,
provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of developing
Internet standards in which case the procedures for copyrights defined
in the Internet Standards process must be followed, or as required to
translate it into languages other than English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN
WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Hollenbeck Expires May 10, 2001 [Page 11]