Internet Engineering Task Force J. Xie
Internet-Draft N. Kong
Intended status: Informational H. Li
Expires: April 23, 2012 X. Lee
CNNIC
October 21, 2011
Extensible Provisioning Protocol (EPP) Domain Name System Security
Extensions (DNSSEC) Mapping for Chinese Domain Names
draft-kong-epp-cdn-dnssec-mapping-00
Abstract
This document describes an extension of Extensible Provisioning
Protocol (EPP) Domain Name System Security Extensions (DNSSEC)
mapping for the provisioning and management of Chinese Domain Names
(CDNs), especially for variant CDNs. Specified in XML, this extended
mapping is applied to provide additional features required for the
provisioning of DNS security extensions for CDNs.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 23, 2012.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
Xie, et al. Expires April 23, 2012 [Page 1]
Internet-Draft EPP CDN Mapping October 2011
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
This document may contain material from IETF Documents or IETF
Contributions published or made publicly available before November
10, 2008. The person(s) controlling the copyright in some of this
material may not have granted the IETF Trust the right to allow
modifications of such material outside the IETF Standards Process.
Without obtaining an adequate license from the person(s) controlling
the copyright in such materials, this document may not be modified
outside the IETF Standards Process, and derivative works of it may
not be created outside the IETF Standards Process, except to format
it for publication as an RFC or to translate it into languages other
than English.
Xie, et al. Expires April 23, 2012 [Page 2]
Internet-Draft EPP CDN Mapping October 2011
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 5
4. Object Attributes . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Domain Name Information . . . . . . . . . . . . . . . . . 6
5. DS Data Interface and Key Data Interface . . . . . . . . . . . 6
5.1. DS Data Interface . . . . . . . . . . . . . . . . . . . . 6
5.2. Key Data Interface . . . . . . . . . . . . . . . . . . . . 6
5.3. Example DS Data Interface and Key Data Interface . . . . . 7
6. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 7
6.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . . 8
6.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 8
6.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . . 8
6.1.3. EPP transfer Command . . . . . . . . . . . . . . . . . 11
6.2. EPP Transform Commands . . . . . . . . . . . . . . . . . . 11
6.2.1. EPP <create> Command . . . . . . . . . . . . . . . . . 12
6.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . . 14
6.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 15
6.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . . 15
6.2.5. EPP <update> Command . . . . . . . . . . . . . . . . . 15
7. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 20
8. Internationalization Considerations . . . . . . . . . . . . . 23
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 23
10. Security considerations . . . . . . . . . . . . . . . . . . . 24
11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 24
12.1. Normative References . . . . . . . . . . . . . . . . . . . 24
12.2. Informative References . . . . . . . . . . . . . . . . . . 25
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 25
Xie, et al. Expires April 23, 2012 [Page 3]
Internet-Draft EPP CDN Mapping October 2011
1. Introduction
Many Chinese characters in common use have variants in Simplified
Chinese (SC) form, Traditional Chinese (TC) form or other variant
forms. For example, the Chinese character "U+5B81" has 5 variants:
"U+5B81" (SC form), "U+5BE7" (TC form), "U+21A34", "U+5BDC" and
"U+5BCD" (other variant forms). For Chinese users, the variants of a
Chinese character in SC form, TC form and other variant forms are
regarded as the same.
So most of Chinese Domain Names (CDNs) have different variant forms
(SC form, TC form, and other variant forms) which are also regarded
as the same by Chinese users. According to a statistical result of
CNNIC, 78.6% of registered CDNs have variant forms by the end of May
2011. The registration policy of CDNs is that a registrant can apply
an original CDN in any forms (SC form, TC form, or other variant
forms), then the corresponding variant CDN in SC form and that in TC
form will also be delegated to the same registrant. All the other
forms for the CDN are reserved and forbidden to be applied by other
registrants. Moreover, any reserved variant CDN can be validated by
the same registrant later.
On account of above reasons, a registrant who registers a CDN will
finally get several or more CDNs. In order to facilitate
provisioning and management of DNS security extensions for CDNs in a
shared central repository, this document proposes an extension of
Extensible Provisioning Protocol (EPP) Domain Name System Security
Extensions (DNSSEC) mapping [RFC5910] especially for variant CDNs.
Information exchanged via this extension can be extracted from the
repository and used to publish DNSSEC Delegation Signer (DS) resource
records (RRs) for variant CDNs.
This document is specified using the Extensible Markup Language (XML)
1.0 as described in [W3C.REC-xml-20040204] and XML Schema notation as
described in [W3C.REC-xmlschema-1-20041028] and
[W3C.REC-xmlschema-2-20041028].
This document uses lots of the concepts of the Internationalized
Domain Names (IDNs) and unique features of CDN, so a thorough
understanding of the IDNs for Application (IDNA, described in
[RFC5890], [RFC5891], and [RFC5892]) and a thorough understanding of
variant approach discussed in [RFC4290] and specifically for
documents written in Chinese, Japanese, or Korean (CJK documents), in
the so-called "JET Guidelines" [RFC3743] is required to understand
the unique features of CDN described in this document. On the other
hand, a thorough understanding of [RFC5910] is necessary to
understand the extension of mapping described in this document.
Xie, et al. Expires April 23, 2012 [Page 4]
Internet-Draft EPP CDN Mapping October 2011
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
secCDNS-1.0 in this document is used as an abbreviation for
urn:ietf:params:xml:ns:secCDNS-1.0.
In examples, "C:" represents lines sent by a protocol client and "S:"
represents lines returned by a protocol server. Indentation and
white space in examples are provided only to illustrate element
relationships and are not a REQUIRED feature of this specification.
XML is case sensitive. Unless stated otherwise, XML specifications
and examples provided in this document MUST be interpreted in the
character case presented to develop a conforming implementation.
3. Definitions
The following definitions are used in this document:
o Chinese Domain Name (CDN), represents the domain's label made up
by Chinese characters which may be SCs or TCs, or other variants
(the label may contain ASCII characters).
o Simplified Chinese Domain Name (SCDN), represents the domain's
label solely made up by simplified Chinese characters (the label
may contain ASCII characters).
o Traditional Chinese Characters Domain Name (TCDN), represents the
domain's label solely made up by traditional Chinese characters
(the label may contain ASCII characters).
o Original Chinese Domain Name (OCDN), represents the CDN that users
submitted for registration by the first time.
o Variant Chinese Domain Name (VCDN) represents the domain's label
made up by Chinese characters which may be SCs or TCs, or other
variants (the label may contain ASCII characters, but cannot
solely made up by simplified Chinese characters nor solely made up
by traditional Chinese characters).
Xie, et al. Expires April 23, 2012 [Page 5]
Internet-Draft EPP CDN Mapping October 2011
4. Object Attributes
This extension adds an additional element to the EPP domain name
mapping [RFC5731]. Only this new element is described here. The
additional elements added by [RFC5910] are also used by this
extension.
4.1. Domain Name Information
Domain name information provided by a client indicates which domain
should be created, added, and removed delegation signer information
or key data information. The format of this additional element
should follow the desciption in section 2.1 of [RFC5731].
5. DS Data Interface and Key Data Interface
Based on section 4 of [RFC5910], this document proposes the following
modifications to DS data interface and key data interface for CDNs.
By these modified interface, a client can create, add, and remove DS
information or key data information for more than one domain name.
5.1. DS Data Interface
The DS Data Interface relies on the use of the <secCDNS:DS> element
for creates, adds, removes, and <domain:info> responses.
The <secCDNS:DS> element contains the following child elements:
o An <secCDNS:CDN> element that contains a CDN (OCDN, SCDN, TCDN, or
VCDN) which should be created, added, and removed delegation
signer information.
o A <secCDNS:dsData> element that contains the child elements which
are described in Section 4.1 of [RFC5910].
5.2. Key Data Interface
The Key Data Interface relies on the use of the <secCDNS:KEY> element
for creates, adds, removes, and <domain:info> responses.
The <secCDNS:KEY> element contains the associate key data with one or
more CDNs. A "type" attribute is used to identify a bundle of CDNs.
If a VC list form (type="vcset") is provided, elements contain the
key data for the corresponding VCDNs Set. If a form (type="all") is
provided, elements contain the key data for the corresponding SCDN,
TCDN, OCDN and VCDNs Set. If a custom form (type="custom") is
provided, elements contain the key data for one or more CDNs which
Xie, et al. Expires April 23, 2012 [Page 6]
Internet-Draft EPP CDN Mapping October 2011
might be provided by a client.
The <secCDNS:KEY> element contains the following child elements:
o An OPTIONAL <secCDNS:CDN> element that contains a CDN (OCDN, SCDN,
TCDN, or VCDN) which should be created, added, and removed key
data information. If the type="custom",this element MUST be
present. If the type="vcset" or "all", this element SHOULD NOT be
present.
o A <secCDNS:keyData> element that contains the child elements which
are described in Section 4.2 of [RFC5910].
5.3. Example DS Data Interface and Key Data Interface
Example use of the secCDNS-1.0 DS Data Interface for a create:
<secCDNS:DS>
<secCDNS:CDN>"U+5B9E""U+4f8b"."U+4E2D""U+56FD"</secCDNS:CDN>
<secCDNS:dsData>
<secDNS:keyTag>12345</secDNS:keyTag>
<secDNS:alg>3</secDNS:alg>
<secDNS:digestType>1</secDNS:digestType>
<secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
</secCDNS:dsData>
</secCDNS:DS>
Example use of the secCDNS-1.0 Key Data Interface for a create:
<secCDNS:KEY type="all">
<secCDNS:keyData>
<secDNS:flags>257</secDNS:flags>
<secDNS:protocol>3</secDNS:protocol>
<secDNS:alg>1</secDNS:alg>
<secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
</secCDNS:keyData>
</secCDNS:KEY>
6. EPP Command Mapping
A detailed description of the EPP syntax and semantics can be found
in the EPP core protocol specification [RFC5730]. The command
mappings described here are specifically for use in provisioning and
managing DNS security extensions for CDNs via EPP.
Xie, et al. Expires April 23, 2012 [Page 7]
Internet-Draft EPP CDN Mapping October 2011
6.1. EPP Query Commands
EPP provides three commands to retrieve domain information: <check>
to determine if a domain object can be provisioned within a
repository, <info> to retrieve detailed information associated with a
domain object, and <transfer> to retrieve domain-object transfer
status information.
6.1.1. EPP <check> Command
This extension does not add any elements to the EPP <check> command
or <check> response described in the EPP domain name mapping
[RFC5731] and [RFC5910].
6.1.2. EPP <info> Command
This extension does not add any element to the EPP <info> command
described in the EPP domain mapping [RFC5731] and [RFC5910].
However, additional elements are defined for the <info> response.
When an <info> command has been processed successfully, the EPP
<resData> element MUST contain child elements as described in the EPP
domain mapping [RFC5731]. In addition, the EPP <extension> element
SHOULD contain a child <secCDNS:infData> element that identifies the
extension namespace if the domain object has data associated with
this extension and based on its service policy. The <secCDNS:
infData> element contains the following child elements:
o An OPTIONAL <secCDNS:maxSigLife> element that indicates a child's
preference for the number of seconds after signature generation
when the parent's signature on the DS information provided by the
child will expire. maxSigLife is described in Section 3.3 of
[RFC5910].
o zero or more <secCDNS:DS> elements. Child elements of the
<secCDNS:DS> element are described in Section 5.1.
o zero or more <secCDNS:KEY> elements. Child elements of the
<secCDNS:KEY> element are described in Section 5.2.
Example <info> Response for a Secure Delegation Using the DS Data
Interface:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
S: <response>
S: <result code="1000">
Xie, et al. Expires April 23, 2012 [Page 8]
Internet-Draft EPP CDN Mapping October 2011
S: <msg>Command completed successfully</msg>
S: </result>
S: <resData>
S: <domain:infData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
S: <domain:name>
S: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
S: <domain:roid>123456-domain</domain:roid>
S: <domain:status s="ok"/>
S: <domain:registrant>123CN</domain:registrant>
S: <domain:contact type="admin">helloChina</domain:contact>
S: <domain:contact type="tech"> helloChina</domain:contact>
S: <domain:ns>
S: <domain:hostObj>ns1.china </domain:hostObj>
S: <domain:hostObj>ns2.china </domain:hostObj>
S: </domain:ns>
S: <domain:host>
S: ns1."U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:host>
S: <domain:host>
S: ns2."U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:host>
S: <domain:clID>ClientX</domain:clID>
S: <domain:crID>ClientY</domain:crID>
S: <domain:crDate>2010-04-03T22:00:00.0Z</domain:crDate>
S: <domain:upID>ClientX</domain:upID>
S: <domain:upDate>2010-12-03T09:00:00.0Z</domain:upDate>
S: <domain:exDate>2012-04-03T22:00:00.0Z</domain:exDate>
S: <domain:trDate>2011-02-08T09:00:00.0Z</domain:trDate>
S: <domain:authInfo>
S: <domain:pw>abc123</domain:pw>
S: </domain:authInfo>
S: </domain:infData>
S: </resData>
S: <extension>
S: <secCDNS:infData
S: xmlns:secCDNS="urn:ietf:params:xml:ns:secCDNS-1.0">
S: <secCDNS:maxSigLife>604800</secCDNS:maxSigLife>
S: <secCDNS:DS>
S: <secCDNS:CDN>
S: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</secCDNS:CDN>
S: <secCDNS:dsData>
S: <secDNS:keyTag>12345</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
S: </secCDNS:dsData>
S: </secCDNS:DS>
S: <secCDNS:CDN>
S: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</secCDNS:CDN>
Xie, et al. Expires April 23, 2012 [Page 9]
Internet-Draft EPP CDN Mapping October 2011
S: <secCDNS:dsData>
S: <secDNS:keyTag>2765</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>ABCTFAGFHKLOGI34</secDNS:digest>
S: </secCDNS:dsData>
S: <secCDNS:dsData>
S: <secDNS:keyTag>23789</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>VHGKAUGYAIUGUIAGU</secDNS:digest>
S: </secCDNS:dsData>
S: </secCDNS:DS>
S: </secCDNS:infData>
S: </extension>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
Example <info> Response for a Secure Delegation Using the Key Data
Interface:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S: <resData>
S: <domain:infData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
S: <domain:name>
S: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
S: <domain:roid>123456-domain</domain:roid>
S: <domain:status s="ok"/>
S: <domain:registrant>123CN</domain:registrant>
S: <domain:contact type="admin">helloChina</domain:contact>
S: <domain:contact type="tech"> helloChina</domain:contact>
S: <domain:ns>
S: <domain:hostObj>ns1.china </domain:hostObj>
S: <domain:hostObj>ns2.china </domain:hostObj>
S: </domain:ns>
S: <domain:host>
S: ns1."U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:host>
Xie, et al. Expires April 23, 2012 [Page 10]
Internet-Draft EPP CDN Mapping October 2011
S: <domain:host>
S: ns2."U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:host>
S: <domain:clID>ClientX</domain:clID>
S: <domain:crID>ClientY</domain:crID>
S: <domain:crDate>2010-04-03T22:00:00.0Z</domain:crDate>
S: <domain:upID>ClientX</domain:upID>
S: <domain:upDate>2010-12-03T09:00:00.0Z</domain:upDate>
S: <domain:exDate>2012-04-03T22:00:00.0Z</domain:exDate>
S: <domain:trDate>2011-02-08T09:00:00.0Z</domain:trDate>
S: <domain:authInfo>
S: <domain:pw>abc123</domain:pw>
S: </domain:authInfo>
S: </domain:infData>
S: </resData>
S: <extension>
S: <secCDNS:infData
S: xmlns:secCDNS="urn:ietf:params:xml:ns:secCDNS-1.0">
S: <secCDNS:KEY type="all">
S: <secCDNS:keyData>
S: <secDNS:flags>257</secDNS:flags>
S: <secDNS:protocol>3</secDNS:protocol>
S: <secDNS:alg>1</secDNS:alg>
S: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
S: </secCDNS:keyData>
S: </secCDNS:KEY>
S: </secCDNS:infData>
S: </extension>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
An EPP error response MUST be returned if an <info> command cannot be
processed for any reason.
6.1.3. EPP transfer Command
This extension does not add any elements to the EPP <transfer>
command or <transfer> response described in the EPP domain name
mapping [RFC5731] and [RFC5910].
6.2. EPP Transform Commands
EPP provides five commands to transform domain objects: <create> to
create an instance of a domain object, <delete> to delete an instance
of a domain object, <renew> to extend the validity period of a domain
Xie, et al. Expires April 23, 2012 [Page 11]
Internet-Draft EPP CDN Mapping October 2011
object, <transfer> to manage domain object sponsorship changes, and
<update> to change information associated with a domain object.
6.2.1. EPP <create> Command
This extension defines additional elements for the EPP <create>
command described in the EPP domain mapping [RFC5731] and [RFC5910].
No additional elements are defined for the EPP <create> response.
The EPP <create> command provides a transform operation that allows a
client to create a domain object. In addition to the EPP command
elements described in the EPP domain mapping [RFC5731], the command
MUST contain an <extension> element, and the <extension> element MUST
contain a child <secCDNS:create> element that identifies the
extension namespace if the client wants to associate data defined in
this extension to the domain object. The <secCDNS:create> element
contains the following child elements:
o An OPTIONAL <secCDNS:maxSigLife> element that indicates a child's
preference for the number of seconds after signature generation
when the parent's signature on the DS information provided by the
child will expire. maxSigLife is described in Section 3.3 of
[RFC5910]. If the server does not support the <secCDNS:
maxSigLife> element, a 2102 error MUST be returned.
o zero or more <secCDNS:DS> elements. Child elements of the
<secCDNS:DS> element are described in Section 5.1.
o zero or more <secCDNS:KEY> elements. Child elements of the
<secCDNS:KEY> element are described in Section 5.2.
Example <create> Command for a Secure Delegation Using the DS Data
Interface:
Xie, et al. Expires April 23, 2012 [Page 12]
Internet-Draft EPP CDN Mapping October 2011
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <create>
C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
C: <domain:period unit="y">2</domain:period>
C: <domain:registrant>123</domain:registrant>
C: <domain:contact type="admin">123</domain:contact>
C: <domain:contact type="tech">123</domain:contact>
C: <domain:authInfo>
C: <domain:pw>2fooBAR</domain:pw>
C: </domain:authInfo>
C: </domain:create>
C: </create>
C: <extension>
C: <secCDNC:create
C: xmlnC:secCDNS="urn:ietf:paramC:xml:nC:secCDNS-1.0">
C: <secCDNS:maxSigLife>604800</secCDNS:maxSigLife>
C: <secCDNC:DS>
C: <secCDNS:CDN>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</secCDNS:CDN>
C: <secCDNC:dsData>
C: <secDNC:keyTag>12345</secDNC:keyTag>
C: <secDNC:alg>3</secDNC:alg>
C: <secDNC:digestType>1</secDNC:digestType>
C: <secDNC:digest>49FD46E6C4B45C55D4AC</secDNC:digest>
C: </secCDNC:dsData>
C: </secCDNC:DS>
C: </secCDNC:create>
C: </extension>
C: <trID>
C: <clTRID>ABC-12345</clTRID>
C: <svTRID>54322-XYZ</svTRID>
C: </trID>
C: </response>
C:</epp>
Example <create> Command for a Secure Delegation Using the Key Data
Interface:
Xie, et al. Expires April 23, 2012 [Page 13]
Internet-Draft EPP CDN Mapping October 2011
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
C: <command>
C: <create>
C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
C: <domain:period unit="y">2</domain:period>
C: <domain:registrant>123</domain:registrant>
C: <domain:contact type="admin">123</domain:contact>
C: <domain:contact type="tech">123</domain:contact>
C: <domain:authInfo>
C: <domain:pw>2fooBAR</domain:pw>
C: </domain:authInfo>
C: </domain:create>
C: </create>
C: <extension>
C: <secCDNC:create
C: xmlnC:secCDNS="urn:ietf:paramC:xml:nC:secCDNS-1.0">
C: <secCDNS:maxSigLife>604800</secCDNS:maxSigLife>
C: <secCDNS:KEY type="all">
C: <secCDNS:keyData>
C: <secDNS:flags>257</secDNS:flags>
C: <secDNS:protocol>3</secDNS:protocol>
C: <secDNS:alg>1</secDNS:alg>
C: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
C: </secCDNS:keyData>
C: </secCDNS:KEY>
C: </secCDNC:create>
C: </extension>
C: <trID>
C: <clTRID>ABC-12345</clTRID>
C: <svTRID>54322-XYZ</svTRID>
C: </trID>
C: </response>
C:</epp>
When a <create> command has been processed successfully, the EPP
response is as described in the EPP domain mapping [RFC5731].
An EPP error response MUST be returned if a <create> command cannot
be processed for any reason.
6.2.2. EPP <delete> Command
This extension does not add any elements to the EPP <delete> command
or <delete> response described in the EPP domain mapping [RFC5731].
Xie, et al. Expires April 23, 2012 [Page 14]
Internet-Draft EPP CDN Mapping October 2011
6.2.3. EPP <renew> Command
This extension does not add any elements to the EPP <renew> command
or <renew> response described in the EPP domain mapping [RFC5731].
6.2.4. EPP <transfer> Command
This extension does not add any elements to the EPP <transfer>
command or <transfer> response described in the EPP domain mapping
[RFC5731].
6.2.5. EPP <update> Command
This extension defines additional elements for the EPP <update>
command described in the EPP domain mapping [RFC5731]. No additional
elements are defined for the EPP <update> response.
The EPP <update> command provides a transform operation that allows a
client to modify the attributes of a domain object. In addition to
the EPP command elements described in the EPP domain mapping, the
command MUST contain an <extension> element, and the <extension>
element MUST contain a child <secCDNS:update> element that identifies
the extension namespace if the client wants to update the domain
object with data defined in this extension. The <secCDNS:update>
element contains a <secCDNS:add> element to add security information
to a delegation, a <secCDNS:rem> element to remove security
information from a delegation, or a <secCDNS:chg> element to change
existing security information. At least one <secCDNS:add>, <secCDNS:
rem>, or <secCDNS:chg> element MUST be provided. The order of the
<secCDNS:rem> and <secCDNS:add> elements is significant, where the
server MUST first remove the existing elements prior to adding the
new elements.
The <secCDNS:update> element contains the following child elements:
o An OPTIONAL <secCDNS:rem> element that contains a <secDNS:all>
element, or one or more <secCDNS:DS> or <secCDNS:KEY> elements
that are used to remove security data from a delegation.
* The <secDNS:all> element is described in Section 5.2.5 of
[RFC5910].
* The <secCDNS:DS> element is part of the DS Data Interface and
is used to uniquely define the DS record to be removed, by
using all four elements -- <secDNS:keyTag>, <secDNS:alg>,
<secDNS:digestType>, and <secDNS:digest> -- that are guaranteed
to be unique.
Xie, et al. Expires April 23, 2012 [Page 15]
Internet-Draft EPP CDN Mapping October 2011
* The <secCDNS:KEY> element is part of the Key Data Interface and
is used to uniquely define the key data to be removed, by using
all four elements -- <secDNS:flags>, <secDNS:protocol>,
<secDNS:alg>, and <secDNS:pubKey> -- that are guaranteed to be
unique. There can be more than one DS record created for each
key, so removing a key could remove more than one DS record.
o An OPTIONAL <secCDNS:add< element that is used to add security
information to an existing set. The <secCDNS:add< element MUST
contain one or more <secCDNS:DS< or <secCDNS:KEY< elements. Child
elements of the <secCDNS:DS< element are described in Section 5.1.
Child elements of the <secCDNS:KEY< element are described in
Section 5.2.
o The OPTIONAL <secCDNS:chg> element has the same meaning as the
OPTIONAL <secDNS:chg> element described in Section 5.2.5 of
[RFC5910].
Example <update> Command, Adding and Removing DS Data Using the DS
Data Interface:
Xie, et al. Expires April 23, 2012 [Page 16]
Internet-Draft EPP CDN Mapping October 2011
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secCDNS:update
C: xmlns:secCDNS="urn:ietf:params:xml:ns:secCDNS-1.0">
C: <secCDNS:rem>
C: <secCDNS:DS>
C: <secCDNS:CDN>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</secCDNS:CDN>
C: <secCDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>38EC35D5B3A34B33C99B</secDNS:digest>
C: </secCDNS:dsData>
C: <secCDNS:DS>
C: </secCDNS:rem>
C: <secCDNS:add>
C: <secCDNS:DS>
C: <secCDNS:CDN>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</secCDNS:CDN>
C: <secCDNS:dsData>
C: <secDNS:keyTag>34723</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>FYUGCFIUACVH</secDNS:digest>
C: </secCDNS:dsData>
C: <secCDNS:DS>
C: </secCDNS:add>
C: </secCDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example <update> Command, Updating the maxSigLife:
Xie, et al. Expires April 23, 2012 [Page 17]
Internet-Draft EPP CDN Mapping October 2011
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secCDNS:update
C: xmlns:secCDNS="urn:ietf:params:xml:ns:secCDNS-1.0">
C: <secCDNS:chg>
C: <secDNS:maxSigLife>605900</secDNS:maxSigLife>
C: </secCDNS:chg>
C: </secCDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example <update> Command, Adding and Removing Key Data Using the Key
Data Interface, and Setting maxSigLife:
Xie, et al. Expires April 23, 2012 [Page 18]
Internet-Draft EPP CDN Mapping October 2011
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secCDNS:update
C: xmlns:secCDNS="urn:ietf:params:xml:ns:secCDNS-1.0">
C: <secCDNS:rem>
C: <secCDNS:KEY type="all">
C: <secCDNS:keyData>
C: <secDNS:flags>257</secDNS:flags>
C: <secDNS:protocol>3</secDNS:protocol>
C: <secDNS:alg>1</secDNS:alg>
C: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
C: </secCDNS:keyData>
C: </secCDNS:KEY>
C: </secCDNS:rem>
C: <secCDNS:chg>
C: <secDNS:maxSigLife>605900</secDNS:maxSigLife>
C: </secCDNS:chg>
C: </secCDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example <update> Command, Removing all DS and Key Data Using <secDNS:
rem> with <secDNS:all>:
Xie, et al. Expires April 23, 2012 [Page 19]
Internet-Draft EPP CDN Mapping October 2011
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
C: <domain:name>
C: "U+5B9E""U+4f8b"."U+4E2D""U+56FD"</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update urgent="true"
C: xmlns:secCDNS="urn:ietf:params:xml:ns:secDNS-1.0">
C: <secCDNS:rem>
C: <secCDNS:all>true</secCDNS:all>
C: </secCDNS:rem>
C: </secCDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
When an extended <update> command has been processed successfully,
the EPP response is as described in the EPP domain name mapping
[RFC5731].
7. Formal Syntax
An EPP object mapping is specified in XML Schema notation. The
formal syntax presented here is a complete schema representation of
the object mapping suitable for automated validation of EPP XML
instances. The BEGIN and END tags are not part of the schema; they
are used to note the beginning and ending of the schema for URI
registration purposes.
BEGIN
<?xml version="1.0" encoding="UTF-8"?>
<schema
targetNamespace="urn:ietf:params:xml:ns:secCDNS-1.0"
xmlns:secCDNS="urn:ietf:params:xml:ns:secCDNS-1.0"
xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1"
xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"
xmlns:eppcom="urn:ietf:params:xml:ns:eppcom-1.0"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified">
Xie, et al. Expires April 23, 2012 [Page 20]
Internet-Draft EPP CDN Mapping October 2011
<annotation>
<documentation>
Extensible Provisioning Protocol v1.0
domain name extension schema
for provisioning DNS security (DNSSEC) extensions for CDNs.
</documentation>
</annotation>
<import namespace="urn:ietf:params:xml:ns:eppcom-1.0"/>
<import namespace="urn:ietf:params:xml:ns:epp-1.0"/>
<import namespace="urn:ietf:params:xml:ns:secDNS-1.1"/>
<!--
Child elements found in EPP commands.
-->
<element name="create" type="secCDNS:createType"/>
<element name="update" type="secCDNS:updateType"/>
<!--
Child elements of the <create> element.
-->
<complexType name="createType">
<element name="maxSigLife" type="secDNS:maxSigLifeType"
minOccurs="0"/>
<choice>
<element name="DS" type="secCDNS:DSType"
maxOccurs="unbounded"/>
<element name="KEY" type="secCDNS:KEYType"
maxOccurs="unbounded"/>
</choice>
</complexType>
<!--
Child elements of the <update> element.
-->
<complexType name="updateType">
<sequence>
<element name="rem" type="secCDNS:remType"
minOccurs="0"/>
<element name="add" type="secCDNS:createType"
minOccurs="0"/>
<element name="chg" type="secDNS:chgType"
minOccurs="0"/>
</sequence>
</complexType>
<!--
Child elements of the <update:rem> element.
Xie, et al. Expires April 23, 2012 [Page 21]
Internet-Draft EPP CDN Mapping October 2011
-->
<complexType name="remType">
<choice>
<element name="all" type="boolean"/>
<element name="DS" type="secCDNS:DSType"
maxOccurs="unbounded"/>
<element name="KEY" type="secCDNS:KEYType"
maxOccurs="unbounded"/>
</choice>
</complexType>
<!--
Child elements supporting the dsData interface.
-->
<complexType name="DSType">
<sequence>
<element name="CDN" type="eppcom:labelType" />
<element name="dsData" type="secDNS:dsDataType"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<!--
Child elements supporting the keyData interface.
-->
<complexType name="KEYType">
<sequence>
<element name="CDN" type="eppcom:labelType"
minOccurs="0" maxOccurs="unbounded"/>
<element name="keyData" type="secDNS:keyDataType"
maxOccurs="unbounded"/>
</sequence>
<attribute name="type" type="secCDNS:dataEnumType"
use="required"/>
</complexType>
<simpleType name="dataEnumType">
<restriction base="token">
<enumeration value="custom"/>
<enumeration value="vcset"/>
<enumeration value="all"/>
</restriction>
</simpleType>
<!--
Child response elements.
-->
<element name="infData" type="secCDNS:createType"/>
Xie, et al. Expires April 23, 2012 [Page 22]
Internet-Draft EPP CDN Mapping October 2011
</schema>
END
8. Internationalization Considerations
EPP is represented in XML, which provides native support for encoding
information using the Unicode character set and its more compact
representations including UTF-8. Conformant XML processors recognize
both UTF-8 and UTF-16. Though XML includes provisions to identify
and use other character encodings through use of an "encoding"
attribute in an <?xml?> declaration, use of UTF-8 is RECOMMENDED.
As an extension of the EPP domain name mapping, the elements, element
content described in this document MUST inherit the
internationalization conventions used to represent higher-layer
domain and core protocol structures present in an XML instance that
includes this extension.
9. IANA Considerations
This document uses URNs to describe XML namespaces and XML schemas
conforming to a registry mechanism described in [RFC3688]. IANA is
requested to assignment the following two URI.
Registration request for the CDN namespace:
o URI: urn:ietf:params:xml:ns:secCDNS-1.0
o Registrant Contact: See the "Author's Address" section of this
document.
o XML: None. Namespace URI does not represent an XML specification.
Registration request for the CDN XML schema:
o URI: urn:ietf:params:xml:schema:secCDNS-1.0
o Registrant Contact: See the "Author's Address" section of this
document.
o XML: See the "Formal Syntax" section of this document.
Xie, et al. Expires April 23, 2012 [Page 23]
Internet-Draft EPP CDN Mapping October 2011
10. Security considerations
The object mapping extension described in this document does not
provide any other security services or introduce any additional
considerations beyond those described by [RFC5730], [RFC5731],
[RFC5910]or those caused by the protocol layers used by EPP.
11. Acknowledgements
The authors especially thank the author of [RFC5730], [RFC5731] and
[RFC5910].
12. References
12.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004.
[RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
STD 69, RFC 5730, August 2009.
[RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
Domain Name Mapping", STD 69, RFC 5731, August 2009.
[RFC5890] Klensin, J., "Internationalized Domain Names for
Applications (IDNA): Definitions and Document Framework",
RFC 5890, August 2010.
[RFC5891] Klensin, J., "Internationalized Domain Names in
Applications (IDNA): Protocol", RFC 5891, August 2010.
[RFC5892] Faltstrom, P., "The Unicode Code Points and
Internationalized Domain Names for Applications (IDNA)",
RFC 5892, August 2010.
[RFC5910] Gould, J. and S. Hollenbeck, "Domain Name System (DNS)
Security Extensions Mapping for the Extensible
Provisioning Protocol (EPP)", RFC 5910, May 2010.
[W3C.REC-xml-20040204]
Bray, T., Paoli, J., Sperberg-McQueen, C., Maler, E., and
F. Yergeau, ""Extensible Markup Language (XML) 1.0 (Third
Xie, et al. Expires April 23, 2012 [Page 24]
Internet-Draft EPP CDN Mapping October 2011
Edition)", World Wide Web Consortium FirstEdition REC-
xml-20040204", February 2004,
<http://www.w3.org/TR/2004/REC-xml-20040204>.
[W3C.REC-xmlschema-1-20041028]
Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn,
""XML Schema Part 1: Structures Second Edition", World
Wide Web Consortium Recommendation REC-xmlschema-1-
20041028", October 2004,
<http://www.w3.org/TR/2004/REC-xmlschema-1-20041028>.
[W3C.REC-xmlschema-2-20041028]
Biron, P. and A. Malhotra, ""XML Schema Part 2: Datatypes
Second Edition", World Wide Web Consortium Recommendation
REC-xmlschema-2-20041028", October 2004,
<http://www.w3.org/TR/2004/REC-xmlschema-2-20041028>.
12.2. Informative References
[RFC3743] Konishi, K., Huang, K., Qian, H., and Y. Ko, "Joint
Engineering Team (JET) Guidelines for Internationalized
Domain Names (IDN) Registration and Administration for
Chinese, Japanese, and Korean", RFC 3743, April 2004.
[RFC4290] Klensin, J., "Suggested Practices for Registration of
Internationalized Domain Names (IDN)", RFC 4290,
December 2005.
Authors' Addresses
Jiagui Xie
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 2639
Email: xiejiagui@cnnic.cn
Xie, et al. Expires April 23, 2012 [Page 25]
Internet-Draft EPP CDN Mapping October 2011
Ning Kong
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3147
Email: nkong@cnnic.cn
Hongtao Li
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3164
Email: lihongtao@cnnic.cn
Xiaodong Lee
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing, Beijing 100190
China
Phone: +86 10 5881 3020
Email: lee@cnnic.cn
Xie, et al. Expires April 23, 2012 [Page 26]