| draft-ietf-regext-epp-eai-12.txt | draft-ietf-regext-epp-eai-13.txt | |||
|---|---|---|---|---|
| Network Working Group D. Belyavskiy | Network Working Group D. Belyavskiy | |||
| Internet-Draft | Internet-Draft | |||
| Intended status: Standards Track J. Gould | Intended status: Standards Track J. Gould | |||
| Expires: 10 December 2022 VeriSign, Inc. | Expires: 17 December 2022 VeriSign, Inc. | |||
| 8 June 2022 | 15 June 2022 | |||
| Use of Internationalized Email Addresses in the Extensible Provisioning | Use of Internationalized Email Addresses in the Extensible Provisioning | |||
| Protocol (EPP) | Protocol (EPP) | |||
| draft-ietf-regext-epp-eai-12 | draft-ietf-regext-epp-eai-13 | |||
| Abstract | Abstract | |||
| This document describes an EPP extension that permits usage of | This document describes an EPP extension that permits usage of | |||
| Internationalized Email Addresses in the EPP protocol and specifies | Internationalized Email Addresses in the EPP protocol and specifies | |||
| the terms when it can be used by EPP clients and servers. The | the terms when it can be used by EPP clients and servers. The | |||
| Extensible Provisioning Protocol (EPP), being developed before the | Extensible Provisioning Protocol (EPP), being developed before the | |||
| standards for Internationalized Email Addresses (EAI), does not | standards for Internationalized Email Addresses (EAI), does not | |||
| support such email addresses. | support such email addresses. | |||
| skipping to change at page 1, line 41 ¶ | skipping to change at page 1, line 41 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on 10 December 2022. | This Internet-Draft will expire on 17 December 2022. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2022 IETF Trust and the persons identified as the | Copyright (c) 2022 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents (https://trustee.ietf.org/ | Provisions Relating to IETF Documents (https://trustee.ietf.org/ | |||
| license-info) in effect on the date of publication of this document. | license-info) in effect on the date of publication of this document. | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 43 ¶ | skipping to change at page 2, line 43 ¶ | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 9 | |||
| 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 10.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 10.2. Informative References . . . . . . . . . . . . . . . . . 10 | 10.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Change History . . . . . . . . . . . . . . . . . . . 11 | Appendix A. Change History . . . . . . . . . . . . . . . . . . . 11 | |||
| A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 11 | A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 11 | |||
| A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 11 | A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 11 | |||
| A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 11 | A.3. Change from 02 to 03 . . . . . . . . . . . . . . . . . . 11 | |||
| A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 11 | A.4. Change from 03 to 04 . . . . . . . . . . . . . . . . . . 11 | |||
| A.5. Change from 04 to the regext 01 version . . . . . . . . . 11 | A.5. Change from 04 to the regext 01 version . . . . . . . . . 12 | |||
| A.6. Change from the regext 01 to regext 02 version . . . . . 12 | A.6. Change from the regext 01 to regext 02 version . . . . . 12 | |||
| A.7. Change from the regext 02 to regext 03 version . . . . . 12 | A.7. Change from the regext 02 to regext 03 version . . . . . 12 | |||
| A.8. Change from the regext 03 to regext 04 version . . . . . 12 | A.8. Change from the regext 03 to regext 04 version . . . . . 12 | |||
| A.9. Change from the regext 04 to regext 05 version . . . . . 12 | A.9. Change from the regext 04 to regext 05 version . . . . . 12 | |||
| A.10. Change from the regext 05 to regext 06 version . . . . . 12 | A.10. Change from the regext 05 to regext 06 version . . . . . 12 | |||
| A.11. Change from the regext 06 to regext 07 version . . . . . 12 | A.11. Change from the regext 06 to regext 07 version . . . . . 12 | |||
| A.12. Change from the regext 07 to regext 08 version . . . . . 12 | A.12. Change from the regext 07 to regext 08 version . . . . . 12 | |||
| A.13. Change from the regext 08 to regext 09 version . . . . . 12 | A.13. Change from the regext 08 to regext 09 version . . . . . 13 | |||
| A.14. Change from the regext 09 to regext 10 version . . . . . 13 | A.14. Change from the regext 09 to regext 10 version . . . . . 13 | |||
| A.15. Change from the regext 10 to regext 11 version . . . . . 13 | A.15. Change from the regext 10 to regext 11 version . . . . . 13 | |||
| A.16. Change from the regext 11 to regext 12 version . . . . . 13 | A.16. Change from the regext 11 to regext 12 version . . . . . 13 | |||
| A.17. Change from the regext 12 to regext 13 version . . . . . 13 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 1. Introduction | 1. Introduction | |||
| [RFC6530] introduced the framework for Internationalized Email | [RFC6530] introduced the framework for Internationalized Email | |||
| Addresses. To make such addresses more widely accepted, the changes | Addresses. To make such addresses more widely accepted, the changes | |||
| to various protocols need to be introduced. | to various protocols need to be introduced. | |||
| This document describes an Extensible Provisioning Protocol (EPP) | This document describes an Extensible Provisioning Protocol (EPP) | |||
| extension that permits usage of Internationalized Email Addresses in | extension that permits usage of Internationalized Email Addresses in | |||
| skipping to change at page 5, line 36 ¶ | skipping to change at page 5, line 36 ¶ | |||
| the functional extension. The client includes the namespace URI in | the functional extension. The client includes the namespace URI in | |||
| an <svcExtension> <extURI> element of the [RFC5730] <login> Command. | an <svcExtension> <extURI> element of the [RFC5730] <login> Command. | |||
| The server includes the namespace URI in an <svcExtension> <extURI> | The server includes the namespace URI in an <svcExtension> <extURI> | |||
| element of the [RFC5730] Greeting. | element of the [RFC5730] Greeting. | |||
| 5.3. Functional Extension Behavior | 5.3. Functional Extension Behavior | |||
| 5.3.1. EAI Functional Extension Negotiated | 5.3.1. EAI Functional Extension Negotiated | |||
| If both client and server have indicated the support of the EAI | If both client and server have indicated the support of the EAI | |||
| addresses during the session establishment, it implies the | addresses during the session establishment, they MUST be able to | |||
| possibility to process the EAI address in any message having an email | process the EAI address in any message having an email property | |||
| property during the established EPP session. Below are the server | during the established EPP session. Below are the server and client | |||
| and client obligations when the EAI extension has been successfuly | obligations when the EAI extension has been successfuly negotiated in | |||
| negotiated in the EPP session. | the EPP session. | |||
| The server MUST satisfy the following obligations when the EAI | The server MUST satisfy the following obligations when the EAI | |||
| extension has been negotiated: | extension has been negotiated: | |||
| * Accept EAI compatible addresses for all email properties in the | * Accept EAI compatible addresses for all email properties in the | |||
| EPP session negotiated object extensions and command-response | EPP session negotiated object extensions and command-response | |||
| extensions. For example the <contact:email> element in [RFC5733] | extensions. For example the <contact:email> element in [RFC5733] | |||
| and the <org:email> element in [RFC8543]. | and the <org:email> element in [RFC8543]. | |||
| * Accept EAI compatible addresses for all registry zones (e.g., top- | * Accept EAI compatible addresses for all registry zones (e.g., top- | |||
| skipping to change at page 7, line 16 ¶ | skipping to change at page 7, line 16 ¶ | |||
| provided, the server MUST validate whether the email property is | provided, the server MUST validate whether the email property is | |||
| an EAI address and if so return the error code 2308 "Data | an EAI address and if so return the error code 2308 "Data | |||
| management policy violation". | management policy violation". | |||
| The EAI supporting client MUST satisfy the following obligations when | The EAI supporting client MUST satisfy the following obligations when | |||
| the server does not support the EAI extension: | the server does not support the EAI extension: | |||
| * When the email property is required in the EPP command and the | * When the email property is required in the EPP command and the | |||
| email property is an EAI address, the client MUST provide an ASCII | email property is an EAI address, the client MUST provide an ASCII | |||
| email address. The provided email address should provide a way to | email address. The provided email address should provide a way to | |||
| contact the registrant. It can be a secondary ASCII email address | contact the registrant. It can be an extra ASCII email address | |||
| or registrar-provided proxy email address. | collected by registrar or registrar-provided proxy email address. | |||
| * When the email property is optional in the EPP command and the | * When the email property is optional in the EPP command and the | |||
| email property is an EAI address with no alternative ASCII | email property is an EAI address and client does not have an ASCII | |||
| address, the client SHOULD omit the email property. If the email | address providing a way to contact the registrant, the client MUST | |||
| property is provided, the client MUST provide an ASCII email | omit the email property. If the email property is provided, the | |||
| address. The provided email address should provide a way to | client MUST provide an ASCII email address. The provided address | |||
| contact the registrant. It can be a secondary ASCII email address | can be an extra ASCII email address collected by registrar or | |||
| or registrar-provided proxy email address. | registrar-provided proxy email address. | |||
| 6. IANA Considerations | 6. IANA Considerations | |||
| 6.1. XML Namespace | 6.1. XML Namespace | |||
| This document uses URNs to describe XML namespaces and XML schemas | This document uses URNs to describe XML namespaces and XML schemas | |||
| conforming to a registry mechanism described in RFC 3688 [RFC3688]. | conforming to a registry mechanism described in RFC 3688 [RFC3688]. | |||
| The following URI assignment should be made by IANA: | The following URI assignment should be made by IANA: | |||
| Registration request for the eai namespace: | Registration request for the eai namespace: | |||
| skipping to change at page 9, line 25 ¶ | skipping to change at page 9, line 25 ¶ | |||
| [RFC6531] applies here. | [RFC6531] applies here. | |||
| As email address is often a primary end user contact, an invalid | As email address is often a primary end user contact, an invalid | |||
| email address may put the communication with the end user into risk | email address may put the communication with the end user into risk | |||
| in case when such contact is necessary. In case of an invalid domain | in case when such contact is necessary. In case of an invalid domain | |||
| name in the email address a malicious actor can register a valid | name in the email address a malicious actor can register a valid | |||
| domain name with similar U-label (homograph attack) and get a control | domain name with similar U-label (homograph attack) and get a control | |||
| over the domain name associated with the contact using social | over the domain name associated with the contact using social | |||
| engineering techniques. To reduce the risk of the use of invalid | engineering techniques. To reduce the risk of the use of invalid | |||
| domain names in email addresses, registries SHOULD validate the | domain names in email addresses, registries SHOULD validate the | |||
| domain name syntax in the provided email addresses and validate all | domain name syntax in the provided email addresses and validate | |||
| code points in the domain name according to IDNA2008 [RFC5892]. | whether the domain name consists of the code points allow:ed by IDNA | |||
| Rules and Derived Property Values (https://www.iana.org/assignments/ | ||||
| idna-tables). | ||||
| When the EAI functional extension is negotiated by both the client | ||||
| and the server, the client and server obligations defined in | ||||
| Section 5.3.1 MUST be satisfied. If the obligations are not | ||||
| satisfied by either the client or server, the EAI address may be | ||||
| mishandled in processing or storage and be unusable. | ||||
| 9. Acknowledgments | 9. Acknowledgments | |||
| The authors would like to thank Alexander Mayrhofer, Gustavo Lozano, | The authors would like to thank Alexander Mayrhofer, Chris Lonvick, | |||
| Jody Kolker, John C Klensin, John Levine, Klaus Malorny, Marco | Gustavo Lozano, Jody Kolker, John C Klensin, John Levine, Klaus | |||
| Schrieck, Mario Loffredo, Murray S. Kucherawy, Patrick Mevzek, Pete | Malorny, Marc Blanchet, Marco Schrieck, Mario Loffredo, Murray S. | |||
| Resnick, Scott Hollenbeck, Taras Heichenko, and Thomas Corte for | Kucherawy, Patrick Mevzek, Pete Resnick, Scott Hollenbeck, Takahiro | |||
| their careful review and valuable comments. | Nemoto, Taras Heichenko, and Thomas Corte for their careful review | |||
| and valuable comments. | ||||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.27487/RFC2119, March 1997, | DOI 10.27487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| skipping to change at page 10, line 45 ¶ | skipping to change at page 11, line 5 ¶ | |||
| Code: The Implementation Status Section", BCP 205, | Code: The Implementation Status Section", BCP 205, | |||
| RFC 7942, DOI 10.17487/RFC7942, July 2016, | RFC 7942, DOI 10.17487/RFC7942, July 2016, | |||
| <https://www.rfc-editor.org/info/rfc7942>. | <https://www.rfc-editor.org/info/rfc7942>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.27487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.27487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 10.2. Informative References | 10.2. Informative References | |||
| [RFC5892] Faltstrom, P., Ed., "The Unicode Code Points and | ||||
| Internationalized Domain Names for Applications (IDNA)", | ||||
| RFC 5892, DOI 10.27487/RFC5892, August 2010, | ||||
| <https://www.rfc-editor.org/info/rfc5892>. | ||||
| [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible | [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible | |||
| Provisioning Protocol", RFC 7451, DOI 10.27487/RFC7451, | Provisioning Protocol", RFC 7451, DOI 10.27487/RFC7451, | |||
| February 2015, <https://www.rfc-editor.org/info/rfc7451>. | February 2015, <https://www.rfc-editor.org/info/rfc7451>. | |||
| [RFC8543] Zhou, L., Kong, N., Yao, J., Gould, J., and G. Zhou, | [RFC8543] Zhou, L., Kong, N., Yao, J., Gould, J., and G. Zhou, | |||
| "Extensible Provisioning Protocol (EPP) Organization | "Extensible Provisioning Protocol (EPP) Organization | |||
| Mapping", RFC 8543, DOI 10.27487/RFC8543, March 2019, | Mapping", RFC 8543, DOI 10.27487/RFC8543, March 2019, | |||
| <https://www.rfc-editor.org/info/rfc8543>. | <https://www.rfc-editor.org/info/rfc8543>. | |||
| Appendix A. Change History | Appendix A. Change History | |||
| skipping to change at page 13, line 17 ¶ | skipping to change at page 13, line 21 ¶ | |||
| 1. Some nitpicking in the security considerations. | 1. Some nitpicking in the security considerations. | |||
| A.15. Change from the regext 10 to regext 11 version | A.15. Change from the regext 10 to regext 11 version | |||
| 1. Nitpicking according mostly GenArt review. | 1. Nitpicking according mostly GenArt review. | |||
| A.16. Change from the regext 11 to regext 12 version | A.16. Change from the regext 11 to regext 12 version | |||
| 1. XML schema registration request removed. | 1. XML schema registration request removed. | |||
| A.17. Change from the regext 12 to regext 13 version | ||||
| 1. Document updated according to SecDir and ART-ART review. | ||||
| Authors' Addresses | Authors' Addresses | |||
| Dmitry Belyavskiy | Dmitry Belyavskiy | |||
| 8 marta st. | 8 marta st. | |||
| Moscow | Moscow | |||
| 127083 | 127083 | |||
| Russian Federation | Russian Federation | |||
| Phone: +7 916 262 5593 | Phone: +7 916 262 5593 | |||
| Email: beldmit@gmail.com | Email: beldmit@gmail.com | |||
| End of changes. 13 change blocks. | ||||
| 31 lines changed or deleted | 40 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||