--- 1/draft-ietf-regext-tmch-func-spec-00.txt 2016-06-09 11:15:55.541520110 -0700 +++ 2/draft-ietf-regext-tmch-func-spec-01.txt 2016-06-09 11:15:55.653522912 -0700 @@ -1,18 +1,18 @@ Internet Engineering Task Force G. Lozano Internet-Draft ICANN -Intended status: Standards Track April 22, 2016 -Expires: October 24, 2016 +Intended status: Standards Track June 8, 2016 +Expires: December 10, 2016 ICANN TMCH functional specifications - draft-ietf-regext-tmch-func-spec-00 + draft-ietf-regext-tmch-func-spec-01 Abstract This document describes the requirements, the architecture and the interfaces between the ICANN Trademark Clearinghouse (TMCH) and Domain Name Registries as well as between the ICANN TMCH and Domain Name Registrars for the provisioning and management of domain names during Sunrise and Trademark Claims Periods. Status of This Memo @@ -23,21 +23,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on October 24, 2016. + This Internet-Draft will expire on December 10, 2016. Copyright Notice Copyright (c) 2016 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -193,29 +193,31 @@ o CRL: Certificate Revocation List, see [RFC5280]. o CSV: Comma-Separated Values, see [RFC4180] o Date and time, datetime: Date and time are specified following the standard "Date and Time on the Internet specification", see [RFC3339]. o DN, Domain Name, domain name: see definition of Domain name in - [RFC7719]. + [RFC7719]. In case of IDNs, the A-label form MUST be used, i.e. + each of the DNLs are an A-label or NR-LDH (see [RFC5890]). o DNROID, DN Repository Object IDentifier: an identifier assigned by the Registry to each DN object that unequivocally identifies said DN object. For example, if a new DN object is created for a name that existed in the past, the DN objects will have different DNROIDs. - o DNL, Domain Name Label, see definition of Label in [RFC7719]. + o DNL, Domain Name Label, see definition of Label in [RFC7719]. The + DNL is an A-label or NR-LDH. o DNL List: A list of DNLs that are covered by a PRM. o DNS: Domain Name System, see [RFC7719]. o Effective allocation: A DN is considered effectively allocated when the DN object for the DN has been created in the SRS of the Registry and has been assigned to the effective user. A DN object in status "pendingCreate" or any other status that precedes the first time a DN is assigned to an end-user is not considered an @@ -238,20 +240,27 @@ o Lookup Key: A random string of up to 51 chars from the set [a-zA- Z0-9/] to be used as the lookup key by Registrars to obtain the TCN using the CNIS. Lookup Keys are unique and are related to one DNL only. o LORDN, List of Registered Domain Names: This is the list of effectively allocated DNs matching a DNL of a PRM. Registries will upload this list to the TMDB (during the NORDN process). + o Matching Rules: Some trademarks entitled to inclusion in the TMDB + include characters that are impermissible in the domain name + system (DNS) as a DNL. The TMV changes ( using the ICANN TMCH + Matching Rules [MatchingRules]) certain DNS-impermissible + characters in a trademark into DNS-permissible equivalent + characters + o NORDN, Notification of Registered Domain Names: The process by which Registries upload their recent LORDN to the TMDB. o PGP: Pretty Good Privacy, see [RFC4880] o PKI: Public Key Infrastructure, see [RFC5280]. o PRM, Pre-registered mark: Mark that has been pre-registered with the ICANN TMCH. @@ -751,23 +760,25 @@ 5. The signature of the SMD (signed with the TMV certificate) is valid. 6. The datetime when the validation is done is within the validity period of the SMD based on and elements. 7. The SMD has not been revoked, i.e., is not contained in the SMD Revocation List. - 8. The leftmost DNL (A-label in case of IDNs) of the DN being - effectively allocated matches one of the labels () - elements in the SMD. + 8. The leftmost DNL of the DN (A-label form in the case of IDNs) + being effectively allocated matches one of the labels + () elements in the SMD. For example, if the DN "xn-- + mgbachtv.xn--mgbh0fb" is being effectively allocated, the + leftmost DNL would be "xn--mgbachtv". These procedure apply to all DN effective allocations at the second level as well as to all other levels subordinate to the TLD that the Registry accepts registrations for. 5.2.3. TMDB Sunrise Services for Registries 5.2.3.1. SMD Revocation List A new SMD Revocation List MUST be published by the TMDB twice a day, @@ -1021,28 +1032,31 @@ If the three elements mentioned above are not provided by the Registrar for a DN matching a DNL of a PRM, but the DNL was inserted (or re-inserted) for the first time into DNL List less than 24 hours ago, the registration MAY continue without this data and the tests listed below are not required to be performed. 2. The TCN has not expired (according to the expiration datetime sent by the Registrar). - 3. The acceptance datetime is no more than 48 hours in the past. + 3. The acceptance datetime is no more than 48 hours in the past, + or a different value defined by policy. - 4. Using the leftmost DNL (A-label in the case of IDNs) of the DN - being registered, the expiration datetime provided by the - Registrar, and the TMDB Notice Identifier extracted from the - TCNID provided by the Registrar compute the TCN Checksum. - Verify that the computed TCN Checksum match the TCN Checksum - present in the TCNID. + 4. Using the leftmost DNL of the DN (A-label form in the case of + IDNs) being effectively allocated, the expiration datetime + provided by the Registrar, and the TMDB Notice Identifier + extracted from the TCNID provided by the Registrar compute the + TCN Checksum. Verify that the computed TCN Checksum match the + TCN Checksum present in the TCNID. For example, if the DN + "xn--mgbachtv.xn--mgbh0fb" is being effectively allocated, the + leftmost DNL would be "xn--mgbachtv". These procedures apply to all DN registrations at the second level as well as to all other levels subordinate to the TLD that the Registry accepts registrations for. 5.3.3. TMBD Trademark Claims Services for Registries 5.3.3.1. Domain Name Label (DNL) List A new DNL List MUST be published by the TMDB twice a day, by 00:00:00 @@ -1107,48 +1121,51 @@ 4. Perform the minimum set of checks for verifying DN registrations. If any of these checks fails the Registrar MUST abort the DN registration. Each of these checks MUST be performed before the registration is sent to the Registry. Performing the minimum set of checks Registrars MUST verify that: 1. The datetime when the validation is done is within the TCN validity based on the and elements. - 2. The leftmost DNL (A-label in case of IDNs) of the DN being - effectively allocated matches the label () - element in the TCN. + 2. The leftmost DNL of the DN (A-label form in the case of IDNs) + being effectively allocated matches the label + () element in the TCN. For example, if the + DN "xn--mgbachtv.xn--mgbh0fb" is being effectively allocated, + the leftmost DNL would be "xn--mgbachtv". 3. The Registrant has acknowledged (expressed his/her consent with) the TCN. 5. Record the date and time when the registrant acknowledged the TCN. 6. Send the registration to the Registry (ry interface, Section 4.3.5) and include the following information: * TCNID () * Expiration date of the TCN () * Acceptance datetime of the TCN. - TCN are generated twice a day. The expiration date - () of each TCN MUST be set to 48 hours in the - future by the TMDB, allowing the implementation of a cache by - Registrars and enough time for acknowledging the TCN. Registrars - SHOULD implement a cache of TCNs to minimize the number of queries - sent to the TMDB. A cached TCN MUST be removed from the cache after - the expiration date of the TCN as defined by . - The TMDB MAY implement rate-limiting as one of the protection - mechanisms to mitigate the risk of performance degradation. + TCNs are generated twice a day. The expiration date + () of each TCN MUST be set to 48 hours (or a + different value if defined by policy) in the future by the TMDB, + allowing the implementation of a cache by Registrars and enough time + for acknowledging the TCN. Registrars SHOULD implement a cache of + TCNs to minimize the number of queries sent to the TMDB. A cached + TCN MUST be removed from the cache after the expiration date of the + TCN as defined by . The TMDB MAY implement rate- + limiting as one of the protection mechanisms to mitigate the risk of + performance degradation. 5.3.5. TMBD Trademark Claims Services for Registrars 5.3.5.1. Claims Notice Information Service (CNIS) The TCNs are provided by the TMDB online and are fetched by the Registrar via the dr interface (Section 4.3.6). To get access to the TCNs, the Registrar needs the credentials provided by the TMDB (Section 5.1.2.1) and the Lookup Key received @@ -1181,25 +1198,27 @@ During the OPTIONAL (see [QLP-Addendum]) Qualified Launch Program (QLP) Period effective allocations of DNs to third parties could require that Registries and Registrars provide Sunrise and/or Trademark Claims services. If required, Registries and Registrars MUST provide Sunrise and/or Trademark Claims services as described in Section 5.2 and Section 5.3. The effective allocation scenarios are: - o If the leftmost DNL (A-label in case of IDNs) of the DN being - effectively allocated (QLP Name in this section) matches a DNL in - the SURL, and an SMD is provided, then Registries MUST provide - Sunrise Services (see Section 5.2) and the DN MUST be reported in - a Sunrise LORDN file during the QLP Period. + o If the leftmost DNL of the DN (A-label form in the case of IDNs) + being effectively allocated (QLP Name in this section) matches a + DNL in the SURL, and an SMD is provided, then Registries MUST + provide Sunrise Services (see Section 5.2) and the DN MUST be + reported in a Sunrise LORDN file during the QLP Period. For + example, if the DN "xn--mgbachtv.xn--mgbh0fb" is being effectively + allocated, the leftmost DNL would be "xn--mgbachtv". o If the QLP Name matches a DNL in the SURL but does not match a DNL in the DNL List, and an SMD is NOT provided (see section 2.2 of [QLP-Addendum]), then the DN MUST be reported in a Sunrise LORDN file using the special SMD-id "99999-99999" during the QLP Period. o If the QLP Name matches a DNL in the SURL and also matches a DNL in the DNL List, and an SMD is NOT provided (see section 2.2 of [QLP-Addendum]), then Registries MUST provide Trademark Claims services (see Section 5.3) and the DN MUST be reported in a @@ -1560,21 +1579,21 @@ * One or more lines with: ,,,,, Where: - , DN Repository Object IDentifier (DNROID) in the SRS. - , DN that was effectively allocated. For - IDNs the A-Label (see [RFC5890]) is used. + IDNs, the A-Label form is used. - , SMD ID used for registration. - , IANA Registrar ID. - , date and time in UTC that the domain was effectively allocated. - OPTIONAL , date and time in UTC that the application was created. The @@ -1619,21 +1638,21 @@ * One or more lines with: ,,,,,, Where: - , DN Repository Object IDentifier (DNROID) in the SRS. - , DN that was effectively allocated. For - IDNs the A-Label is used. + IDNs, the A-Label form is used. - , Trademark Claims Notice Identifier as specified in . - , IANA Registrar ID. - , date and time in UTC that the domain was effectively allocated. - , date and time in UTC @@ -1965,21 +1984,21 @@ boundaries themselves MUST be ignored for validation purposes. The structure of the SMD File is as follows, all the elements are REQUIRED, and MUST appear in the specified order. 1. Marks: 2. smdID: 3. U-labels: + [RFC5890]) form (i.e., U-labels or NR-LDH as the case may be)> 4. notBefore: 5. notAfter: 6. -----BEGIN ENCODED SMD----- 7. 8. -----END ENCODED SMD----- @@ -2037,40 +2056,39 @@ since 1970-01-01T00:00:00Z not counting leap seconds. For example, the conversion to Unix time of 2010-08-16T09:00:00.0Z is shown: unix_time(2010-08-16T09:00:00.0Z)=1281949200 The TMDB uses the and elements from the TCN along with the TMDB Notice Identifier to compute the TCN Checksum. - A Registry MUST use the leftmost DNL (A-label in case of IDNs) - of the DN being registered, the expiration datetime of the TCN - (provided by the Registrar) and the TMDB Notice Identifier - extracted from the TCNID (provided by the Registrar) to compute - the TCN Checksum. For example the DN "foo.bar.example" being - effectively allocated, the left most label would be "foo". + A Registry MUST use the leftmost DNL of the DN (A-label form in + the case of IDNs) being effectively allocated, the expiration + datetime of the TCN (provided by the Registrar) and the TMDB + Notice Identifier extracted from the TCNID (provided by the + Registrar) to compute the TCN Checksum. For example, if the DN + "xn--mgbachtv.xn--mgbh0fb" is being effectively allocated, the + leftmost DNL would be "xn--mgbachtv". Example of computation of the TCN Checksum: CRC32(example-one12819492009223372036854775807)=370d0b7c o A element that contains the start of the validity date and time of the TCN. o A element that contains the expiration date and time of the TCN. - o A elements that contain the DNL (A-label in case - of IDNs) form of the label that correspond to the DN covered by a - PRM. + o A element that contains the DNL covered by a PRM. o One or more elements that contain the Trademark Claim. The element contains the following child elements: * A element that contains the mark text string. * One or more elements that contains the information of the holder of the mark. An "entitlement" @@ -2562,20 +2580,25 @@ described in RFC 7525 or its successors. 11. References 11.1. Normative References [I-D.ietf-eppext-tmch-smd] Lozano, G., "Mark and Signed Mark Objects Mapping", draft- ietf-eppext-tmch-smd-06 (work in progress), March 2016. + [MatchingRules] + ICANN, "Memorandum on Implementing Matching Rules", + September 2012, . + [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . 11.2. Informative References @@ -2589,25 +2612,20 @@ [ICANN-GTLD-AGB-20120604] ICANN, "gTLD Applicant Guidebook Version 2012-06-04", June 2012, . [ISO3166-2] ISO, "International Standard for country codes and codes for their subdivisions", 2006, . - [MatchingRules] - ICANN, "Memorandum on Implementing Matching Rules", - September 2012, . - [QLP-Addendum] ICANN, "Qualified Launch Program Addendum", April 2014, . [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, DOI 10.17487/RFC2616, June 1999,