draft-ietf-eppext-keyrelay-03.txt   draft-ietf-eppext-keyrelay-04.txt 
eppext H. Ribbers eppext H. Ribbers
Internet-Draft M. Groeneweg Internet-Draft M. Groeneweg
Intended status: Standards Track SIDN Intended status: Standards Track SIDN
Expires: December 11, 2015 R. Gieben Expires: December 31, 2015 R. Gieben
A. Verschuren A. Verschuren
June 09, 2015 June 29, 2015
Key Relay Mapping for the Extensible Provisioning Protocol Key Relay Mapping for the Extensible Provisioning Protocol
draft-ietf-eppext-keyrelay-03 draft-ietf-eppext-keyrelay-04
Abstract Abstract
This document describes an Extensible Provisioning Protocol (EPP) This document describes an Extensible Provisioning Protocol (EPP)
mapping for a key relay object that relays DNSSEC key material mapping for a key relay object that relays DNSSEC key material
between EPP clients using the poll queue defined in [RFC5730]. between EPP clients using the poll queue defined in [RFC5730].
This key relay mapping will help facilitate changing the DNS operator This key relay mapping will help facilitate changing the DNS operator
of a domain while keeping the DNSSEC chain of trust intact. of a domain while keeping the DNSSEC chain of trust intact.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 11, 2015. This Internet-Draft will expire on December 31, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
2.1.1. <keyRelayData> element . . . . . . . . . . . . . . . 4 2.1.1. <keyRelayData> element . . . . . . . . . . . . . . . 4
3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 5 3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 5
3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 5 3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 5
3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 5 3.1.1. EPP <check> Command . . . . . . . . . . . . . . . . . 5
3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 5 3.1.2. EPP <info> Command . . . . . . . . . . . . . . . . . 5
3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 8 3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 8
3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 8 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 8
3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 8 3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 8
3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 10 3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 10
3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 10 3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 10
3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 10 3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 11
3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 10 3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 11
4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 10 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 11 5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 12
5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 12 5.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 12
6. Security Considerations . . . . . . . . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 13 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Normative References . . . . . . . . . . . . . . . . . . 13 8.1. Normative References . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 13 8.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Changelog . . . . . . . . . . . . . . . . . . . . . 13 Appendix A. Changelog . . . . . . . . . . . . . . . . . . . . . 14
A.1. draft-gieben-epp-keyrelay-00 . . . . . . . . . . . . . . 14 A.1. draft-gieben-epp-keyrelay-00 . . . . . . . . . . . . . . 14
A.2. draft-gieben-epp-keyrelay-01 . . . . . . . . . . . . . . 14 A.2. draft-gieben-epp-keyrelay-01 . . . . . . . . . . . . . . 14
A.3. draft-gieben-epp-keyrelay-02 . . . . . . . . . . . . . . 14 A.3. draft-gieben-epp-keyrelay-02 . . . . . . . . . . . . . . 15
A.4. draft-gieben-epp-keyrelay-03 . . . . . . . . . . . . . . 14 A.4. draft-gieben-epp-keyrelay-03 . . . . . . . . . . . . . . 15
A.5. draft-ietf-eppext-keyrelay-00 . . . . . . . . . . . . . . 14 A.5. draft-ietf-eppext-keyrelay-00 . . . . . . . . . . . . . . 15
A.6. draft-ietf-eppext-keyrelay-01 . . . . . . . . . . . . . . 14 A.6. draft-ietf-eppext-keyrelay-01 . . . . . . . . . . . . . . 15
A.7. draft-ietf-eppext-keyrelay-02 . . . . . . . . . . . . . . 15 A.7. draft-ietf-eppext-keyrelay-02 . . . . . . . . . . . . . . 15
A.8. draft-ietf-eppext-keyrelay-03 . . . . . . . . . . . . . . 15 A.8. draft-ietf-eppext-keyrelay-03 . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 A.9. draft-ietf-eppext-keyrelay-04 . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
There are certain transactions initiated by a DNS-operator, which There are certain transactions initiated by a DNS-operator, which
require an authenticated exchange of information between DNS- require an authenticated exchange of information between DNS-
operators. Often, there is no direct channel between these parties operators. Often, there is no direct channel between these parties
or it is non-scalable and insecure. or it is non-scalable and insecure.
One such transaction is the exchange of DNSSEC key material when One such transaction is the exchange of DNSSEC key material when
changing the DNS operator for DNSSEC signed zones. We suggest that changing the DNS operator for DNSSEC signed zones. We suggest that
skipping to change at page 3, line 49 skipping to change at page 3, line 49
Exchanging DNSSEC key material in preparation of a domain name Exchanging DNSSEC key material in preparation of a domain name
transfer is one of the phases in the lifecycle of a domain name transfer is one of the phases in the lifecycle of a domain name
[I-D.koch-dnsop-dnssec-operator-change]. [I-D.koch-dnsop-dnssec-operator-change].
DNS-operators need to exchange DNSSEC key material before the DNS-operators need to exchange DNSSEC key material before the
registration data can be changed to keep the DNSSEC chain of trust registration data can be changed to keep the DNSSEC chain of trust
intact. This exchange is normally initiated through the gaining intact. This exchange is normally initiated through the gaining
registrar. registrar.
The gaining and losing DNS operators could talk directly to each The gaining and losing DNS operators could talk directly to each
other (the ~ arrow) to exchange the DNSKEY, but often there is no other (the ~ arrow in Figure 1) to exchange the DNSKEY, but often
trusted path between the two. As both can securely interact with the there is no trusted path between the two. As both can securely
registry over the administrative channel through the registrar, the interact with the registry over the administrative channel through
registry can act as a relay for the key material exchange. the registrar, the registry can act as a relay for the key material
exchange.
The registry is merely used as a relay channel. Therefore it is up
to the losing DNS-operator to complete the intended transaction. The
registry SHOULD have certain policies in place that require the
losing DNS operator to cooperate with this transaction, however this
is beyond this I-D. This I-D focusses on the EPP protocol syntax.
+--------------------+ DNSKEY +---------------------+ +--------------------+ DNSKEY +---------------------+
|gaining DNS operator| ~~~~~~~~> | losing DNS operator | |gaining DNS operator| ~~~~~~~~> | losing DNS operator |
+--------------------+ +---------------------+ +--------------------+ +---------------------+
| ^ | ^
| | | |
V | V |
+--------------------+ +---------------------+ +--------------------+ +---------------------+
| gaining registrar | | registrar of record | | gaining registrar | | registrar of record |
+--------------------+ +---------------------+ +--------------------+ +---------------------+
skipping to change at page 4, line 35 skipping to change at page 4, line 43
Therefore the term EPP client will be used for the interaction with Therefore the term EPP client will be used for the interaction with
the EPP server for relaying DNSSEC key material. the EPP server for relaying DNSSEC key material.
2. Object Attributes 2. Object Attributes
2.1. DNSSEC Key Material 2.1. DNSSEC Key Material
The DNSSEC key material is represented in EPP by a <keyRelayData> The DNSSEC key material is represented in EPP by a <keyRelayData>
element. element.
It is up to the gaining EPP client to select the keys that are needed
to complete the intended transaction successfully. It is up to the
receiving EPP client to validate the correctness of the key material.
The server is merely used as a relay channel.
2.1.1. <keyRelayData> element 2.1.1. <keyRelayData> element
The <keyRelayData> contains the following elements: The <keyRelayData> contains the following elements:
o One or more REQUIRED <keyData> element(s) that contains the DNSSEC o One REQUIRED <keyData> element that contains the DNSSEC key
key material as described in [RFC5910], Section 4.2. A server MAY material as described in [RFC5910], Section 4.2.
apply a server policy that specifies the number of <keyData>
elements that can be incorporated. When a server policy is
specified, a server SHOULD respond with an EPP result code 2308
"Data management policy violation".
o A REQUIRED <authInfo> element that contains authorization
information associated with the domain object ([RFC5731],
Section 3.2.1).
o An OPTIONAL <expiry> element that describes the expected lifetime o An OPTIONAL <expiry> element that describes the expected lifetime
of the relayed key(s) in the zone. The losing DNS operator can of the relayed key(s) in the zone. When the <expiry> element is
use this as an indication when to safely remove the inserted key provided the losing DNS operator SHOULD remove the inserted key
material from the zone. This may be because the transaction that material from the zone after the expire time. This may be because
needed the insertion is either completed or has been abandoned if the transaction that needed the insertion should either be
not completed before this expire time. The <expiry> element MUST completed or abandoned by that time. If a client receives a key
contain one of the following child elements: relay object that has been sent previously it MUST update the
expire time of the key material. This enables the clients to
update the lifetime of the key material when a transfer is
delayed.
* <absolute>: The policy is valid from the current date and time The <expiry> element MUST contain one of the following child
until it expires on the specified date and time. elements:
* <relative>: The policy is valid from the current date and time * <absolute>: The DNSSEC key material is valid from the current date and
until the end of the specified duration. time until it expires on the specified date and time. If a date
in the past is provided this MUST be interpreted as a revocation of a
previously send key relay object.
* <relative>: The DNSSEC key material is valid from the current date and
time until the end of the specified duration. If a negative period is
provided this MUST be interpreted as a revocation of a previously send key
relay object.
3. EPP Command Mapping 3. EPP Command Mapping
A detailed description of the EPP syntax and semantics can be found A detailed description of the EPP syntax and semantics can be found
in the EPP core protocol specification [RFC5730]. The command in the EPP core protocol specification [RFC5730]. The command
mapping described here is specifically for use in this key relay mapping described here is specifically for use in this key relay
mapping. mapping.
3.1. EPP Query Commands 3.1. EPP Query Commands
skipping to change at page 6, line 16 skipping to change at page 6, line 21
When a <poll> command has been processed successfully for a key relay When a <poll> command has been processed successfully for a key relay
poll message, the EPP <resData> element MUST contain a child poll message, the EPP <resData> element MUST contain a child
<keyrelay:infData> element that is identified by the keyrelay <keyrelay:infData> element that is identified by the keyrelay
namespace. The <keyrelay:infData> element contains the following namespace. The <keyrelay:infData> element contains the following
child elements: child elements:
o A REQUIRED <name> element containing the domain name for which the o A REQUIRED <name> element containing the domain name for which the
DNSSEC key material is relayed. DNSSEC key material is relayed.
o An OPTIONAL <keyrelay:crDate> element that contains the date and o A REQUIRED <authInfo> element that contains authorization
time of the submitted <create> command. information associated with the domain object ([RFC5731],
Section 3.2.1).
o An OPTIONAL <keyrelay:reID> element that contains the identifier of o One or more REQUIRED <keyRelayData> elements containing data to be
the client that requested the key relay. relayed, as defined in Section 2.1. A server MAY apply a server
policy that specifies the number of <keyRelayData> elements that can
be incorporated. When a server policy is violated, a server MUST
respond with an EPP result code 2308 "Data management policy
violation".
o An OPTIONAL <keyrelay:acID> element that contains the identifier of o An OPTIONAL <crDate> element that contains the date and time of the
the client that SHOULD act upon the key relay. submitted <create> command.
o An OPTIONAL <reID> element that contains the identifier of the
client that requested the key relay.
o An OPTIONAL <acID> element that contains the identifier of the
client that SHOULD act upon the key relay.
Example <poll> response: Example <poll> response:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?> S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:keyrelay="urn:ietf:params:xml:ns:keyrelay-1.0" S: xmlns:keyrelay="urn:ietf:params:xml:ns:keyrelay-1.0"
S: xmlns:s="urn:ietf:params:xml:ns:secDNS-1.1" S: xmlns:s="urn:ietf:params:xml:ns:secDNS-1.1"
S: xmlns:d="urn:ietf:params:xml:ns:domain-1.0"> S: xmlns:d="urn:ietf:params:xml:ns:domain-1.0">
S: <response> S: <response>
S: <result code="1301"> S: <result code="1301">
S: <msg>Command completed successfully; ack to dequeue</msg> S: <msg>Command completed successfully; ack to dequeue</msg>
S: </result> S: </result>
S: <msgQ count="5" id="12345"> S: <msgQ count="5" id="12345">
S: <qDate>1999-04-04T22:01:00.0Z</qDate> S: <qDate>1999-04-04T22:01:00.0Z</qDate>
S: <msg>Keyrelay action completed successfully.</msg> S: <msg>Keyrelay action completed successfully.</msg>
S: </msgQ> S: </msgQ>
S: <resData> S: <resData>
S: <keyrelay:infData> S: <keyrelay:infData>
S: <keyrelay:name>example.org</keyrelay:name> S: <keyrelay:name>example.org</keyrelay:name>
S: <keyrelay:authInfo>
S: <d:pw>JnSdBAZSxxzJ</d:pw>
S: </keyrelay:authInfo>
S: <keyrelay:keyRelayData> S: <keyrelay:keyRelayData>
S: <keyrelay:keyData> S: <keyrelay:keyData>
S: <s:flags>256</s:flags> S: <s:flags>256</s:flags>
S: <s:protocol>3</s:protocol> S: <s:protocol>3</s:protocol>
S: <s:alg>8</s:alg> S: <s:alg>8</s:alg>
S: <s:pubKey>cmlraXN0aGViZXN0</s:pubKey> S: <s:pubKey>cmlraXN0aGViZXN0</s:pubKey>
S: </keyrelay:keyData> S: </keyrelay:keyData>
S: <keyrelay:authInfo>
S: <d:pw>JnSdBAZSxxzJ</d:pw>
S: </keyrelay:authInfo>
S: <keyrelay:expiry> S: <keyrelay:expiry>
S: <keyrelay:relative>P1M13D</keyrelay:relative> S: <keyrelay:relative>P1M13D</keyrelay:relative>
S: </keyrelay:expiry> S: </keyrelay:expiry>
S: </keyrelay:keyRelayData> S: </keyrelay:keyRelayData>
S: <keyrelay:crDate> S: <keyrelay:crDate>
S: 1999-04-04T22:01:00.0Z S: 1999-04-04T22:01:00.0Z
S: </keyrelay:crDate> S: </keyrelay:crDate>
S: <keyrelay:reID> S: <keyrelay:reID>
S: ClientX S: ClientX
S: </keyrelay:reID> S: </keyrelay:reID>
skipping to change at page 8, line 29 skipping to change at page 8, line 29
The EPP <create> command provides a transform operation that allows a The EPP <create> command provides a transform operation that allows a
client to create a key relay object that includes the domain name and client to create a key relay object that includes the domain name and
DNSSEC key material to be relayed. When the <create> command is DNSSEC key material to be relayed. When the <create> command is
validated, the server MUST insert an EPP <poll> message, using the validated, the server MUST insert an EPP <poll> message, using the
key relay info response (See Section 3.1.2), in the receiving key relay info response (See Section 3.1.2), in the receiving
client's poll queue that belongs to the registrar on record of the client's poll queue that belongs to the registrar on record of the
provided domain name. provided domain name.
In addition to the standard EPP command elements, the <create> In addition to the standard EPP command elements, the <create>
command MUST contain a <keyrelay:create> element that identifies the command MUST contain a <keyrelay:create> element that is identified
keyrelay namespace. The <keyrelay:create> element contains the by the keyrelay namespace. The <keyrelay:create> element contains
following child elements: the following child elements:
o A REQUIRED <keyrelay:name> element containing the domain name for o A REQUIRED <keyrelay:name> element containing the domain name for
which the DNSSEC key material is relayed. which the DNSSEC key material is relayed.
o A REQUIRED <keyrelay:keyRelayData> element containing data to be o One or more REQUIRED <keyrelay:keyRelayData> element containing
relayed, as defined in Section 2.1 data to be relayed, as defined in Section 2.1
Example <create> command: Example <create> commands:
Note that in the provided example the second <keyrelay:keyRelayData>
element had a negative period and thus represents the revocation of a
previouly send key relay object (see Section 2.1.1).
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?> C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0" C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:keyrelay="urn:ietf:params:xml:ns:keyrelay-1.0" C: xmlns:keyrelay="urn:ietf:params:xml:ns:keyrelay-1.0"
C: xmlns:s="urn:ietf:params:xml:ns:secDNS-1.1" C: xmlns:s="urn:ietf:params:xml:ns:secDNS-1.1"
C: xmlns:d="urn:ietf:params:xml:ns:domain-1.0"> C: xmlns:d="urn:ietf:params:xml:ns:domain-1.0">
C: <command> C: <command>
C: <create> C: <create>
C: <keyrelay:create> C: <keyrelay:create>
C: <keyrelay:name>example.org</keyrelay:name> C: <keyrelay:name>example.org</keyrelay:name>
C: <keyrelay:authInfo>
C: <d:pw>JnSdBAZSxxzJ</d:pw>
C: </keyrelay:authInfo>
C: <keyrelay:keyRelayData> C: <keyrelay:keyRelayData>
C: <keyrelay:keyData> C: <keyrelay:keyData>
C: <s:flags>256</s:flags> C: <s:flags>256</s:flags>
C: <s:protocol>3</s:protocol> C: <s:protocol>3</s:protocol>
C: <s:alg>8</s:alg> C: <s:alg>8</s:alg>
C: <s:pubKey>cmlraXN0aGViZXN0</s:pubKey> C: <s:pubKey>cmlraXN0aGViZXN0</s:pubKey>
C: </keyrelay:keyData> C: </keyrelay:keyData>
C: <keyrelay:authInfo>
C: <d:pw>JnSdBAZSxxzJ</d:pw>
C: </keyrelay:authInfo>
C: <keyrelay:expiry> C: <keyrelay:expiry>
C: <keyrelay:relative>P1M13D</keyrelay:relative> C: <keyrelay:relative>P1M13D</keyrelay:relative>
C: </keyrelay:expiry> C: </keyrelay:expiry>
C: </keyrelay:keyRelayData> C: </keyrelay:keyRelayData>
C: <keyrelay:keyRelayData>
C: <keyrelay:keyData>
C: <s:flags>256</s:flags>
C: <s:protocol>3</s:protocol>
C: <s:alg>8</s:alg>
C: <s:pubKey>bWFyY2lzdGhlYmVzdA==</s:pubKey>
C: </keyrelay:keyData>
C: <keyrelay:expiry>
C: <keyrelay:relative>-P1D</keyrelay:relative>
C: </keyrelay:expiry>
C: </keyrelay:keyRelayData>
C: </keyrelay:create> C: </keyrelay:create>
C: </create> C: </create>
C: <clTRID>ABC-12345</clTRID> C: <clTRID>ABC-12345</clTRID>
C: </command> C: </command>
C:</epp> C:</epp>
When a server has succesfully processed the <create> command it MUST When a server has succesfully processed the <create> command it MUST
respond with a standard EPP response. See [RFC5730], Section 2.6. respond with a standard EPP response. See [RFC5730], Section 2.6.
Example <create> response: Example <create> response:
skipping to change at page 10, line 5 skipping to change at page 10, line 18
S: <result code="1000"> S: <result code="1000">
S: <msg>Command completed successfully</msg> S: <msg>Command completed successfully</msg>
S: </result> S: </result>
S: <trID> S: <trID>
S: <clTRID>ABC-12345</clTRID> S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54321-ZYX</svTRID> S: <svTRID>54321-ZYX</svTRID>
S: </trID> S: </trID>
S: </response> S: </response>
S:</epp> S:</epp>
When a server cannot process the <create> command due to the server
policy it MUST return an EPP 2308 error message. This might be the
case when the server knows that the receiving client does not support
keyrelay transactions. See [RFC5730], Section 2.6.
Example <create> response:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
S: <response>
S: <result code="2308">
S: <msg>Data management policy violation</msg>
S: </result>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54321-ZYX</svTRID>
S: </trID>
S: </response>
S:</epp>
3.2.2. EPP <delete> Command 3.2.2. EPP <delete> Command
Delete semantics do not apply to key relay objects, so there is no Delete semantics do not apply to key relay objects, so there is no
mapping defined for the EPP <delete> command and the EPP <delete> mapping defined for the EPP <delete> command and the EPP <delete>
response. response.
3.2.3. EPP <renew> Command 3.2.3. EPP <renew> Command
Renew semantics do not apply to key relay objects, so there is no Renew semantics do not apply to key relay objects, so there is no
mapping defined for the EPP <renew> command and the EPP <renew> mapping defined for the EPP <renew> command and the EPP <renew>
skipping to change at page 11, line 16 skipping to change at page 12, line 4
schemaLocation="domain-1.0.xsd" /> schemaLocation="domain-1.0.xsd" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" /> <element name="keyRelayData" type="keyrelay:keyRelayDataType" />
<element name="infData" type="keyrelay:infDataType" /> <element name="infData" type="keyrelay:infDataType" />
<element name="create" type="keyrelay:createType" /> <element name="create" type="keyrelay:createType" />
<complexType name="createType"> <complexType name="createType">
<sequence> <sequence>
<element name="name" type="eppcom:labelType" /> <element name="name" type="eppcom:labelType" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" /> <element name="keyRelayData" type="keyrelay:keyRelayDataType" />
</sequence> </sequence>
</complexType> </complexType>
<complexType name="infDataType"> <complexType name="infDataType">
<sequence> <sequence>
<element name="name" type="eppcom:labelType" /> <element name="name" type="eppcom:labelType" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" /> <element name="authInfo" type="domain:authInfoType" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" maxOccurs="unbounded"/>
<element name="crDate" type="dateTime"/> <element name="crDate" type="dateTime"/>
<element name="reID" type="eppcom:clIDType" /> <element name="reID" type="eppcom:clIDType" />
<element name="acID" type="eppcom:clIDType" /> <element name="acID" type="eppcom:clIDType" />
</sequence> </sequence>
</complexType> </complexType>
<complexType name="keyRelayDataType"> <complexType name="keyRelayDataType">
<sequence> <sequence>
<element name="keyData" type="secDNS:keyDataType" maxOccurs="unbounded" /> <element name="keyData" type="secDNS:keyDataType" />
<element name="authInfo" type="domain:authInfoType" />
<element name="expiry" type="keyrelay:keyRelayExpiryType" minOccurs="0" /> <element name="expiry" type="keyrelay:keyRelayExpiryType" minOccurs="0" />
</sequence> </sequence>
</complexType> </complexType>
<complexType name="keyRelayExpiryType"> <complexType name="keyRelayExpiryType">
<choice> <choice>
<element name="absolute" type="dateTime" /> <element name="absolute" type="dateTime" />
<element name="relative" type="duration" /> <element name="relative" type="duration" />
</choice> </choice>
</complexType> </complexType>
</schema> </schema>
skipping to change at page 13, line 13 skipping to change at page 13, line 49
registry specific policy. registry specific policy.
7. Acknowledgements 7. Acknowledgements
We like to thank the following individuals for their valuable input, We like to thank the following individuals for their valuable input,
review, constructive criticism in earlier revisions or support for review, constructive criticism in earlier revisions or support for
the concepts described in this document: the concepts described in this document:
Maarten Wullink, Marco Davids, Ed Lewis, James Mitchell, David Peal, Maarten Wullink, Marco Davids, Ed Lewis, James Mitchell, David Peal,
Patrik Faltstrom, Klaus Malorny, James Gould, Patrick Mevzek, Seth Patrik Faltstrom, Klaus Malorny, James Gould, Patrick Mevzek, Seth
Goldman, Maarten Bosteels and Ulrich Wisser. Goldman, Maarten Bosteels, Ulrich Wisser and Kees Monshouwer.
8. References 8. References
8.1. Normative References 8.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004. January 2004.
skipping to change at page 15, line 25 skipping to change at page 16, line 13
2. Updated the wording 2. Updated the wording
A.8. draft-ietf-eppext-keyrelay-03 A.8. draft-ietf-eppext-keyrelay-03
1. Updated the document title in the EPP Extension Registry section 1. Updated the document title in the EPP Extension Registry section
2. Restored Acknowledgement section, thanks to Marco Davids 2. Restored Acknowledgement section, thanks to Marco Davids
3. Incorperated feedback from Patrick Mevzek 3. Incorperated feedback from Patrick Mevzek
A.9. draft-ietf-eppext-keyrelay-04
1. Incorperated feedback from James Gould
2. Added additional text when server is aware that receiving clients
do not support keyrelay transactions or DNSSEC as suggested by
Kees Monshouwer.
3. Added additional text for supporting key revocation as suggested
by Kees Monshouwer
4. Updated some of the wording
5. Fix the usage of multiple keys in a create message
Authors' Addresses Authors' Addresses
Rik Ribbers Rik Ribbers
SIDN SIDN
Meander 501 Meander 501
Arnhem 6825 MD Arnhem 6825 MD
NL NL
Email: rik.ribbers@sidn.nl Email: rik.ribbers@sidn.nl
URI: https://www.sidn.nl/ URI: https://www.sidn.nl/
 End of changes. 34 change blocks. 
77 lines changed or deleted 144 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/