draft-ietf-eppext-keyrelay-05.txt   draft-ietf-eppext-keyrelay-06.txt 
eppext HW. Ribbers eppext HW. Ribbers
Internet-Draft MW. Groeneweg Internet-Draft MW. Groeneweg
Intended status: Standards Track SIDN Intended status: Standards Track SIDN
Expires: February 1, 2016 R. Gieben Expires: February 25, 2016 R. Gieben
ALJ. Verschuren ALJ. Verschuren
July 31, 2015 August 24, 2015
Key Relay Mapping for the Extensible Provisioning Protocol Key Relay Mapping for the Extensible Provisioning Protocol
draft-ietf-eppext-keyrelay-05 draft-ietf-eppext-keyrelay-06
Abstract Abstract
This document describes an Extensible Provisioning Protocol (EPP) This document describes an Extensible Provisioning Protocol (EPP)
mapping for a key relay object that relays DNSSEC key material mapping for a key relay object that relays DNSSEC key material
between EPP clients using the poll queue defined in RFC5730. between EPP clients using the poll queue defined in RFC5730.
This key relay mapping will help facilitate changing the DNS operator This key relay mapping will help facilitate changing the DNS operator
of a domain while keeping the DNSSEC chain of trust intact. of a domain while keeping the DNSSEC chain of trust intact.
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on February 1, 2016. This Internet-Draft will expire on February 25, 2016.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 32 skipping to change at page 2, line 32
3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 8 3.1.3. EPP <transfer> Command . . . . . . . . . . . . . . . 8
3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 8 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 8
3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 8 3.2.1. EPP <create> Command . . . . . . . . . . . . . . . . 8
3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 10 3.2.2. EPP <delete> Command . . . . . . . . . . . . . . . . 10
3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 10 3.2.3. EPP <renew> Command . . . . . . . . . . . . . . . . . 10
3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 11 3.2.4. EPP <transfer> Command . . . . . . . . . . . . . . . 11
3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 11 3.2.5. EPP <update> Command . . . . . . . . . . . . . . . . 11
4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 11 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 12 5.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 12
5.2. XML Schema . . . . . . . . . . . . . . . . . . . . . . . 12 5.2. XML Schema . . . . . . . . . . . . . . . . . . . . . . . 13
5.3. EPP Extension Registry . . . . . . . . . . . . . . . . . 13 5.3. EPP Extension Registry . . . . . . . . . . . . . . . . . 13
6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
8.1. Normative References . . . . . . . . . . . . . . . . . . 14 8.1. Normative References . . . . . . . . . . . . . . . . . . 14
8.2. Informative References . . . . . . . . . . . . . . . . . 14 8.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Changelog . . . . . . . . . . . . . . . . . . . . . 14 Appendix A. Changelog . . . . . . . . . . . . . . . . . . . . . 15
A.1. draft-gieben-epp-keyrelay-00 . . . . . . . . . . . . . . 15 A.1. draft-gieben-epp-keyrelay-00 . . . . . . . . . . . . . . 15
A.2. draft-gieben-epp-keyrelay-01 . . . . . . . . . . . . . . 15 A.2. draft-gieben-epp-keyrelay-01 . . . . . . . . . . . . . . 15
A.3. draft-gieben-epp-keyrelay-02 . . . . . . . . . . . . . . 15 A.3. draft-gieben-epp-keyrelay-02 . . . . . . . . . . . . . . 15
A.4. draft-gieben-epp-keyrelay-03 . . . . . . . . . . . . . . 15 A.4. draft-gieben-epp-keyrelay-03 . . . . . . . . . . . . . . 15
A.5. draft-ietf-eppext-keyrelay-00 . . . . . . . . . . . . . . 15 A.5. draft-ietf-eppext-keyrelay-00 . . . . . . . . . . . . . . 15
A.6. draft-ietf-eppext-keyrelay-01 . . . . . . . . . . . . . . 15 A.6. draft-ietf-eppext-keyrelay-01 . . . . . . . . . . . . . . 16
A.7. draft-ietf-eppext-keyrelay-02 . . . . . . . . . . . . . . 16 A.7. draft-ietf-eppext-keyrelay-02 . . . . . . . . . . . . . . 16
A.8. draft-ietf-eppext-keyrelay-03 . . . . . . . . . . . . . . 16 A.8. draft-ietf-eppext-keyrelay-03 . . . . . . . . . . . . . . 16
A.9. draft-ietf-eppext-keyrelay-04 . . . . . . . . . . . . . . 16 A.9. draft-ietf-eppext-keyrelay-04 . . . . . . . . . . . . . . 16
A.10. draft-ietf-eppext-keyrelay-05 . . . . . . . . . . . . . . 16 A.10. draft-ietf-eppext-keyrelay-05 . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17
1. Introduction 1. Introduction
There are certain transactions initiated by a DNS-operator, which There are certain transactions initiated by a DNS-operator, which
require an authenticated exchange of information between DNS- require an authenticated exchange of information between DNS-
operators. Often, there is no direct channel between these parties operators. Often, there is no direct channel between these parties
or it is non-scalable and insecure. or it is non-scalable and insecure.
One such transaction is the exchange of DNSSEC key material when One such transaction is the exchange of DNSSEC key material when
changing the DNS operator for DNSSEC signed zones. We suggest that changing the DNS operator for DNSSEC signed zones. We suggest that
skipping to change at page 5, line 16 skipping to change at page 5, line 16
the transaction that needed the insertion should either be the transaction that needed the insertion should either be
completed or abandoned by that time. If a client receives a key completed or abandoned by that time. If a client receives a key
relay object that has been sent previously it MUST update the relay object that has been sent previously it MUST update the
expire time of the key material. This enables the clients to expire time of the key material. This enables the clients to
update the lifetime of the key material when a transfer is update the lifetime of the key material when a transfer is
delayed. delayed.
The <expiry> element MUST contain one of the following child The <expiry> element MUST contain one of the following child
elements: elements:
* <absolute>: The DNSSEC key material is valid from the current date and * <absolute>: The DNSSEC key material is valid from the current
time until it expires on the specified date and time. If a date date and time until it expires on the specified date and time. If a
in the past is provided this MUST be interpreted as a revocation of a date in the past is provided this MUST be interpreted as a revocation
previously send key relay object. of a previously send key relay object.
* <relative>: The DNSSEC key material is valid from the current date and * <relative>: The DNSSEC key material is valid from the current date
time until the end of the specified duration. If a period of zero is and time until the end of the specified duration. If a period of
provided this MUST be interpreted as a revocation of a previously send key zero is provided this MUST be interpreted as a revocation of a
relay object. previously send key relay object.
3. EPP Command Mapping 3. EPP Command Mapping
A detailed description of the EPP syntax and semantics can be found A detailed description of the EPP syntax and semantics can be found
in the EPP core protocol specification [RFC5730]. The command in the EPP core protocol specification [RFC5730]. The command
mapping described here is specifically for use in this key relay mapping described here is specifically for use in this key relay
mapping. mapping.
3.1. EPP Query Commands 3.1. EPP Query Commands
skipping to change at page 11, line 19 skipping to change at page 11, line 19
response. response.
3.2.5. EPP <update> Command 3.2.5. EPP <update> Command
Update semantics do not apply to key relay objects, so there is no Update semantics do not apply to key relay objects, so there is no
mapping defined for the EPP <update> command and the EPP <update> mapping defined for the EPP <update> command and the EPP <update>
response. response.
4. Formal Syntax 4. Formal Syntax
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:ietf:params:xml:ns:keyrelay-1.0" <schema targetNamespace="urn:ietf:params:xml:ns:keyrelay-1.0"
xmlns:keyrelay="urn:ietf:params:xml:ns:keyrelay-1.0" xmlns:keyrelay="urn:ietf:params:xml:ns:keyrelay-1.0"
xmlns:epp="urn:ietf:params:xml:ns:epp-1.0" xmlns:epp="urn:ietf:params:xml:ns:epp-1.0"
xmlns:eppcom="urn:ietf:params:xml:ns:eppcom-1.0" xmlns:eppcom="urn:ietf:params:xml:ns:eppcom-1.0"
xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1" xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1"
xmlns:domain="urn:ietf:params:xml:ns:domain-1.0" xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
xmlns="http://www.w3.org/2001/XMLSchema" xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"> elementFormDefault="qualified">
<annotation> <annotation>
<documentation> <documentation>
Extensible Provisioning Protocol v1.0 protocol Extensible Provisioning Protocol v1.0 protocol
extension schema for relaying DNSSEC key material. extension schema for relaying DNSSEC key material.
</documentation> </documentation>
</annotation> </annotation>
<import namespace="urn:ietf:params:xml:ns:epp-1.0" <import namespace="urn:ietf:params:xml:ns:epp-1.0"
schemaLocation="epp-1.0.xsd" /> schemaLocation="epp-1.0.xsd" />
<import namespace="urn:ietf:params:xml:ns:eppcom-1.0" <import namespace="urn:ietf:params:xml:ns:eppcom-1.0"
schemaLocation="eppcom-1.0.xsd" /> schemaLocation="eppcom-1.0.xsd" />
<import namespace="urn:ietf:params:xml:ns:secDNS-1.1" <import namespace="urn:ietf:params:xml:ns:secDNS-1.1"
schemaLocation="secdns-1.1.xsd" /> schemaLocation="secdns-1.1.xsd" />
<import namespace="urn:ietf:params:xml:ns:domain-1.0" <import namespace="urn:ietf:params:xml:ns:domain-1.0"
schemaLocation="domain-1.0.xsd" /> schemaLocation="domain-1.0.xsd" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" /> <element name="keyRelayData" type="keyrelay:keyRelayDataType" />
<element name="infData" type="keyrelay:infDataType" /> <element name="infData" type="keyrelay:infDataType" />
<element name="create" type="keyrelay:createType" /> <element name="create" type="keyrelay:createType" />
<complexType name="createType"> <complexType name="createType">
<sequence> <sequence>
<element name="name" type="eppcom:labelType" /> <element name="name" type="eppcom:labelType" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" /> <element name="keyRelayData" type="keyrelay:keyRelayDataType" />
</sequence> </sequence>
</complexType> </complexType>
<complexType name="infDataType"> <complexType name="infDataType">
<sequence> <sequence>
<element name="name" type="eppcom:labelType" /> <element name="name" type="eppcom:labelType" />
<element name="authInfo" type="domain:authInfoType" /> <element name="authInfo" type="domain:authInfoType" />
<element name="keyRelayData" type="keyrelay:keyRelayDataType" maxOccurs="unbounded"/> <element name="keyRelayData" type="keyrelay:keyRelayDataType"
<element name="crDate" type="dateTime"/> maxOccurs="unbounded"/>
<element name="reID" type="eppcom:clIDType" /> <element name="crDate" type="dateTime"/>
<element name="acID" type="eppcom:clIDType" /> <element name="reID" type="eppcom:clIDType" />
</sequence> <element name="acID" type="eppcom:clIDType" />
</complexType> </sequence>
</complexType>
<complexType name="keyRelayDataType"> <complexType name="keyRelayDataType">
<sequence> <sequence>
<element name="keyData" type="secDNS:keyDataType" /> <element name="keyData" type="secDNS:keyDataType" />
<element name="expiry" type="keyrelay:keyRelayExpiryType" minOccurs="0" /> <element name="expiry" type="keyrelay:keyRelayExpiryType"
</sequence> minOccurs="0" />
</complexType> </sequence>
<complexType name="keyRelayExpiryType"> </complexType>
<choice> <complexType name="keyRelayExpiryType">
<element name="absolute" type="dateTime" /> <choice>
<element name="relative" type="duration" /> <element name="absolute" type="dateTime" />
</choice> <element name="relative" type="duration" />
</complexType> </choice>
</schema> </complexType>
</schema>
5. IANA Considerations 5. IANA Considerations
5.1. XML Namespace 5.1. XML Namespace
This document uses URNs to describe a XML namespace conforming to a This document uses URNs to describe a XML namespace conforming to a
registry mechanism described in [RFC3688]. The following URI registry mechanism described in [RFC3688]. The following URI
assignment is requested of IANA: assignment is requested of IANA:
URI: urn:ietf:params:xml:ns:keyrelay-1.0 URI: urn:ietf:params:xml:ns:keyrelay-1.0
skipping to change at page 14, line 36 skipping to change at page 14, line 39
[RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",
STD 69, RFC 5730, August 2009. STD 69, RFC 5730, August 2009.
[RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) [RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)
Domain Name Mapping", STD 69, RFC 5731, August 2009. Domain Name Mapping", STD 69, RFC 5731, August 2009.
[RFC5910] Gould, J. and S. Hollenbeck, "Domain Name System (DNS) [RFC5910] Gould, J. and S. Hollenbeck, "Domain Name System (DNS)
Security Extensions Mapping for the Extensible Security Extensions Mapping for the Extensible
Provisioning Protocol (EPP)", RFC 5910, May 2010. Provisioning Protocol (EPP)", RFC 5910, May 2010.
[RFC7451] Hollenbeck, S., "Extension Registry for the Extensible
Provisioning Protocol", RFC 7451, February 2015.
8.2. Informative References 8.2. Informative References
[I-D.koch-dnsop-dnssec-operator-change] [I-D.koch-dnsop-dnssec-operator-change]
Koch, P., Sanz, M., and A. Verschuren, "Changing DNS Koch, P., Sanz, M., and A. Verschuren, "Changing DNS
Operators for DNSSEC signed Zones", draft-koch-dnsop- Operators for DNSSEC signed Zones", draft-koch-dnsop-
dnssec-operator-change-06 (work in progress), February dnssec-operator-change-06 (work in progress), February
2014. 2014.
[RFC7451] Hollenbeck, S., "Extension Registry for the Extensible
Provisioning Protocol", RFC 7451, February 2015.
Appendix A. Changelog Appendix A. Changelog
[This section should be removed by the RFC editor before publishing] [This section should be removed by the RFC editor before publishing]
A.1. draft-gieben-epp-keyrelay-00 A.1. draft-gieben-epp-keyrelay-00
1. Initial document. 1. Initial document.
A.2. draft-gieben-epp-keyrelay-01 A.2. draft-gieben-epp-keyrelay-01
skipping to change at page 16, line 13 skipping to change at page 16, line 18
the command. the command.
2. Updated the Introduction, describing the general use of relay vs 2. Updated the Introduction, describing the general use of relay vs
the intended use-case of relaying DNSSEC key data. the intended use-case of relaying DNSSEC key data.
3. Restructuring the document to make it more inline with existing 3. Restructuring the document to make it more inline with existing
EPP extensions. EPP extensions.
A.7. draft-ietf-eppext-keyrelay-02 A.7. draft-ietf-eppext-keyrelay-02
1. Updated the XML structure based on WG feedback 1. Updated the XML structure by removing th <> command based on WG
feedback
2. Updated the wording 2. Updated the wording
A.8. draft-ietf-eppext-keyrelay-03 A.8. draft-ietf-eppext-keyrelay-03
1. Updated the document title in the EPP Extension Registry section 1. Updated the document title in the EPP Extension Registry section
2. Restored Acknowledgement section, thanks to Marco Davids 2. Restored Acknowledgement section, thanks to Marco Davids
3. Incorperated feedback from Patrick Mevzek 3. Incorperated feedback from Patrick Mevzek
 End of changes. 21 change blocks. 
75 lines changed or deleted 78 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/