Domain Name Data Escrow Specification
Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330United States of America90292Marina del Rey+1.310.823.9358francisco.arias@icann.org
Japan Registry Services Co., Ltd.
Chiyoda First Bldg. East 13F, 3-8-1 Nishi-KandaJapan101-0065Chiyoda-ku, Tokyo+81.3.5215.8451noguchi@jprs.co.jp
Applications
escrowregistrydomain
This document specifies the format and contents of Data Escrow deposits for Domain Name
Registration Organizations.
Registration Data Escrow is the process by which an Internet Registration
Organization (e.g., a registry, registrar, etc.) periodically submits data
deposits to a contracted third party called an Escrow Agent. These deposits
comprise all the data needed to resume operations if the registration
organization could not function as a result of a catastrophe or a financial
situation. For a domain name registry or registrar the data to be deposited
includes all the objects related to registered domain names, e.g.,
contacts, name servers, etc.
The purpose of data escrow is to permit quick resumption of registration
service by another registration organization after a catastrophe. The
goal is higher resiliency of registration services, for the benefit of
Internet users. The beneficiaries of a registration organization are not
just those registering information there, but all relying parties that need
to identify the owners of objects.
In the context of domain name registries, registration data escrow is
a requirement for the current generic top-level domains and it is
expected to be for new registries. Some country code top-level
domain managers are also currently escrowing data.
There is also a similar requirement for ICANN's generic top-level
domain accredited registrars.
This document specifies a format and contents of Data Escrow deposits for
Domain Name Registration Organizations.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD",
"SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in BCP 14, RFC 2119 .
DEPOSIT.
Deposits can be of three kinds: Full, Differential or Incremental. For all kinds of Deposits, the
Universe of Registry objects to be considered for data escrow are those objects necessary in order to
offer the Registry Services.
DIFFERENTIAL DEPOSIT. Contains data that reflects all transactions involving the database
that were not reflected in the last previous Full, Incremental or Differential Deposit, as the case may
be. Differential deposit files will contain information from all database objects that were added,
modified or deleted since the previous Deposit was completed as of its defined Timeline Watermark.
ESCROW AGENT. The organization contracted by the Registry or the Third-Party Beneficiary to receive and
guard Data Escrow Deposits from the Registry.
FULL DEPOSIT. Contains the Registry Data that reflects the current and complete Registry
Database and will consist of data that reflects the state of the registry as of a defined
Timeline Watermark for the deposit.
INCREMENTAL DEPOSIT. Contains data that reflects all transactions involving the database that were not
reflected in the last previous Full Deposit. Incremental Deposit files will contain information from
all database objects that were added, modified or deleted since the previous Full Deposit was completed
as of its defined Timeline Watermark.
If the Timeline Watermark of an Incremental Deposit were to cover the Watermark of another (Incremental
or Differential) Deposit since the last Full Deposit, the former Deposit MUST contain the transactions
of the later Deposit.
REGISTRY. The organization providing Registry Services for a RCDN.
REGISTRY-CLASS DOMAIN NAME (RCDN): Refers to a top-level domain (TLD) or any other domain name at any
level in the DNS tree for which a Registry (either directly or through and affiliate company) provides
Registry services to other organizations or individuals. For example: .COM, .ORG, .BIZ, .CO.JP, .ORG.MX.
REGISTRY SERVICES. Services offered by the Registry critical to the following tasks: the receipt of
data from registrars concerning registrations of domain names and name servers; provision to registrars
of status information relating to the DNS servers for the RCDN; dissemination of RCDN zone files;
operation of the Registry DNS servers; and dissemination of contact and other information concerning
DNS registrations in the RCDN. Any other products or services that only a Registry is capable of
providing, by reason of its designation as the Registry. Typical examples of Registry Services are:
DNS resolution for the RCDN, WHOIS and EPP.
THIRD-PARTY BENEFICIARY. Is the organization that, under extraordinary circumstances, would receive the
escrow Deposits the Registry transferred to the Escrow Agent. This organization could be a backup
Registry, Registry regulator, contracting party of the Registry, etc.
TIMELINE WATERMARK. Point in time on which to base the collecting of database objects for a Deposit.
Deposits are expected to be consistent to that point in time.
Since a few years ago, the issue of Registry continuity has been carefully considered in the gTLD and
ccTLD space. Various organizations have made risk analysis and developed Business Continuity Plans to
deal with those risks, should they materialize.
One of the solutions considered and used, especially in the gTLD space, is Registry Data Escrow as a
way to ensure the Continuity of Registry Services in the extreme case of Registry failure.
So far, almost every Registry that uses Registry Data Escrow has its own specification. It is also
anticipated that more Registries will be implementing Escrow especially with the advent of the new
gTLD program.
Now, it would seem beneficial to have a standardized specification for Registry Data Escrow that can be
used by any Registry to submit its Deposits and, in case, to use those deposits to operate Registry
Services for a RCDN that has to be transitioned of Registry operator.
A solution to the problem at hand SHALL clearly identify the format and contents of the Deposits a
Registry has to make, such that another different Registry would be able to rebuild the Registry
Services of the former, without its help, in a timely manner, with minimum harm to the Registrants,
Registrars and Internet users.
Since the list and details of Registry Services vary from Registry to Registry, the solution SHALL
provide mechanisms that allow its extensibility to accommodate variations and extensions of the
Registry Services.
Given the confidentiality and importance of some of the information that is handled in order to offer
the Registry Services, the solution SHALL define confidentiality and integrity mechanisms when handling
the Registry data.
The solution SHALL NOT include in the specification those objects of such delicate confidentiality that
it is best to leave them out of the Deposits, e.g., DNSSEC KSK/ZSK private keys.
Details that are a matter of policy SHOULD be identified as such for the benefit of the implementers.
Legal issues around Data Escrow and the overall question of the use Registry Data Escrow are
outside of scope of this document.
Numerous fields indicate "dates", such as the creation and expiry dates for domains. These fields
SHALL contain timestamps indicating the date and time in UTC as specified in ,
with no offset from the zero meridian.
Country identifiers SHALL be represented using two character identifiers as specified in
.
Telephone numbers (both voice and fax) SHALL be formatted based on structures defined in
. Telephone numbers described in this specification are character strings
that MUST begin with a plus sign ("+", ASCII value 0x002B), followed by a country code defined in
, followed by a dot (".", ASCII value 0x002E), followed by a sequence of
digits representing the telephone number.
IP addresses syntax MUST conform either to, Internet Protocol , for IPv4
addresses, or IP Version 6 Addressing Architecture , for IPv6 addresses.
The following is a format for Data Escrow deposits as produced by an Internet Domain Registry. Only
the format of the objects deposited is defined, nothing is prescribed about the way to transfer such
deposits between the Registry and the Escrow Agent or vice versa. The format is based on EPP
and related RFCs by Scott Hollenbeck.
The container or root element for a Registry Data Escrow deposits is <deposit>.
This element contains the following child elements: watermark, deletes and contents. This element
also contains the following attributes:
A "type" attribute that MUST be used to identify the kind of deposit:
FULL, INCR (Incremental) or DIFF (Differential).
An "id" attribute that MUST be used to uniquely identify the escrow deposit.
Each registry is responsible for maintaining its own escrow deposits identifier
space to ensure uniqueness.
An OPTIONAL "prevId" attribute that can be used to identify
the previous incremental, differential or full escrow deposit.
This attribute MUST be used in Differential Deposits ("DIFF" type).
An OPTIONAL "resend" attribute that is used to identify resend attempts in case of previous
failure. The first time a deposit is attempted to be sent, the attribute MUST be zero;
The second attempt to send (first resend attempt) the attribute MUST be set to one; and
so on. This would be used when for example, the previous deposit was not received complete,
it failed verification at the receiving party, etc.
Example of root element object:
A <watermark> element contains the data-time correspondent to
the Timeline Watermark of the deposit.
Example of <watermark> element object:
An OPTIONAL <eppParams> element contains some EPP parameters that may be helpful when
rebuilding a registry from the escrow deposits. The element SHOULD be included in Deposits
if the registry uses EPP.
The syntax and content of the <eppParams> children elements is as explained in section
2.4 of . The children of the <eppParams> are as follows:
One or more <version> elements that indicate the EPP versions supported by the
registry.
One or more <lang> elements that indicate the identifiers of the text response
languages supported by the registry's EPP server.
One or more <objURI> elements that contain namespace URIs representing the objects
that the registry's EPP server is capable of managing.
An OPTIONAL <svcExtension> element that contains one or more <extURI>
elements that contain namespace URIs representing object extensions supported by the
registry's EPP server.
A <dcp> element that contains child elements used to describe the server's privacy
policy for data collection and management. See section 2.4 of
for more details.
Example of <eppParams> element object:
This section SHOULD only be present in deposits of type Incremental or Differential. It contains
the list of objects that were deleted since the base previous deposit. Each object in this
section contains an ID for the object deleted. For domains and hosts it will be the fully
qualified domain name.
This section of the deposit SHOULD NOT be present in Full deposits. When rebuilding a
registry it SHOULD be ignored if present in a Full deposit.
Elements that MAY appear in this section are: delContact, delHost, delDomain and/or delRegistrar.
It MAY also contain an extension element allowing extending the element.
Example of <deletes> element object:
This section of the deposit contains the actual objects in the deposit. It MAY contain elements: contact,
host, domain, registrar, idnTableRef and idn as defined in . This element
MAY also contain an extension element allowing extending the format.
In the case of Incremental or Differential deposits, the objects indicate whether
the object was added or modified after the base previous deposit. In order to distinguish between
one and the other, it will be sufficient to check existence of the referenced object in the base
previous deposit.
When applying Incremental or Differential deposits, i.e., when rebuilding the registry from data escrow
deposits, the order of the <deletes> and <contents> elements is important. First, all the
deletes MUST be applied and then the adds and updates, i.e., first apply what is in <deletes> and
later what is in <contents>.
Example of <contents> element object:
This section describes the base objects defined in EPP: domains, hosts and contacts with the addition
of registrars, idnTableRefs and idns.
The RDE domain object is based on the EPP domain name mapping in . There are
two elements used in this format related to domains: the domain object per se, used inside the
<contents> element and the delDomain object used inside the <deletes> element.
The domain element is based on the EPP domain <info>
response for an authorized client (see Section 3.1.2. of ).
Example of domain object:
The delDomain element contains the fully qualified domain name of a domain that was deleted.
Example of <delDomain> object:
The RDE host object is based on the EPP host name mapping in . There are
two elements used in this format related to hosts: the host object per se, used inside the
<contents> element and the delHost object used inside the <deletes> element.
The RDE domain object is based on the EPP host <info> response for
an authorized client (see Section 3.1.2. of ).
Example of <host> object:
The delHost element contains the fully qualified domain name of a host that was deleted.
Example of <delHost> object:
The RDE contact object is based on the EPP contact name mapping in . There
are two elements used in this format related to contacts: the contact object per se, used inside the
<contents> element and the delContact object used inside the <deletes> element.
The contact object is based on the EPP contact <info>
response for an authorized client (see Section 3.1.2. of ).
Example <contact> object:
The delContact element contains the id of a contact that was deleted.
Example of <delContact> object:
The RDE registrar object is based on the EPP contact name mapping previously described.
There are two elements used in this format related to registrars: the registrar object per se,
used inside the <contents> element and the delRegistrar object used inside the
<deletes> element.
The <registrar> element contains the following child elements:
An <id> element that contains the Registry-unique identifier of the
registrar object. This <id> has a superordinate relationship to a subordinate
<clID>, <crID> or <upID> of domain, contact and host objects.
An OPTIONAL <icannId> element that contains the ID assigned by ICANN.
One or two <postalInfo> elements that contain postal-
address information. Two elements are provided so that address
information can be provided in both internationalized and
localized forms; a "type" attribute is used to identify the two
forms. If an internationalized form (type="int") is provided,
element content MUST be represented in a subset of UTF-8 that can
be represented in the 7-bit US-ASCII character set. If a
localized form (type="loc") is provided, element content MAY be
represented in unrestricted UTF-8. The <postalInfo>
element contains the following child elements:
An OPTIONAL <org> element that contains the name of the
organization with which the registrar is affiliated.
A <addr> element that contains address information associated
with the registrar.
The <addr> element contains the following child elements:
One, two, or three OPTIONAL <street> elements that
contain the registrar's street address.
A <city> element that contains the registrar's
city.
An OPTIONAL <sp> element that contains the
registrar's state or province.
An OPTIONAL <pc> element that contains the
registrar's postal code.
A <cc> element that contains the registrar's
country code.
An OPTIONAL <voice> element that contains the registrar's voice
telephone number.
An OPTIONAL <fax> element that contains the registrar's
facsimile telephone number.
A <email> element that contains the registrar's email address.
A <url> element that contains the registrar's URL.
One or more OPTIONAL <contact> elements that contain identifiers for
the human or organizational social information objects associated with the
registrar object.
A <crDate> element that contains the date and time of
registrar-object creation.
A <upDate> element that contains the date and time of the most
recent RDE registrar-object modification.
This element MUST NOT be present if the rdeRegistrar object has never been modified.
An <authInfo> element that contains authorization information associated with the
registar object to allow access to registry systems. This specification describes
password-based authorization information, though other mechanisms are possible.
Example of <registrar> object:
The delRegistrar element contains the id of a registrar that was deleted.
Example of <delRegistrar> object:
The RDE Internationalized Domain Names (IDN) Table reference is a pseudobject that is used
to provide a short reference to the IDN Table used in IDN registrations. The <idnTableRef>
element has an "id" attribute that is used to uniquely identify an IDN Table stored externally.
The <idnTableRef> has only one child element, <url> that contains the URL of the
IDN table that is being referenced.
Example of <idnTableRef> object:
Depending on the Registration Policy in place in the Registry; for a particular IDN, there may be
multiple variant domains either registered, reserved or blocked:
If the IDN variant is actually registered, bundled with its canonical domain name in the
Registry system, the variant SHALL be tagged as "registered".
If only the holder of the canonical domain name is allowed to register the IDN variant but
it is not actually registered, the variant SHALL be tagged as "reserved".
If the IDN variant is considered undesirable for registration, the variant SHALL be tagged
as "blocked".
The <idn> element contains the following child elements:
An <aName> element that contains the ASCII Compatible Encoding (ACE) of an IDN.
An OPTIONAL <uName> element that contains the name of the IDN in Unicode character set. It
SHOULD be provided if available.
A <type> element that indicates the type of variant this IDN is: registered, reserved,
blocked or canonical; see
An <idnTableId> element that references the IDN Table used for the IDN. This corresponds
to the "id" attribute of the <idnTableRef> element.
An OPTIONAL <roid> element that contains the ROID of the corresponding domain object, if
there is one. It MUST be provided if the domain object exists.
A <canonicalRoid> element that contains the ROID of the canonical domain name. It MUST
be provided if the IDN is NOT the canonical domain name.
An OPTIONAL <extension> element that allows extending the IDN object.
Example of <idn> object:
The <delIdn> element contains the ACE of an IDN that was deleted, i.e., the <aName>.
Example of <delIdn> object:
Six schemas are presented here. The first schema is the base RDE
schema. The second schema defines domain object for RDE. The third
schema defines host object for RDE. The fourth schema defines
contact object for RDE. The fifth schema defines registrar object
for RDE. The last schema defines the idnTableRef and IDN objects.
Copyright (c) 2010 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 2010 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 2010 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 2010 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 2010 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 2010 IETF Trust and the persons identified as authors
of the code. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in
the documentation and/or other materials provided with the
distribution.
Neither the name of Internet Society, IETF or IETF Trust, nor the
names of specific contributors, may be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Consider the following XML Schema for an extension example:
The following is an example deposit that includes the "idData" and "delIdData"
elements:
Data Escrow deposits are represented in XML, which provides native support for encoding information
using the Unicode character set and its more compact representations including UTF-8. Conformant XML
processors recognize both UTF-8 and UTF-16. Though XML includes provisions to identify and use other
character encodings through use of an "encoding" attribute in an <?xml?> declaration, use of UTF-8
is RECOMMENDED.
This document uses URNs to describe XML namespaces and XML schemas
conforming to a registry mechanism described in .
Two URI assignments have been registered by the IANA.
Registration request for the RDE namespace:
URI: urn:ietf:params:xml:ns:rde-1.0Registrant Contact: See the "Author's Address" section of this document.XML: None. Namespace URIs do not represent an XML specification.Registration request for the RDE XML schema:
URI: urn:ietf:params:xml:schema:rde-1.0Registrant Contact: See the "Author's Address" section of this document.See the "Formal Syntax" section of this document.Registration request for the RDE domain namespace:
URI: urn:ietf:params:xml:ns:rdeDomain-1.0Registrant Contact: See the "Author's Address" section of this document.XML: None. Namespace URIs do not represent an XML specification.Registration request for the RDE domain XML schema:
URI: urn:ietf:params:xml:schema:rdeDomain-1.0Registrant Contact: See the "Author's Address" section of this document.See the "Formal Syntax" section of this document.Registration request for the RDE host namespace:
URI: urn:ietf:params:xml:ns:rdeHost-1.0Registrant Contact: See the "Author's Address" section of this document.XML: None. Namespace URIs do not represent an XML specification.Registration request for the RDE host XML schema:
URI: urn:ietf:params:xml:schema:rdeHost-1.0Registrant Contact: See the "Author's Address" section of this document.See the "Formal Syntax" section of this document.Registration request for the RDE contact namespace:
URI: urn:ietf:params:xml:ns:rdeContact-1.0Registrant Contact: See the "Author's Address" section of this document.XML: None. Namespace URIs do not represent an XML specification.Registration request for the RDE contact XML schema:
URI: urn:ietf:params:xml:schema:rdeContact-1.0Registrant Contact: See the "Author's Address" section of this document.See the "Formal Syntax" section of this document.Registration request for the RDE registrar namespace:
URI: urn:ietf:params:xml:ns:rdeRegistrar-1.0Registrant Contact: See the "Author's Address" section of this document.XML: None. Namespace URIs do not represent an XML specification.Registration request for the RDE registrar XML schema:
URI: urn:ietf:params:xml:schema:rdeRegistrar-1.0Registrant Contact: See the "Author's Address" section of this document.See the "Formal Syntax" section of this document.Registration request for the RDE IDN namespace:
URI: urn:ietf:params:xml:ns:rdeIDN-1.0Registrant Contact: See the "Author's Address" section of this document.XML: None. Namespace URIs do not represent an XML specification.Registration request for the RDE registrar XML schema:
URI: urn:ietf:params:xml:schema:rdeIDN-1.0Registrant Contact: See the "Author's Address" section of this document.See the "Formal Syntax" section of this document.
This specification does not define the security mechanisms to be used in the transmission of the data escrow
deposits, since it only specifies the minimum necessary to enable the rebuilding of a Registry from
deposits without intervention from the original Registry.
Depending on local policies, some elements or most likely, the whole deposit will be considered confidential. As
such the Registry transmitting the data to the Escrow Agent SHOULD take all the necessary precautions
like encrypting the data itself and/or the transport channel to avoid inadvertent disclosure of private data.
It is also of the utmost importance the authentication of the parties passing data escrow deposit files. The
Escrow Agent SHOULD properly authenticate the identity of the Registry before accepting data escrow
deposits. In a similar manner, the Registry SHOULD authenticate the identity of the Escrow Agent
before submitting any data.
Additionally, the Registry and the Escrow Agent SHOULD use integrity checking mechanisms to ensure the
data transmitted is what the source intended. Validation of the contents by the Escrow Agent is RECOMMENDED
to ensure not only the file was transmitted correctly from the Registry, but also the contents are also
"meaningful".
Parts of this document are based on EPP and related RFCs by Scott Hollenbeck.
[[RFC Editor: Please remove this section.]]
Included DNSSEC elements as part of the basic <domain> element as defined in .Included RGP elements as part of the basic <domain> element as defined in .Added support for IDNs and IDN variants.Eliminated the <summary> element and all its subordinate objects, except <watermarkDate>.Renamed <watermarkDate> to <watermark> and included it directly under root element.Renamed root element to <deposit>.Added <authinfo> element under <registrar> element.Added <roid> element under <registrar> element.Reversed the order of the <deletes> and <contents> elements.Removed <rdeDomain:status> minOccurs="0".Added <extension> element under root element.Added <extension> element under <contact> element.Removed <period> element from <domain> element.Populated the "Security Considerations" section.Populated the "Internationalization Considerations" section.Populated the "Extension Example" section.Added <deDate> element under <domain> element.Added <icannId> element under <registrar> element.Added <eppParams> element under root element.Fixed some typographical errors and omissions. Codes for the representation of names of countries and their
subdivisions -- Part 1: Country codes
International Organization for Standardization
The international public telecommunication numbering plan
International Telecommunication Union