idnits 2.17.00 (12 Aug 2021) /tmp/idnits16894/draft-ietf-regext-unhandled-namespaces-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (19 February 2021) is 449 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'NAMESPACE-URI' is mentioned on line 357, but not defined == Missing Reference: 'NAMESPACE-XML' is mentioned on line 354, but not defined Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group J. Gould 3 Internet-Draft VeriSign, Inc. 4 Intended status: Standards Track M. Casanova 5 Expires: 23 August 2021 SWITCH 6 19 February 2021 8 Extensible Provisioning Protocol (EPP) Unhandled Namespaces 9 draft-ietf-regext-unhandled-namespaces-08 11 Abstract 13 The Extensible Provisioning Protocol (EPP), as defined in RFC 5730, 14 includes a method for the client and server to determine the objects 15 to be managed during a session and the object extensions to be used 16 during a session. The services are identified using namespace URIs, 17 and an "unhandled namespace" is one that is associated with a service 18 not supported by the client. This document defines an operational 19 practice that enables the server to return information associated 20 with unhandled namespace URIs that is compliant with the negotiated 21 services defined in RFC 5730. 23 Status of This Memo 25 This Internet-Draft is submitted in full conformance with the 26 provisions of BCP 78 and BCP 79. 28 Internet-Drafts are working documents of the Internet Engineering 29 Task Force (IETF). Note that other groups may also distribute 30 working documents as Internet-Drafts. The list of current Internet- 31 Drafts is at https://datatracker.ietf.org/drafts/current/. 33 Internet-Drafts are draft documents valid for a maximum of six months 34 and may be updated, replaced, or obsoleted by other documents at any 35 time. It is inappropriate to use Internet-Drafts as reference 36 material or to cite them other than as "work in progress." 38 This Internet-Draft will expire on 23 August 2021. 40 Copyright Notice 42 Copyright (c) 2021 IETF Trust and the persons identified as the 43 document authors. All rights reserved. 45 This document is subject to BCP 78 and the IETF Trust's Legal 46 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 47 license-info) in effect on the date of publication of this document. 48 Please review these documents carefully, as they describe your rights 49 and restrictions with respect to this document. Code Components 50 extracted from this document must include Simplified BSD License text 51 as described in Section 4.e of the Trust Legal Provisions and are 52 provided without warranty as described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 58 2. Unhandled Namespaces . . . . . . . . . . . . . . . . . . . . 4 59 3. Use of EPP for Unhandled Namespace Data . . . . . 4 60 3.1. Unhandled Object-Level Extension . . . . . . . . . . . . 5 61 3.2. Unhandled Command-Response Extension . . . . . . . . . . 7 62 4. Signaling Client and Server Support . . . . . . . . . . . . . 10 63 5. Usage with General EPP Responses . . . . . . . . . . . . . . 11 64 6. Usage with Poll Message EPP Responses . . . . . . . . . . . . 13 65 7. Implementation Considerations . . . . . . . . . . . . . . . . 16 66 7.1. Client Implementation Considerations . . . . . . . . . . 16 67 7.2. Server Implementation Considerations . . . . . . . . . . 16 68 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 69 8.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 17 70 8.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 17 71 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 17 72 9.1. Verisign EPP SDK . . . . . . . . . . . . . . . . . . . . 18 73 9.2. SWITCH Automated DNSSEC Provisioning Process . . . . . . 18 74 10. Security Considerations . . . . . . . . . . . . . . . . . . . 19 75 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 19 76 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 77 12.1. Normative References . . . . . . . . . . . . . . . . . . 19 78 12.2. Informative References . . . . . . . . . . . . . . . . . 20 79 Appendix A. Change History . . . . . . . . . . . . . . . . . . . 20 80 A.1. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 20 81 A.2. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 21 82 A.3. Change from 02 to REGEXT 00 . . . . . . . . . . . . . . . 21 83 A.4. Change from REGEXT 00 to REGEXT 01 . . . . . . . . . . . 21 84 A.5. Change from REGEXT 01 to REGEXT 02 . . . . . . . . . . . 21 85 A.6. Change from REGEXT 02 to REGEXT 03 . . . . . . . . . . . 21 86 A.7. Change from REGEXT 03 to REGEXT 04 . . . . . . . . . . . 21 87 A.8. Change from REGEXT 04 to REGEXT 05 . . . . . . . . . . . 22 88 A.9. Change from REGEXT 05 to REGEXT 06 . . . . . . . . . . . 22 89 A.10. Change from REGEXT 06 to REGEXT 07 . . . . . . . . . . . 22 90 A.11. Change from REGEXT 07 to REGEXT 08 . . . . . . . . . . . 22 91 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 23 93 1. Introduction 95 The Extensible Provisioning Protocol (EPP), as defined in [RFC5730], 96 includes a method for the client and server to determine the objects 97 to be managed during a session and the object extensions to be used 98 during a session. The services are identified using namespace URIs. 99 How should the server handle service data that needs to be returned 100 in the response when the client does not support the required service 101 namespace URI, which is referred to as an unhandled namespace? An 102 unhandled namespace is a significant issue for the processing of 103 [RFC5730] poll messages, since poll messages are inserted by the 104 server prior to knowing the supported client services, and the client 105 needs to be capable of processing all poll messages. Returning an 106 unhandled namespace poll message is not compliant with the negotiated 107 services defined in [RFC5730] and returning an error makes the 108 unhandled namespace poll message a poison message by halting the 109 processing of the poll queue. An unhandled namespace is an issue 110 also for general EPP responses when the server has information that 111 it cannot return to the client due to the client's supported 112 services. The server should be able to return unhandled namespace 113 information that the client can process later. This document defines 114 an operational practice that enables the server to return information 115 associated with unhandled namespace URIs that is compliant with the 116 negotiated services defined in [RFC5730]. 118 1.1. Conventions Used in This Document 120 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 121 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 122 "OPTIONAL" in this document are to be interpreted as described in BCP 123 14 [RFC2119] [RFC8174] when, and only when, they appear in all 124 capitals, as shown here. 126 XML is case sensitive. Unless stated otherwise, XML specifications 127 and examples provided in this document MUST be interpreted in the 128 character case presented in order to develop a conforming 129 implementation. 131 In examples, "S:" represents lines returned by a protocol server. 132 Indentation and white space in examples are provided only to 133 illustrate element relationships and are not a required feature of 134 this protocol. 136 The examples reference XML namespace prefixes that are used for the 137 associated XML namespaces. Implementations MUST NOT depend on the 138 example XML namespaces and instead employ a proper namespace-aware 139 XML parser and serializer to interpret and output the XML documents. 140 The example namespace prefixes used and their associated XML 141 namespaces include: 143 "changePoll": urn:ietf:params:xml:ns:changePoll-1.0 144 "domain": urn:ietf:params:xml:ns:domain-1.0 145 "secDNS": urn:ietf:params:xml:ns:secDNS-1.1 147 In the template example XML, placeholder content is represented by 148 the following variables: 150 "[NAMESPACE-XML]": XML content associated with a login service 151 namespace URI. An example is the element 152 content in [RFC5731]. 153 "[NAMESPACE-URI]": XML namespace URI associated with the [NAMESPACE- 154 XML] XML content. An example is "urn:ietf:params:xml:ns:domain- 155 1.0" in [RFC5731]. 157 2. Unhandled Namespaces 159 An Unhandled Namespace is an XML namespace that is associated with a 160 response extension that is not included in the client-specified EPP 161 login services of [RFC5730]. The EPP login services consists of the 162 set of XML namespace URIs included in the or 163 elements of the [RFC5730] EPP command. The services 164 supported by the server are included in the and 165 elements of the [RFC5730] EPP , which should be a superset 166 of the login services included in the EPP command. A server 167 may have information associated with a specific namespace that it 168 needs to return in the response to a client. The unhandled 169 namespaces problem exists when the server has information that it 170 needs to return to the client but the namespace of the information is 171 not supported by the client based on the negotiated EPP 172 command services. 174 3. Use of EPP for Unhandled Namespace Data 176 In [RFC5730], the element is used to provide additional 177 error diagnostic information, including the element that 178 identifies the client-provided element that caused a server error 179 condition and the element containing the human-readable 180 message that describes the reason for the error. This operational 181 practice extends the use of the element for the purpose of 182 returning unhandled namespace information in a successful response. 184 When a server has data to return to the client that the client does 185 not support based on the login services, the server MAY return a 186 successful response, with the data for each unsupported namespace 187 moved into an [RFC5730] element. The unhandled namespace 188 will not cause an error response, but the unhandled namespace data 189 will instead be moved to an element, along with a reason 190 why the unhandled namespace data could not be included in the 191 appropriate location of the response. The element XML 192 will not be processed by the XML processor. The element 193 contains the following child elements: 195 : Contains a child-element with the unhandled namespace XML. 196 The unhandled namespace MUST be declared in the child element or 197 any containing element including the root element. XML 198 processing of the element is disabled by the XML schema 199 in [RFC5730], so the information can safely be returned in the 200 element. 201 : A formatted human-readable message that indicates the 202 reason the unhandled namespace data was not returned in the 203 appropriate location of the response. The formatted reason 204 SHOULD follow the Augmented Backus-Naur Form (ABNF) grammar 205 [RFC5234] format: NAMESPACE-URI "not in login services", where 206 NAMESPACE-URI is the unhandled XML namespace like 207 "urn:ietf:params:xml:ns:domain-1.0" for [RFC5731]. 209 This document applies to the handling of unsupported namespaces for 210 [RFC3735] object-level extensions and command-response extensions. 211 This document does not apply to the handling of unsupported 212 namespaces for [RFC3735] protocol-level extensions or authentication 213 information extensions. Refer to the following sections on how to 214 handle an unsupported object-level extension namespace or an 215 unsupported command-response extension namespace. 217 3.1. Unhandled Object-Level Extension 219 An object-level extension in [RFC5730] is a child element of the 220 element. If the client does not handle the namespace of 221 the object-level extension, then the element is removed and 222 its object-level extension child element is moved into a [RFC5730] 223 element, with the namespace URI included in the 224 corresponding element. The response becomes a 225 general EPP response without the element. 227 Template response for a supported object-level extension. The 228 [NAMESPACE-XML] variable represents the object-level extension XML. 230 S: 231 S: 232 S: 233 S: 234 S: Command completed successfully 235 S: 236 S: 237 S: [NAMESPACE-XML] 238 S: 239 S: 240 S: ABC-12345 241 S: 54322-XYZ 242 S: 243 S: 244 S: 246 Template for an unhandled namespace response for an unsupported 247 object-level extension. The [NAMESPACE-XML] variable represents the 248 object-level extension XML and the [NAMESPACE-URI] variable 249 represents the object-level extension XML namespace URI. 251 S: 252 S: 253 S: 254 S: 255 S: Command completed successfully 256 S: 257 S: 258 S: [NAMESPACE-XML] 259 S: 260 S: 261 S: [NAMESPACE-URI] not in login services 262 S: 263 S: 264 S: 265 S: 266 S: ABC-12345 267 S: 54322-XYZ 268 S: 269 S: 270 S: 272 The EPP response is converted from an object response to a general 273 EPP response by the server when the client does not support the 274 object-level extension namespace URI. Below is an example of 275 converting the query response example in Section 3.1.3 of 276 [RFC5731] to an unhandled namespace response. 278 [RFC5731] example query response converted into an 279 unhandled namespace response: 281 S: 282 S: 283 S: 284 S: 285 S: Command completed successfully 286 S: 287 S: 288 S: 290 S: example.com 291 S: pending 292 S: ClientX 293 S: 2000-06-06T22:00:00.0Z 294 S: ClientY 295 S: 2000-06-11T22:00:00.0Z 296 S: 2002-09-08T22:00:00.0Z 297 S: 298 S: 299 S: 300 S: urn:ietf:params:xml:ns:domain-1.0 not in login services 301 S: 302 S: 303 S: 304 S: 305 S: ABC-12345 306 S: 54322-XYZ 307 S: 308 S: 309 S: 311 3.2. Unhandled Command-Response Extension 313 A command-response extension in [RFC5730] is a child element of the 314 element. If the client does not handle the namespace of 315 the command-response extension, the command-response child element is 316 moved into an [RFC5730] element, with the 317 namespace URI included in the corresponding 318 element. If after moving the command-response child element there 319 are no additional command-response child elements, the 320 element MUST be removed. 322 Template response for a supported command-response extension. The 323 [NAMESPACE-XML] variable represents the command-response extension 324 XML. 326 S: 327 S: 328 S: 329 S: 330 S: Command completed successfully 331 S: 332 S: 333 S: [NAMESPACE-XML] 334 S: 335 S: 336 S: ABC-12345 337 S: 54322-XYZ 338 S: 339 S: 340 S: 342 Template unhandled namespace response for an unsupported command- 343 response extension. The [NAMESPACE-XML] variable represents the 344 command-response extension XML and the [NAMESPACE-URI] variable 345 represents the command-response extension XML namespace URI. 347 S: 348 S: 349 S: 350 S: 351 S: Command completed successfully 352 S: 353 S: 354 S: [NAMESPACE-XML] 355 S: 356 S: 357 S: [NAMESPACE-URI] not in login services 358 S: 359 S: 360 S: 361 S: 362 S: ABC-12345 363 S: 54322-XYZ 364 S: 365 S: 366 S: 368 The EPP response is converted to an unhandled namespace response by 369 moving the unhandled command-response extension from under the 370 to an element. Below is example of converting 371 the DS Data Interface response example in Section 5.1.2 of 372 [RFC5910] to an unhandled namespace response. 374 [RFC5910] DS Data Interface response converted into an 375 unhandled namespace response: 377 S: 378 S: 380 S: 381 S: 382 S: Command completed successfully 383 S: 384 S: 385 S: 387 S: 388 S: 12345 389 S: 3 390 S: 1 391 S: 49FD46E6C4B45C55D4AC 392 S: 393 S: 394 S: 395 S: 396 S: urn:ietf:params:xml:ns:secDNS-1.1 not in login services 397 S: 398 S: 399 S: 400 S: 401 S: 403 S: example.com 404 S: EXAMPLE1-REP 405 S: 406 S: jd1234 407 S: sh8013 408 S: sh8013 409 S: 410 S: ns1.example.com 411 S: ns2.example.com 412 S: 413 S: ns1.example.com 414 S: ns2.example.com 415 S: ClientX 416 S: ClientY 417 S: 1999-04-03T22:00:00.0Z 418 S: ClientX 419 S: 1999-12-03T09:00:00.0Z 420 S: 2005-04-03T22:00:00.0Z 421 S: 2000-04-08T09:00:00.0Z 422 S: 423 S: 2fooBAR 424 S: 425 S: 426 S: 427 S: 428 S: ABC-12345 429 S: 54322-XYZ 430 S: 431 S: 432 S: 434 4. Signaling Client and Server Support 436 This document does not define new EPP protocol elements but rather 437 specifies an operational practice using the existing EPP protocol, 438 where the client and the server can signal support for the 439 operational practice using a namespace URI in the login and greeting 440 extension services. The namespace URI 441 "urn:ietf:params:xml:ns:epp:unhandled-namespaces-1.0" is used to 442 signal support for the operational practice. The client includes the 443 namespace URI in an element of the [RFC5730] 444 Command. The server includes the namespace URI in an 445 element of the [RFC5730] Greeting. 447 A client that receives the namespace URI in the server's Greeting 448 extension services can expect the following supported behavior by the 449 server: 451 1. Support unhandled namespace object-level extensions and command- 452 response extensions in EPP poll messages, per Section 6. 453 2. Support the option of unhandled namespace command-response 454 extensions in general EPP responses, per Section 5. 456 A server that receives the namespace URI in the client's 457 Command extension services can expect the following supported 458 behavior by the client: 460 1. Support monitoring the EPP poll messages and general EPP 461 responses for unhandled namespaces. 463 5. Usage with General EPP Responses 465 The unhandled namespace approach defined in Section 3 MAY be used for 466 a general EPP response to an EPP command. A general EPP response 467 includes any non-poll message EPP response. The use of the unhandled 468 namespace approach for poll message EPP responses is defined in 469 Section 6. The server MAY exclude the unhandled namespace 470 information in the general EPP response or MAY include it using the 471 unhandled namespace approach. 473 The unhandled namespace approach for general EPP responses SHOULD 474 only be applicable to command-response extensions, defined in 475 Section 3.2, since the server SHOULD NOT accept an object-level EPP 476 command if the client did not include the object-level namespace URI 477 in the login services. An object-level EPP response extension is 478 returned when the server successfully executes an object-level EPP 479 command extension. The server MAY return an unhandled object-level 480 extension to the client as defined in Section 3.1. 482 Returning domain name Redemption Grace Period (RGP) data, based on 483 [RFC3915], provides an example of applying the unhandled namespace 484 approach for a general EPP response. If the client does not include 485 the "urn:ietf:params:xml:ns:rgp-1.0" namespace URI in the login 486 services, and the domain response of a domain name does have 487 RGP information, the server MAY exclude the element 488 from the EPP response or MAY include it under the element 489 per Section 3.2. Below is example of converting the domain name 490 response example in Section 4.1.2 of [RFC3915] to an unhandled 491 namespace response. 493 [RFC5731] domain name response with the unhandled [RFC3915] 494 element included under an element: 496 S: 497 S: 501 S: 502 S: 503 S: Command completed successfully 504 S: 505 S: 506 S: 509 S: 510 S: 511 S: 512 S: 513 S: urn:ietf:params:xml:ns:rgp-1.0 not in login services 514 S: 515 S: 516 S: 517 S: 518 S: 522 S: example.com 523 S: EXAMPLE1-REP 524 S: 525 S: jd1234 526 S: sh8013 527 S: sh8013 528 S: 529 S: ns1.example.com 530 S: ns1.example.net 531 S: 532 S: ns1.example.com 533 S: ns2.example.com 534 S: ClientX 535 S: ClientY 536 S: 1999-04-03T22:00:00.0Z 537 S: ClientX 538 S: 1999-12-03T09:00:00.0Z 539 S: 2005-04-03T22:00:00.0Z 540 S: 2000-04-08T09:00:00.0Z 541 S: 542 S: 2fooBAR 543 S: 544 S: 545 S: 546 S: 547 S: ABC-12345 548 S: 54322-XYZ 549 S: 550 S: 551 S: 553 6. Usage with Poll Message EPP Responses 555 The unhandled namespace approach, defined in Section 3, MUST be used 556 if there is unhandled namespace information included in an EPP 557 message response. The server inserts poll messages into the client's 558 poll queue independent of knowing the supported client login 559 services, therefore there may be unhandled object-level and command- 560 response extensions included in a client's poll queue. In [RFC5730], 561 the command is used by the client to retrieve and acknowledge 562 poll messages that have been inserted by the server. The 563 message response is an EPP response that includes the element 564 that provides poll queue meta-data about the message. The unhandled 565 namespace approach, defined in Section 3, is used for an unhandled 566 object-level extension and for each of the unhandled command-response 567 extensions attached to the message response. The resulting 568 EPP message response MAY have either or both the object-level 569 extension or command-response extensions moved to 570 elements, as defined in Section 3. 572 The Change Poll Message, as defined in Section 3.1.2 of [RFC8590], 573 which is an extension of any EPP object, is an example of applying 574 the unhandled namespace approach for EPP message responses. 575 Below are examples of converting the domain name response 576 example in Section 3.1.2 of [RFC8590] to an unhandled namespace 577 response. The object that will be used in the examples is a 578 [RFC5731] domain name object. 580 [RFC5731] domain name message response with the 581 unhandled [RFC8590] element included under an 582 element: 584 S: 585 S: 586 S: 587 S: 588 S: 589 S: Command completed successfully; ack to dequeue 590 S: 591 S: 592 S: 595 S: update 596 S: 597 S: 2013-10-22T14:25:57.0Z 598 S: 12345-XYZ 599 S: URS Admin 600 S: urs123 601 S: 602 S: URS Lock 603 S: 604 S: 605 S: 606 S: urn:ietf:params:xml:ns:changePoll-1.0 not in login services 607 S: 608 S: 609 S: 610 S: 611 S: 2013-10-22T14:25:57.0Z 612 S: Registry initiated update of domain. 613 S: 614 S: 615 S: 617 S: domain.example 618 S: EXAMPLE1-REP 619 S: 620 S: jd1234 621 S: sh8013 622 S: sh8013 623 S: ClientX 624 S: ClientY 625 S: 2012-04-03T22:00:00.0Z 626 S: 2014-04-03T22:00:00.0Z 627 S: 628 S: 629 S: 630 S: ABC-12345 631 S: 54322-XYZ 632 S: 633 S: 634 S: 636 Unhandled [RFC5731] domain name message response and 637 the unhandled [RFC8590] element included 638 under an element: 640 S: 641 S: 642 S: 643 S: 644 S: Command completed successfully; ack to dequeue 645 S: 646 S: 647 S: 649 S: domain.example 650 S: EXAMPLE1-REP 651 S: 652 S: jd1234 653 S: sh8013 654 S: sh8013 655 S: ClientX 656 S: ClientY 657 S: 2012-04-03T22:00:00.0Z 658 S: 2014-04-03T22:00:00.0Z 659 S: 660 S: 661 S: 662 S: urn:ietf:params:xml:ns:domain-1.0 not in login services 663 S: 664 S: 665 S: 666 S: 667 S: 671 S: update 672 S: 673 S: 2013-10-22T14:25:57.0Z 674 S: 12345-XYZ 675 S: URS Admin 676 S: urs123 677 S: 678 S: URS Lock 679 S: 680 S: 681 S: 682 S: urn:ietf:params:xml:ns:changePoll-1.0 not in login services 683 S: 684 S: 685 S: 686 S: 687 S: 2013-10-22T14:25:57.0Z 688 S: Registry initiated update of domain. 689 S: 690 S: 691 S: ABC-12345 692 S: 54322-XYZ 693 S: 694 S: 695 S: 697 7. Implementation Considerations 699 There are implementation considerations for the client and the server 700 to help address the risk of the client ignoring unhandled namespace 701 information included in an EPP response that is needed to meet 702 technical, policy, or legal requirements. 704 7.1. Client Implementation Considerations 706 To reduce the likelihood of a client receiving unhandled namespace 707 information, the client should consider implementing the following: 709 1. Ensure that the client presents the complete set of what it 710 supports when presenting its login services. If there are gaps 711 between the services supported by the client and the login 712 services included in the login command, the client may receive 713 unhandled namespace information that the client could have 714 supported. 715 2. Support all of the services included in the server greeting 716 services that may be included in an EPP response, including the 717 poll queue responses. The client should evaluate the gaps 718 between the greeting services and the login services provided in 719 the login command to identify extensions that need to be 720 supported. 721 3. Proactively monitor for unhandled namespace information in the 722 EPP responses by looking for the inclusion of the 723 element in successful responses, recording the unsupported 724 namespace included in the element, and recording the 725 unhandled namespace information included in the element 726 for later processing. The unhandled namespace should be 727 implemented by the client to ensure that information is processed 728 fully in future EPP responses. 730 7.2. Server Implementation Considerations 732 To assist the clients in recognizing unhandled namespaces, the server 733 should consider implementing the following: 735 1. Monitor for returning unhandled namespace information to clients 736 and report it to the clients out-of-band to EPP so the clients 737 can add support for the unhandled namespaces. 738 2. Look for the unhandled namespace support in the login services 739 when returning optional unhandled namespace information in 740 General EPP Responses. 742 8. IANA Considerations 744 8.1. XML Namespace 746 This document uses URNs to describe XML namespaces conforming to a 747 registry mechanism described in [RFC3688]. The following URI 748 assignment is requested of IANA: 750 Registration request for the unhandled namespaces namespace: 752 URI: urn:ietf:params:xml:ns:epp:unhandled-namespaces-1.0 753 Registrant Contact: IESG 754 XML: None. Namespace URIs do not represent an XML specification. 756 8.2. EPP Extension Registry 758 The EPP operational practice described in this document should be 759 registered by the IANA in the EPP Extension Registry described in 760 [RFC7451]. The details of the registration are as follows: 762 Name of Extension: "Extensible Provisioning Protocol (EPP) Unhandled 763 Namespaces" 765 Document status: Standards Track 767 Reference: (insert reference to RFC version of this document) 769 Registrant Name and Email Address: IETF, 771 TLDs: Any 773 IPR Disclosure: None 775 Status: Active 777 Notes: None 779 9. Implementation Status 781 Note to RFC Editor: Please remove this section and the reference to 782 RFC 7942 [RFC7942] before publication. 784 This section records the status of known implementations of the 785 protocol defined by this specification at the time of posting of this 786 Internet-Draft, and is based on a proposal described in RFC 7942 787 [RFC7942]. The description of implementations in this section is 788 intended to assist the IETF in its decision processes in progressing 789 drafts to RFCs. Please note that the listing of any individual 790 implementation here does not imply endorsement by the IETF. 791 Furthermore, no effort has been spent to verify the information 792 presented here that was supplied by IETF contributors. This is not 793 intended as, and must not be construed to be, a catalog of available 794 implementations or their features. Readers are advised to note that 795 other implementations may exist. 797 According to RFC 7942 [RFC7942], "this will allow reviewers and 798 working groups to assign due consideration to documents that have the 799 benefit of running code, which may serve as evidence of valuable 800 experimentation and feedback that have made the implemented protocols 801 more mature. It is up to the individual working groups to use this 802 information as they see fit". 804 9.1. Verisign EPP SDK 806 Organization: Verisign Inc. 808 Name: Verisign EPP SDK 810 Description: The Verisign EPP SDK includes an implementation of the 811 unhandled namespaces for the processing of the poll queue messages. 813 Level of maturity: Development 815 Coverage: All aspects of the protocol are implemented. 817 Licensing: GNU Lesser General Public License 819 Contact: jgould@verisign.com 821 URL: https://www.verisign.com/en_US/channel-resources/domain- 822 registry-products/epp-sdks 824 9.2. SWITCH Automated DNSSEC Provisioning Process 826 Organization: SWITCH 828 Name: Registry of .CH and .LI 830 Description: SWITCH uses poll messages to inform the registrar about 831 DNSSEC changes at the registry triggered by CDS records. These poll 832 messages are enriched with the 'urn:ietf:params:xml:ns:changePoll- 833 1.0' and the 'urn:ietf:params:xml:ns:secDNS-1.1' extension that are 834 rendered in the poll msg response according to this draft. 836 Level of maturity: Operational 837 Coverage: All aspects of the protocol are implemented. 839 Licensing: Proprietary 841 Contact: martin.casanova@switch.ch 843 URL: https://www.nic.ch/cds 845 10. Security Considerations 847 This document does not provide any security services beyond those 848 described by EPP [RFC5730] and protocol layers used by EPP. The 849 security considerations described in these other specifications apply 850 to this specification as well. Since the unhandled namespace context 851 is XML that is not processed in the first pass by the XML parser, the 852 client SHOULD validate the XML when the content is processed to 853 protect against the inclusion of malicious content. 855 11. Acknowledgements 857 The authors wish to thank the following persons for their feedback 858 and suggestions: Thomas Corte, Scott Hollenbeck, Patrick Mevzek, and 859 Marcel Parodi. 861 12. References 863 12.1. Normative References 865 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 866 Requirement Levels", BCP 14, RFC 2119, 867 DOI 10.17487/RFC2119, March 1997, 868 . 870 [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, 871 DOI 10.17487/RFC3688, January 2004, 872 . 874 [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax 875 Specifications: ABNF", STD 68, RFC 5234, 876 DOI 10.17487/RFC5234, January 2008, 877 . 879 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 880 STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, 881 . 883 [RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 884 Domain Name Mapping", STD 69, RFC 5731, 885 DOI 10.17487/RFC5731, August 2009, 886 . 888 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 889 Code: The Implementation Status Section", BCP 205, 890 RFC 7942, DOI 10.17487/RFC7942, July 2016, 891 . 893 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 894 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 895 May 2017, . 897 12.2. Informative References 899 [RFC3735] Hollenbeck, S., "Guidelines for Extending the Extensible 900 Provisioning Protocol (EPP)", RFC 3735, 901 DOI 10.17487/RFC3735, March 2004, 902 . 904 [RFC3915] Hollenbeck, S., "Domain Registry Grace Period Mapping for 905 the Extensible Provisioning Protocol (EPP)", RFC 3915, 906 DOI 10.17487/RFC3915, September 2004, 907 . 909 [RFC5910] Gould, J. and S. Hollenbeck, "Domain Name System (DNS) 910 Security Extensions Mapping for the Extensible 911 Provisioning Protocol (EPP)", RFC 5910, 912 DOI 10.17487/RFC5910, May 2010, 913 . 915 [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible 916 Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, 917 February 2015, . 919 [RFC8590] Gould, J. and K. Feher, "Change Poll Extension for the 920 Extensible Provisioning Protocol (EPP)", RFC 8590, 921 DOI 10.17487/RFC8590, May 2019, 922 . 924 Appendix A. Change History 926 A.1. Change from 00 to 01 928 1. Removed xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 929 reference from examples. 930 2. removed block from example. 932 3. added SWITCH Automated DNSSEC Provisioning Process at 933 Implementation Status 935 A.2. Change from 01 to 02 937 1. Ping update 939 A.3. Change from 02 to REGEXT 00 941 1. Changed to regext working group draft by changing draft-gould- 942 casanova-regext-unhandled-namespaces to draft-ietf-regext- 943 unhandled-namespaces. 945 A.4. Change from REGEXT 00 to REGEXT 01 947 1. Added the "Signaling Client and Server Support" section to 948 describe the mechanism to signal support for the BCP by the 949 client and the server. 950 2. Added the IANA Considerations section with the registration of 951 the unhandled namespaces XML namespace and the registration of 952 the EPP Best Current Practice (BCP) in the EPP Extension 953 Registry. 955 A.5. Change from REGEXT 01 to REGEXT 02 957 1. Filled in the acknowledgements section. 958 2. Changed the reference from RFC 5730 to RFC 5731 for the transfer 959 example in section 3.1 "Unhandled Object-Level" Extension. 960 3. Updated the XML namespace to 961 urn:ietf:params:xml:ns:epp:unhandled-namespaces-1.0, which 962 removed bcp from the namespace and bumped the version from 0.1 963 and 1.0. Inclusion of bcp in the XML namespace was discussed at 964 the REGEXT interim meeting. 966 A.6. Change from REGEXT 02 to REGEXT 03 968 1. Converted from xml2rfc v2 to v3. 969 2. Updated Acknowledgements to match the approach taken by the RFC 970 Editor with draft-ietf-regext-login-security. 971 3. Changed reference of ietf-regext-change-poll to RFC 8590. 973 A.7. Change from REGEXT 03 to REGEXT 04 975 1. Changed from Best Current Practice (BCP) to Standards Track based 976 on mailing list discussion. 977 2. Revised the dates in the examples to be more up-to-date. 979 A.8. Change from REGEXT 04 to REGEXT 05 981 1. Based on feedback from Thomas Corte, added a description of the 982 element in RFC 5730 and it being extended to support 983 returning unhandled namespace information. 984 2. Based on feedback from Thomas Corte, added a Implementation 985 Considerations section to cover client and server implementation 986 recommendations such as monitoring unhandled namespaces in the 987 server to report to the clients out-of-band and monitoring for 988 responses containing unhanded namespace information in the client 989 to proactively add support for the unhandled namespaces. 990 3. Moved RFC 3735 and RFC 7451 to informative references to address 991 down reference errors in idnits. 993 A.9. Change from REGEXT 05 to REGEXT 06 995 1. Nit updates made based on the feedback provided by the Document 996 Shepherd, David Smith. 998 A.10. Change from REGEXT 06 to REGEXT 07 1000 Updates based on the Barry Leiba (AD) feedback: 1002 1. Simplified the abstract based on the proposal provided by the AD. 1003 2. In section 1.1, updated to use the new BCP 14 boilerplate and add 1004 a normative reference to RFC 8174. 1005 3. In section 1.1, changed "REQUIRED feature of this protocol" to 1006 "required feature of this protocol". 1007 4. In section 3, added "by the XML schema" in "disabled by the XML 1008 schema in [RFC5730]" to clarify the statement. 1009 5. In section 8.2, changed the Registrant Name from "IESG" to 1010 "IETF". 1011 6. In section 10, changed "The document do not provide" to "This 1012 document does not provide". 1013 7. In section 10, added the sentence "Since the unhandled namespace 1014 context is XML that is not processed in the first pass by the XML 1015 parser, the client SHOULD consider validating the XML when the 1016 content is processed to protect against the inclusion of 1017 malicious content.". 1019 A.11. Change from REGEXT 07 to REGEXT 08 1021 1. Nit updates made based on the feedback provided by Peter Yee. 1022 2. Update to the definition of the element based on feedback 1023 from Sabrina Tanamal. 1024 3. Added a sentence in the Introduction section to cover the poison 1025 poll message motivation based on feedback from Qin Wu. 1027 4. Changed "does not define new protocol" to "does not define new 1028 EPP protocol elements" based on feedback from Erik Kline. 1029 5. Changed to use "apply" instead of "support" language in Section 3 1030 based on feedback from Benjamin Kaduk. 1031 6. Updated the examples that reference RFC examples to reference the 1032 RFC section of the example and have the starting XML match based 1033 on feedback from Benjamin Kaduk. 1034 7. Changed "SHOULD consider validating" to "SHOULD validate" in the 1035 Security Considerations section based on feedback from Benjamin 1036 Kaduk. 1037 8. Moved RFC 3915, RFC 5910, and RFC 8590 as informational 1038 references based on feedback from Benjamin Kaduk. 1040 Authors' Addresses 1042 James Gould 1043 VeriSign, Inc. 1044 12061 Bluemont Way 1045 Reston, VA 20190 1046 United States of America 1048 Email: jgould@verisign.com 1049 URI: http://www.verisigninc.com 1051 Martin Casanova 1052 SWITCH 1053 P.O. Box 1054 CH-8021 Zurich 1055 Switzerland 1057 Email: martin.casanova@switch.ch 1058 URI: http://www.switch.ch