ENUM Validation Token Format Definition
RFC 5105
| Document | Type | RFC - Proposed Standard (December 2007) IPR | |
|---|---|---|---|
| Author | Otmar Lendl | ||
| Last updated | 2015-10-14 | ||
| RFC stream | Internet Engineering Task Force (IETF) | ||
| Formats | |||
| Additional resources | Mailing list discussion | ||
| IESG | Responsible AD | Jon Peterson | |
| Send notices to | (None) |
RFC 5105
quot;required"/>
</complexType>
<complexType name="tokenBaseType">
<sequence>
<element name="validation"
type="enum-token:validationDataType"/>
<any namespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
minOccurs="0"/>
<any namespace="http://www.w3.org/2000/09/xmldsig#"/>
</sequence>
<attribute name="Id" type="ID" use="required"/>
</complexType>
</schema>
END
6.2. Token Data Schema
BEGIN
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:ietf:params:xml:ns:enum-tokendata-1.0"
xmlns:enum-tokendata="urn:ietf:params:xml:ns:enum-tokendata-1.0"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified">
<element name="tokendata" type="enum-tokendata:tokenDataType"/>
<simpleType name="E115String">
<restriction base="string">
<pattern value="[ -z -퟿-�]*"/>
</restriction>
</simpleType>
<simpleType name="E115StringUb256">
<restriction base="enum-tokendata:E115String">
<minLength value="1"/>
<maxLength value="256"/>
Lendl Standards Track [Page 10]
RFC 5105 ENUM Validation Token December 2007
</restriction>
</simpleType>
<simpleType name="countryCodeType">
<restriction base="token">
<minLength value="2"/>
<maxLength value="2"/>
</restriction>
</simpleType>
<simpleType name="TokenType">
<restriction base="token">
<minLength value="1"/>
<maxLength value="64"/>
</restriction>
</simpleType>
<complexType name="addressType">
<all>
<element name="streetName" minOccurs="0"
type="enum-tokendata:E115StringUb256" />
<element name="houseNumber" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="postalCode" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="locality" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="countyStateOrProvince" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="ISOcountryCode" minOccurs="0"
type="enum-tokendata:countryCodeType"/>
</all>
</complexType>
<group name="tokenContactBaseGroup">
<sequence>
<element name="organisation" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="commercialregisternumber" minOccurs="0"
type="enum-tokendata:TokenType"/>
<element name="title" minOccurs="0"
type="enum-tokendata:TokenType"/>
<element name="firstname" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="lastname" minOccurs="0"
type="enum-tokendata:E115StringUb256"/>
<element name="address" minOccurs="0"
type="enum-tokendata:addressType"/>
Lendl Standards Track [Page 11]
RFC 5105 ENUM Validation Token December 2007
<element name="phone" type="enum-tokendata:TokenType"
minOccurs="0" maxOccurs="10" />
<element name="fax" type="enum-tokendata:TokenType"
minOccurs="0" maxOccurs="10" />
<element name="email" type="enum-tokendata:TokenType"
minOccurs="0" maxOccurs="10" />
</sequence>
</group>
<complexType name="contactType">
<sequence>
<group ref="enum-tokendata:tokenContactBaseGroup"/>
</sequence>
</complexType>
<complexType name="tokenDataType">
<sequence>
<element name="contact" type="enum-tokendata:contactType"/>
</sequence>
</complexType>
</schema>
END
7. Other Applications of the Token Concept
The concept of the validation token may be useful in other
registry-type applications where the proof of an underlying right is
a condition for a valid registration.
An example is a Top Level Domain (TLD) where registration is subject
to proof of some precondition, like a trade mark or the right in a
name. Such situations often arise during the introduction of a new
TLD, e.g., during a "sunrise" phase.
A Number Portability (NP) database faces very similar verification
issues. An NP system based on the Token concept could potentially be
superior to current methods, and aid in the convergence of NP and
ENUM.
8. IANA Considerations
This document uses Uniform Resource Names (URNs) to describe XML
namespaces and XML schemas conforming to a registry mechanism
described in RFC 3688 [12]. IANA has made the following four URI
assignments.
Lendl Standards Track [Page 12]
RFC 5105 ENUM Validation Token December 2007
1. Registration for the Token namespace:
* URI: urn:ietf:params:xml:ns:enum-token-1.0
* Registrant Contact: See the "Author's Address" section of this
document.
* XML: None. Namespace URIs do not represent an XML
specification.
2. Registration for the Token XML schema:
* URI: urn:ietf:params:xml:schema:enum-token-1.0
* Registrant Contact: See the "Author's Address" section of this
document.
* XML: See Section 6.1 of this document.
3. Registration for the Token Data namespace:
* URI: urn:ietf:params:xml:ns:enum-tokendata-1.0
* Registrant Contact: See the "Author's Address" section of this
document.
* XML: None. Namespace URIs do not represent an XML
specification.
4. Registration for the Token Data XML schema:
* URI: urn:ietf:params:xml:schema:enum-tokendata-1.0
* Registrant Contact: See the "Author's Address" section of this
document.
* XML: See Section 6.2 of this document.
The IDs used in the validationEntityID, RegistrarID, and methodID
elements are subject to local policy and thus do not require IANA
registration.
9. Security Considerations
The security of the Validation Token depends on the security of the
underlying XML DSIG algorithms. As such, all the security
considerations from [4] apply here as well. Two points from [4]
merit repetition:
Transforms are used to select the relevant data for signing and
discarding irrelevant information (e.g., pretty-printing and
name-space local names).
The <Reference URI="#TOKEN"> element and attribute combined with the
Id="TOKEN" attribute in <token> specifies that the signature should
cover the complete token. Moving the Id="TOKEN" attribute to e.g.,
the <tokendata> element would make the signature worthless.
Lendl Standards Track [Page 13]
RFC 5105 ENUM Validation Token December 2007
It is thus critical that the Registry not only checks whether the
Token passes a generic XML-DSIG signature check, but also that:
1. the signature uses approved transforms and cryptographic
algorithms.
2. the signature references the <token> element.
3. the key used in the signature belongs to an accredited VE.
The Token content is not encrypted. If local policy dictates that
the information contained within the token should be confidential,
then this has to be handled through a different mechanism.
When processing a delegation request, the Registry MUST verify that
the information contained in the Token matches the delegation
request. The <registrarID> element in the Token prevents a malicious
second Registrar from using an eavesdropped Token to register a
domain in his name. The Registry MUST verify that the
<expirationDate> given (including the case of no given expiration
date) conforms to the Registry's policy. To avert replay attacks,
local policy MUST specify how long after <executionDate> the Token
can be used to authorize a delegation.
10. Acknowledgements
The author would like to thank the following persons for their
valuable suggestions and contributions: Michael Haberler, Alexander
Mayrhofer, Bernie Hoeneisen, Michael Braunoeder, Staffan Hagnell,
Lawrence Conroy, and Tony Rutkowski.
11. References
11.1. Normative References
[1] Faltstrom, P. and M. Mealling, "The E.164 to Uniform Resource
Identifiers (URI) Dynamic Delegation Discovery System (DDDS)
Application (ENUM)", RFC 3761, April 2004.
[2] ITU-T, "The international public telecommunication numbering
plan", Recommendation E.164, May 1997.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[4] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible Markup
Language) XML-Signature Syntax and Processing", RFC 3275, March
2002.
Lendl Standards Track [Page 14]
RFC 5105 ENUM Validation Token December 2007
[5] Eastlake 3rd, D., "Additional XML Security Uniform Resource
Identifiers (URIs)", RFC 4051, April 2005.
[6] Klyne, G. and C. Newman, "Date and Time on the Internet:
Timestamps", RFC 3339, July 2002.
[7] Maloney, M., Beech, D., Mendelsohn, N., and H. Thompson, "XML
Schema Part 1: Structures", W3C REC REC-xmlschema-1-20010502,
May 2001.
[8] Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes", W3C
REC REC-xmlschema-2-20010502, May 2001.
[9] Eastlake, D., Boyer, J., and J. Reagle, "Exclusive XML
Canonicalization Version 1.0", W3C REC REC-xml-exc-c14n-
20020718, July 2002.
[10] International Telecommunications Union, "Information technology
- Open Systems Interconnection - The Directory: Public-key and
attribute certificate frameworks", ITU-T Recommendation X.509,
ISO Standard 9594-8, March 2000.
[11] International Organization for Standardization, "Codes for the
representation of names of countries and their subdivisions --
Part 1: Country codes, 2nd edition", ISO Standard 3166,
November 2006.
[12] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688,
January 2004.
11.2. Informative References
[13] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", RFC
4930, May 2007.
[14] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms
and Identifiers for RSA Cryptography for use in the Internet
X.509 Public Key Infrastructure Certificate and Certificate
Revocation List (CRL) Profile", RFC 4055, June 2005.
[15] Mayrhofer, A. and B. Hoeneisen, "ENUM Validation
Architecture", RFC 4725, November 2006.
[16] Hoeneisen, B., "ENUM Validation Information Mapping for the
Extensible Provisioning Protocol", RFC 5076, December 2007.
[17] ITU-T, "Computerized Directory Assistance Version 2",
Recommendation E.115v2, October 2005.
Lendl Standards Track [Page 15]
RFC 5105 ENUM Validation Token December 2007
Author's Address
Otmar Lendl
enum.at GmbH
Karlsplatz 1/2/9
Wien A-1010
Austria
Phone: +43 1 5056416 33
EMail: otmar.lendl@enum.at
URI: http://www.enum.at/
Lendl Standards Track [Page 16]
RFC 5105 ENUM Validation Token December 2007
Full Copyright Statement
Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Lendl Standards Track [Page 17]