ENUM Validation Token Format Definition
RFC 5105
Document | Type | RFC - Proposed Standard (December 2007) IPR | |
---|---|---|---|
Author | Otmar Lendl | ||
Last updated | 2015-10-14 | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Formats | |||
Additional resources | Mailing list discussion | ||
IESG | Responsible AD | Jon Peterson | |
Send notices to | (None) |
RFC 5105
quot;required"/> </complexType> <complexType name="tokenBaseType"> <sequence> <element name="validation" type="enum-token:validationDataType"/> <any namespace="urn:ietf:params:xml:ns:enum-tokendata-1.0" minOccurs="0"/> <any namespace="http://www.w3.org/2000/09/xmldsig#"/> </sequence> <attribute name="Id" type="ID" use="required"/> </complexType> </schema> END 6.2. Token Data Schema BEGIN <?xml version="1.0" encoding="UTF-8"?> <schema targetNamespace="urn:ietf:params:xml:ns:enum-tokendata-1.0" xmlns:enum-tokendata="urn:ietf:params:xml:ns:enum-tokendata-1.0" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <element name="tokendata" type="enum-tokendata:tokenDataType"/> <simpleType name="E115String"> <restriction base="string"> <pattern value="[ -z -퟿-�]*"/> </restriction> </simpleType> <simpleType name="E115StringUb256"> <restriction base="enum-tokendata:E115String"> <minLength value="1"/> <maxLength value="256"/> Lendl Standards Track [Page 10] RFC 5105 ENUM Validation Token December 2007 </restriction> </simpleType> <simpleType name="countryCodeType"> <restriction base="token"> <minLength value="2"/> <maxLength value="2"/> </restriction> </simpleType> <simpleType name="TokenType"> <restriction base="token"> <minLength value="1"/> <maxLength value="64"/> </restriction> </simpleType> <complexType name="addressType"> <all> <element name="streetName" minOccurs="0" type="enum-tokendata:E115StringUb256" /> <element name="houseNumber" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="postalCode" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="locality" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="countyStateOrProvince" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="ISOcountryCode" minOccurs="0" type="enum-tokendata:countryCodeType"/> </all> </complexType> <group name="tokenContactBaseGroup"> <sequence> <element name="organisation" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="commercialregisternumber" minOccurs="0" type="enum-tokendata:TokenType"/> <element name="title" minOccurs="0" type="enum-tokendata:TokenType"/> <element name="firstname" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="lastname" minOccurs="0" type="enum-tokendata:E115StringUb256"/> <element name="address" minOccurs="0" type="enum-tokendata:addressType"/> Lendl Standards Track [Page 11] RFC 5105 ENUM Validation Token December 2007 <element name="phone" type="enum-tokendata:TokenType" minOccurs="0" maxOccurs="10" /> <element name="fax" type="enum-tokendata:TokenType" minOccurs="0" maxOccurs="10" /> <element name="email" type="enum-tokendata:TokenType" minOccurs="0" maxOccurs="10" /> </sequence> </group> <complexType name="contactType"> <sequence> <group ref="enum-tokendata:tokenContactBaseGroup"/> </sequence> </complexType> <complexType name="tokenDataType"> <sequence> <element name="contact" type="enum-tokendata:contactType"/> </sequence> </complexType> </schema> END 7. Other Applications of the Token Concept The concept of the validation token may be useful in other registry-type applications where the proof of an underlying right is a condition for a valid registration. An example is a Top Level Domain (TLD) where registration is subject to proof of some precondition, like a trade mark or the right in a name. Such situations often arise during the introduction of a new TLD, e.g., during a "sunrise" phase. A Number Portability (NP) database faces very similar verification issues. An NP system based on the Token concept could potentially be superior to current methods, and aid in the convergence of NP and ENUM. 8. IANA Considerations This document uses Uniform Resource Names (URNs) to describe XML namespaces and XML schemas conforming to a registry mechanism described in RFC 3688 [12]. IANA has made the following four URI assignments. Lendl Standards Track [Page 12] RFC 5105 ENUM Validation Token December 2007 1. Registration for the Token namespace: * URI: urn:ietf:params:xml:ns:enum-token-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: None. Namespace URIs do not represent an XML specification. 2. Registration for the Token XML schema: * URI: urn:ietf:params:xml:schema:enum-token-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: See Section 6.1 of this document. 3. Registration for the Token Data namespace: * URI: urn:ietf:params:xml:ns:enum-tokendata-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: None. Namespace URIs do not represent an XML specification. 4. Registration for the Token Data XML schema: * URI: urn:ietf:params:xml:schema:enum-tokendata-1.0 * Registrant Contact: See the "Author's Address" section of this document. * XML: See Section 6.2 of this document. The IDs used in the validationEntityID, RegistrarID, and methodID elements are subject to local policy and thus do not require IANA registration. 9. Security Considerations The security of the Validation Token depends on the security of the underlying XML DSIG algorithms. As such, all the security considerations from [4] apply here as well. Two points from [4] merit repetition: Transforms are used to select the relevant data for signing and discarding irrelevant information (e.g., pretty-printing and name-space local names). The <Reference URI="#TOKEN"> element and attribute combined with the Id="TOKEN" attribute in <token> specifies that the signature should cover the complete token. Moving the Id="TOKEN" attribute to e.g., the <tokendata> element would make the signature worthless. Lendl Standards Track [Page 13] RFC 5105 ENUM Validation Token December 2007 It is thus critical that the Registry not only checks whether the Token passes a generic XML-DSIG signature check, but also that: 1. the signature uses approved transforms and cryptographic algorithms. 2. the signature references the <token> element. 3. the key used in the signature belongs to an accredited VE. The Token content is not encrypted. If local policy dictates that the information contained within the token should be confidential, then this has to be handled through a different mechanism. When processing a delegation request, the Registry MUST verify that the information contained in the Token matches the delegation request. The <registrarID> element in the Token prevents a malicious second Registrar from using an eavesdropped Token to register a domain in his name. The Registry MUST verify that the <expirationDate> given (including the case of no given expiration date) conforms to the Registry's policy. To avert replay attacks, local policy MUST specify how long after <executionDate> the Token can be used to authorize a delegation. 10. Acknowledgements The author would like to thank the following persons for their valuable suggestions and contributions: Michael Haberler, Alexander Mayrhofer, Bernie Hoeneisen, Michael Braunoeder, Staffan Hagnell, Lawrence Conroy, and Tony Rutkowski. 11. References 11.1. Normative References [1] Faltstrom, P. and M. Mealling, "The E.164 to Uniform Resource Identifiers (URI) Dynamic Delegation Discovery System (DDDS) Application (ENUM)", RFC 3761, April 2004. [2] ITU-T, "The international public telecommunication numbering plan", Recommendation E.164, May 1997. [3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [4] Eastlake 3rd, D., Reagle, J., and D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing", RFC 3275, March 2002. Lendl Standards Track [Page 14] RFC 5105 ENUM Validation Token December 2007 [5] Eastlake 3rd, D., "Additional XML Security Uniform Resource Identifiers (URIs)", RFC 4051, April 2005. [6] Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, July 2002. [7] Maloney, M., Beech, D., Mendelsohn, N., and H. Thompson, "XML Schema Part 1: Structures", W3C REC REC-xmlschema-1-20010502, May 2001. [8] Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes", W3C REC REC-xmlschema-2-20010502, May 2001. [9] Eastlake, D., Boyer, J., and J. Reagle, "Exclusive XML Canonicalization Version 1.0", W3C REC REC-xml-exc-c14n- 20020718, July 2002. [10] International Telecommunications Union, "Information technology - Open Systems Interconnection - The Directory: Public-key and attribute certificate frameworks", ITU-T Recommendation X.509, ISO Standard 9594-8, March 2000. [11] International Organization for Standardization, "Codes for the representation of names of countries and their subdivisions -- Part 1: Country codes, 2nd edition", ISO Standard 3166, November 2006. [12] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004. 11.2. Informative References [13] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", RFC 4930, May 2007. [14] Schaad, J., Kaliski, B., and R. Housley, "Additional Algorithms and Identifiers for RSA Cryptography for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 4055, June 2005. [15] Mayrhofer, A. and B. Hoeneisen, "ENUM Validation Architecture", RFC 4725, November 2006. [16] Hoeneisen, B., "ENUM Validation Information Mapping for the Extensible Provisioning Protocol", RFC 5076, December 2007. [17] ITU-T, "Computerized Directory Assistance Version 2", Recommendation E.115v2, October 2005. Lendl Standards Track [Page 15] RFC 5105 ENUM Validation Token December 2007 Author's Address Otmar Lendl enum.at GmbH Karlsplatz 1/2/9 Wien A-1010 Austria Phone: +43 1 5056416 33 EMail: otmar.lendl@enum.at URI: http://www.enum.at/ Lendl Standards Track [Page 16] RFC 5105 ENUM Validation Token December 2007 Full Copyright Statement Copyright (C) The IETF Trust (2007). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Lendl Standards Track [Page 17]