REGEXT Working Group G. Brown Internet-Draft ICANN Intended status: Standards Track 25 June 2026 Expires: 27 December 2026 DS Automation Status Extension for the Extensible Provisioning Protocol (EPP) draft-brown-epp-ds-automation-extension-00 Abstract This document specifies an extension to the Domain Mapping for the Extensible Provisioning Protocol (EPP) which allows EPP clients to enable and disable automatic DNSSEC maintenance carried out by the server. It also describes how the maintenance state of a domain can be included in RDAP responses. The source for this draft, and an issue tracker, may can be found at https://github.com/gbxyz/epp-ds-automation-extension. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 27 December 2026. Copyright Notice Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components Brown Expires 27 December 2026 [Page 1] Internet-Draft EPP DS Automation Extension June 2026 extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 2. EPP Extension Elements . . . . . . . . . . . . . . . . . . . 4 3. EPP Command Mapping . . . . . . . . . . . . . . . . . . . . . 4 3.1. EPP Query Commands . . . . . . . . . . . . . . . . . . . 4 3.1.1. EPP Command . . . . . . . . . . . . . . . . . 4 3.2. EPP Transform Commands . . . . . . . . . . . . . . . . . 5 3.2.1. EPP Command . . . . . . . . . . . . . . . . 5 3.2.2. EPP Command . . . . . . . . . . . . . . . . 6 4. RDAP Status Mapping . . . . . . . . . . . . . . . . . . . . . 7 5. Formal Syntax (XML) . . . . . . . . . . . . . . . . . . . . . 7 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 6.1. XML Namespace . . . . . . . . . . . . . . . . . . . . . . 9 6.2. EPP Extension Registry . . . . . . . . . . . . . . . . . 9 6.3. RDAP JSON Values . . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 8. Operational Considerations . . . . . . . . . . . . . . . . . 11 9. Change Log . . . . . . . . . . . . . . . . . . . . . . . . . 11 9.1. v00 . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 11 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 11.1. Normative References . . . . . . . . . . . . . . . . . . 11 11.2. Informative References . . . . . . . . . . . . . . . . . 13 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 14 1. Introduction [RFC7344], [RFC8078], and [RFC9615] automate DNSSEC ([RFC9364]) delegation trust maintenance by having the child publish Child DS (CDS) and/or Child DNSKEY (CDNSKEY) records which indicate the delegation's desired DNSSEC parameters ("DS automation"). [I-D.ietf-dnsop-ds-automation] provides operational recommendations for parent operators wishing to deploy these protocols. Section 6.1 of [I-D.ietf-dnsop-ds-automation] states that domain name registries (see Section 9 of [RFC9499]) *MUST NOT* suspend DS automation solely on the basis of the presence of the serverUpdateProhibited status code (defined in Section 2.3 of [RFC5731]). This status code causes any request to modify the domain name (including DNSSEC information as per [RFC5910]) to be rejected by the EPP server. Brown Expires 27 December 2026 [Page 2] Internet-Draft EPP DS Automation Extension June 2026 The most common use of the serverUpdateProhibited status is as part of a "registry lock" (see [CENTR-REGISTRY-LOCK]), a security measure designed to mitigate the risk of (a) a compromised customer account at the sponsoring registrar (see Section 9 of [RFC9499]), or (b) a compromised or malicious registrar. For domains which have a registry lock, it is not always the case that the registrant of the domain will want DS automation to take place. This document specifies an extension to the Domain Mapping for the Extensible Provisioning Protocol (EPP) [RFC5730] [RFC5731] which allows the sponsoring client of a domain object to specify whether or not DS automation should be carried out by the server. It also describes how the automation state of domain objects should be represented in RDAP ([STD95]) responses. 1.1. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [BCP14] RFC2119 RFC8174 when, and only when, they appear in all capitals, as shown here. In this document's examples, "C:" represents lines sent by a protocol client and "S:" represents lines returned by a protocol server. Indentation and white space in these examples are provided only to illustrate element relationships and are not required features of this protocol. A protocol client that is authorized to manage an existing object is described as a "sponsoring" client throughout this document. XML is case sensitive. Unless stated otherwise, the XML specifications and examples provided in this document MUST be interpreted in the character case presented in order to develop a conforming implementation. EPP uses XML namespaces to provide an extensible object management framework and to identify schemas required for XML instance parsing and validation. These namespaces and schema definitions are used to identify both the base protocol schema and the schemas for managed objects. The XML namespace prefixes used in these examples (such as the string ds-automation in ds-automation:automation) are solely for illustrative purposes. A conforming implementation *MUST NOT* require the use of these or any other specific namespace prefixes. Brown Expires 27 December 2026 [Page 3] Internet-Draft EPP DS Automation Extension June 2026 In accordance with Section 3.2.2.1 of XML Schema Part 2: Datatypes [XSD-DATATYPES], the allowable lexical representations for the xs:boolean datatype are the strings "0" and "false" for the concept 'false' and the strings "1" and "true" for the concept 'true'. Implementations *MUST* support both styles of lexical representation. 2. EPP Extension Elements This specification adds a new element, , to the domain name mapping. This element has a single boolean "enabled" attribute, whose default value is "true". * If the value of the "enabled" attribute is "true" or "1", then the server *MAY* perform DS automation for the domain. * If the value of the "enabled" attribute is "false" or "0", then the server *MUST NOT* perform DS automation for the domain. 3. EPP Command Mapping 3.1. EPP Query Commands 3.1.1. EPP Command This extension does not add any elements to the EPP command described in the EPP domain mapping ([RFC5731]). However, additional elements are defined for the response. When an command has been processed successfully, the EPP element *MUST* contain child elements as described in the EPP domain mapping ([RFC5731]). In addition, the EPP element *MUST* contain a child element that identifies the extension namespace if the domain object has data associated with this extension and based on server policy. The element *MUST* contain a single element which represents the current configuration status for the domain. Example domain response: Brown Expires 27 December 2026 [Page 4] Internet-Draft EPP DS Automation Extension June 2026 S: S: S: S: S: OK S: S: S: S: example.com S: EXAMPLE1-REP S: S: S: ns1.example.net S: ns2.example.org S: S: ClientX S: S: S: S: S: S: S: S: S: 54322-XYZ S: S: S: 3.2. EPP Transform Commands 3.2.1. EPP Command This extension defines additional elements for the EPP command described in the EPP domain mapping [RFC5731]. No additional elements are defined for the EPP response. The EPP command provides a transform operation that allows a client to create a domain object. In addition to the EPP command elements described in the EPP domain mapping ([RFC5731]), the command *MUST* contain an element, and the element *MUST* contain a child element that identifies the extension namespace if the client wants to associate data defined in this extension to the domain object. The element *MUST* contain a single element which represents the desired configuration status for the domain. Brown Expires 27 December 2026 [Page 5] Internet-Draft EPP DS Automation Extension June 2026 Example domain command: C: C: C: C: C: C: example.com C: 1 C: C: ns1.example.net C: ns2.example.org C: C: C: C: C: C: C: C: C: C: C: C: C: 3.2.2. EPP Command This extension defines additional elements for the EPP command described in the EPP domain mapping [RFC5731]. No additional elements are defined for the EPP response. The EPP command provides a transform operation that allows a client to modify the attributes of a domain object. In addition to the EPP command elements described in the EPP domain mapping, the command *MUST* contain an element, and the element *MUST* contain a child element that identifies the extension namespace if the client wants to update the domain object with data defined in this extension. The element *MUST* contain a single element which represents the desired configuration status for the domain. Example domain command: Brown Expires 27 December 2026 [Page 6] Internet-Draft EPP DS Automation Extension June 2026 C: C: C: C: C: C: example.com C: C: C: C: C: C: C: C: C: 4. RDAP Status Mapping Operators of EPP servers who also operate an RDAP server can include an entry in the "status" property of domain responses to allow interested parties to determine whether DS automation is enabled or disabled for a given domain name. * Domains for which DS automation is enabled (ie the value of the "enabled" property is "true" or "1") *MUST* have the "DS automation enabled" value in their "status" property. * Domains for which DS automation is disabled (ie the value of the "enabled" property is "false" or "0") *MUST* have the "DS automation disabled" value in their "status" property. These two status values will be registered in [RDAP-JSON-VALUES] (see Section 6.3). These two values *MUST NOT* both be present at the same time. 5. Formal Syntax (XML) An EPP object mapping is specified in XML Schema notation. The formal syntax presented here is a complete schema representation of the object mapping suitable for automated validation of EPP XML instances. The BEGIN and END tags are not part of the schema; they are used to note the beginning and ending of the schema for URI registration purposes. Brown Expires 27 December 2026 [Page 7] Internet-Draft EPP DS Automation Extension June 2026 BEGIN DS Automation Status Extension for the Extensible Provisioning Protocol (EPP) END Brown Expires 27 December 2026 [Page 8] Internet-Draft EPP DS Automation Extension June 2026 6. IANA Considerations 6.1. XML Namespace This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in [RFC3688]. The following URI assignments are requested of IANA: Registration for the TTL namespace: URI: urn:ietf:params:xml:ns:epp:ds-automation-1.0 Registrant Contact: IESG XML: None. Namespace URIs do not represent an XML specification. Registration for the TTL XML schema: URI: urn:ietf:params:xml:schema:epp:ds-automation-1.0 Registrant Contact: IESG XML: See Section 5 of this document. 6.2. EPP Extension Registry IANA is requested to register the EPP extension described in this document in [EPP-EXTENSIONS], described in [RFC7451]. The details of the registration are as follows: Name of Extension: DS Automation Status Extension for the Extensible Provisioning Protocol (EPP) Document Status: Standards Track Reference: this document Registrant: IESG TLDs: Any IPR Disclosure: None Status: Active Notes: None Brown Expires 27 December 2026 [Page 9] Internet-Draft EPP DS Automation Extension June 2026 6.3. RDAP JSON Values IANA is requested to list this document as a reference for [RDAP-JSON-VALUES] and register the following values: Value: DS automation enabled Type: status Description: The server MAY perform DS automation for this domain. Registrant: IETF Contact Information: iesg@ietf.org Value: DS automation disabled Type: status Description: The server MUST NOT perform DS automation for this domain. Registrant: IETF Contact Information: iesg@ietf.org Reference: this document 7. Security Considerations The mapping extensions described in this document do not provide any security services beyond those described by EPP ([RFC5730]), the EPP domain name mapping ([RFC5731]), and protocol layers used by EPP. The security considerations described in these other specifications apply to this specification as well. As with other domain object transforms, the EPP transform operations described in this document *MUST* be restricted to the sponsoring client as authenticated using the mechanisms described in Sections 2.9.1.1 and 7 of [RFC5730]. Any attempt to perform a transform operation on a domain object by any client other than the sponsoring client *MUST* be rejected with an appropriate EPP authorization error. The provisioning service described in this document involves the exchange of information that can have an operational impact on the DNS. A trust relationship *MUST* exist between the EPP client and server using a strong authentication mechanism. Brown Expires 27 December 2026 [Page 10] Internet-Draft EPP DS Automation Extension June 2026 8. Operational Considerations Server operators *MUST* obey the value for the "enabled" property, irrespective of the presence (or absence) of EPP status codes such as serverUpdateProhibited. When the "enabled" property is "false" or "0", the sponsoring client *MAY* perform DS automation itself, and submit any necessary changes to the DNSSEC configuration of the domain using an command extended by [RFC5910]. When the "enabled" property is "true" or "1", the sponsoring client *SHOULD NOT* perform DS automation, for the reasons outlined in Section 7.2.3 of [I-D.ietf-dnsop-ds-automation]. It is impractical for EPP clients with large portfolios of domain names that wish to deploy (or decommission) DS automation themselves to submit commands to enable or disable DS automation for all domains under their sponsorship. It is *RECOMMENDED* that server operators provide an out-of-band method for clients to enable or disable DS automation for all domains under their sponsorship in a single operation. 9. Change Log This section is to be removed before publishing as an RFC. 9.1. v00 * Initial version based on conversations within ICANN GDS Technical Services, and Peter Thomassen. 10. Acknowledgements The author wishes to thank the following for their constructive feedback and advice during the development of this document: Andy Newton, Gustavo Lozano, Francisco Arias, Peter Thomassen. 11. References 11.1. Normative References [BCP14] Best Current Practice 14, . At the time of writing, this BCP comprises the following: Brown Expires 27 December 2026 [Page 11] Internet-Draft EPP DS Automation Extension June 2026 Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [EPP-EXTENSIONS] "Extensions for the Extensible Provisioning Protocol (EPP)", n.d., . [I-D.ietf-dnsop-ds-automation] Sheng, S. and P. Thomassen, "Operational Recommendations for DNSSEC Delegation Signer (DS) Automation", Work in Progress, Internet-Draft, draft-ietf-dnsop-ds-automation- 09, 22 May 2026, . [RDAP-JSON-VALUES] "RDAP JSON Values", n.d., . [RFC3688] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10.17487/RFC3688, January 2004, . [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, . [RFC5731] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) Domain Name Mapping", STD 69, RFC 5731, DOI 10.17487/RFC5731, August 2009, . [RFC7451] Hollenbeck, S., "Extension Registry for the Extensible Provisioning Protocol", RFC 7451, DOI 10.17487/RFC7451, February 2015, . [STD95] Internet Standard 95, . At the time of writing, this STD comprises the following: Brown Expires 27 December 2026 [Page 12] Internet-Draft EPP DS Automation Extension June 2026 Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the Registration Data Access Protocol (RDAP)", STD 95, RFC 7480, DOI 10.17487/RFC7480, March 2015, . Hollenbeck, S. and N. Kong, "Security Services for the Registration Data Access Protocol (RDAP)", STD 95, RFC 7481, DOI 10.17487/RFC7481, March 2015, . Hollenbeck, S. and A. Newton, "Registration Data Access Protocol (RDAP) Query Format", STD 95, RFC 9082, DOI 10.17487/RFC9082, June 2021, . Hollenbeck, S. and A. Newton, "JSON Responses for the Registration Data Access Protocol (RDAP)", STD 95, RFC 9083, DOI 10.17487/RFC9083, June 2021, . Blanchet, M., "Finding the Authoritative Registration Data Access Protocol (RDAP) Service", STD 95, RFC 9224, DOI 10.17487/RFC9224, March 2022, . [XSD-DATATYPES] Biron, P. V. and A. Malhotra, "XML Schema Part 2: Datatypes Second Edition", W3C Recommendation, October 2004, . 11.2. Informative References [CENTR-REGISTRY-LOCK] "Models of registry lock for top-level domain registries", CENTR, August 2020, . [RFC5910] Gould, J. and S. Hollenbeck, "Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP)", RFC 5910, DOI 10.17487/RFC5910, May 2010, . [RFC7344] Kumari, W., Gudmundsson, O., and G. Barwood, "Automating DNSSEC Delegation Trust Maintenance", RFC 7344, DOI 10.17487/RFC7344, September 2014, . Brown Expires 27 December 2026 [Page 13] Internet-Draft EPP DS Automation Extension June 2026 [RFC8078] Gudmundsson, O. and P. Wouters, "Managing DS Records from the Parent via CDS/CDNSKEY", RFC 8078, DOI 10.17487/RFC8078, March 2017, . [RFC9364] Hoffman, P., "DNS Security Extensions (DNSSEC)", BCP 237, RFC 9364, DOI 10.17487/RFC9364, February 2023, . [RFC9499] Hoffman, P. and K. Fujiwara, "DNS Terminology", BCP 219, RFC 9499, DOI 10.17487/RFC9499, March 2024, . [RFC9615] Thomassen, P. and N. Wisiol, "Automatic DNSSEC Bootstrapping Using Authenticated Signals from the Zone's Operator", RFC 9615, DOI 10.17487/RFC9615, July 2024, . Author's Address Gavin Brown ICANN Email: gavin.brown@icann.org Brown Expires 27 December 2026 [Page 14]