Network Working Group S. Hollenbeck
Request for Comments: 4310 VeriSign, Inc.
Category: Standards Track November 2005
Network Working Group S. Hollenbeck
Request for Comments: 4310 VeriSign, Inc.
Category: Standards Track November 2005
Domain Name System (DNS) Security Extensions Mapping for the Extensible Provisioning Protocol (EPP)
可扩展配置协议(EPP)的域名系统(DNS)安全扩展映射
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document describes an Extensible Provisioning Protocol (EPP) extension mapping for the provisioning and management of Domain Name System security extensions (DNSSEC) for domain names stored in a shared central repository. Specified in XML, this mapping extends the EPP domain name mapping to provide additional features required for the provisioning of DNS security extensions.
本文档描述了可扩展配置协议(EPP)扩展映射,用于为存储在共享中央存储库中的域名提供和管理域名系统安全扩展(DNSSEC)。在XML中指定,此映射扩展了EPP域名映射,以提供提供DNS安全扩展所需的其他功能。
Table of Contents
目录
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................2
2. Object Attributes ...............................................3
2.1. Delegation Signer Information ..............................3
2.1.1. Public Key Information ..............................3
2.2. Booleans ...................................................3
2.3. Maximum Signature Lifetime Values ..........................4
3. EPP Command Mapping .............................................4
3.1. EPP Query Commands .........................................4
3.1.1. EPP <check> Command .................................4
3.1.2. EPP <info> Command ..................................4
3.1.3. EPP <transfer> Command ..............................8
3.2. EPP Transform Commands .....................................8
3.2.1. EPP <create> Command ................................8
3.2.2. EPP <delete> Command ...............................11
3.2.3. EPP <renew> Command ................................11
3.2.4. EPP <transfer> Command .............................11
1. Introduction ....................................................2
1.1. Conventions Used in This Document ..........................2
2. Object Attributes ...............................................3
2.1. Delegation Signer Information ..............................3
2.1.1. Public Key Information ..............................3
2.2. Booleans ...................................................3
2.3. Maximum Signature Lifetime Values ..........................4
3. EPP Command Mapping .............................................4
3.1. EPP Query Commands .........................................4
3.1.1. EPP <check> Command .................................4
3.1.2. EPP <info> Command ..................................4
3.1.3. EPP <transfer> Command ..............................8
3.2. EPP Transform Commands .....................................8
3.2.1. EPP <create> Command ................................8
3.2.2. EPP <delete> Command ...............................11
3.2.3. EPP <renew> Command ................................11
3.2.4. EPP <transfer> Command .............................11
3.2.5. EPP <update> Command ...............................11
4. Formal Syntax ..................................................15
5. Internationalization Considerations ............................18
6. IANA Considerations ............................................18
7. Security Considerations ........................................18
8. Acknowledgements ...............................................20
9. References .....................................................20
9.1. Normative References ......................................20
9.2. Informative References ....................................21
3.2.5. EPP <update> Command ...............................11
4. Formal Syntax ..................................................15
5. Internationalization Considerations ............................18
6. IANA Considerations ............................................18
7. Security Considerations ........................................18
8. Acknowledgements ...............................................20
9. References .....................................................20
9.1. Normative References ......................................20
9.2. Informative References ....................................21
This document describes an extension mapping for version 1.0 of the Extensible Provisioning Protocol (EPP) described in RFC 3730 [1]. This mapping, an extension of the domain name mapping described in RFC 3731 [2], is specified using the Extensible Markup Language (XML) 1.0 [3] and XML Schema notation ([4], [5]).
本文档描述了RFC 3730[1]中描述的可扩展资源调配协议(EPP)1.0版的扩展映射。此映射是RFC 3731[2]中描述的域名映射的扩展,使用可扩展标记语言(XML)1.0[3]和XML模式符号([4],[5])指定。
The EPP core protocol specification [1] provides a complete description of EPP command and response structures. A thorough understanding of the base protocol specification is necessary to understand the mapping described in this document. Familiarity with the Domain Name System (DNS) described in RFC 1034 [11] and RFC 1035 [12] and with DNS security extensions described in RFC 4033 [13], RFC 4034 [6], and RFC 4035 [7] is required to understand the DNS security concepts described in this document.
EPP核心协议规范[1]提供了EPP命令和响应结构的完整描述。要理解本文档中描述的映射,必须彻底理解基本协议规范。需要熟悉RFC 1034[11]和RFC 1035[12]中描述的域名系统(DNS)以及RFC 4033[13]、RFC 4034[6]和RFC 4035[7]中描述的DNS安全扩展,才能理解本文档中描述的DNS安全概念。
The EPP mapping described in this document specifies a mechanism for the provisioning and management of DNS security extensions in a shared central repository. Information exchanged via this mapping can be extracted from the repository and used to publish DNSSEC delegation signer (DS) resource records as described in RFC 4034 [6].
本文档中描述的EPP映射指定了在共享中央存储库中提供和管理DNS安全扩展的机制。通过此映射交换的信息可以从存储库中提取,并用于发布DNSSEC委派签名者(DS)资源记录,如RFC 4034[6]中所述。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [8].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14、RFC 2119[8]中的描述进行解释。
In examples, "C:" represents lines sent by a protocol client, and "S:" represents lines returned by a protocol server. "////" is used to note element values that have been shortened to better fit page boundaries. Indentation and white space in examples is provided only to illustrate element relationships and is not a mandatory feature of this protocol.
在示例中,“C:”表示协议客户端发送的行,“S:”表示协议服务器返回的行。“///”用于记录缩短以更好地适应页面边界的元素值。示例中的缩进和空白仅用于说明元素关系,不是本协议的强制性功能。
XML is case sensitive. Unless stated otherwise, XML specifications and examples provided in this document MUST be interpreted in the character case presented in order to develop a conforming implementation.
XML区分大小写。除非另有说明,否则本文档中提供的XML规范和示例必须以所提供的字符大小写进行解释,以便开发一致的实现。
This extension adds additional elements to the EPP domain name mapping [2]. Only new element descriptions are described here.
此扩展将向EPP域名映射添加其他元素[2]。这里只描述新元素描述。
This document describes operational scenarios in which a client can create, add, remove, and replace delegation signer (DS) information. Key data associated with the DS information MAY be provided by the client, but the server is not obligated to use the key data. The server operator MAY also issue out-of-band DNS queries to retrieve the key data from the registered domain's apex in order to evaluate the received DS information. It is RECOMMENDED that the child zone operator have this key data online in the DNS tree to allow the parent zone administrator to validate the data as necessary. The key data SHOULD have the Secure Entry Point (SEP) bit set as described in RFC 3757 [9].
本文档描述了客户机可以创建、添加、删除和替换委派签名者(DS)信息的操作场景。与DS信息相关联的密钥数据可以由客户端提供,但是服务器没有义务使用密钥数据。服务器运营商还可以发出带外DNS查询以从注册域的apex检索密钥数据,以便评估接收到的DS信息。建议子区域操作员在DNS树中联机此密钥数据,以允许父区域管理员根据需要验证数据。密钥数据应具有RFC 3757[9]中所述的安全入口点(SEP)位。
Delegation signer (DS) information is published by a DNS server to indicate that a child zone is digitally signed and that the parent zone recognizes the indicated key as a valid zone key for the child zone. A DS RR contains four fields: a key tag field, a key algorithm number octet, an octet identifying the digest algorithm used, and a digest field. See RFC 4034 [6] for specific field formats.
DNS服务器发布委派签名者(DS)信息,以指示子区域已进行数字签名,并且父区域将指示的密钥识别为子区域的有效区域密钥。DS RR包含四个字段:密钥标记字段、密钥算法编号八位组、标识所用摘要算法的八位组和摘要字段。具体字段格式见RFC 4034[6]。
Public key information provided by a client maps to the DNSKEY RR presentation field formats described in section 2.2 of RFC 4034 [6]. A DNSKEY RR contains four fields: flags, a protocol octet, an algorithm number octet, and a public key.
客户提供的公钥信息映射到RFC 4034[6]第2.2节中描述的DNSKEY RR表示字段格式。DNSKEY RR包含四个字段:标志、协议八位字节、算法编号八位字节和公钥。
Boolean values MUST be represented in the XML Schema format described in Part 2 of the W3C XML Schema recommendation [5].
布尔值必须以W3C XML模式建议[5]第2部分中描述的XML模式格式表示。
Maximum signature lifetime values MUST be represented in seconds using an extended XML Schema "int" format. The base "int" format, which allows negative numbers, is described in Part 2 of the W3C XML Schema recommendation [5]. This format is further restricted to enforce a minimum value of one.
最大签名生存期值必须使用扩展XML模式“int”格式以秒为单位表示。W3CXML模式建议[5]的第2部分描述了允许负数的基本“int”格式。此格式进一步限制为强制执行最小值1。
A detailed description of the EPP syntax and semantics can be found in the EPP core protocol specification [1]. The command mappings described here are specifically for use in provisioning and managing DNS security extensions via EPP.
EPP语法和语义的详细描述可在EPP核心协议规范[1]中找到。这里描述的命令映射专门用于通过EPP配置和管理DNS安全扩展。
EPP provides three commands to retrieve object information: <check> to determine if an object is known to the server, <info> to retrieve detailed information associated with an object, and <transfer> to retrieve object transfer status information.
EPP提供了三个命令来检索对象信息:<check>来确定服务器是否知道对象,<info>来检索与对象相关的详细信息,<transfer>来检索对象传输状态信息。
This extension does not add any elements to the EPP <check> command or <check> response described in the EPP domain mapping [2].
此扩展不向EPP域映射[2]中描述的EPP<check>命令或<check>响应添加任何元素。
This extension does not add any elements to the EPP <info> command described in the EPP domain mapping [2]. Additional elements are defined for the <info> response.
此扩展不向EPP域映射[2]中描述的EPP<info>命令添加任何元素。为<info>响应定义了其他元素。
When an <info> command has been processed successfully, the EPP <resData> element MUST contain child elements as described in the EPP domain mapping [2]. In addition, the EPP <extension> element MUST contain a child <secDNS:infData> element that identifies the extension namespace and the location of the extension schema. The <secDNS:infData> element contains the following child elements:
成功处理<info>命令后,EPP<resData>元素必须包含EPP域映射[2]中所述的子元素。此外,EPP<extension>元素必须包含一个子<secDNS:infData>元素,该元素标识扩展名称空间和扩展架构的位置。<secDNS:infData>元素包含以下子元素:
One or more <secDNS:dsData> elements that describe the delegation signer data provided by the client for the domain. The <secDNS: dsData> element contains the following child elements:
一个或多个<secDNS:dsData>元素,描述客户端为域提供的委托签名者数据。<secDNS:dsData>元素包含以下子元素:
A <secDNS:keyTag> element that contains a key tag value as described in section 5.1.1 of RFC 4034 [6].
一个<secDNS:keyTag>元素,包含RFC 4034[6]第5.1.1节所述的密钥标签值。
A <secDNS:alg> element that contains an algorithm value as described in section 5.1.2 of RFC 4034 [6].
包含RFC 4034[6]第5.1.2节所述算法值的<secDNS:alg>元素。
A <secDNS:digestType> element that contains a digest type value as described in section 5.1.3 of RFC 4034 [6].
包含RFC 4034[6]第5.1.3节所述摘要类型值的<secDNS:digestType>元素。
A <secDNS:digest> element that contains a digest value as described in section 5.1.4 of RFC 4034 [6].
包含RFC 4034[6]第5.1.4节所述摘要值的<secDNS:digest>元素。
An OPTIONAL <secDNS:maxSigLife> element that indicates a child's preference for the number of seconds after signature generation when the parent's signature on the DS information provided by the child will expire. A client SHOULD specify the same <secDNS:maxSigLife> value for all <secDNS:dsData> elements associated with a domain. If the <secDNS:maxSigLife> is not present, or if multiple <secDNS:maxSigLife> values are requested, the default signature expiration policy of the server operator (as determined using an out-of-band mechanism) applies.
一个可选的<secDNS:maxSigLife>元素,指示孩子在签名生成后的秒数上的首选项,当孩子提供的DS信息上的父签名过期时。客户端应为与域关联的所有<secDNS:dsData>元素指定相同的<secDNS:maxSigLife>值。如果<secDNS:maxSigLife>不存在,或者如果请求了多个<secDNS:maxSigLife>值,则服务器运营商的默认签名过期策略(使用带外机制确定)适用。
An OPTIONAL <secDNS:keyData> element that describes the key data used as input in the DS hash calculation. The <secDNS: keyData> element contains the following child elements:
可选的<secDNS:keyData>元素,描述在DS哈希计算中用作输入的密钥数据。<secDNS:keyData>元素包含以下子元素:
A <secDNS:flags> element that contains a flags field value as described in section 2.1.1 of RFC 4034 [6].
包含RFC 4034[6]第2.1.1节所述标志字段值的<secDNS:flags>元素。
A <secDNS:protocol> element that contains a protocol field value as described in section 2.1.2 of RFC 4034 [6].
包含RFC 4034[6]第2.1.2节所述协议字段值的<secDNS:protocol>元素。
A <secDNS:alg> element that contains an algorithm number field value as described in sections 2.1.3 of RFC 4034 [6].
包含RFC 4034[6]第2.1.3节所述算法编号字段值的<secDNS:alg>元素。
A <secDNS:pubKey> element that contains an encoded public key field value as described in sections 2.1.4 of RFC 4034 [6].
一个<secDNS:pubKey>元素,包含RFC 4034[6]第2.1.4节所述的编码公钥字段值。
Example <info> Response for a Secure Delegation:
安全委派的<info>响应示例:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
S: epp-1.0.xsd">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
S: epp-1.0.xsd">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S: <resData>
S: <domain:infData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
S: domain-1.0.xsd">
S: <domain:name>example.com</domain:name>
S: <domain:roid>EXAMPLE1-REP</domain:roid>
S: <domain:status s="ok"/>
S: <domain:registrant>jd1234</domain:registrant>
S: <domain:contact type="admin">sh8013</domain:contact>
S: <domain:contact type="tech">sh8013</domain:contact>
S: <domain:ns>
S: <domain:hostObj>ns1.example.com</domain:hostObj>
S: <domain:hostObj>ns2.example.com</domain:hostObj>
S: </domain:ns>
S: <domain:host>ns1.example.com</domain:host>
S: <domain:host>ns2.example.com</domain:host>
S: <domain:clID>ClientX</domain:clID>
S: <domain:crID>ClientY</domain:crID>
S: <domain:crDate>1999-04-03T22:00:00.0Z</domain:crDate>
S: <domain:upID>ClientX</domain:upID>
S: <domain:upDate>1999-12-03T09:00:00.0Z</domain:upDate>
S: <domain:exDate>2005-04-03T22:00:00.0Z</domain:exDate>
S: <domain:trDate>2000-04-08T09:00:00.0Z</domain:trDate>
S: <domain:authInfo>
S: <domain:pw>2fooBAR</domain:pw>
S: </domain:authInfo>
S: </domain:infData>
S: </resData>
S: <extension>
S: <secDNS:infData
S: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
S: secDNS-1.0.xsd">
S: <secDNS:dsData>
S: <secDNS:keyTag>12345</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
S: </secDNS:dsData>
S: </secDNS:infData>
S: </extension>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
S: <resData>
S: <domain:infData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
S: domain-1.0.xsd">
S: <domain:name>example.com</domain:name>
S: <domain:roid>EXAMPLE1-REP</domain:roid>
S: <domain:status s="ok"/>
S: <domain:registrant>jd1234</domain:registrant>
S: <domain:contact type="admin">sh8013</domain:contact>
S: <domain:contact type="tech">sh8013</domain:contact>
S: <domain:ns>
S: <domain:hostObj>ns1.example.com</domain:hostObj>
S: <domain:hostObj>ns2.example.com</domain:hostObj>
S: </domain:ns>
S: <domain:host>ns1.example.com</domain:host>
S: <domain:host>ns2.example.com</domain:host>
S: <domain:clID>ClientX</domain:clID>
S: <domain:crID>ClientY</domain:crID>
S: <domain:crDate>1999-04-03T22:00:00.0Z</domain:crDate>
S: <domain:upID>ClientX</domain:upID>
S: <domain:upDate>1999-12-03T09:00:00.0Z</domain:upDate>
S: <domain:exDate>2005-04-03T22:00:00.0Z</domain:exDate>
S: <domain:trDate>2000-04-08T09:00:00.0Z</domain:trDate>
S: <domain:authInfo>
S: <domain:pw>2fooBAR</domain:pw>
S: </domain:authInfo>
S: </domain:infData>
S: </resData>
S: <extension>
S: <secDNS:infData
S: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
S: secDNS-1.0.xsd">
S: <secDNS:dsData>
S: <secDNS:keyTag>12345</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
S: </secDNS:dsData>
S: </secDNS:infData>
S: </extension>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
Example <info> Response for a Secure Delegation with OPTIONAL Data:
带有可选数据的安全委派的<info>响应示例:
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
S: epp-1.0.xsd">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S: <resData>
S: <domain:infData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
S: domain-1.0.xsd">
S: <domain:name>example.com</domain:name>
S: <domain:roid>EXAMPLE1-REP</domain:roid>
S: <domain:status s="ok"/>
S: <domain:registrant>jd1234</domain:registrant>
S: <domain:contact type="admin">sh8013</domain:contact>
S: <domain:contact type="tech">sh8013</domain:contact>
S: <domain:ns>
S: <domain:hostObj>ns1.example.com</domain:hostObj>
S: <domain:hostObj>ns2.example.com</domain:hostObj>
S: </domain:ns>
S: <domain:host>ns1.example.com</domain:host>
S: <domain:host>ns2.example.com</domain:host>
S: <domain:clID>ClientX</domain:clID>
S: <domain:crID>ClientY</domain:crID>
S: <domain:crDate>1999-04-03T22:00:00.0Z</domain:crDate>
S: <domain:upID>ClientX</domain:upID>
S: <domain:upDate>1999-12-03T09:00:00.0Z</domain:upDate>
S: <domain:exDate>2005-04-03T22:00:00.0Z</domain:exDate>
S: <domain:trDate>2000-04-08T09:00:00.0Z</domain:trDate>
S: <domain:authInfo>
S: <domain:pw>2fooBAR</domain:pw>
S: </domain:authInfo>
S: </domain:infData>
S: </resData>
S: <extension>
S: <secDNS:infData
S: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
S: secDNS-1.0.xsd">
S: <secDNS:dsData>
S: <secDNS:keyTag>12345</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
S:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
S: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
S: epp-1.0.xsd">
S: <response>
S: <result code="1000">
S: <msg>Command completed successfully</msg>
S: </result>
S: <resData>
S: <domain:infData
S: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
S: domain-1.0.xsd">
S: <domain:name>example.com</domain:name>
S: <domain:roid>EXAMPLE1-REP</domain:roid>
S: <domain:status s="ok"/>
S: <domain:registrant>jd1234</domain:registrant>
S: <domain:contact type="admin">sh8013</domain:contact>
S: <domain:contact type="tech">sh8013</domain:contact>
S: <domain:ns>
S: <domain:hostObj>ns1.example.com</domain:hostObj>
S: <domain:hostObj>ns2.example.com</domain:hostObj>
S: </domain:ns>
S: <domain:host>ns1.example.com</domain:host>
S: <domain:host>ns2.example.com</domain:host>
S: <domain:clID>ClientX</domain:clID>
S: <domain:crID>ClientY</domain:crID>
S: <domain:crDate>1999-04-03T22:00:00.0Z</domain:crDate>
S: <domain:upID>ClientX</domain:upID>
S: <domain:upDate>1999-12-03T09:00:00.0Z</domain:upDate>
S: <domain:exDate>2005-04-03T22:00:00.0Z</domain:exDate>
S: <domain:trDate>2000-04-08T09:00:00.0Z</domain:trDate>
S: <domain:authInfo>
S: <domain:pw>2fooBAR</domain:pw>
S: </domain:authInfo>
S: </domain:infData>
S: </resData>
S: <extension>
S: <secDNS:infData
S: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
S: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
S: secDNS-1.0.xsd">
S: <secDNS:dsData>
S: <secDNS:keyTag>12345</secDNS:keyTag>
S: <secDNS:alg>3</secDNS:alg>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
S: <secDNS:maxSigLife>604800</secDNS:maxSigLife>
S: <secDNS:keyData>
S: <secDNS:flags>256</secDNS:flags>
S: <secDNS:protocol>3</secDNS:protocol>
S: <secDNS:alg>1</secDNS:alg>
S: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
S: </secDNS:keyData>
S: </secDNS:dsData>
S: </secDNS:infData>
S: </extension>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
S: <secDNS:digestType>1</secDNS:digestType>
S: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
S: <secDNS:maxSigLife>604800</secDNS:maxSigLife>
S: <secDNS:keyData>
S: <secDNS:flags>256</secDNS:flags>
S: <secDNS:protocol>3</secDNS:protocol>
S: <secDNS:alg>1</secDNS:alg>
S: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
S: </secDNS:keyData>
S: </secDNS:dsData>
S: </secDNS:infData>
S: </extension>
S: <trID>
S: <clTRID>ABC-12345</clTRID>
S: <svTRID>54322-XYZ</svTRID>
S: </trID>
S: </response>
S:</epp>
An EPP error response MUST be returned if an <info> command can not be processed for any reason.
如果由于任何原因无法处理<info>命令,则必须返回EPP错误响应。
This extension does not add any elements to the EPP <transfer> command or <transfer> response described in the EPP domain mapping [2].
此扩展不向EPP域映射[2]中描述的EPP<transfer>命令或<transfer>响应添加任何元素。
EPP provides five commands to transform objects: <create> to create an instance of an object, <delete> to delete an instance of an object, <renew> to extend the validity period of an object, <transfer> to manage object sponsorship changes, and <update> to change information associated with an object.
EPP提供了五个转换对象的命令:<create>创建对象实例,<delete>删除对象实例,<renew>延长对象有效期,<transfer>管理对象更改,以及<update>更改与对象关联的信息。
This extension defines additional elements for the EPP <create> command described in the EPP domain mapping [2]. No additional elements are defined for the EPP <create> response.
此扩展为EPP域映射[2]中描述的EPP<create>命令定义了其他元素。没有为EPP<create>响应定义其他元素。
The EPP <create> command provides a transform operation that allows a client to create a domain object. In addition to the EPP command elements described in the EPP domain mapping [2], the command MUST contain an <extension> element. The <extension> element MUST contain a child <secDNS:create> element that identifies the extension namespace and the location of the extension schema. The <secDNS:
EPP<create>命令提供一个转换操作,允许客户端创建域对象。除了EPP域映射[2]中描述的EPP命令元素外,该命令还必须包含<extension>元素。<extension>元素必须包含一个子<secDNS:create>元素,该元素标识扩展命名空间和扩展架构的位置。<secDNS:
create> element MUST contain one or more <secDNS:dsData> elements. Child elements of the <secDNS:dsData> element are described in Section 3.1.2.
create>元素必须包含一个或多个<secDNS:dsData>元素。第3.1.2节描述了<secDNS:dsData>元素的子元素。
The <secDNS:dsData> element contains OPTIONAL <secDNS:maxSigLife> and <secDNS:keyData> elements. The server MUST abort command processing and respond with an appropriate EPP error if the values provided by the client can not be accepted for syntax or policy reasons.
<secDNS:dsData>元素包含可选的<secDNS:maxSigLife>和<secDNS:keyData>元素。如果由于语法或策略原因无法接受客户端提供的值,服务器必须中止命令处理,并以适当的EPP错误进行响应。
Example <create> Command for a Secure Delegation:
安全委派的<create>命令示例:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <create>
C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: <domain:period unit="y">2</domain:period>
C: <domain:ns>
C: <domain:hostObj>ns1.example.com</domain:hostObj>
C: <domain:hostObj>ns2.example.com</domain:hostObj>
C: </domain:ns>
C: <domain:registrant>jd1234</domain:registrant>
C: <domain:contact type="admin">sh8013</domain:contact>
C: <domain:contact type="tech">sh8013</domain:contact>
C: <domain:authInfo>
C: <domain:pw>2fooBAR</domain:pw>
C: </domain:authInfo>
C: </domain:create>
C: </create>
C: <extension>
C: <secDNS:create
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: </secDNS:dsData>
C: </secDNS:create>
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <create>
C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: <domain:period unit="y">2</domain:period>
C: <domain:ns>
C: <domain:hostObj>ns1.example.com</domain:hostObj>
C: <domain:hostObj>ns2.example.com</domain:hostObj>
C: </domain:ns>
C: <domain:registrant>jd1234</domain:registrant>
C: <domain:contact type="admin">sh8013</domain:contact>
C: <domain:contact type="tech">sh8013</domain:contact>
C: <domain:authInfo>
C: <domain:pw>2fooBAR</domain:pw>
C: </domain:authInfo>
C: </domain:create>
C: </create>
C: <extension>
C: <secDNS:create
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: </secDNS:dsData>
C: </secDNS:create>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example <create> Command for a Secure Delegation with OPTIONAL data:
带有可选数据的安全委派的<create>命令示例:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <create>
C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: <domain:period unit="y">2</domain:period>
C: <domain:ns>
C: <domain:hostObj>ns1.example.com</domain:hostObj>
C: <domain:hostObj>ns2.example.com</domain:hostObj>
C: </domain:ns>
C: <domain:registrant>jd1234</domain:registrant>
C: <domain:contact type="admin">sh8013</domain:contact>
C: <domain:contact type="tech">sh8013</domain:contact>
C: <domain:authInfo>
C: <domain:pw>2fooBAR</domain:pw>
C: </domain:authInfo>
C: </domain:create>
C: </create>
C: <extension>
C: <secDNS:create
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: <secDNS:maxSigLife>604800</secDNS:maxSigLife>
C: <secDNS:keyData>
C: <secDNS:flags>256</secDNS:flags>
C: <secDNS:protocol>3</secDNS:protocol>
C: <secDNS:alg>1</secDNS:alg>
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <create>
C: <domain:create
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: <domain:period unit="y">2</domain:period>
C: <domain:ns>
C: <domain:hostObj>ns1.example.com</domain:hostObj>
C: <domain:hostObj>ns2.example.com</domain:hostObj>
C: </domain:ns>
C: <domain:registrant>jd1234</domain:registrant>
C: <domain:contact type="admin">sh8013</domain:contact>
C: <domain:contact type="tech">sh8013</domain:contact>
C: <domain:authInfo>
C: <domain:pw>2fooBAR</domain:pw>
C: </domain:authInfo>
C: </domain:create>
C: </create>
C: <extension>
C: <secDNS:create
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: <secDNS:maxSigLife>604800</secDNS:maxSigLife>
C: <secDNS:keyData>
C: <secDNS:flags>256</secDNS:flags>
C: <secDNS:protocol>3</secDNS:protocol>
C: <secDNS:alg>1</secDNS:alg>
C: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
C: </secDNS:keyData>
C: </secDNS:dsData>
C: </secDNS:create>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
C: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
C: </secDNS:keyData>
C: </secDNS:dsData>
C: </secDNS:create>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
When a <create> command has been processed successfully, the EPP response is as described in the EPP domain mapping [2].
成功处理<create>命令后,EPP响应如EPP域映射[2]中所述。
This extension does not add any elements to the EPP <delete> command or <delete> response described in the EPP domain mapping [2].
此扩展不向EPP域映射[2]中描述的EPP<delete>命令或<delete>响应添加任何元素。
This extension does not add any elements to the EPP <renew> command or <renew> response described in the EPP domain mapping [2].
此扩展不向EPP域映射[2]中描述的EPP<renew>命令或<renew>响应添加任何元素。
This extension does not add any elements to the EPP <transfer> command or <transfer> response described in the EPP domain mapping [2].
此扩展不向EPP域映射[2]中描述的EPP<transfer>命令或<transfer>响应添加任何元素。
This extension defines additional elements for the EPP <update> command described in the EPP domain mapping [2]. No additional elements are defined for the EPP <update> response.
此扩展为EPP域映射[2]中描述的EPP<update>命令定义了其他元素。没有为EPP<update>响应定义其他元素。
The EPP <update> command provides a transform operation that allows a client to modify the attributes of a domain object. In addition to the EPP command elements described in the EPP domain mapping, the command MUST contain an <extension> element. The <extension> element MUST contain a child <secDNS:update> element that identifies the extension namespace and the location of the extension schema. The <secDNS:update> element contains a <secDNS:add> element to add security information to a delegation, a <secDNS:rem> element to remove security information from a delegation, or a <secDNS:chg> element to replace security information with new security information.
EPP<update>命令提供转换操作,允许客户端修改域对象的属性。除了EPP域映射中描述的EPP命令元素外,该命令还必须包含<extension>元素。<extension>元素必须包含一个子<secDNS:update>元素,该元素标识扩展命名空间和扩展架构的位置。<secDNS:update>元素包含用于向委派添加安全信息的<secDNS:add>元素,用于从委派中删除安全信息的<secDNS:rem>元素,或用于用新安全信息替换安全信息的<secDNS:chg>元素。
The <secDNS:update> element also contains an OPTIONAL "urgent" attribute that a client can use to ask the server operator to
<secDNS:update>元素还包含一个可选的“紧急”属性,客户机可以使用该属性请求服务器操作员
complete and implement the update request with high priority. This attribute accepts boolean values as described in Section 2.2; the default value is boolean false. "High priority" is relative to standard server operator policies that are determined using an out-of-band mechanism.
以高优先级完成并实施更新请求。该属性接受第2.2节所述的布尔值;默认值为布尔值false。“高优先级”是相对于使用带外机制确定的标准服务器操作员策略而言的。
The <secDNS:add> element is used to add DS information to an existing set. The <secDNS:add> element MUST contain one or more <secDNS: dsData> elements as described in Section 3.1.2.
元素用于将DS信息添加到现有集合中。<secDNS:add>元素必须包含一个或多个<secDNS:dsData>元素,如第3.1.2节所述。
The <secDNS:rem> element contains one or more <secDNS:keyTag> elements that are used to remove DS data from a delegation. The <secDNS:keyTag> element MUST contain a key tag value as described in section 5.1.1 of RFC 4034 [6]. Removing all DS information can remove the ability of the parent to secure the delegation to the child zone.
<secDNS:rem>元素包含一个或多个用于从委派中删除DS数据的<secDNS:keyTag>元素。<secDNS:keyTag>元素必须包含RFC 4034[6]第5.1.1节所述的密钥标签值。删除所有DS信息可能会使父级无法保护对子区域的委派。
The <secDNS:chg> element is used to replace existing DS information with new DS information. The <secDNS:chg> element MUST contain one or more <secDNS:dsData> elements as described in Section 3.1.2. The data in these elements is used to replace whatever other data is currently archived for the delegation.
<secDNS:chg>元素用于用新的DS信息替换现有DS信息。<secDNS:chg>元素必须包含一个或多个<secDNS:dsData>元素,如第3.1.2节所述。这些元素中的数据用于替换当前为委托归档的任何其他数据。
The <secDNS:update> element contains an OPTIONAL "urgent" attribute. In addition, the <secDNS:dsData> element contains OPTIONAL <secDNS: maxSigLife> and <secDNS:keyData> elements. The server MUST abort command processing and respond with an appropriate EPP error if the values provided by the client can not be accepted for syntax or policy reasons.
<secDNS:update>元素包含可选的“紧急”属性。此外,<secDNS:dsData>元素包含可选的<secDNS:maxSigLife>和<secDNS:keyData>元素。如果由于语法或策略原因无法接受客户端提供的值,服务器必须中止命令处理,并以适当的EPP错误进行响应。
Example <update> Command, Adding DS Data:
示例<update>命令,添加DS数据:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:add>
C: <secDNS:dsData>
C: <secDNS:keyTag>12346</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>38EC35D5B3A34B44C39B</secDNS:digest>
C: </secDNS:dsData>
C: </secDNS:add>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:add>
C: <secDNS:dsData>
C: <secDNS:keyTag>12346</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>38EC35D5B3A34B44C39B</secDNS:digest>
C: </secDNS:dsData>
C: </secDNS:add>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example <update> Command, Removing DS Data:
示例<update>命令,删除DS数据:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:rem>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: </secDNS:rem>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:rem>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: </secDNS:rem>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example Urgent <update> Command, Changing DS Data:
示例紧急<update>命令,更改DS数据:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update urgent="1"
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:chg>
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: </secDNS:dsData>
C: </secDNS:chg>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update urgent="1"
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:chg>
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: </secDNS:dsData>
C: </secDNS:chg>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
Example <update> Command, Changing Data to Include OPTIONAL Data:
示例<update>命令,更改数据以包括可选数据:
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C:<?xml version="1.0" encoding="UTF-8" standalone="no"?>
C:<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
C: xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:epp-1.0
C: epp-1.0.xsd">
C: <command>
C: <update>
C: <domain:update
C: xmlns:domain="urn:ietf:params:xml:ns:domain-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:domain-1.0
C: domain-1.0.xsd">
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:chg>
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: <secDNS:maxSigLife>604800</secDNS:maxSigLife>
C: <secDNS:keyData>
C: <secDNS:flags>256</secDNS:flags>
C: <secDNS:protocol>3</secDNS:protocol>
C: <secDNS:alg>1</secDNS:alg>
C: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
C: </secDNS:keyData>
C: </secDNS:dsData>
C: </secDNS:chg>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
C: <domain:name>example.com</domain:name>
C: </domain:update>
C: </update>
C: <extension>
C: <secDNS:update
C: xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
C: xsi:schemaLocation="urn:ietf:params:xml:ns:secDNS-1.0
C: secDNS-1.0.xsd">
C: <secDNS:chg>
C: <secDNS:dsData>
C: <secDNS:keyTag>12345</secDNS:keyTag>
C: <secDNS:alg>3</secDNS:alg>
C: <secDNS:digestType>1</secDNS:digestType>
C: <secDNS:digest>49FD46E6C4B45C55D4AC</secDNS:digest>
C: <secDNS:maxSigLife>604800</secDNS:maxSigLife>
C: <secDNS:keyData>
C: <secDNS:flags>256</secDNS:flags>
C: <secDNS:protocol>3</secDNS:protocol>
C: <secDNS:alg>1</secDNS:alg>
C: <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
C: </secDNS:keyData>
C: </secDNS:dsData>
C: </secDNS:chg>
C: </secDNS:update>
C: </extension>
C: <clTRID>ABC-12345</clTRID>
C: </command>
C:</epp>
When an extended <update> command has been processed successfully, the EPP response is as described in the EPP domain mapping [2]. A server operator MUST return an EPP error result code of 2306 if an urgent update (noted with an "urgent" attribute value of boolean true) can not be completed with high priority.
成功处理扩展的<update>命令后,EPP响应如EPP域映射[2]中所述。如果无法以高优先级完成紧急更新(注意“紧急”属性值为布尔真),服务器操作员必须返回EPP错误结果代码2306。
An EPP object mapping is specified in XML Schema notation. The formal syntax presented here is a complete schema representation of the object mapping suitable for automated validation of EPP XML instances. The BEGIN and END tags are not part of the schema; they are used to note the beginning and ending of the schema for URI registration purposes.
EPP对象映射是用XML模式表示法指定的。这里给出的形式语法是对象映射的完整模式表示,适合于自动验证EPP XML实例。开始和结束标记不是模式的一部分;它们用于记录模式的开始和结束,以便进行URI注册。
BEGIN
<?xml version="1.0" encoding="UTF-8"?>
BEGIN
<?xml version="1.0" encoding="UTF-8"?>
<schema targetNamespace="urn:ietf:params:xml:ns:secDNS-1.0"
xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified">
<schema targetNamespace="urn:ietf:params:xml:ns:secDNS-1.0"
xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.0"
xmlns="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified">
<annotation>
<documentation>
Extensible Provisioning Protocol v1.0
domain name extension schema for provisioning
DNS security (DNSSEC) extensions.
</documentation>
</annotation>
<annotation>
<documentation>
Extensible Provisioning Protocol v1.0
domain name extension schema for provisioning
DNS security (DNSSEC) extensions.
</documentation>
</annotation>
<!--
Child elements found in EPP commands.
-->
<element name="create" type="secDNS:dsType"/>
<element name="update" type="secDNS:updateType"/>
<!--
Child elements found in EPP commands.
-->
<element name="create" type="secDNS:dsType"/>
<element name="update" type="secDNS:updateType"/>
<!--
Child elements of the <create> command.
-->
<complexType name="dsType">
<sequence>
<element name="dsData" type="secDNS:dsDataType"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<!--
Child elements of the <create> command.
-->
<complexType name="dsType">
<sequence>
<element name="dsData" type="secDNS:dsDataType"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="dsDataType">
<sequence>
<element name="keyTag" type="unsignedShort"/>
<element name="alg" type="unsignedByte"/>
<element name="digestType" type="unsignedByte"/>
<element name="digest" type="hexBinary"/>
<element name="maxSigLife" type="secDNS:maxSigLifeType"
minOccurs="0"/>
<element name="keyData" type="secDNS:keyDataType"
minOccurs="0"/>
</sequence>
</complexType>
<complexType name="dsDataType">
<sequence>
<element name="keyTag" type="unsignedShort"/>
<element name="alg" type="unsignedByte"/>
<element name="digestType" type="unsignedByte"/>
<element name="digest" type="hexBinary"/>
<element name="maxSigLife" type="secDNS:maxSigLifeType"
minOccurs="0"/>
<element name="keyData" type="secDNS:keyDataType"
minOccurs="0"/>
</sequence>
</complexType>
<simpleType name="maxSigLifeType">
<restriction base="int">
<minInclusive value="1"/>
<simpleType name="maxSigLifeType">
<restriction base="int">
<minInclusive value="1"/>
</restriction>
</simpleType>
</restriction>
</simpleType>
<complexType name="keyDataType">
<sequence>
<element name="flags" type="unsignedShort"/>
<element name="protocol" type="unsignedByte"/>
<element name="alg" type="unsignedByte"/>
<element name="pubKey" type="secDNS:keyType"/>
</sequence>
</complexType>
<complexType name="keyDataType">
<sequence>
<element name="flags" type="unsignedShort"/>
<element name="protocol" type="unsignedByte"/>
<element name="alg" type="unsignedByte"/>
<element name="pubKey" type="secDNS:keyType"/>
</sequence>
</complexType>
<simpleType name="keyType">
<restriction base="base64Binary">
<minLength value="1"/>
</restriction>
</simpleType>
<simpleType name="keyType">
<restriction base="base64Binary">
<minLength value="1"/>
</restriction>
</simpleType>
<!--
Child elements of the <update> command.
-->
<complexType name="updateType">
<choice>
<element name="add" type="secDNS:dsType"/>
<element name="chg" type="secDNS:dsType"/>
<element name="rem" type="secDNS:remType"/>
</choice>
<attribute name="urgent" type="boolean" default="false"/>
</complexType>
<!--
Child elements of the <update> command.
-->
<complexType name="updateType">
<choice>
<element name="add" type="secDNS:dsType"/>
<element name="chg" type="secDNS:dsType"/>
<element name="rem" type="secDNS:remType"/>
</choice>
<attribute name="urgent" type="boolean" default="false"/>
</complexType>
<complexType name="remType">
<sequence>
<element name="keyTag" type="unsignedShort"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<complexType name="remType">
<sequence>
<element name="keyTag" type="unsignedShort"
maxOccurs="unbounded"/>
</sequence>
</complexType>
<!--
Child response elements.
-->
<element name="infData" type="secDNS:dsType"/>
<!--
Child response elements.
-->
<element name="infData" type="secDNS:dsType"/>
<!-- End of schema. --> </schema> END
<!-- 架构结束。--></架构>结束
EPP is represented in XML, which provides native support for encoding information using the Unicode character set and its more compact representations including UTF-8 [14]. Conformant XML processors recognize both UTF-8 and UTF-16 [15]. Though XML includes provisions to identify and use other character encodings through use of an "encoding" attribute in an <?xml?> declaration, use of UTF-8 is RECOMMENDED in environments where parser encoding support incompatibility exists.
EPP用XML表示,它为使用Unicode字符集及其更紧凑的表示(包括UTF-8)编码信息提供了本机支持[14]。一致性XML处理器同时识别UTF-8和UTF-16[15]。尽管XML包含通过在<?XML?>声明中使用“encoding”属性来识别和使用其他字符编码的规定,但在解析器编码支持不兼容的环境中,建议使用UTF-8。
As an extension of the EPP domain mapping [2], the elements, element content, attributes, and attribute values described in this document MUST inherit the internationalization conventions used to represent higher-layer domain and core protocol structures present in an XML instance that includes this extension.
作为EPP域映射[2]的扩展,本文档中描述的元素、元素内容、属性和属性值必须继承用于表示包含此扩展的XML实例中存在的更高层域和核心协议结构的国际化约定。
This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in RFC 3688 [10]. Two URI assignments have been completed by the IANA.
本文档使用URN来描述符合RFC 3688[10]中描述的注册表机制的XML名称空间和XML模式。IANA已经完成了两个URI分配。
Registration request for the extension namespace:
扩展命名空间的注册请求:
URI: urn:ietf:params:xml:ns:secDNS-1.0
URI: urn:ietf:params:xml:ns:secDNS-1.0
Registrant Contact: IESG
注册联系人:IESG
XML: None. Namespace URIs do not represent an XML specification.
XML:没有。命名空间URI不表示XML规范。
Registration request for the extension XML schema:
扩展XML架构的注册请求:
URI: urn:ietf:params:xml:schema:secDNS-1.0
URI: urn:ietf:params:xml:schema:secDNS-1.0
Registrant Contact: IESG
注册联系人:IESG
XML: See the "Formal Syntax" section of this document.
XML:请参阅本文档的“正式语法”部分。
The mapping extensions described in this document do not provide any security services beyond those described by EPP [1], the EPP domain name mapping [2], and protocol layers used by EPP. The security considerations described in these other specifications apply to this specification as well.
本文档中描述的映射扩展不提供EPP[1]、EPP域名映射[2]和EPP使用的协议层之外的任何安全服务。这些其他规范中描述的安全注意事项也适用于本规范。
As with other domain object transforms, the EPP transform operations described in this document MUST be restricted to the sponsoring client as authenticated using the mechanisms described in sections 2.9.1.1 and 7 of RFC 3730 [1]. Any attempt to perform a transform operation on a domain object by any client other than the sponsoring client MUST be rejected with an appropriate EPP authorization error.
与其他域对象转换一样,本文档中描述的EPP转换操作必须限于使用RFC 3730[1]第2.9.1.1和7节中描述的机制进行身份验证的发起客户端。必须拒绝发起客户端以外的任何客户端对域对象执行转换操作的任何尝试,并显示相应的EPP授权错误。
The provisioning service described in this document involves the exchange of information that can have an operational impact on the DNS. A trust relationship MUST exist between the EPP client and server, and provisioning of public key information MUST only be done after the identities of both parties have been confirmed using a strong authentication mechanism.
本文档中描述的配置服务涉及对DNS有操作影响的信息交换。EPP客户端和服务器之间必须存在信任关系,只有在使用强身份验证机制确认双方的身份后,才能提供公钥信息。
An EPP client might be acting as an agent for a zone administrator who wants to send delegation information to be signed and published by the server operator. Man-in-the-middle attacks are thus possible as a result of direct client activity or inadvertent client data manipulation.
EPP客户端可能充当区域管理员的代理,该管理员希望发送要由服务器操作员签名和发布的委派信息。因此,直接的客户端活动或无意的客户端数据操纵可能导致中间人攻击。
Acceptance of a false key by a server operator can produce significant operational consequences. The child and parent zones MUST be consistent to secure the delegation properly. In the absence of consistent signatures, the delegation will not appear in the secure name space, yielding untrustworthy query responses. If a key is compromised, a client can either remove the compromised information or update the delegation information via EPP commands using the "urgent" attribute.
服务器操作员接受假密钥可能会产生严重的操作后果。子区域和父区域必须一致,以确保适当的委派。如果没有一致的签名,委托将不会出现在安全名称空间中,从而产生不可信的查询响应。如果密钥泄露,客户端可以删除泄露的信息,或者使用“紧急”属性通过EPP命令更新委派信息。
Operational scenarios requiring quick removal of a secure domain delegation can be implemented using a two-step process. First, security credentials can be removed using an "urgent" update as just described. The domain can then be removed from the parent zone by changing the status of the domain to either of the EPP "clientHold" or "serverHold" domain status values. The domain can also be removed from the zone using the EPP <delete> command, but this is a more drastic step that needs to be considered carefully before use.
需要快速删除安全域委派的操作场景可以使用两步流程实现。首先,如前所述,可以使用“紧急”更新删除安全凭据。然后,通过将域的状态更改为EPP“clientHold”或“serverHold”域状态值之一,可以将域从父区域中删除。也可以使用EPP<delete>命令将域从区域中删除,但这是一个更激烈的步骤,在使用之前需要仔细考虑。
Data validity checking at the server requires computational resources. A purposeful or inadvertent denial-of-service attack is possible if a client requests some number of update operations that exceed a server's processing capabilities. Server operators SHOULD take steps to manage command load and command processing requirements to minimize the risk of a denial-of-service attack.
服务器上的数据有效性检查需要计算资源。如果客户端请求的更新操作数量超过服务器的处理能力,则可能会发生故意或无意的拒绝服务攻击。服务器操作员应采取措施管理命令负载和命令处理要求,以最大限度地降低拒绝服务攻击的风险。
The signature lifetime values provided by clients are requests that can be rejected. Blind acceptance by a server operator can have an adverse impact on a server's processing capabilities. Server
客户端提供的签名生存期值是可以拒绝的请求。服务器操作员的盲目接受可能会对服务器的处理能力产生不利影响。服务器
operators SHOULD seriously consider adopting implementation rules to limit the range of acceptable signature lifetime values to counter potential adverse situations.
操作员应该认真考虑采用执行规则来限制可接受的签名寿命值的范围,以应对潜在的不利情况。
The author would like to thank the following people who have provided significant contributions to the development of this document:
作者要感谢为本文件的编写做出重大贡献的以下人员:
David Blacka, Olafur Gudmundsson, Mark Kosters, Ed Lewis, Dan Massey, Marcos Sanz, Sam Weiler, and Ning Zhang.
大卫·布莱克、奥拉弗尔·古德蒙德森、马克·科斯特斯、埃德·刘易斯、丹·梅西、马科斯·桑兹、萨姆·韦勒和张宁。
[1] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", RFC 3730, March 2004.
[1] Hollenbeck,S.,“可扩展资源调配协议(EPP)”,RFC3730,2004年3月。
[2] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) Domain Name Mapping", RFC 3731, March 2004.
[2] Hollenbeck,S.,“可扩展供应协议(EPP)域名映射”,RFC 37312004年3月。
[3] Paoli, J., Sperberg-McQueen, C., Bray, T., and E. Maler, "Extensible Markup Language (XML) 1.0 (Second Edition)", W3C FirstEdition REC-xml-20001006, October 2000.
[3] Paoli,J.,Sperberg McQueen,C.,Bray,T.,和E.Maler,“可扩展标记语言(XML)1.0(第二版)”,W3C第一版REC-XML-20001006,2000年10月。
[4] Maloney, M., Beech, D., Mendelsohn, N., and H. Thompson, "XML Schema Part 1: Structures", W3C REC REC-xmlschema-1-20010502, May 2001.
[4] Maloney,M.,Beech,D.,Mendelsohn,N.,和H.Thompson,“XML模式第1部分:结构”,W3C REC-xmlschema-1-20010502,2001年5月。
[5] Malhotra, A. and P. Biron, "XML Schema Part 2: Datatypes", W3C REC REC-xmlschema-2-20010502, May 2001.
[5] Malhotra,A.和P.Biron,“XML模式第2部分:数据类型”,W3C REC-xmlschema-2-20010502,2001年5月。
[6] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Resource Records for the DNS Security Extensions", RFC 4034, March 2005.
[6] Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全扩展的资源记录”,RFC 40342005年3月。
[7] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "Protocol Modifications for the DNS Security Extensions", RFC 4035, March 2005.
[7] Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全扩展的协议修改”,RFC 4035,2005年3月。
[8] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[8] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[9] Kolkman, O., Schlyter, J., and E. Lewis, "Domain Name System KEY (DNSKEY) Resource Record (RR) Secure Entry Point (SEP) Flag", RFC 3757, April 2004.
[9] Kolkman,O.,Schlyter,J.,和E.Lewis,“域名系统密钥(DNSKEY)资源记录(RR)安全入口点(SEP)标志”,RFC 3757,2004年4月。
[10] Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, January 2004.
[10] Mealling,M.,“IETF XML注册表”,BCP 81,RFC 3688,2004年1月。
[11] Mockapetris, P., "Domain names - concepts and facilities", STD 13, RFC 1034, November 1987.
[11] Mockapetris,P.,“域名-概念和设施”,STD 13,RFC 1034,1987年11月。
[12] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, November 1987.
[12] Mockapetris,P.,“域名-实现和规范”,STD 13,RFC 10351987年11月。
[13] Arends, R., Austein, R., Larson, M., Massey, D., and S. Rose, "DNS Security Introduction and Requirements", RFC 4033, March 2005.
[13] Arends,R.,Austein,R.,Larson,M.,Massey,D.,和S.Rose,“DNS安全介绍和要求”,RFC 4033,2005年3月。
[14] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003.
[14] Yergeau,F.,“UTF-8,ISO 10646的转换格式”,STD 63,RFC 3629,2003年11月。
[15] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO 10646", RFC 2781, February 2000.
[15] Hoffman,P.和F.Yergeau,“UTF-16,ISO 10646编码”,RFC 2781,2000年2月。
Author's Address
作者地址
Scott Hollenbeck VeriSign, Inc. 21345 Ridgetop Circle Dulles, VA 20166-6503 US
Scott Hollenbeck VeriSign,Inc.美国弗吉尼亚州杜勒斯Ridgetop Circle 21345,邮编20166-6503
EMail: shollenbeck@verisign.com
EMail: shollenbeck@verisign.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。