Network Working Group J. Latour Internet-Draft D. Slaunwhite Intended status: Standards Track CIRA Expires: 18 May 2024 T. Johnson InternetNZ 15 November 2023 EPP Pre-Registration Verification draft-latour-pre-registration-00 Abstract This Internet Draft introduces an extension to the Extensible Provisioning Protocol (EPP) for top-level domain (TLD) registries, enabling registrars to submit pre-registration information for domain names. The extension facilitates quality verification by the registry, employing advanced Artificial Intelligence and Machine Learning (AI/ML) techniques. Pre-registrations are assigned a quality score based on the analysis of the submitted data, ranging from 0 for non-abusive registrations to 100 for potentially abusive ones. This extension addresses the critical need to proactively identify and mitigate abusive domain registrations within TLDs, contributing to a safer and more reliable internet environment. The document outlines the EPP command definitions, XML schemas, data flow, and security considerations necessary to implement this innovative quality assurance mechanism, thereby enhancing the integrity and trustworthiness of TLD registrations. About This Document This note is to be removed before publishing as an RFC. The latest revision of this draft can be found at https://CIRALabs.github.com/CIRALabs/epp-pre-registration- verification/draft-latour-pre-registration.html. Status information for this document may be found at https://datatracker.ietf.org/doc/ draft-latour-pre-registration/. Discussion of this document takes place on the WG Working Group mailing list (mailto:WG@example.com). Source for this draft and an issue tracker can be found at https://github.com/CIRALabs/epp-pre-registration-verification. Latour, et al. Expires 18 May 2024 [Page 1] Internet-Draft EPP Pre-Registration Verification November 2023 Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 18 May 2024. Copyright Notice Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Problem Statement . . . . . . . . . . . . . . . . . . . . 3 1.2. Importance and Benefits . . . . . . . . . . . . . . . . . 4 1.3. Scope of the Extension - Verification . . . . . . . . . . 4 2. Conventions and Definitions . . . . . . . . . . . . . . . . . 4 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Extension Overview and Command Definition . . . . . . . . . . 5 4.1. Extension Overview . . . . . . . . . . . . . . . . . . . 5 4.1.1. EPP Protocol Extension Purpose . . . . . . . . . . . 5 4.1.2. Integration with AI/ML Techniques . . . . . . . . . . 6 5. EPP Command Definition . . . . . . . . . . . . . . . . . . . 6 5.1. New EPP Commands . . . . . . . . . . . . . . . . . . . . 6 5.2. XML Schema Definitions . . . . . . . . . . . . . . . . . 6 6. EPP Protocol Extension . . . . . . . . . . . . . . . . . . . 7 Latour, et al. Expires 18 May 2024 [Page 2] Internet-Draft EPP Pre-Registration Verification November 2023 6.1. Extended "create" Command for Pre-Registration and Quality Verification . . . . . . . . . . . . . . . . . . . . . . 7 6.1.1. Command Name . . . . . . . . . . . . . . . . . . . . 7 6.1.2. Command Purpose . . . . . . . . . . . . . . . . . . . 7 6.1.3. XML Element Extension . . . . . . . . . . . . . . . . 7 6.1.4. Usage . . . . . . . . . . . . . . . . . . . . . . . . 7 6.2. Introduction of New Verify EPP Commands . . . . . . . . . 8 6.3. Command Flow Overview . . . . . . . . . . . . . . . . . . 9 7. Pre-Registration and Verification Command Flow . . . . . . . 9 7.1. Pre-Registration Data Submission Flow . . . . . . . . . . 9 7.2. Quality Verification Flow . . . . . . . . . . . . . . . . 9 8. Pre-Registration Quality Score *_Guidance_* . . . . . . . . . 10 8.1. Score 0 - 20 (Non-Abusive): . . . . . . . . . . . . . . . 10 8.1.1. Actionable Actions: . . . . . . . . . . . . . . . . . 10 8.2. Score 21 - 40 (Low Suspicion): . . . . . . . . . . . . . 11 8.2.1. Actionable Actions: . . . . . . . . . . . . . . . . . 11 8.3. Score 41 - 60 (Moderate Suspicion): . . . . . . . . . . . 11 8.4. Actionable Actions: . . . . . . . . . . . . . . . . . . . 11 8.5. Score 61 - 80 (High Suspicion): . . . . . . . . . . . . . 11 8.5.1. Actionable Actions: . . . . . . . . . . . . . . . . . 11 8.6. Score 81 - 99 (Very High Suspicion): . . . . . . . . . . 11 8.6.1. Actionable Actions: . . . . . . . . . . . . . . . . . 11 8.7. Score 100 (Absolutely Malicious): . . . . . . . . . . . . 12 8.7.1. Actionable Actions: . . . . . . . . . . . . . . . . . 12 8.8. Error Handling . . . . . . . . . . . . . . . . . . . . . 12 8.9. Registration Timing Considerations . . . . . . . . . . . 12 9. Security Considerations . . . . . . . . . . . . . . . . . . . 12 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 11. Normative References . . . . . . . . . . . . . . . . . . . . 12 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 13 1. Introduction 1.1. Problem Statement The current EPP protocol lacks mechanisms for registrars to submit pre-registration data to the registry for quality verification. This gap leads to potential issues with abusive domain registrations, which can harm the integrity of the top-level domain (TLD). ## Use Case Description Latour, et al. Expires 18 May 2024 [Page 3] Internet-Draft EPP Pre-Registration Verification November 2023 A registrant wants to register domain names within a TLD registry via a registrar. To ensure the quality of registrations and prevent abusive domains, the registrar uses the proposed EPP extension to submit pre-registration data of the registrant to the registry. The registry, equipped with AI/ML techniques or services, analyzes this data to assign a registrant quality score back to the registrar. Based on this score, the registrar can decide whether to accept, reject or put on hold the registration request. 1.2. Importance and Benefits Addressing the quality of the registrant data before the actual registration process occurs brings many benefits. Adding a pre- registration process benefits the domain registration ecosystem by: - Potentially reducing the number of malicious registration and frauds and reducing operating costs to registrar and registry in responding to the abuse. - Ensuring the quality of domain registrations is crucial to maintaining the trust and reputation of the TLD. Abusive registrations can lead to various issues, including spam, phishing, and other malicious activities. - The proposed extension enables registries to proactively identify and block abusive registrations, thereby improving the overall quality of domain names within the TLD. This can lead to a safer and more reliable internet for end-users. - And contributing to a safer internet. 1.3. Scope of the Extension - Verification This EPP extension focuses on enabling registrars to submit pre- registration data to the registry and receive a registrant quality score based on abuse AI/ML analysis. It does not address other aspects of domain registration, such as pricing or dispute resolution. 2. Conventions and Definitions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Latour, et al. Expires 18 May 2024 [Page 4] Internet-Draft EPP Pre-Registration Verification November 2023 3. Terminology *Pre-Registration Registrant Information*: This term refers to the data and details submitted by the registrar before the registration of a domain name. It typically includes information provided by the registrant, such as contact information and the intended use of the domain name, and is used for quality verification by the registry as part of the pre-registration process. *Registrant*: RFC8499 defines the registrant as "an individual or organization on whose behalf a name in a zone is registered by the registry. A registrant is created in the registry after a successful registration with the registrar. *AI/ML-Powered Domain Abuse Mitigation*: This term encompasses the use of Artificial Intelligence (AI) and Machine Learning (ML) technologies within the top-level domain (TLD) industry to identify, prevent, and mitigate abusive domain registrations. These technologies are employed to detect and combat various forms of domain abuse, such as spam, phishing, malware distribution, and other malicious activities, ultimately enhancing the security and integrity of domain name space. *Quality Score*: Define a quality score as the numeric value assigned to a pre-registration registrant based on the AI/ML analysis of their pre-registration data. Mention that higher scores indicate potentially abusive registrations. *EPP*: RFC 5730: Extensible Provisioning Protocol (EPP) (rfc- editor.org) 4. Extension Overview and Command Definition 4.1. Extension Overview 4.1.1. EPP Protocol Extension Purpose This extension is designed to enhance the Extensible Provisioning Protocol (EPP) by introducing mechanisms for registrars to submit pre-registration information to the registry, thus enabling the verification of the quality of domain name registrations using advanced Artificial Intelligence and Machine Learning (AI/ML) techniques. The primary objectives of this extension are as follows: * Quality Assurance: To proactively assess the quality of domain name registrations and reduce the risk of abusive registrations within the top-level domain (TLD). Latour, et al. Expires 18 May 2024 [Page 5] Internet-Draft EPP Pre-Registration Verification November 2023 * Enhanced Trust: To improve the overall quality of domain names within the TLD, promoting a safer and more trustworthy internet environment. 4.1.2. Integration with AI/ML Techniques The extension integrates AI/ML techniques into the EPP framework, allowing the registry to analyze pre-registration data for signs of potential abuse. These techniques include data analysis, pattern recognition, and predictive modeling. The analysis results in a registrant quality score, which helps the registry make informed decisions regarding the acceptance or rejection of registration requests. 5. EPP Command Definition 5.1. New EPP Commands This extension introduces new EPP commands to facilitate pre- registration data submission and quality verification. The following commands are defined within the extension: ### "create" Command Extension Command Name: "create" (Extended) Purpose: To create a new domain registration while including additional XML elements for registrars to submit pre-registration data. Registrars can provide information such as the intended use of the domain and other relevant details. XML Element: - This element encapsulates the pre-registration data submitted by the registrar. Usage: Registrars initiate the "create" command with the pre- registration data, which is then stored by the registry for later analysis. ### "verify" Command Command Name: "verify" (New) Purpose: To trigger the quality verification process for pre-registration data that has been submitted. Registrars can initiate this command after an initial "create" request. XML Element: N/A Usage: After pre-registration data is submitted through the "create" command, registrars can use the "verify" command to request the registry's AI/ML analysis and obtain a registrant quality score. 5.2. XML Schema Definitions To support these new EPP commands, the extension defines the XML schema elements necessary for encapsulating pre-registration data, ensuring interoperability between EPP clients and servers. TBD Latour, et al. Expires 18 May 2024 [Page 6] Internet-Draft EPP Pre-Registration Verification November 2023 6. EPP Protocol Extension 6.1. Extended "create" Command for Pre-Registration and Quality Verification This section outlines the extension of the existing "create" EPP command to accommodate the pre-registration data submission and quality verification process. The extended "create" command enables registrars to provide additional information related to the intended use of the domain name, facilitating quality assurance within the top-level domain (TLD). 6.1.1. Command Name Command Name: "create" (Extended) 6.1.2. Command Purpose The extended "create" command serves the following purposes: - To create a new domain registration within the TLD. - To allow registrars to submit pre-registration data for quality verification. - To enhance the quality assurance process by providing registrars the opportunity to convey relevant information about the domain's intended use. 6.1.3. XML Element Extension To enable registrars to submit pre-registration data, the "create" command is extended to include an optional XML element, . This XML element is included within the "create" command's payload and encapsulates the pre-registration information provided by the registrar. *_XML Element:_* * (Optional) 6.1.4. Usage Registrars initiate the extended "create" command in the following manner: * The registrar includes the XML element within the "create" command when submitting a domain registration request. Latour, et al. Expires 18 May 2024 [Page 7] Internet-Draft EPP Pre-Registration Verification November 2023 * The element allows registrars to provide information related to the intended use of the domain, additional contact details, or any other relevant data. Example "create" Command with Pre-Registration Data: The inclusion of the element within the "create" command allows registries to participate in the quality assurance process and ensures that additional data relevant to the domain's use is considered prior its potentially abusive registration. Extended "create" Command: The existing "create" command will be extended to include an optional XML element for registrars to submit pre-registration data. This will enable registrars to provide additional information related to the intended use of the domain name. 6.2. Introduction of New Verify EPP Commands New "verify" Command: A new EPP command, "verify" will be introduced to trigger the quality verification process on the submitted pre- registration data. Registrars can use this command after the initial "create" request. It's important to note that the time to respond to the verify command is important to take in account, should be in the order of seconds and not minutes. Latour, et al. Expires 18 May 2024 [Page 8] Internet-Draft EPP Pre-Registration Verification November 2023 6.3. Command Flow Overview Command Flow: The process begins with a registrar initiating a "create" command with additional pre-registration data. The registry, upon receiving the request, stores the data for further analysis. Once the data is collected, the registrar can initiate the "verify" command to trigger the quality verification process, which results in the assignment of a quality score. By mapping the EPP verify commands to the new registration process, it demonstrate how the new extension fits into the existing EPP framework and how it can facilitate the pre-registration data submission and quality verification. 7. Pre-Registration and Verification Command Flow 7.1. Pre-Registration Data Submission Flow The command flow within the EPP protocol extension for pre- registration and quality verification is a series of interactions between the registrar and the registry. This section outlines the steps involved in submitting pre-registration data and initiating the quality verification process: *_Step 1: Registrar Initiates "create" Command_* The process begins when a registrar initiates a modified "create" command, extending the EPP protocol. This command is used to request the creation of a new domain registration. *_Step 2: Registrar Includes Pre-Registration Data_* Within the "create" command, the registrar includes the XML element. This element encapsulates the pre- registration information, such as the intended use of the domain and any other relevant data. *_Step 3: Registry Receives and Stores Pre-Registration Data_* The registry, upon receiving the "create" command, stores the pre- registration data associated with the domain name in question. This data is queued for subsequent quality verification. 7.2. Quality Verification Flow After pre-registration data is successfully submitted through the "create" command, the quality verification process can be initiated by the registrar. Here's how the flow continues: Latour, et al. Expires 18 May 2024 [Page 9] Internet-Draft EPP Pre-Registration Verification November 2023 *_Step 4: Registrar Initiates "verify" Command_* After the pre-registration data has been stored, the registrar initiates the "verify" command, a new EPP command introduced by this extension. *_Step 5: Registry Triggers Quality Verification_* Upon receiving the "verify" command, the registry's system is triggered to initiate the quality verification process. This process involves AI/ML analysis of the pre-registration data. *_Step 6: AI/ML Analysis and Quality Score Calculation_* The registry's AI/ML algorithms analyze the pre-registration data to assess its quality. This analysis considers factors such as the nature of the registration, the intended use of the domain, and other relevant data. Based on the analysis, the system calculates a registrant quality score. *_Step 7: Registry Provides Quality Score_* The registry sends the registrant quality score as part of the "verify" command response to the registrar. The score indicates the perceived quality of the registration, with values ranging from 0 for non-abusive registrations to 100 for potentially abusive ones. *_Step 8: Registrar Takes Action Based on Quality Score_* Depending on the quality score received, the registrar can make informed decisions regarding the acceptance, rejection, or further review of the domain registration request. 8. Pre-Registration Quality Score *_Guidance_* This section provides a range of registrant quality scores with corresponding actionable actions for the proposed quality verification process, where 0 indicates a good registration and 100 signifies an absolutely malicious registration: 8.1. Score 0 - 20 (Non-Abusive): 8.1.1. Actionable Actions: * The registration appears to be non-abusive and legitimate. * The address and information provided by the registrant match and seem trustworthy. Latour, et al. Expires 18 May 2024 [Page 10] Internet-Draft EPP Pre-Registration Verification November 2023 * No immediate action required. 8.2. Score 21 - 40 (Low Suspicion): 8.2.1. Actionable Actions: * The registration raises minimal suspicion. * While the information appears consistent, there might be subtle irregularities. * Regular monitoring and further review may be necessary. * Regular monitoring and further review may be necessary. 8.3. Score 41 - 60 (Moderate Suspicion): 8.4. Actionable Actions: * The registration raises moderate suspicion. * Some elements in the registration data seem incongruent or questionable. * Investigate further and consider additional verification steps. * Suspend the registration at the Registry? (after Registrar registration) 8.5. Score 61 - 80 (High Suspicion): 8.5.1. Actionable Actions: * The registration exhibits a high level of suspicion. * Several aspects of the registration data appear inconsistent or potentially problematic. * Immediate investigation and verification are necessary. * Suspend the registration at the Registar 8.6. Score 81 - 99 (Very High Suspicion): 8.6.1. Actionable Actions: * The registration is highly suspicious and raises significant concerns. Latour, et al. Expires 18 May 2024 [Page 11] Internet-Draft EPP Pre-Registration Verification November 2023 * Multiple elements in the registration data are irregular or seem malicious. * Implement rigorous verification and consider delaying or rejecting the registration. 8.7. Score 100 (Absolutely Malicious): 8.7.1. Actionable Actions: * The registration is deemed absolutely malicious and poses a severe threat. * Clear evidence of fraudulent activity or malicious intent is present. * Reject the registration and take appropriate measures to prevent abuse. These quality score ranges and associated actions provide guidance for registrars and registries in evaluating the legitimacy of domain registrations. The specific actions to be taken can vary depending on the policies and procedures of the TLD registry and the severity of the suspicions raised by the quality score. 8.8. Error Handling TBD 8.9. Registration Timing Considerations This process has to be quick, if too slow a timer must be defined to mark the registration verification as incomplete, need a specific workflow 9. Security Considerations TODO Security 10. IANA Considerations This document has no IANA actions. 11. Normative References Latour, et al. Expires 18 May 2024 [Page 12] Internet-Draft EPP Pre-Registration Verification November 2023 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . Acknowledgments TODO acknowledge. Authors' Addresses Jacques Latour CIRA Email: jacques.latour@cira.ca Don Slaunwhite CIRA Email: don.slaunwhite@cira.ca Tim Johnson InternetNZ Email: timj@internetnz.net.nz Latour, et al. Expires 18 May 2024 [Page 13]