| Internet-Draft | EPP Pre-Registration Verification | November 2023 |
| Latour, et al. | Expires 18 May 2024 | [Page] |
This Internet Draft introduces an extension to the Extensible Provisioning Protocol (EPP) for top-level domain (TLD) registries, enabling registrars to submit pre-registration information for domain names. The extension facilitates quality verification by the registry, employing advanced Artificial Intelligence and Machine Learning (AI/ML) techniques. Pre-registrations are assigned a quality score based on the analysis of the submitted data, ranging from 0 for non-abusive registrations to 100 for potentially abusive ones. This extension addresses the critical need to proactively identify and mitigate abusive domain registrations within TLDs, contributing to a safer and more reliable internet environment. The document outlines the EPP command definitions, XML schemas, data flow, and security considerations necessary to implement this innovative quality assurance mechanism, thereby enhancing the integrity and trustworthiness of TLD registrations.¶
This note is to be removed before publishing as an RFC.¶
The latest revision of this draft can be found at https://CIRALabs.github.com/CIRALabs/epp-pre-registration-verification/draft-latour-pre-registration.html. Status information for this document may be found at https://datatracker.ietf.org/doc/draft-latour-pre-registration/.¶
Discussion of this document takes place on the WG Working Group mailing list (mailto:WG@example.com).¶
Source for this draft and an issue tracker can be found at https://github.com/CIRALabs/epp-pre-registration-verification.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 18 May 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The current EPP protocol lacks mechanisms for registrars to submit pre-registration data to the registry for quality verification. This gap leads to potential issues with abusive domain registrations, which can harm the integrity of the top-level domain (TLD). ## Use Case Description¶
A registrant wants to register domain names within a TLD registry via a registrar. To ensure the quality of registrations and prevent abusive domains, the registrar uses the proposed EPP extension to submit pre-registration data of the registrant to the registry. The registry, equipped with AI/ML techniques or services, analyzes this data to assign a registrant quality score back to the registrar. Based on this score, the registrar can decide whether to accept, reject or put on hold the registration request.¶
Addressing the quality of the registrant data before the actual registration process occurs brings many benefits. Adding a pre-registration process benefits the domain registration ecosystem by: - Potentially reducing the number of malicious registration and frauds and reducing operating costs to registrar and registry in responding to the abuse. - Ensuring the quality of domain registrations is crucial to maintaining the trust and reputation of the TLD. Abusive registrations can lead to various issues, including spam, phishing, and other malicious activities. - The proposed extension enables registries to proactively identify and block abusive registrations, thereby improving the overall quality of domain names within the TLD. This can lead to a safer and more reliable internet for end-users. - And contributing to a safer internet.¶
This EPP extension focuses on enabling registrars to submit pre-registration data to the registry and receive a registrant quality score based on abuse AI/ML analysis. It does not address other aspects of domain registration, such as pricing or dispute resolution.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Pre-Registration Registrant Information: This term refers to the data and details submitted by the registrar before the registration of a domain name. It typically includes information provided by the registrant, such as contact information and the intended use of the domain name, and is used for quality verification by the registry as part of the pre-registration process.¶
Registrant: RFC8499 defines the registrant as "an individual or organization on whose behalf a name in a zone is registered by the registry. A registrant is created in the registry after a successful registration with the registrar.¶
AI/ML-Powered Domain Abuse Mitigation: This term encompasses the use of Artificial Intelligence (AI) and Machine Learning (ML) technologies within the top-level domain (TLD) industry to identify, prevent, and mitigate abusive domain registrations. These technologies are employed to detect and combat various forms of domain abuse, such as spam, phishing, malware distribution, and other malicious activities, ultimately enhancing the security and integrity of domain name space.¶
Quality Score: Define a quality score as the numeric value assigned to a pre-registration registrant based on the AI/ML analysis of their pre-registration data. Mention that higher scores indicate potentially abusive registrations.¶
EPP: RFC 5730: Extensible Provisioning Protocol (EPP) (rfc-editor.org)¶
This extension is designed to enhance the Extensible Provisioning Protocol (EPP) by introducing mechanisms for registrars to submit pre-registration information to the registry, thus enabling the verification of the quality of domain name registrations using advanced Artificial Intelligence and Machine Learning (AI/ML) techniques. The primary objectives of this extension are as follows:¶
Quality Assurance: To proactively assess the quality of domain name registrations and reduce the risk of abusive registrations within the top-level domain (TLD).¶
Enhanced Trust: To improve the overall quality of domain names within the TLD, promoting a safer and more trustworthy internet environment.¶
The extension integrates AI/ML techniques into the EPP framework, allowing the registry to analyze pre-registration data for signs of potential abuse. These techniques include data analysis, pattern recognition, and predictive modeling. The analysis results in a registrant quality score, which helps the registry make informed decisions regarding the acceptance or rejection of registration requests.¶
This extension introduces new EPP commands to facilitate pre-registration data submission and quality verification. The following commands are defined within the extension:
### "create" Command Extension
Command Name: "create" (Extended)
Purpose: To create a new domain registration while including additional XML elements for registrars to submit pre-registration data. Registrars can provide information such as the intended use of the domain and other relevant details.
XML Element: <pre-registration-data> - This element encapsulates the pre-registration data submitted by the registrar.
Usage: Registrars initiate the "create" command with the pre-registration data, which is then stored by the registry for later analysis.
### "verify" Command¶
Command Name: "verify" (New) Purpose: To trigger the quality verification process for pre-registration data that has been submitted. Registrars can initiate this command after an initial "create" request. XML Element: N/A Usage: After pre-registration data is submitted through the "create" command, registrars can use the "verify" command to request the registry's AI/ML analysis and obtain a registrant quality score.¶
To support these new EPP commands, the extension defines the XML schema elements necessary for encapsulating pre-registration data, ensuring interoperability between EPP clients and servers.¶
TBD¶
This section outlines the extension of the existing "create" EPP command to accommodate the pre-registration data submission and quality verification process. The extended "create" command enables registrars to provide additional information related to the intended use of the domain name, facilitating quality assurance within the top-level domain (TLD).¶
Command Name: "create" (Extended)¶
The extended "create" command serves the following purposes: - To create a new domain registration within the TLD. - To allow registrars to submit pre-registration data for quality verification. - To enhance the quality assurance process by providing registrars the opportunity to convey relevant information about the domain's intended use.¶
To enable registrars to submit pre-registration data, the "create" command is extended to include an optional XML element, <pre-registration-data>. This XML element is included within the "create" command's payload and encapsulates the pre-registration information provided by the registrar.¶
XML Element:¶
<pre-registration-data> (Optional)¶
Registrars initiate the extended "create" command in the following manner:¶
The registrar includes the <pre-registration-data> XML element within the "create" command when submitting a domain registration request.¶
The <pre-registration-data> element allows registrars to provide information related to the intended use of the domain, additional contact details, or any other relevant data.¶
Example "create" Command with Pre-Registration Data:¶
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<create>
<!-- Domain creation data -->
<domain:create>
<!-- Domain details -->
</domain:create>
<!-- Pre-Registration Data -->
<pre-registration-data>
<!-- Pre-registration information -->
</pre-registration-data>
</create>
</command>
</epp>
¶
The inclusion of the <pre-registration-data> element within the "create" command allows registries to participate in the quality assurance process and ensures that additional data relevant to the domain's use is considered prior its potentially abusive registration.¶
Extended "create" Command: The existing "create" command will be extended to include an optional XML element for registrars to submit pre-registration data. This will enable registrars to provide additional information related to the intended use of the domain name.¶
New "verify" Command: A new EPP command, "verify" will be introduced to trigger the quality verification process on the submitted pre-registration data. Registrars can use this command after the initial "create" request. It's important to note that the time to respond to the verify command is important to take in account, should be in the order of seconds and not minutes.¶
Command Flow: The process begins with a registrar initiating a "create" command with additional pre-registration data. The registry, upon receiving the request, stores the data for further analysis. Once the data is collected, the registrar can initiate the "verify" command to trigger the quality verification process, which results in the assignment of a quality score. By mapping the EPP verify commands to the new registration process, it demonstrate how the new extension fits into the existing EPP framework and how it can facilitate the pre-registration data submission and quality verification.¶
The command flow within the EPP protocol extension for pre-registration and quality verification is a series of interactions between the registrar and the registry. This section outlines the steps involved in submitting pre-registration data and initiating the quality verification process:¶
Step 1: Registrar Initiates "create" Command¶
The process begins when a registrar initiates a modified "create" command, extending the EPP protocol. This command is used to request the creation of a new domain registration.¶
Step 2: Registrar Includes Pre-Registration Data¶
Within the "create" command, the registrar includes the <pre-registration-data> XML element. This element encapsulates the pre-registration information, such as the intended use of the domain and any other relevant data.¶
Step 3: Registry Receives and Stores Pre-Registration Data¶
The registry, upon receiving the "create" command, stores the pre-registration data associated with the domain name in question. This data is queued for subsequent quality verification.¶
After pre-registration data is successfully submitted through the "create" command, the quality verification process can be initiated by the registrar. Here's how the flow continues:¶
Step 4: Registrar Initiates "verify" Command¶
After the pre-registration data has been stored, the registrar initiates the "verify" command, a new EPP command introduced by this extension.¶
Step 5: Registry Triggers Quality Verification¶
Upon receiving the "verify" command, the registry's system is triggered to initiate the quality verification process. This process involves AI/ML analysis of the pre-registration data.¶
Step 6: AI/ML Analysis and Quality Score Calculation¶
The registry's AI/ML algorithms analyze the pre-registration data to assess its quality. This analysis considers factors such as the nature of the registration, the intended use of the domain, and other relevant data. Based on the analysis, the system calculates a registrant quality score.¶
Step 7: Registry Provides Quality Score¶
The registry sends the registrant quality score as part of the "verify" command response to the registrar. The score indicates the perceived quality of the registration, with values ranging from 0 for non-abusive registrations to 100 for potentially abusive ones.¶
Step 8: Registrar Takes Action Based on Quality Score¶
Depending on the quality score received, the registrar can make informed decisions regarding the acceptance, rejection, or further review of the domain registration request.¶
This section provides a range of registrant quality scores with corresponding actionable actions for the proposed quality verification process, where 0 indicates a good registration and 100 signifies an absolutely malicious registration:¶
The registration is deemed absolutely malicious and poses a severe threat.¶
Clear evidence of fraudulent activity or malicious intent is present.¶
Reject the registration and take appropriate measures to prevent abuse.¶
These quality score ranges and associated actions provide guidance for registrars and registries in evaluating the legitimacy of domain registrations. The specific actions to be taken can vary depending on the policies and procedures of the TLD registry and the severity of the suspicions raised by the quality score.¶
TBD¶
This process has to be quick, if too slow a timer must be defined to mark the registration verification as incomplete, need a specific workflow¶
TODO Security¶
This document has no IANA actions.¶
TODO acknowledge.¶