icann logo
Appendix 1

Appendix 1 to Sponsored TLD Registry Agreement

Data Escrow Specification


This Appendix 1 to the Sponsored TLD Registry Agreement consists of four of the five exhibits to the Escrow Agreement that constitutes Appendix 2 to the Sponsored TLD Registry Agreement:

Exhibit A-Schedule for Escrow Deposits

Exhibit B-Escrow Deposit Format Specification

Exhibit C-Escrow Transfer Process

Exhibit D-Escrow Verification Procedures

The fifth exhibit (Exhibit E), which sets forth Escrow Agent's fees, is subject to negotiation between Registry and Escrow Agent.

Exhibit A
SCHEDULE FOR ESCROW DEPOSITS

Full Deposit Schedule

Full Deposits shall consist of data that reflects the state of the registry as of 0000 UTC on each Sunday. Pending transactions at that time (i.e. transactions that have not been committed to the Registry Database) shall not be reflected in the Full Deposit.

Full Deposits shall be made, according to the transfer process described in Exhibit C below, within a four-hour window beginning at 1200 UTC on the same Sunday.

Incremental Deposit Schedule

Incremental Deposits are cumulative since the last full escrow. Each incremental file will contain all database transactions since the full escrow file was completed.

Incremental Deposits shall be made, according to the transfer process described in Exhibit C below, within a four-hour window beginning at 1200 UTC on the day to which the Incremental Deposit relates.

Exhibit B
ESCROW DEPOSIT FORMAT SPECIFICATION

Each Full and Incremental Deposit consists of a series of reports that are concatenated in the escrow process.

Full Deposit Contents. The reports involved in a Full Deposit are:

Domain Object Report—This reports on the contents of all domain objects in the registry database.

Host Object Report—This reports on the contents of all host objects in the registry database.

Contact Object Report—This reports on the contents of all contact objects in the registry database.

Registrar Object Report—This reports on the contents of all registrar objects in the registry database.

Format of Reports. All reports are to be formatted in XML format. In compliance with the XML 1.0 specification, certain characters in the data must be escaped, as described in item 1 below. Each Report shall then be prepared according to the general XML format described in items 2 to 6 below. Item 2 describes the report container that is common to all reports. Items 3 to 6 describe the structure of the contents of the report container for each of the specific reports.

1. Escape-Character Requirements. In compliance with the XML 1.0 specification, in data escrowed using the XML format the following characters in any data elements must be replaced with the corresponding escape sequences listed here:

Character

Escape Sequence

"

"

&

&

'

'

<

&lt;

>

&gt

 

2. The Report Container. At its highest level, the XML format consists of an escrow container with header attributes followed by escrow data. The header attributes are required and include the version of escrow (1.0), the Sponsored TLD ("travel"), the report type (domain, host, contact or registrar), and data base-committed date and time as to which the escrow relates. The date and time of the escrow will be specified in UTC. The general format of the report container is as follows:

<?xml version="1.0" encoding='UTF-8' ?>
<!DOCTYPE escrow SYSTEM "whois-export.dtd" >
<escrow version="1.0" tld="travel" report="domain" date="26-Aug-2001 3:15:00AM">

{Here the report contains the actual data being escrowed. It contains one element for each object of the type (domain, host, contact or registrar) covered by the report. The specific format for each report is described in items 3 to 6 below.}

</escrow>

3. The Domain Element. The domain element has the property "fqdn" (the fully qualified name of the domain) and is a container consisting of the following elements:

a. status: The domain status code.

b. id: Unique identifier of the domain name

c. sponsoring registrar: An identification of the sponsoring registrar of the domain. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

d. authcode: authorization code.

e. UIN

f. created-on: The date/time the domain object was originally created.

g. created-by: An identification of the registrar that created the domain object. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

h. renewed-on: The date/time the domain was last renewed.

i. expires-on: The date the registration expires.

j. updated-by: An identification of the registrar that last updated the domain object. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

k. updated-on: The date/time the domain object was last updated.

l. transferred-on: The date/time when the domain object was last transferred.

m. host: Up to thirteen (13) host names that are nameservers for the domain to which the domain object relates.

n. contact-id: Multiple contact-ids that reference the contact records for this domain. Contact-id has the property "type" to denote the type of contact. "Type" can be one of: Registrant, Administrative, Technical, or Billing

An example domain container appears below:

<domain fqdn="example.travel">
  <id>AAA-0001</id>
  <status>ACTIVE</status>
  <sponsoring registrar>REG-042</owned-by>
  <authcode>AERO-1221</ens-authid>
  <created-on>1-Jul-2001 12:34:56AM</created-on>
  <created-by>REG-042</created-by>
  <renewed-on></renewed-on>
  <expires-on>1-Jul-2003</expires-on>
  <updated-by>42</updated-by>
  <updated-on>1-Jul-2001 12:34:56AM</updated-on>
  <transferred-on></transferred-on>
  <host>dns1.example.aero</host>
  <host>dns2.example.aero</host>
  <contact-id type="Registrant">PER-0001</contact-id>
  <contact-id type="Administrative">PER-0002</contact-id>
  <contact-id type="Technical">PER-0003</contact-id>
  <contact-id type="Billing">PER-0004</contact-id>
</domain>

4. The Host Element. The host element has the property "fqdn" (the fully qualified name of the host) and is a container consisting of the following elements:

a. id: Identifier of the host.

b. sponsoring registrar: An identification of the sponsoring registrar of the host. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

c. created-on: The date/time the host object was originally created.

d. updated-by: An identification of the registrar that last updated the host object. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

e. updated-on: The date/time the host object was last updated.

f. transferred-on: The date/time when the host object was last transferred.

g. ip-address: Any number of IP addresses associated with this host.

An example host container appears below:

<host fqdn="dns1.example.travel">
  <id>HST-0001</id>
  <sponsoring registrar>REG-042</owned-by>
  <created-on>1-Jul-2001 12:40:32AM</created-on>
  <updated-by>42</updated-by>
  <updated-on>1-Jul-2001 12:40:32AM</updated-on>
  <transferred-on></transferred-on>
  <ip-address>192.168.1.1</ip-address>
  <ip-address>192.168.122.1</ip-address>
</host>

5. The Contact Element. The contact element has the property "id" and is a container consisting of the following elements:

a. name: The name of the contact.

b. organization: The organization for the contact.

c. street1: The first part of the street address of the contact.

d. street2: The second part of the street address of the contact.

e. street3: The third part of the street address of the contact.

f. city: The name of the city of the contact.

g. state-province: The name of the state/province of the contact.

h. postal-code: The postal/zip code of the contact.

i. country: The two letter ISO 3166 code for the contact's country.

j. voice: The voice phone number of the contact in E164a format.

k. fax: The fax number of the contact in E164a format.

l. email: The e-mail address of the contact.

m. sponsoring registrar: An identification of the sponsoring registrar of the contact. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

n. created-by: An identification of the registrar that created the contact object. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

o. created-on: The date/time the contact object was originally created.

p. updated-by: An identification of the registrar that last updated the contact object. The sponsoring registrar is designated by a number uniquely assigned by the IANA.

q. updated-on: The date/time the contact object was last updated.

r. transferred-on: The date/time when the contact object was last transferred.

s. status: Contact status.

An example contact container appears below:

<contact id="1">
  <name>John Doe</name>
  <organization>aol</organization>
  <street1>1234 East 11th Street</street1>
  <street2></street2>
  <street3></street3>
  <city>New York</city>
  <state-province>NY</state-province>
  <postal-code>12345</postal-code>
  <country>US</country>
  <voice>+212.1234567</voice>
  <fax>+212.1234568</fax>
  <email>jdoe@example.travel</email>
  <sponsoring registrar>42</owned-by>
  <created-by>REG-042</created-by>
  <created-on>1-Jul-2001 12:42:22AM</created-on>
  <updated-by>42</updated-by>
  <updated-on>1-Jul-2001 12:42:22AM</updated-on>
  <transferred-on></transferred-on>
  <status>ACTIVE</status>
</contact>

6. The Registrar Element. The registrar element has the property "id" and is a container consisting of the following elements:

a. name: The name of the registrar.

b. status: The registrar status code.

c. contact-id: Any number of contact-id associated with this registrar. Contact-id has the property "type" to denote the type of contact. "Type" can be one of: Registrar, Administrative, Technical or Billing

An example registrar container appears below:

<registrar id="REG-042">
  <password>registrarrus</password>
  <name>Registrar R Us</name>
  <status>ACTIVE</status>
  <contact-id type="Registrar">PER-0009</contact-id>
  <contact-id type="Administrative">PER-0010</contact-id>
  <contact-id type="Administrative">PER-0011</contact-id>
  <contact-id type="Technical">PER-0012</contact-id>
  <contact-id type="Technical">PER-0013</contact-id>
  <contact-id type="Billing">PER-0014</contact-id>
</registrar>

Exhibit C
ESCROW TRANSFER PROCESS

Deposit Transfer Process. Registry Operator shall prepare and transfer the Deposit file by the following steps, in sequence:

1. The Reports making up the Deposit will first be created according to the format specification. (See Exhibit B above, "Escrow Deposit Format Specification").

2. The Reports making up the Deposit will be concatenated. The resulting file shall be named according to the following format: "aeroSEQN", where "SEQN" is a four digit decimal number that is incremented as each report is prepared.

3. Next, the Deposit file will be processed by a program (provided by ICANN) that will verify that it complies with the format specification and contains reports of the same date/time (for a Full Deposit), count the number of objects of the various types in the Deposit, and append to the file a report of the program's results.

4. Registry Operator may optionally split the resulting file using the Unix SPLIT command (or equivalent) to produce files no less than 1 GB each (except the final file). If Deposit files are split, a .MDS file (produced with MDSSUM or equivalent) must be included with the split files to isolate errors in case of transfer fault.

5. The Deposit file(s) will then be encrypted using Escrow Agent's public key for PGP and signed using Registry Operator's private key for PGP, both version 6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note that PGP compresses the Deposit file(s) in addition to encrypting it (them).)

The formatted, encrypted and signed Deposit file(s) will be sent, by anonymous file transfer, to Escrow Agent's ftp server within the specified time window.

Exhibit D
ESCROW VERIFICATION PROCEDURES

Verification Procedures. Escrow Agent will verify the format and completeness of each Deposit by the following steps:

1. At the conclusion of the deposit window, all Deposit files will be moved to a not-publicly-accessible directory and the existence and size of each will be noted.

2. Each Deposit file will be decrypted using Escrow Agent's private key for PGP and authenticated using Registry Operator's public key for PGP. (In this step, PGP will also automatically decompress the escrow file).

3. If there are multiple files, they will be concatenated in sequence.

4. Escrow Agent will run a program (to be supplied by ICANN) on the Deposit file (without report) that will split it in to its constituent reports (including the format report prepared by the Registry Operator and appended to the Deposit) check its format, count the number of objects of each type, and verify that the data set is internally consistent. This program will compare its results with the results of the Registry-generated format report, and will generate a Deposit format and completeness report. The program will encrypt the report using ICANN's public key for PGP and signed using Escrow Agent's private key for PGP, both versions 6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note that PGP compresses the Deposit file(s) in addition to encrypting it (them).)

5. The decrypted Deposit file will be destroyed to reduce likelihood of data loss to intruders in case of partial security failure.

Distribution Of Public Keys. Each of Registry Operator and Escrow Agent will distribute its public key to the other party (Registry Operator or Escrow Agent, as the case may be) via email to an email address to be specified. Each party will confirm receipt of the other party's public key with a reply email, and the distributing party will subsequently reconfirm the authenticity of the key transmitted. In this way, public key transmission is authenticated to a user able to send and receive mail via a mail server operated by the distributing party. Escrow Agent, Registry and ICANN shall exchange keys by the same procedure.