RFC 9361: ICANN Trademark Clearinghouse (TMCH) Functional Specifications
- G. Lozano
Abstract
This document describes the requirements, the architecture, and the interfaces between the ICANN Trademark Clearinghouse (TMCH) and Domain Name Registries, as well as between the ICANN TMCH and Domain Name Registrars for the provisioning and management of domain names during Sunrise and Trademark Claims Periods.¶
Status of This Memo
This document is not an Internet Standards Track specification; it is published for informational purposes.¶
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841.¶
Information about the current status of this document, any
errata, and how to provide feedback on it may be obtained at
https://
Copyright Notice
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://
1. Introduction
Domain Name Registries may operate in special modes for certain periods of time, enabling Trademark Holders to protect their rights during the introduction of a Top-Level Domain (TLD).¶
Along with the introduction of new generic TLDs (gTLDs), two special modes came into effect:¶
This document describes the requirements, the architecture, and the interfaces between the ICANN TMCH and Domain Name Registries (called "Registries" in the rest of the document), as well as between the ICANN TMCH and Domain Name Registrars (called "Registrars" in the rest of the document) for the provisioning and management of domain names during Sunrise and Trademark Claims Periods.¶
For any date and/or time indications, Coordinated Universal Time (UTC) applies.¶
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
XML is case sensitive. Unless stated otherwise, XML specifications and examples provided in this document MUST be interpreted in the character case presented in order to develop a conforming implementation.¶
"tmNotice-1.0" is used as an abbreviation for
"urn
Extensible Markup Language (XML) 1.0, as described in [W3C
3. Glossary
In the following section, the most common terms are briefly explained:¶
- Backend Registry Operator:
- An entity that manages (a part of) the technical infrastructure for a Registry Operator. The Registry Operator may also be the Backend Registry Operator.¶
- CA:
- Certification Authority. See [RFC5280].¶
- CNIS:
- Claims Notice Information Service. This service provides Trademark Claims Notices (TCNs) to Registrars.¶
- CRC32:
- Cyclic Redundancy Check. This algorithm is used in the ISO 3309 standard and in Section 8.1.1.6.2 of ITU-T recommendation V.42.¶
- CRL:
- Certificate Revocation List. See [RFC5280].¶
- CSV:
- Comma-Separated Values. See [RFC4180].¶
- datetime:
- Date and time. The date and time are specified following the standard specification "Date and Time on the Internet: Timestamps". See [RFC3339].¶
- DN:
- Domain Name. See [RFC8499].¶
- DNL:
- Domain Name Label. The DNL is an A-label or a Non-Reserved LDH (NR-LDH) label. See [RFC5890].¶
- DNL List:
- A list of DNLs that are covered by a PRM.¶
- DNROID:
- DN Repository Object IDentifier. This identifier is assigned by the Registry to each DN object that unequivocally identifies said DN object. For example, if a new DN object is created for a name that existed in the past, the DN objects will have different DNROIDs.¶
- DNS:
- Domain Name System. See [RFC8499].¶
- Effective Allocation:
- A DN is considered effectively allocated when the DN object for the DN has been created in the SRS of the Registry and has been assigned to the effective user. A DN object in status "pendingCreate" or any other status that precedes the first time a DN is assigned to an end user is not considered an effective allocation. A DN object created internally by the Registry for subsequent delegation to another Registrant is not considered an effective allocation.¶
- EPP:
- Extensible Provisioning Protocol. See [RFC8499].¶
- FQDN:
- Fully Qualified Domain Name. See [RFC8499].¶
- HTTP:
- Hypertext Transfer Protocol. See [RFC9110].¶
- HTTPS:
- HTTP over TLS (Transport Layer Security). See [RFC9110].¶
- ICANN TMCH:
- A central repository for information to be authenticated, stored, and disseminated, pertaining to the rights of TMHs. The ICANN TMCH is split into two functions: TMV and TMDB (see below). There could be several entities performing the TMV function but only one entity performing the TMDB function.¶
- ICANN TMCH-CA:
- The Certification Authority (CA) for the ICANN TMCH. This CA is operated by ICANN. The public key for this CA is the trust anchor used to validate the identity of each TMV.¶
- IDN:
- Internationalize
d Domain Name. See [RFC8499].¶ - Lookup Key:
- A random string of up to 51 characters from the set [a-zA-Z0-9/] to be used as the lookup key by Registrars to obtain the TCN using the CNIS. Lookup keys are unique and are related to one DNL only.¶
- LORDN:
- List of Registered Domain Names. This is the list of effectively allocated DNs matching a DNL of a PRM. Registries will upload this list to the TMDB (during the NORDN process).¶
- Matching Rules:
- Some trademarks entitled to inclusion
in the TMDB include characters that are impermissible
in the DNS as a DNL. The TMV changes (using the ICANN TMCH Matching Rules [MatchingRules])
certain DNS
-impermissible characters in a trademark into DNS-permissible equivalent characters.¶ - NORDN:
- Notification of Registered Domain Names. This is the process by which Registries upload their recent LORDN to the TMDB.¶
- PGP:
- Pretty Good Privacy. See [RFC4880].¶
- PKI:
- Public Key Infrastructure. See [RFC5280].¶
- PRM:
- Pre-Registered Mark. A mark that has been pre-registered with the ICANN TMCH.¶
- QLP Period:
- Qualified Launch Program Period. During this optional period, a special process applies to DNs matching the Sunrise List (SURL) and/or the DNL List to ensure that TMHs are informed of a DN matching their PRM.¶
- Registrant:
- See the definition of Registrant in [RFC8499].¶
- Registrar:
- Domain Name Registrar. See [RFC8499].¶
- Registry:
- Domain Name Registry, Registry Operator. See [RFC8499]. A Registry Operator is the contracting party with ICANN for the TLD.¶
- SMD:
- Signed Mark Data. A cryptographical
ly signed token issued by the TMV to the TMH to be used in the Sunrise Period to apply for a DN that matches a DNL of a PRM. See [RFC7848]. An SMD generated by an ICANN-approved Trademark Validator (TMV) contains both the signed token and the TMV's PKIX certificate.¶ - SMD File:
- A file containing the SMD (see above) and some human-readable data. The latter is usually ignored in the processing of the SMD File. See Section 6.4.¶
- SMD Revocation List:
- The SMD Revocation List is used by Registries (and optionally by Registrars) during the Sunrise Period to ensure that an SMD is still valid (i.e., not revoked). The SMD Revocation List has a similar function as CRLs used in PKI.¶
- SRS:
- Shared Registration System. See [ICANN
-GTLD ].¶-AGB -20120604 - Sunrise Period:
- During this period, DNs matching a DNL of a PRM can be exclusively obtained by the respective TMHs. For DNs matching a PRM, a special process applies to ensure that TMHs are informed on the effective allocation of a DN matching their PRM.¶
- SURL:
- Sunrise List. The list of DNLs that are covered by a PRM and are eligible for Sunrise.¶
- TCN:
- Trademark Claims Notice, Claims Notice, Trademark Notice. A Trademark Claims Notice consists of one or more Trademark Claims and is provided to prospective Registrants of DNs.¶
- TCNID:
- Trademark Claims Notice Identifier. An element of the Trademark Claims Notice (see above), identifying said TCN. The Trademark Claims Notice Identifier is specified in the element <tmNotice:id>.¶
- TLD:
- Top-Level Domain Name. See [RFC8499].¶
- TMDB:
- Trademark Clearinghouse Database. This serves as a database of the ICANN TMCH to provide information to the gTLD Registries and Registrars to support Sunrise or Trademark Claims services. There is only one TMDB in the ICANN TMCH that concentrates the information about the "verified" trademark records from the TMVs.¶
- TMH:
- Trademark Holder. The person or organization owning rights on a mark.¶
- TMV:
- Trademark Validator, Trademark Validation organization. An entity authorized by ICANN to authenticate and validate registrations in the TMDB, ensuring the marks qualify as registered, are court-validated marks, or are protected by statute or treaty. This entity would also be asked to ensure that proof of use of marks is provided, which can be demonstrated by furnishing a signed declaration and one specimen of current use.¶
- Trademark, Mark:
- Marks are used to claim exclusive properties of products or services. A mark is typically a name, word, phrase, logo, symbol, design, image, or a combination of these elements. For the scope of this document, only textual marks are relevant.¶
- Trademark Claims, Claims:
- Provides information to enhance the understanding of the trademark rights being claimed by the TMH.¶
- Trademark Claims Period:
- During this period, a special process applies to DNs matching the DNL List to ensure that TMHs are informed of a DN matching their PRM. For DNs matching the DNL List, Registrars show a TCN to prospective Registrants that has to be acknowledged before effective allocation of the DN.¶
- UTC:
- Coordinated Universal Time. This is maintained by the Bureau International des Poids et Mesures (BIPM). See [RFC3339].¶
4. Architecture
4.1. Sunrise Period
Figure 1 depicts the architecture of the Sunrise Period, including all the actors and interfaces.¶
4.2. Trademark Claims Period
Figure 2 depicts the architecture of the Trademark Claims Period, including all the actors and interfaces.¶
4.3. Interfaces
The subsections below contain short descriptions of each interface to provide an overview of the architecture. More detailed descriptions of the relevant interfaces are in Section 5.¶
4.3.1. hv
The TMH registers a mark with a TMV via the hv interface.¶
After successful registration of the mark, the TMV makes a Signed Mark Data (SMD) File available (see Section 6.4) to the TMH to be used during the Sunrise Period.¶
The specifics of the hv interface are beyond the scope of this document.¶
4.3.2. vd
After successful registration of the mark, the TMV ensures the TMDB inserts the corresponding DNLs and marks information into the database via the vd interface.¶
The specifics of the vd interface are beyond the scope of this document.¶
4.3.3. dy
During the Trademark Claims Period, the Registry fetches the latest DNL List from the TMDB via the dy interface at regular intervals. The protocol used on the dy interface is HTTPS.¶
This interface is not relevant during the Sunrise Period.¶
4.3.4. tr
The Registrant communicates with the Registrar via the tr interface.¶
The specifics of the tr interface are beyond the scope of this document.¶
4.3.5. ry
The Registrar communicates with the Registry via the ry interface. The ry interfaces are typically implemented in EPP.¶
4.3.6. dr
During the Trademark Claims Period, the Registrar fetches the TCN from the TMDB (to be displayed to the Registrant via the tr interface) via the dr interface. The protocol used for fetching the TCN is HTTPS.¶
This interface is not relevant during the Sunrise Period.¶
4.3.7. yd
During the Sunrise Period, the Registry notifies the TMDB via the yd interface of all DNs effectively allocated.¶
During the Trademark Claims Period, the Registry notifies the TMDB via the yd interface of all DNs effectively allocated that matched an entry in the DNL List that the Registry previously downloaded during the creation of the DN.¶
The protocol used on the yd interface is HTTPS.¶
4.3.8. dv
The TMDB notifies the TMV via the dv interface of all effectively allocated DNs that match a mark registered by that TMV.¶
The specifics of the dv interface are beyond the scope of this document.¶
4.3.9. vh
The TMV notifies the TMH via the vh interface after an effectively allocated DN matches a PRM of this THM.¶
The specifics of the vh interface are beyond the scope of this document.¶
4.3.10. vs
The TMV requests to add revoked SMDs to the SMD Revocation List at the TMDB.¶
The specifics of the vs interface are beyond the scope of this document.¶
This interface is not relevant during the Trademark Claims Period.¶
4.3.11. sy
During the Sunrise Period, the Registry fetches the most recent SMD Revocation List from the TMDB via the sy interface in regular intervals. The protocol used on the sy interface is HTTPS.¶
This interface is not relevant during the Trademark Claims Period.¶
4.3.12. sr
During the Sunrise Period, the Registrar may fetch the most recent SMD Revocation List from the TMDB via the sr interface. The protocol used on the sr interface is the same as on the sy interface (see above), i.e., HTTPS.¶
This interface is not relevant during the Trademark Claims Period.¶
4.3.13. vc
The TMV registers its public key and requests to revoke an existing key with the ICANN TMCH-CA over the vc interface.¶
The specifics of the vc interface are beyond the scope of this document, but it involves personal communication between the operators of the TMV and the operators of the ICANN TMCH-CA.¶
This interface is not relevant during the Trademark Claims Period.¶
4.3.14. cy
During the Sunrise Period, the Registry fetches the most recent TMV CRL file from the ICANN TMCH-CA via the cy interface at regular intervals. The TMV CRL is used for validation of TMV certificates. The protocol used on the cy interface is HTTPS.¶
This interface is not relevant during the Trademark Claims Period.¶
4.3.15. cr
During the Sunrise Period, the Registrar optionally fetches the most recent TMV CRL file from the ICANN TMCH-CA via the cr interface at regular intervals. The TMV CRL is used for validation of TMV certificates. The protocol used on the cr interface is HTTPS.¶
This interface is not relevant during the Trademark Claims Period.¶
5. Process Descriptions
5.1. Bootstrapping
5.1.1. Bootstrapping for Registries
5.1.1.1. Credentials
Each Registry Operator will receive authentication credentials from the TMDB to be used:¶
Note: Credentials are created per TLD and provided to the Registry Operator.¶
5.1.1.2. IP Addresses for Access Control
Each Registry Operator MUST provide the TMDB with all IP addresses, which will be used to:¶
This access restriction MAY be applied by the TMDB in addition to HTTP Basic access authentication (see [RFC7617]). For credentials to be used, see Section 5.1.1.1.¶
The TMDB MAY limit the number of IP addresses to be accepted per Registry Operator.¶
5.1.1.3. ICANN TMCH Trust Anchor
Each Registry Operator MUST fetch the PKIX certificate [RFC5280] of
the ICANN TMCH-CA (Trust Anchor) from
<https://
5.1.1.4. TMDB PGP Key
The TMDB MUST provide each Registry Operator with the public portion of the PGP Key used by the TMDB, which is to be used:¶
5.1.2. Bootstrapping for Registrars
5.1.2.1. Credentials
Each ICANN
5.1.2.2. IP Addresses for Access Control
Each Registrar MUST provide the TMDB with all IP addresses, which will be used to:¶
This access restriction MAY be applied by the TMDB in addition to HTTP Basic access authentication (for credentials to be used, see Section 5.1.2.1).¶
The TMDB MAY limit the number of IP addresses to be accepted per Registrar.¶
5.1.2.3. ICANN TMCH Trust Anchor
Registrars MAY fetch the PKIX certificate of
the ICANN TMCH-CA (Trust Anchor) from
<https://
5.1.2.4. TMDB PGP Key
Registrars MUST receive the public portion of the PGP Key used by TMDB from the TMDB administrator to be used:¶
5.2. Sunrise Period
5.2.1. Domain Name Registration
Figure 3 represents a synchronous DN registration workflow (usually called first come first served).¶
5.2.2. Sunrise Domain Name Registration by Registries
Registries MUST perform a minimum set of checks for verifying each DN registration during the Sunrise Period upon reception of a registration request over the ry interface (Section 4.3.5). If any of these checks fail, the Registry MUST abort the registration. Each of these checks MUST be performed before the DN is effectively allocated.¶
In case of asynchronous registrations (e.g., auctions), the minimum set of checks MAY be performed when creating the intermediate object (e.g., a DN application) used for DN registration. If the minimum set of checks is performed when creating the intermediate object (e.g., a DN application), a Registry MAY effectively allocate the DN without performing the minimum set of checks again.¶
Performing the minimum set of checks, Registries MUST verify that:¶
These procedures apply to all DN effective allocations at the second level, as well as to all other levels subordinate to the TLD that the Registry accepts registrations for.¶
5.2.3. TMDB Sunrise Services for Registries
5.2.3.1. SMD Revocation List
A new SMD Revocation List MUST be published by the TMDB twice a day, by 00:00:00 and 12:00:00 UTC.¶
Registries MUST refresh the latest version of the SMD Revocation List at least once every 24 hours.¶
Note: The SMD Revocation List will be the same regardless of the TLD. If a Backend Registry Operator manages the infrastructure of several TLDs, the Backend Registry Operator could refresh the SMD Revocation List once every 24 hours, and the SMD Revocation List could be used for all the TLDs managed by the Backend Registry Operator.¶
Figure 4 depicts the process of downloading the latest SMD Revocation List initiated by the Registry.¶
5.2.3.2. TMV Certificate Revocation List (CRL)
Registries MUST refresh their local copy of the TMV CRL file at least once every 24 hours using the CRL distribution point specified in the TMV certificate.¶
Operationally, the TMV CRL file and CRL distribution point
are the same for all TMVs and (at publication of this
document) are located at
<http://
Note: The TMV CRL file will be the same regardless of the TLD. If a Backend Registry Operator manages the infrastructure of several TLDs, the Backend Registry Operator could refresh the TMV CRL file once every 24 hours, and the TMV CRL file could be used for all the TLDs managed by the Backend Registry Operator.¶
Figure 5 depicts the process of downloading the latest TMV CRL file initiated by the Registry.¶
5.2.3.3. Notice of Registered Domain Names (NORDN)
The Registry MUST send a LORDN file containing DNs effectively allocated to the TMDB (over the yd interface; see Section 4.3.7).¶
The effective allocation of a DN MUST be reported by the Registry to the TMDB within 26 hours of the effective allocation of such DN.¶
The Registry MUST create and upload a LORDN file in case there are effective allocations in the SRS that have not been successfully reported to the TMDB in a previous LORDN file.¶
Based on the timers used by TMVs and the TMDB, the RECOMMENDED maximum frequency to upload LORDN files from the Registries to the TMDB is every 3 hours.¶
It is RECOMMENDED that Registries try to upload at least two LORDN files per day to the TMDB, with enough time in between, in order to have time to fix problems reported in the LORDN file.¶
The Registry SHOULD upload a LORDN file only when the previous LORDN file has been processed by the TMDB and the related LORDN Log file has been downloaded and processed by the Registry.¶
The Registry MUST upload LORDN files for DNs that are effectively allocated during the Sunrise or Trademark Claims Periods (same applies to DNs that are effectively allocated using applications created during the Sunrise or Trademark Claims Periods in case of using asynchronous registrations).¶
The yd interface (Section 4.3.7) MUST support at least one (1) and MAY support up to ten (10) concurrent connections from each IP address registered by a Registry Operator to access the service.¶
The TMDB MUST process each uploaded LORDN file and make the related log file available for Registry download within 30 minutes of the finalization of the upload.¶
Figure 6 depicts the process to notify the TMH of Registered Domain Names.¶
The format used for the LORDN is described in Section 6.3.¶
5.2.4. Sunrise Domain Name Registration by Registrars
Registrars MAY choose to perform the checks for verifying DN registrations, as performed by the Registries (see Section 5.2.2) before sending the command to register a DN.¶
5.2.5. TMDB Sunrise Services for Registrars
The processes described in Sections 5.2.3.1 and 5.2.3.2 are also available for Registrars to optionally validate the SMDs received.¶
5.3. Trademark Claims Period
5.3.1. Domain Registration
Figure 7 represents a synchronous DN registration workflow (usually called first come first served).¶
5.3.2. Trademark Claims Domain Name Registration by Registries
During the Trademark Claims Period, Registries perform two main functions:¶
In the following instances, a minimum set of checks are described:¶
These procedures apply to all DN registrations at the second level, as well as to all other levels subordinate to the TLD that the Registry accepts registrations for.¶
5.3.3. TMDB Trademark Claims Services for Registries
5.3.3.1. Domain Name Label (DNL) List
A new DNL List MUST be published by the TMDB twice a day, by 00:00:00 and 12:00:00 UTC.¶
Registries MUST refresh the latest version of the DNL List at least once every 24 hours.¶
Figure 8 depicts the process of downloading the latest DNL List initiated by the Registry.¶
Note: The DNL List will be the same regardless of the TLD. If a Backend Registry Operator manages the infrastructure of several TLDs, the Backend Registry Operator could refresh the DNL List once every 24 hours, and the DNL List could be used for all the TLDs managed by the Backend Registry Operator.¶
5.3.3.2. Notice of Registered Domain Names (NORDN)
The NORDN process during the Trademark Claims Period is almost the same as during the Sunrise Period, as defined in Section 5.2.3.3; the difference is that only registrations subject to a Trademark Claim (i.e., at registration time, the name appeared in the current DNL List downloaded by the Registry Operator) are included in the LORDN.¶
5.3.4. Trademark Claims Domain Name Registration by Registrars
For each DN matching a DNL of a PRM, Registrars MUST perform the following steps:¶
Currently, TCNs are generated twice a day by the TMDB.
The expiration date
Registrars SHOULD implement a cache of TCNs to
minimize the number of queries sent to the TMDB.
A cached TCN MUST be removed from the cache after
the expiration date of the TCN, as defined by
<tm
The TMDB MAY implement rate limiting as one of the protection mechanisms to mitigate the risk of performance degradation.¶
5.3.5. TMDB Trademark Claims Services for Registrars
5.3.5.1. Claims Notice Information Service (CNIS)
The TCNs are provided by the TMDB online and are fetched by the Registrar via the dr interface (Section 4.3.6).¶
To get access to the TCNs, the Registrar needs the credentials provided by the TMDB (Section 5.1.2.1) and the lookup key received from the Registry via the ry interface (Section 4.3.5). The dr interface (Section 4.3.6) uses HTTPS with Basic access authentication.¶
The dr interface (Section 4.3.6) MAY support up to ten (10) concurrent connections from each Registrar.¶
The URL of the dr interface (Section 4.3.6) is:¶
https://
Note that the "lookupkey" may contain slash characters ("/"). The slash character is part of the URL path and MUST NOT be escaped when requesting the TCN.¶
The TLS certificate (HTTPS) used on the dr interface (Section 4.3.6) MUST be signed by a well-know public CA. Registrars MUST perform the certification path validation described in Section 6 of [RFC5280]. Registrars will be authenticated in the dr interface using HTTP Basic access authentication. The dr interface (Section 4.3.6) MUST support HTTPS keep-alive and MUST maintain the connection for up to 30 minutes.¶
5.4. Qualified Launch Program (QLP) Period
5.4.1. Domain Registration
During the OPTIONAL Qualified Launch Program (QLP) Period (see [QLP-Addendum]), effective allocations of DNs to third parties could require that Registries and Registrars provide Sunrise and/or Trademark Claims services. If required, Registries and Registrars MUST provide Sunrise and/or Trademark Claims services, as described in Sections 5.2 and 5.3.¶
The effective allocation scenarios are as follows:¶
The following table lists all the effective allocation scenarios during a QLP Period:¶
The TMDB MUST provide the following services to Registries during a QLP Period:¶
The TMDB MUST provide the following services to Registrars during a QLP Period:¶
5.4.2. TMDB QLP Services for Registries
5.4.2.1. Sunrise List (SURL)
A new SURL MUST be published by the TMDB twice a day, by 00:00:00 and 12:00:00 UTC.¶
Registries offering the OPTIONAL QLP Period MUST refresh the latest version of the SURL at least once every 24 hours.¶
Figure 9 depicts the process of downloading the latest SURL initiated by the Registry.¶
Note: The SURL will be the same regardless of the TLD. If a Backend Registry Operator manages the infrastructure of several TLDs, the Backend Registry Operator could refresh the SURL once every 24 hours, and the SURL could be used for all the TLDs managed by the Backend Registry Operator.¶
6. Data Format Descriptions
6.1. Domain Name Label (DNL) List
This section defines the format of the list containing every DNL that matches a Pre-Registered Mark (PRM). The list is maintained by the TMDB and downloaded by Registries in regular intervals (see Section 5.3.3.1). The Registries use the DNL List during the Trademark Claims Period to check whether a requested DN matches a DNL of a PRM.¶
The DNL List contains all the DNLs covered by a PRM present in the TMDB at the datetime that the DNL List is generated.¶
The DNL List is contained in a CSV-formatted file that has the following structure:¶
Example of a DNL list:¶
To provide authentication and integrity protection, the DNL List will be PGP [RFC4880] signed by the TMDB (see Section 5.1.1.4). The PGP signature of the DNL List can be found in the similar URI but with extension .sig, as shown below.¶
The URLs of the dy interface (Section 4.3.3) are:¶
6.2. SMD Revocation List
This section defines the format of the list of SMDs that have been revoked. The list is maintained by the TMDB and downloaded by Registries (and optionally by Registrars) in regular intervals (see Section 5.2.3.1). The SMD Revocation List is used during the Sunrise Period to validate SMDs received. The SMD Revocation List has a similar function as CRLs used in PKI [RFC5280].¶
The SMD Revocation List contains all the revoked SMDs present in the TMDB at the datetime it is generated.¶
The SMD Revocation List is contained in a CSV-formatted file that has the following structure:¶
To provide integrity protection, the SMD Revocation List is PGP signed by the TMDB (see Section 5.1.1.4). The SMD Revocation List is provided by the TMDB with extension .csv. The PGP signature of the SMD Revocation List can be found in the similar URI but with extension .sig, as shown below.¶
The URLs of the sr interface (Section 4.3.12) and sy interface (Section 4.3.11) are:¶
Example of an SMD Revocation List:¶
6.3. List of Registered Domain Names (LORDN) File
This section defines the format of the List of Registered Domain Names (LORDN), which is maintained by each Registry and uploaded at least daily to the TMDB. Every time there is a DN matching a DNL of a PRM, said DN is added to the LORDN, along with further information related to its registration.¶
The URIs of the yd interface (Section 4.3.7) used to upload the LORDN file are:¶
During a QLP Period, Registries MAY be required to upload Sunrise or Trademark Claims LORDN files. The URIs of the yd interface used to upload LORDN files during a QLP Period are:¶
The yd interface (Section 4.3.7) returns the following HTTP status codes after an HTTP POST request method is received:¶
For example, to upload the Sunrise LORDN file for TLD "example", the URI would be:¶
https://
The LORDN is contained in a CSV-formatted file that has the following structure:¶
6.3.1. LORDN Log File
After reception of the LORDN file, the TMDB verifies its content for syntactical and semantic correctness. The output of the LORDN file verification is retrieved using the yd interface (Section 4.3.7).¶
The URIs of the yd interface (Section 4.3.7) used to retrieve the LORDN Log file are:¶
A Registry Operator MUST NOT send more than one request per minute per TLD to download a LORDN Log file.¶
The yd interface (Section 4.3.7) returns the following HTTP status codes after an HTTP GET request method is received:¶
For example, to obtain the LORDN Log file in case of a Sunrise LORDN file with LORDN Transaction Identifier 000000000000000
https://
The LORDN Log file is contained in a CSV-formatted file that has the following structure:¶
Example of a LORDN Log file:¶
6.3.1.1. LORDN Log Result Codes
The classes of result codes (rc) are listed below. The classes in square brackets are not used at this time but may come into use at some later stage. The first two digits of a result code denote the result code class, which defines the outcome at the TMDB:¶
In cases where a DN line is processed and the error result code is 45xx or 46xx, the LORDN file MUST be rejected by the TMDB. If the LORDN file is rejected, DN Lines that are syntactically valid will be reported with a 2001 result code. A 2001 result code means that the DN Line is syntactically valid; however, the DN Line was not processed because the LORDN file was rejected. All DNs reported in a rejected LORDN file MUST be reported again by the Registry because none of the DN Lines present in the LORDN file have been processed by the TMDB.¶
LORDN Log Result Code Classes:¶
In Table 3, the LORDN Log result codes used by the TMDB are described.¶
6.4. Signed Mark Data (SMD) File
This section defines the format of the SMD File. After a successful registration of a mark, the TMV returns an SMD File to the TMH. The SMD File can then be used for registration of one or more DNs covered by the PRM during the Sunrise Period of a TLD.¶
Two encapsulation boundaries are defined for delimiting the encapsulated base64-encoded SMD: "-----BEGIN ENCODED SMD-----" and "-----END ENCODED SMD-----". Only data inside the encapsulation boundaries MUST be used by Registries and Registrars for validation purposes, i.e., any data outside these boundaries as well as the boundaries themselves MUST be ignored for validation purposes.¶
The structure of the SMD File is as follows. All the elements are REQUIRED and MUST appear in the specified order.¶
Example of an SMD file:¶
6.5. Trademark Claims Notice (TCN)
The TMDB MUST provide the TCN to Registrars in XML format, as specified below.¶
The enclosing element <tm
The child elements of the <tm
Example of a <tm
For the formal syntax of the TCN, please refer to Section 7.1.¶
6.6. Sunrise List (SURL)
This section defines the format of the list containing every DNL that matches a PRM eligible for Sunrise. The list is maintained by the TMDB and downloaded by Registries in regular intervals (see Section 5.4.2.1). The Registries use the Sunrise List during the QLP Period to check whether a requested DN matches a DNL of a PRM eligible for Sunrise.¶
The Sunrise List contains all the DNLs covered by a PRM eligible for Sunrise that are present in the TMDB at the datetime it is generated.¶
The Sunrise List is contained in a CSV-formatted file that has the following structure:¶
Example of a Sunrise List:¶
To provide authentication and integrity protection, the Sunrise List will be PGP signed by the TMDB (see Section 5.1.1.4). The PGP signature of the Sunrise List can be found in the similar URI but with extension .sig, as shown below.¶
The URLs of the dy interface (Section 4.3.3) are:¶
7. Formal Syntax
7.1. Trademark Claims Notice (TCN)
The schema presented here is for a Trademark Claims Notice.¶
The CODE BEGINS and CODE ENDS tags are not part of the schema; they are used to note the beginning and ending of the schema for URI registration purposes.¶
8. IANA Considerations
The code point assigned in support of this document is taken from the wrong point in the registration tree. Unfortunately, the code point has already been deployed in the field without following the proper registration review process. The designated experts for the registry have considered the issues that correcting this action would cause for deployed implementations and have consented to the continued use of the code point.¶
This document uses URNs to describe XML namespaces and XML schemas conforming to a registry mechanism described in [RFC3688]. IANA has registered two URI assignments as follows.¶
Trademark Claims Notice namespace:¶
- URI:
- urn
:ietf :params :xml :ns :tm Notice -1 .0¶ - Registrant Contact:
- IETF <iesg@ietf.org> and ICANN <globalsupport
@icann .org>¶ - XML:
- None. Namespace URIs do not represent an XML specification.¶
- Note:
- Note that this assignment is made from the wrong point in
the tree in order to be consistent with deployed
implementations
.¶
Trademark Claims Notice XML schema:¶
- URI:
- urn
:ietf :params :xml :schema :tm Notice -1 .0¶ - Registrant Contact:
- IETF <iesg@ietf.org> and ICANN <globalsupport
@icann .org>¶ - XML:
- See Section 7.1 of RFC 9361.¶
- Note:
- Note that this assignment is made from the wrong point in
the tree in order to be consistent with deployed
implementations
.¶
9. Security Considerations
This specification uses HTTP Basic Authentication to provide a simple application
The TMDB MUST provide credentials to the appropriate Registries and Registrars.¶
The TMDB MUST require the use of strong passwords by Registries and Registrars.¶
The TMDB, Registries, and Registrars MUST use the best practices described in [RFC9325] or its successors.¶
10. Privacy Considerations
This specification defines the interfaces to support the [RPM-Requirements]. Legal documents govern the interactions between the different parties, and such legal documents must ensure that privacy
11. References
11.1. Normative References
- [Claims50]
-
ICANN, "Implementation Notes: Trademark Claims Protection for Previously Abused Names", , <https://
newgtlds >..icann .org /en /about /trademark -clearinghouse /previously -abused -16jul13 -en .pdf - [MatchingRules]
-
ICANN, "Explanatory Memorandum: Implementing the Matching Rules", , <https://
newgtlds >..icann .org /en /about /trademark -clearinghouse /matching -rules -14jul16 -en .pdf - [QLP-Addendum]
-
ICANN, "Trademark Clearinghouse Rights Protection Mechanism Requirements: Qualified Launch Program Addendum", , <https://
newgtlds >..icann .org /en /about /trademark -clearinghouse /rpm -requirements -qlp -addendum -10apr14 -en .pdf - [RFC2119]
-
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10
.17487 , , <https:///RFC2119 www >..rfc -editor .org /info /rfc2119 - [RFC3688]
-
Mealling, M., "The IETF XML Registry", BCP 81, RFC 3688, DOI 10
.17487 , , <https:///RFC3688 www >..rfc -editor .org /info /rfc3688 - [RFC7848]
-
Lozano, G., "Mark and Signed Mark Objects Mapping", RFC 7848, DOI 10
.17487 , , <https:///RFC7848 www >..rfc -editor .org /info /rfc7848 - [RFC8174]
-
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10
.17487 , , <https:///RFC8174 www >..rfc -editor .org /info /rfc8174 - [RFC9325]
-
Sheffer, Y., Saint-Andre, P., and T. Fossati, "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)", BCP 195, RFC 9325, DOI 10
.17487 , , <https:///RFC9325 www >..rfc -editor .org /info /rfc9325 - [RPM
-Requirements] -
ICANN, "Trademark Clearinghouse Rights Protection Mechanism Requirements", , <https://
newgtlds >..icann .org /en /about /trademark -clearinghouse /rpm -requirements -30sep13 -en .pdf - [W3C
.REC -xml -20081126] -
Bray, T., Paoli, J., Sperberg
-Mc , Maler, E., and F. Yergeau, "Extensible Markup Language (XML) 1.0 (Fifth Edition)", W3C Recommendation RECQueen, C. M. -xml , , <https://-20081126 www >..w3 .org /TR /2008 /REC -xml -20081126 / - [W3C
.REC -xmlschema -1 -20041028] -
Thompson, H., Beech, D., Maloney, M., and N. Mendelsohn, "XML Schema Part 1: Structures Second Edition", W3C Recommendation REC
-xmlschema , , <https://-1 -20041028 www >..w3 .org /TR /2004 /REC -xmlschema -1 -20041028 / - [W3C
.REC -xmlschema -2 -20041028] -
Biron, P. and A. Malhotra, "XML Schema Part 2: Datatypes Second Edition", W3C Recommendation REC
-xmlschema , , <https://-2 -20041028 www >..w3 .org /TR /2004 /REC -xmlschema -2 -20041028 /
11.2. Informative References
- [ICANN
-GTLD -AGB -20120604] -
ICANN, "gTLD Applicant Guidebook Version 2012-06-04", , <http://
newgtlds >..icann .org /en /applicants /agb /guidebook -full -04jun12 -en .pdf - [ISO3166-2]
-
ISO, "International Standard for country codes and codes for their subdivisions", <http://
www >..iso .org /iso /home /standards /country _codes .htm - [RFC3339]
-
Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10
.17487 , , <https:///RFC3339 www >..rfc -editor .org /info /rfc3339 - [RFC4180]
-
Shafranovich, Y., "Common Format and MIME Type for Comma-Separated Values (CSV) Files", RFC 4180, DOI 10
.17487 , , <https:///RFC4180 www >..rfc -editor .org /info /rfc4180 - [RFC4648]
-
Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10
.17487 , , <https:///RFC4648 www >..rfc -editor .org /info /rfc4648 - [RFC4880]
-
Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. Thayer, "OpenPGP Message Format", RFC 4880, DOI 10
.17487 , , <https:///RFC4880 www >..rfc -editor .org /info /rfc4880 - [RFC5280]
-
Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, DOI 10
.17487 , , <https:///RFC5280 www >..rfc -editor .org /info /rfc5280 - [RFC5890]
-
Klensin, J., "Internationaliz
ed Domain Names for Applications (IDNA): Definitions and Document Framework" , RFC 5890, DOI 10.17487 , , <https:///RFC5890 www >..rfc -editor .org /info /rfc5890 - [RFC7617]
-
Reschke, J., "The 'Basic' HTTP Authentication Scheme", RFC 7617, DOI 10
.17487 , , <https:///RFC7617 www >..rfc -editor .org /info /rfc7617 - [RFC8499]
-
Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS Terminology", BCP 219, RFC 8499, DOI 10
.17487 , , <https:///RFC8499 www >..rfc -editor .org /info /rfc8499 - [RFC9110]
-
Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10
.17487 , , <https:///RFC9110 www >..rfc -editor .org /info /rfc9110 - [WIPO
-NICE -CLASSES] -
WIPO, "Nice Classification", <http://
www >..wipo .int /classifications /nice /en - [WIPO.ST3]
-
WIPO, "Recommended standard on two-letter codes for the representation of states, other entities and intergovernment
al organizations" , , <https://www >..wipo .int /export /sites /www /standards /en /pdf /03 -03 -01 .pdf
Acknowledgements
This specification is a collaborative effort from several participants in the ICANN community. Bernie Hoeneisen participated as a coauthor for the first draft version of this document, providing invaluable support. This specification is based on a model spearheaded by Chris Wright, Jeff Neuman, Jeff Eckhaus, and Will Shorter. The author would also like to thank the thoughtful feedback provided by many in the tmch-tech mailing list but particularly the extensive help provided by James Gould, James Mitchell, and Francisco Arias. This document includes feedback received from Paul Hoffman.¶