Re: [ire] Data escrow deposit validation tool

"Gould, James" <> Thu, 21 March 2013 19:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0BD0921F8554 for <>; Thu, 21 Mar 2013 12:27:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.441
X-Spam-Status: No, score=-4.441 tagged_above=-999 required=5 tests=[AWL=0.842, BAYES_00=-2.599, EXTRA_MPART_TYPE=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4, SARE_MILLIONSOF=0.315]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FhaOLiIxCDP8 for <>; Thu, 21 Mar 2013 12:27:19 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id AB26021F905C for <>; Thu, 21 Mar 2013 12:26:55 -0700 (PDT)
Received: from ([]) (using TLSv1) by ([]) with SMTP ID DSNKUUte/; Thu, 21 Mar 2013 12:27:19 PDT
Received: from ( []) by (8.13.6/8.13.4) with ESMTP id r2LJQsDO019238 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 21 Mar 2013 15:26:54 -0400
Received: from ([::1]) by ([::1]) with mapi id 14.02.0342.003; Thu, 21 Mar 2013 15:26:54 -0400
From: "Gould, James" <>
To: Gustavo Lozano <>, "" <>
Thread-Topic: [ire] Data escrow deposit validation tool
Thread-Index: Ac4f8f/wCW8g8+qiQviFQ/ZRkBb7OAAQLSeAAZWr24D//8A17A==
Date: Thu, 21 Mar 2013 19:26:53 +0000
Message-ID: <>
References: <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
x-originating-ip: []
Content-Type: multipart/related; boundary="_004_C41D7AF7FCECBE44940E9477E8E70D7A24C5F5B7BRN1WNEXMBX01vc_"; type="multipart/alternative"
MIME-Version: 1.0
Subject: Re: [ire] Data escrow deposit validation tool
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Internet Registration Escrow discussion list." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 21 Mar 2013 19:27:21 -0000


The AGB doesn't say anything about an "extended" verification as you describe.  The verification process in the AGB could be a verification of the completeness and the syntax of the deposits, so your claim that it has been part of the AGB for a long time is not true.  I'm not going to comment on the contents of the gTLD data escrow agent application.


From: Gustavo Lozano []
Sent: Thursday, March 21, 2013 3:11 PM
To: Gould, James;
Subject: Re: [ire] Data escrow deposit validation tool


For new gTLDs, the extended verification process has been part of the AGB for a long time.

See Specification 2, Part A, 8, (5):
" (5) If [1] includes a verification process, that will be applied at this step.
If any discrepancy is found in any of the steps, the Deposit will be considered incomplete."

For current gTLDs, several escrow specifications have similar provisions. For example, .org has the following:
"4. Escrow Agent will run a program (to be supplied by ICANN) on the Deposit file (without report) that will ..."

As part of the application for becoming a new gTLD data escrow agent, the prospect escrow agent must implement the extended verification process:
"If this application is approved, Applicant will implement (or use the official ICANN open source developed data escrow deposit testing suite) the extended verification procedure of the data escrow deposit files in less than 30 days after publication by ICANN." (

ICANN has the responsibility to preserve the security and stability of the DNS, the EBERO program for example is part of this commitment for new gTLDs. The risk of not usable data escrow deposit is a risk worth mitigating. The extended verification process is one of the mitigation strategies for this risk.

As mentioned before, we are willing to contribute to an open source tool to verify the escrow deposits.


From: <Gould>, James <<>>
Date: Wednesday, March 13, 2013 2:35 PM
To: Gustavo Lozano <<>" <<>>
Subject: Re: [ire] Data escrow deposit validation tool


The "Data escrow agent extended verification" fundamentally changes the responsibilities of a data escrow provider, which can and will increase the cost of the data escrow.  Data escrow providers today are responsible for ensuring the completeness of the deposits and for storing them.  They have no idea of the data content including its syntactic and semantic structure.  Right now the extended validation process is optional in the draft, but if and when it becomes a requirement for the data escrow providers, it would need to be vetted out by the broader community.

If extended validation does become a requirement, then a standardized open source tool is a good idea and is  a minimum requirement to ensure that all data escrow providers execute the same validation.  We may be able to contribute to this effort.





James Gould
Principal Software Engineer<>

703-948-3271 (Office)
12061 Bluemont Way
Reston, VA 20190

From: Gustavo Lozano <<>>
Date: Wednesday, March 13, 2013 9:52 AM
To: "<>>
Subject: [ire] Data escrow deposit validation tool


The Internet Draft:, describes a "Data escrow agent extended verification" process.

The data escrow deposits are valuable if they can be used when needed, basically during an emergency.

The creation of an open source data escrow deposit validation tool is an important step to mitigate risks related to the quality of the escrow deposit. This tool could be used by data escrow agents, registries and EBEROs.

Who is interested in participating in the development of such a tool?

Basically, the tool should receive as input a full and optionally several differential deposits. After applying the deltas the tool should perform the tests listed in the draft. The tool should be able to handle deposits of at least several millions of objects.