Re: [ire] Extended Verification Process - FQDN step

Gustavo Lozano <> Wed, 27 March 2013 01:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 85B4521F86A8 for <>; Tue, 26 Mar 2013 18:17:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id C8AaD5AHUtDz for <>; Tue, 26 Mar 2013 18:17:18 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 5068221F84BD for <>; Tue, 26 Mar 2013 18:17:18 -0700 (PDT)
Received: from ([]) by ([]) with mapi; Tue, 26 Mar 2013 18:17:17 -0700
From: Gustavo Lozano <>
To: David Kipling <>, "" <>
Date: Tue, 26 Mar 2013 18:17:15 -0700
Thread-Topic: [ire] Extended Verification Process - FQDN step
Thread-Index: Ac4qiNIOPgXMeCvfT06jSiMdiglETA==
Message-ID: <>
In-Reply-To: <31655AEAB7ACEE41A2D1321E18D4BF3261D5200C@manexchprd02>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [ire] Extended Verification Process - FQDN step
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Internet Registration Escrow discussion list." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 27 Mar 2013 01:17:19 -0000

Hi David,

Comments inline.


On 3/22/13 5:34 AM, "David Kipling" <>; wrote:

>Hi Gustavo,
>At NCC Group we are working on the extended verification process and
>after speaking with some of our customers and registry backend providers
>it was unclear as to how the step below could be tested effectively:
>"An FQDN exists only as a domain name or NNDN."
>Is this literally that any values in the name element of the domain
>record should not exist as the value of the aName element of an NNDN
><rdeDom:name>example1.test</rdeDom:name> means the value of example1.test
>should not exist as a value of the <rdeNNDN:aName> tag e.g.
>rdeNNDN:aName>example1.test</rdeNNDN:aName> and vice versa so if the
>element <rdeNNDN:aName>xn--exampl-gva.test</rdeNNDN:aName> exists then
><rdeDom:name>xn--exampl-gva.test</rdeDom:name> should not exist in the

You are correct.

The NNDN object was created to support those registries that
use a reserved list of names that are not created as domain objects and
also to
support the use case of using a name (but not a domain object) to specify
granular policies regarding IDN variants handling.

If a registry creates reserved names as domain objects with
an internal registrar for example, such registry may only use domain

If a registry handle reserved names as a list of names, such
registry may use the NNDN object.

If a registry creates variants in blocked or withheld
state, such registry may use the NNDN object instead of a creating a domain

If a registry creates mirror variants algorithmically, such registry may
the NNDN to block variants that are not valid.

The registry must choose if the use of a NNDN is appropriate
based on the design of its SRS. Basically a NNDN is like a light domain
with no registrar, registrant or NS servers associated to it.


>David Kipling
>Solutions Architect
>NCC Group
>Manchester Technology Centre,
>Oxford Road
>Manchester, M1 7EF
>Telephone: +44 161 209 5430
>        []
>This email is sent for and on behalf of NCC Group. NCC Group is the
>trading name of NCC Services Limited (Registered in England CRN:
>2802141). Registered Office: Manchester Technology Centre, Oxford Road,
>Manchester, M1 7EF. The ultimate holding company is NCC Group plc
>(Registered in England CRN: 4627044).
>Confidentiality: This e-mail contains proprietary information, some or
>all of which may be confidential and/or legally privileged. It is for the
>intended recipient only. If an addressing or transmission error has
>misdirected this e-mail, please notify the author by replying to this
>e-mail and then delete the original. If you are not the intended
>recipient you may not use, disclose, distribute, copy, print or rely on
>any information contained in this e-mail. You must not inform any other
>person other than NCC Group or the sender of its existence.
>For more information about NCC Group please visit
>P Before you print think about the ENVIRONMENT
>For more information please visit <a
>This email message has been delivered safely and archived online by