Generic Top-Level Domain (gTLD) Registry Agreements
| .NET Registry Agreement Appendix 1
Data Escrow Specification
(1 July 2011)
This Appendix 1 to the .net Registry Agreement consists of four of the five exhibits to the Data Escrow Agreement that constitutes Appendix 2 to the TLD Registry Agreement:
The fifth exhibit (Exhibit E), which sets forth Escrow Agent's fees, is subject to negotiation between Registry Operator and Escrow Agent.
Weekly and daily deposits will include records/transactions generated just before 00:00:00 (EST/EDT) of the next day they relate, e.g., report related to Sunday will include all transactions generated just before 00:00:00 of the following Monday. Date fields will be date-time data expressed in Eastern Standard Time / Eastern Daylight Time using the Gregorian calendar, e.g. "2010-03-29T18.04.32" until a future time, to be mutually agreed by the Parties, when the date fields will include a time zone indicator specifically corresponding to the Eastern Standard Time / Eastern Daylight Time, as appropriate, e.g. "2010-03-29T18.04.32-04:00" Data fields in the specified reports will be colon delimited until a future time, to be mutually agreed by the parties, when the delimiter will be changed to a tilde "~" or other agreed delimiter. Further, the Registrar Whois Report from the Weekly Deposit Materials will be provided in XML.
VNDS will deposit a complete set of Data into escrow on a weekly basis by electronically and securely transmitting a snapshot of each operational Registrar's data (the "Deposit Materials"). The snapshot captures the state of each Registrar's data at the time the snapshot was created. Specific data elements contained in the Deposit Materials are identified in Table 1 of Exhibit B.
VNDS will securely and electronically deposit a transaction log for each operational Registrar representing transactions that occurred over the previous 24-hour period (the "Additional Deposit"). The logs will be escrowed daily, being in the form of Additional Deposit each Tuesday through Sunday, and being in the form of the Weekly Deposit Materials each Monday, which shall capture that Sunday's data. The Daily Additional Deposit will act as incremental updates to the Weekly Deposit Materials and will include all Registrar activity, such as add, delete, and transfer of a domain name. Specific data elements contained in the Additional Deposit are identified in Table 2 of Exhibit B.
The transmitted data will be made available to Data Escrow Provider as follows:
Daily transactional data will be made available no later than 18:00 (EDT/EST) each Tuesday through Sunday for the previous calendar day. For example, transactional data related to Monday would be available to the escrow company on Tuesday no later than 18:00 (EDT/EST). The results of transactions completed on Sunday will be made available in the Weekly Deposit Materials, thus no separate Daily Additional Deposit will be made for Sunday activity.
Weekly database snapshots taken at midnight on Sundays will be available not later than 18:00 (EDT/EST) each Monday.
Each Weekly and Daily Deposit consists of a series of reports that are concatenated in the escrow process.
Title: Registrar Domain Report - com
Domain Name (domainname)
Title: Registrar Nameserver Report
Server Name (servername)
Title: Registrar Whois Report
IANA Registrar ID (REGISTRARID)
If VNDS requires registrars to provide it with registrant domain name registration data, VNDS shall escrow such registrant domain name registration data that is collected from registrars.
At such time that VNDS implements DNSSEC and collects DS records, VNDS shall escrow such DS records.
Title: DS Report
Domain Name (domainname)
DS records will be escrowed in DS RR Presentation Format as defined in section 5.3 of RFC 4034.
VNDS shall escrow data collected from registrars as part of offering Registry Services introduced after the Effective Date of its Registry Agreement with ICANN, if any.
Registrar Daily Additional Deposits
Title: Registrar Transaction Report
Deposit Transfer Process. Registry Operator shall prepare and transfer the Deposit file by the following steps, in sequence:
2. The Reports making up the Deposit will be concatenated. The resulting file shall be named according to the following format: "com-SEQN-YYYYMMDD", where "SEQN" is a four digit decimal number that is incremented as each report is prepared and "YYYY" represents the year, "MM" the month, and "DD" the day of the date to which the file relates.
3. Next, the Deposit files will be processed by a program (provided by ICANN) that will verify that it complies with the format specification and contains reports of the same date/time (for a Full Deposit), count the number of objects of the various types in the Deposit, and append to the file a report of the program's results.
4. Registry Operator may optionally split the resulting file using the Unix SPLIT command (or equivalent) to produce files no less than 1 GB each (except the final file). If Deposit files are split, a .MD5 file (produced with MD5SUM or equivalent) must be included with the split files to isolate errors in case of transfer fault.
5. The Deposit file(s) will then be encrypted using Escrow Agent's public key for GPG or PGP and signed using Registry Operator's private key for GPG or PGP, both version 6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note that GPG or PGP compresses the Deposit file(s) in addition to encrypting it (them).)
The formatted, encrypted and signed Deposit file(s) will be sent, by anonymous file transfer, to Escrow Agent's SFTP server within the specified time window.
Significant changes to the escrow transfer process require extensive integration between the parties. To ensure the registry data is always protected via the escrow process, Registry Operator will continue to run the legacy escrow transfer process and the new escrow transfer process in parallel until such time as all parties agree to retire the legacy escrow transfer process. The legacy escrow process will escrow all data listed in Exhibit B.
Verification Procedures. Escrow Agent will verify the format and completeness of each Deposit by the following steps:
2. Each Deposit file will be decrypted using Escrow Agent's private key for GPG or PGP and authenticated using Registry Operator's public key for GPG or PGP. (In this step, GPG or PGP will also automatically decompress the escrow file).
4. Escrow Agent will run a program (to be supplied by ICANN) on the Deposit files (without report) that will split it in to its constituent reports (including the format report prepared by the Registry Operator and appended to the Deposit) check its format, count the number of objects of each type, and verify that the data set is internally consistent. This program will compare its results with the results of the Registry-generated format report, and will generate a Deposit format and completeness report. The program will encrypt the report using ICANN's public key for GPG or PGP and signed using Escrow Agent's private key for GPG or PGP, both versions 6.5.1 or above, with a key of DH/DSS type and 2048/1024-byte length. (Note that GPG or PGP compresses the Deposit file(s) in addition to encrypting it (them). Escrow Agent will send the encrypted and signed report to ICANN by email.
Distribution of Public Keys. Each of Registry Operator and Escrow Agent will distribute its public key to the other party (Registry Operator or Escrow Agent, as the case may be) via email to an email address to be specified. Each party will confirm receipt of the other party's public key with a reply email, and the distributing party will subsequently reconfirm the authenticity of the key transmitted. In this way, public key transmission is authenticated to a user able to send and receive mail via a mail server operated by the distributing party. Escrow Agent, Sponsor and ICANN shall exchange keys by the same procedure.