Internet-Draft EPP over QUIC June 2026
Yao, et al. Expires 6 December 2026 [Page]
Workgroup:
Internet Engineering Task Force
Internet-Draft:
draft-ietf-regext-epp-quic-07
Published:
Intended Status:
Standards Track
Expires:
Authors:
J. Yao
CNNIC
H. Li
CNNIC
M. Zhang
CNNIC
D. Keathley
VeriSign, Inc.
J. Gould
VeriSign, Inc.

Extensible Provisioning Protocol (EPP) Transport over QUIC

Abstract

This document describes how an Extensible Provisioning Protocol (EPP) session is mapped onto a QUIC connection. EPP over QUIC (EoQ) leverages the performance and security features of the QUIC protocol as an EPP transport.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 6 December 2026.

Table of Contents

1. Introduction

This document describes how the Extensible Provisioning Protocol (EPP)[RFC5730] is mapped onto the QUIC transport [RFC9000]. QUIC is a network protocol that is based on UDP and incorporates native encryption support using TLS [RFC9001]. Though based on UDP, QUIC provides connection semantics like other stateful protocols. This document discusses how EPP implementations can work with this and other features of QUIC while preserving the core EPP semantics.

EPP sessions use a single QUIC stream for all command and response exchanges throughout the session lifecycle. Unlike stateless transaction protocols that permit per-command independent streams, EPP is a stateful protocol with inherent sequential command dependencies defined in RFC 5730. Maintaining a single stream preserves ordered transaction processing, consistent session state, and full compatibility with existing EPP operational and implementation models.

2. Terminology

This document makes use of the following terms:

EoQ:

The acronym used for the EPP over QUIC transport that defines the use of QUIC as an EPP transport following the considerations in Section 2.1 of [RFC5730].

EoQ connection:

Is a client-initiated bidirectional QUIC stream established on a QUIC connection using the "EoQ" Application-Layer Protocol Negotiation (ALPN) [RFC7301] value. The EoQ connection maps to the client-server connection defined in Section 2.1 of [RFC5730], where the server returns an EPP <greeting>. A single QUIC connection supports many EoQ connections.

EoQ session:

Is an authenticated EoQ connection, which occurs after a successful EPP <login>.

EoQ Connection Start Packet:

Used by clients to complete the creation of an EoQ connection by signaling the server to create the QUIC stream and return the EPP <greeting> needed for an EPP connection. Section 6 formally defines the EoQ Connection Start Packet.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Session Management

Mapping EPP session management facilities onto the QUIC service is accomplished with a combination of a QUIC connection with the "EoQ" ALPN [RFC7301] value and client-initiated, bidirectional QUIC streams. QUIC supports four stream types (Section 2.1 of [RFC9000]), but EoQ only supports the client-initiated, bidirectional stream type.

An EPP session first requires creation of a QUIC connection between two peers, one that initiates the connection request and one that responds to the connection request. The initiating peer is called the "client", and the responding peer is called the "server". By default, an EPP server MUST listen for QUIC connection requests on a well-known UDP port number assigned by IANA (see Section 8.2), unless there is a mutual agreement to use another port number.

A successfully established QUIC connection is secured by the native TLS support that QUIC provides using the "EoQ" ALPN value.

Once the QUIC connection is established, the EPP client MUST then create a bidirectional QUIC stream by sending the EoQ Connection Start Packet (Section 6). [RFC9000] states that "streams are created by sending data". If the EPP server accepts the QUIC stream, it reads the EoQ Connection Start Packet (Section 6) and returns an EPP <greeting> to the client on the same QUIC stream. After reading the EPP <greeting> message, and absent processing errors, the EPP client sends EPP commands and receives EPP responses on the same stream. A QUIC stream corresponds to an EPP connection, which is referred to as an EoQ connection. An authenticated QUIC stream, via a successful EPP <login>, corresponds to an EPP session, which is referred to as an EoQ session.

An EPP session is normally ended by the client issuing an EPP <logout> command. A server receiving an EPP <logout> command MUST end the EPP session and close the QUIC stream. A client MAY end an EoQ session by closing the QUIC stream and the server MUST end the EoQ session by closing the QUIC stream.

EoQ connections are established as described in the QUIC transport specification [RFC9000]. During connection establishment, EoQ support is indicated using the "EoQ" ALPN value in the cryptographic handshake.

A single QUIC connection may allow multiple QUIC streams. This means that a single QUIC connection may support multiple EoQ sessions. A server MAY limit the life span of an established EoQ session. EoQ sessions that are inactive for more than a server-defined period MAY be ended by the server closing the QUIC stream. A server MAY close EoQ sessions that have been open and active for longer than a server-defined limit. Once the last QUIC stream for a QUIC connection is closed, the server MAY end the QUIC connection immediately.

4. Message Exchange

Except for the EPP server <greeting>, EPP messages are initiated by the EPP client in the form of EPP commands. An EPP server MUST return an EPP response to an EPP command on the same QUIC stream that carried the command. If the QUIC stream is closed after a server receives and successfully processes a command but before the response can be returned to the client, the server MAY attempt to undo the effects of the command to ensure a consistent state between the client and the server. EPP commands are idempotent, so processing a command more than once produces the same net effect on the repository as successfully processing the command once.

An EPP client streams EPP commands to an EPP server on an established QUIC stream. A client MAY establish multiple QUIC streams to support multiple EoQ sessions with each EoQ session mapped to a single QUIC stream. A server SHOULD limit a client to a maximum number of QUIC streams per QUIC connection based on server capabilities and operational load.

EPP describes client-server interaction as a command-response exchange where the client sends one command to the server and the server returns one response to the client.

Each EPP data unit MUST contain a single EPP message. Commands MUST be processed independently.

A server SHOULD impose a limit on the amount of time required for a client to issue a well-formed EPP command to reduce the risk associated with a resource exhaustion attack. Absent local policy, a server SHOULD end an EoQ session and close the QUIC stream if a well-formed command is not received within the time limit.

A general state machine for an EPP server is described in Section 2 of [RFC5730]. A general client-server message exchange using QUIC transport is illustrated in Figure 1. It shows the exchange over a single QUIC stream of a QUIC connection. Many QUIC streams may open and close during the life of a QUIC connection.


                       Client                  Server
                  |                                     |
                  |      Successful QUIC Connection     |
                  | <<------------------------------->> |
                  |                                     |
                  |     Successful QUIC Stream with     |
                  |     EoQ Connection Start Packet     |
                  | <<------------------------------->> |
                  |                                     |
                  |             Send Greeting           |
                  | <<-------------------------------<< |
                  |                                     |
                  |             Send <login>            |
                  | >>------------------------------->> |
                  |                                     |
                  |             Send Response           |
                  | <<-------------------------------<< |
                  |                                     |
                  |            Send Command X           |
                  | >>------------------------------->> |
                  |                                     |
                  |            Send Response X          |
                  | <<-------------------------------<< |
                  |                                     |
                  |            Send Command Y           |
                  | >>------------------------------->> |
                  |                                     |
                  |            Send Response Y          |
                  | <<-------------------------------<< |
                  |                  .                  |
                                     .
                                     .
                  |            Send <logout>            |
                  | >>------------------------------->> |
                  |                                     |
                  |            Send Response            |
                  | <<-------------------------------<< |
                  |                                     |
                  |          Close QUIC Stream          |
                  | <<------------------------------->> |
                  |                                     |
                  |        Close QUIC Connection        |
                  | <<------------------------------->> |

     Figure 1: Example of Successful QUIC Client-Server Message Exchange

The EPP server MUST follow the "EPP Server State Machine" procedure described in [RFC5730].

5. Data Unit Format

The EPP data unit contains two fields: a 32-bit header that describes the total length of the data unit, and the EPP XML instance. The length of the EPP XML instance is determined by subtracting four octets from the total length of the data unit. A receiver must successfully read that many octets to retrieve the complete EPP XML instance before processing the EPP message. The EPP Data Unit Format is depicted in Figure 2 (one tick mark represents one bit position).


     0                   1                   2                   3
     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                           Total Length                        |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    |                         EPP XML Instance                      |
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+//-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

                          Figure 2: EPP Data Unit Format

The description of the fields shown in Figure 2 is as follows:

Total Length (32 bits): The total length of the EPP data unit measured in octets in network (big endian) byte order. The octets contained in this field MUST be included in the total length calculation. EPP XML Instance (variable length): The EPP XML instance carried in the data unit.

6. EoQ Connection Start Packet

The EoQ Connection Start Packet is written by the client after creating a QUIC stream to signal to the server to create the QUIC stream. Absent processing errors or local policy, the server accepts the QUIC stream, reads the EoQ Connection Start Packet, and returns the EPP <greeting> to the client on same QUIC stream.

The EoQ Connection Start Packet follows the Data Unit Format (Section 5) with two fields: a 32-bit header that describes the total length of the data unit, and the constant value of "EoQ Connection Start" instead of an "EPP XML Instance". The length of a valid data unit MUST be 24 octets that includes 4 octets for the Total Length and 20 octets for the "EoQ Connection Start" constant value.

7. Transport Considerations

Section 2.1 of [RFC5730] describes considerations to be addressed by protocol transport mappings. This document addresses each of those considerations using a combination of features of the QUIC protocol and features of this document as discussed below:

8. IANA Considerations

RFC Editor Note: Please replace all occurrences of XXXX with the RFC number to be assigned to this document.

8.1. Registration of an EoQ Identification String

This document creates a new registration for the identification of EoQ in the "TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs" registry under Transport Layer Security (TLS) Extensions registry group available at https://www.iana.org/assignments/tls-extensiontype-values/.

  • Protocol: EoQ

  • Identification Sequence: 0x45 0x6F 0x51 ("EoQ")

  • Reference: RFC XXXX

8.2. Registration of Port Number

The "Service Name and Transport Protocol Port Number Registry" (https://www.iana.org/assignments/service-names-port-numbers/) contains an entry for EPP UDP/700. However, no known implementations of EPP over UDP exist. This document requests IANA to update that entry so that it is reassigned to EPP and add a reference to this document.

  • Service Name: epp

  • Port Number: 700

  • Transport Protocol(s): UDP

  • Assignee: IESG

  • Contact: IETF Chair

  • Description: EPP run over QUIC

  • Reference: [RFC5734] RFC XXXX

9. Implementation Status

Note to RFC Editor: Please remove this section and the reference to RFC 7942 [RFC7942] before publication.

This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in RFC 7942 [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.

According to RFC 7942 [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

9.1. Verisign EPP SDK

Organization: Verisign Inc.

Name: Verisign EPP SDK

Description: The Verisign EPP SDK includes both a full client implementation and a full server stub implementation of this specification.

Level of maturity: Development

Coverage: All aspects of the protocol are implemented with QUIC V1.

Licensing: GNU Lesser General Public License

Contact: jgould@verisign.com

URL: https://www.verisign.com/resources/registrar-resources/epp-sdk/

10. Operational Considerations

10.1. Clients Fall Back with Management of Multiple Transport

If the establishment of an EoQ connection fails, clients MAY attempt to fall back to EPP over TCP as specified in [RFC5734], depending on local deployment and security policy. It is up to clients to determine the mix of transports that best meets their business needs.

10.2. Port Reuse

Although [RFC5734] does only a request for TCP, the companion UDP number was also allocated. That practice was prior to [RFC6335] when TCP and UDP port numbers were simultaneously assigned when either was requested. Section 8.2 updates EPP UDP/700 allocation to be used for EoQ. This update does not introduce any operational issues given that there are no known implementations of EPP over UDP that exist.

10.3. QUIC Support Announcement and Discovery

There is no dedicated in-band mechanism defined in this specification for a server to explicitly announce EoQ support to clients. Operators MAY use out-of-band configuration or provisioning channels to advertise server EoQ support to clients in advance.

10.4. Configuration Parameters

Implementations MAY configure operational parameters to control EoQ session behavior. These parameters can include idle session timeout, maximum QUIC streams per connection,command processing timeout, and maximum session timeout. Servers and clients SHOULD align configuration limits to avoid session disruption and resource exhaustion.

10.5. Diagnostic and Troubleshooting

Operators SHOULD log EoQ connection establishment status, stream lifecycle events, and command transaction results for diagnostic purposes. QUIC transport errors and EPP protocol failures ought to be distinguishable to facilitate efficient troubleshooting. Implementations MAY provide granular error reporting to help identify session termination, connection timeout, and stream closure root causes. Operators MUST redact sensitive data in the logs, such as user credentials and authorization information values.

10.6. Address Validation

EoQ implementations MUST follow the address validation requirements defined in Section 8 of [RFC9000] to mitigate potential amplification attacks and validate client address reachability. EoQ servers SHOULD utilize the QUIC Retry Packet mechanism described in Section 8.1.2 of [RFC9000] to perform return routability checks on client source addresses before accepting EoQ stream creation. After successful address validation, EoQ servers MAY send NEW_TOKEN frames as specified in Section 8.1.3 of [RFC9000], allowing subsequent connection attempts from the same client address to avoid the 1-RTT validation delay.

10.7. Authentication Considerations

EoQ relies on the TLS authentication mechanisms defined in [RFC9001] for peer authentication and credential validation. Implementations SHOULD follow the same authentication practices specified for EPP over TLS in [RFC5734]. Server and client authentication procedures remain unchanged from existing EPP deployment models when running over QUIC transport.

10.8. 0-RTT and Session Resumption

Using 0-RTT for EoQ allows clients to establish connections and initiate EPP transactions without round-trip delay, enabling servers to use shorter idle timers and reduce connection overhead. Session resumption and 0-RTT introduce privacy and replay risks. EoQ implementations SHOULD follow [RFC8446] and [RFC9001] guidance to balance performance and risk mitigation. Clients SHOULD use session tickets only once and avoid resumption when network connectivity changes. Clients MAY use NEW_TOKEN tokens per [RFC9000], but SHOULD restrict their use to session resumption scenarios. Servers SHOULD issue session tickets with a reasonable lifetime and implement anti-replay mechanisms for 0-RTT traffic.

10.9. MTU and Fragmentation

EoQ implementations SHOULD follow the MTU and fragmentation guidance defined in [RFC9000]. Operators are encouraged to provision network paths with appropriate MTU sizes to avoid packet fragmentation for EPP message delivery. Oversized EPP data units that exceed path MTU require proper QUIC fragmentation handling to maintain transmission reliability.

11. Security Considerations

EPP over QUIC provides the similar security with EPP over TCP with TLS. Some related security issues have been discussed in [RFC5734] and [RFC9000].

EoQ servers run the risk of a resource exhaustion attack by allowing the creation of unlimited QUIC streams per QUIC connection. Servers SHOULD limit a client to a maximum number of QUIC streams per QUIC connection based on server capabilities and operational load. Absent such limit, the server may be subject to overload that would exhaust its resources.

12. Acknowledgements

The authors wish to thank the following persons for their feedback and suggestions: Scott Hollenbeck, Lucas Pardue, Martin Thompson, and Mohamed Boucadair.

13. References

13.1. Normative References

[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC5730]
Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", STD 69, RFC 5730, DOI 10.17487/RFC5730, , <https://www.rfc-editor.org/info/rfc5730>.
[RFC5734]
Hollenbeck, S., "Extensible Provisioning Protocol (EPP) Transport over TCP", STD 69, RFC 5734, DOI 10.17487/RFC5734, , <https://www.rfc-editor.org/info/rfc5734>.
[RFC6335]
Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S. Cheshire, "Internet Assigned Numbers Authority (IANA) Procedures for the Management of the Service Name and Transport Protocol Port Number Registry", BCP 165, RFC 6335, DOI 10.17487/RFC6335, , <https://www.rfc-editor.org/info/rfc6335>.
[RFC7301]
Friedl, S., Popov, A., Langley, A., and E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension", RFC 7301, DOI 10.17487/RFC7301, , <https://www.rfc-editor.org/info/rfc7301>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC9000]
Iyengar, J., Ed. and M. Thomson, Ed., "QUIC: A UDP-Based Multiplexed and Secure Transport", RFC 9000, DOI 10.17487/RFC9000, , <https://www.rfc-editor.org/info/rfc9000>.
[RFC9001]
Thomson, M., Ed. and S. Turner, Ed., "Using TLS to Secure QUIC", RFC 9001, DOI 10.17487/RFC9001, , <https://www.rfc-editor.org/info/rfc9001>.
[RFC9002]
Iyengar, J., Ed. and I. Swett, Ed., "QUIC Loss Detection and Congestion Control", RFC 9002, DOI 10.17487/RFC9002, , <https://www.rfc-editor.org/info/rfc9002>.

13.2. Informative References

[RFC7942]
Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, , <https://www.rfc-editor.org/info/rfc7942>.

Appendix A. Change History

A.1. Change from 00 to 01

  1. Added Dan Keathley and James Gould as co-authors and aligned the draft with EPP RFC 5734.

A.2. Change from 01 to 02

  1. Make the clear distinction between an EPP connection and an EPP session for EoQ in the Session Management section.
  2. Align the handling of the EPP <logout> command with RFC 5734, by including "A client MAY end an EoQ session by closing the QUIC stream" in the Session Management section.
  3. Ensure that the relationship of the EoQ connection and the EoQ stream is maintained with the sentence "This means that a single QUIC connection may support multiple EoQ sessions" in the Session Management section.
  4. Leverage the EoQ session in place of the more generic EPP session in the Message Exchange section.

A.3. Change from 02 to 03

  1. Added the definition and use of the EoQ Connection Start Packet to explicitly trigger the creation of the QUIC stream and the EoQ connection to the server.
  2. Added the Implementation Status section with the Verisign EPP SDK implementation.

A.4. draft-ietf-regext-epp-quic-00

  1. updated to WG document

A.5. draft-ietf-regext-epp-quic-01

  1. add section 8.1. EPP Extension Registry

A.6. draft-ietf-regext-epp-quic-02

Incorporated feedback from Lucas Pardue:

  1. Added a list of terms in Section 2 "Conventions Used in This Document".
  2. Changed ALPN "eoq" value to "eoq/0.1" to support versioning, which will be changed to "eoq/1.0" once passing WGLC.
  3. Changed "A client MAY end an EoQ session by closing the QUIC stream" to "A client MAY end an EoQ session by closing the QUIC stream and the server MUST end the EoQ session by closing the QUIC stream".
  4. Added language to Section 3 "Session Management" to make it clear that a bidirectional QUIC stream is client-initiated and inclusion of the "eoq/0.1" ALPN was added for the QUIC connection.
  5. Added "QUIC supports four stream types, but EoQ only supports the client-initiated, bidirectional stream type." to Section 3 "Session Management" to be clear the stream types supported by EoQ.

A.7. draft-ietf-regext-epp-quic-03

Nit fixes, such as spelling fixes and small wording changes.

A.8. draft-ietf-regext-epp-quic-04

Incorporated feedback from Martin Thompson:

  1. Changed ALPN "eoq/0.1" value to "EoQ" to match the value of "DoQ" for DNS over QUIC in RFC 9250, which doesn't include versioning.
  2. Added a reference to section 5 "Data Unit Format" in Section 7 for defining the packet framing of EoQ.
  3. Address the additional pipelining considerations (independent command processing, batching, error in processing commands).

In the IANA Considerations section, removed the registration of the EoQ transport in the EPP Extension Registry.

A.9. draft-ietf-regext-epp-quic-05

Incorporated feedback from the Working Group Last Call (WGLC):

  1. Made references consistent for the ALPN "EoQ" value with a reference to RFC 7301.
  2. Add missing comma in the Acknowledgments section between Scott Hollenbeck and Lucas Pardue.
  3. Removed normative reference to RFC 7451.

A.10. draft-ietf-regext-epp-quic-06

Incorporated feedback from the document shepherd review:

  1. Updated the Verisign EPP SDK link to "https://www.verisign.com/resources/registrar-resources/epp-sdk/".
  2. Updated Section 2 "Conventions Used in This Document" to reference RFC 2119 and RFC 8174.

A.11. draft-ietf-regext-epp-quic-07

Update the draft based on AD's comments:

  1. Refine the texts.
  2. Add the Operational Considerations section.

Authors' Addresses

Jiankang Yao
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing
Beijing, 100190
China
Phone: +86 10 59116505
Hongtao Li
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing
Beijing, 100190
China
Man Zhang
CNNIC
4 South 4th Street,Zhongguancun,Haidian District
Beijing
Beijing, 100190
China
Daniel Keathley
VeriSign, Inc.
12061 Bluemont Way
Reston, VA 20190
United States of America
URI: http://www.verisigninc.com
James Gould
VeriSign, Inc.
12061 Bluemont Way
Reston, VA 20190
United States of America
URI: http://www.verisigninc.com