Title: kz-law-ext EPP extension Status: draft Version: 2.0.1 Release date: 2026.06.03 Owner: KazNIC Organization 1. Introduction This document describes an extension to the EPP domain mapping protocol, designed for the KazNIC Registry. The extension provides a mechanism for registrars to submit supplementary information required for legal compliance within the .KZ and .xn--80ao21a TLDs. The extension introduces two primary functional components: Registration Purpose: Enables registrars to specify the intended use of a domain name, as mandated by the "Rules of Registration, Support, and Use of Domain Names" in the Kazakhstan segment of the Internet. Digital Signatures block: Provides a structure for transmitting a detached cryptographic signatures data (CMS BLOB). This ensures the integrity and non-repudiation of the registrant's identity data by binding it to a specific domain state using a pre-defined algorithm (docSpecAlg). By using this extension, registrars can fulfill legal verification requirements during the domain lifecycle, specifically during the initial registration window and subsequent data modifications. 2. EPP Server Response Response frames for server response returned to a client by the KazNIC EPP server contains definition of the server supported extension "kz-law-ext" in the element. KZ Registry EPP server 2011-01-05T07:44:50.014Z 1.0 en urn:ietf:params:xml:ns:domain-1.0 urn:ietf:params:xml:ns:contact-1.0 urn:ietf:params:xml:ns:host-1.0 ... urn:kaznic:params:xml:ns:kz-law-ext-2.0 http://www.nic.kz/kz-law-ext-2.0 3. EPP Command Example request frame with a element: Specify the element within the element to retrieve this data from the server. example.com ABC-12345 Response frames for commands for domain names returned to a client by an EPP server that supports this extension MAY have an additional element in the element. The MAY contain a element containing domain name registration purpose description. The MAY contain a element containing domain digital signature data. The MUST contain element, reprsenting SHA-256 hash of diginal signature bytes(base64 format). Example response frame with a element: S: S: S: S: S: Command completed successfully. S: S: S: S: domain.kz S: CNIC-DO302520 S: S: CONTACT-HANDLE S: CONTACT-HANDLE S: C11480 S: S: ns1.domain.kz S: ns2.domain.kz S: S: 1995-01-01T00:00:00.0Z S: 2020-01-01T23:59:59.0Z S: 2005-05-14T11:15:19.0Z S: S: S: S: S: Purpose description S: S: S: S: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 S: S: S: ..... S: S: S: S: S: ABC-12345 S: CNIC-F29KDFTOEJW4OSKGC00008SKOG8SOO0 S: S: S: 4. EPP Command Request frames for commands for domain names sent to an EPP server that supports this extension MAY have an additional element in the element. The MAY contain a element containing domain name registration purpose description. Example request frame with a element: domain.kz CONTACT-HANDLE CONTACT-HANDLE CONTACT-HANDLE 2fooBAR ABC-12345 Purpose description 5. EPP Command Request frames for commands for domain names sent to an EPP server that supports this extension MAY have an additional element in the element. The MAY contain a element containing domain name registration purpose description. The MAY contain a element containing domain digital signature data. The MUST contain element, reprsenting diginal signature bytes(base64 format). Example request frame with a element: domain.kz ABC-12345 Purpose description MIIHbgYJKoZIhvcNAQcCoIIHXzCCHbcCAQExADALBgkqhkiG9w0BBwGggh2TMIID... ..... 6. Formal Specification