Internet Engineering Task Force S. Hollenbeck Internet-Draft Verisign Labs Intended status: Standards Track August 31, 2012 Expires: March 4, 2013 Security Services for the Registration Data Access Protocol draft-hollenbeck-weirds-rdap-sec-00 Abstract The Registration Data Access Protocol (RDAP) provides "RESTful" web services to retrieve registration metadata from domain name and regional internet registries. This document describes information security services and their application to RDAP. Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 4, 2013. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Hollenbeck Expires March 4, 2013 [Page 1] Internet-Draft RDAP Security Services August 2012 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Conventions Used in This Document . . . . . . . . . . . . . . . 3 2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . . 3 3. Information Security Services and RDAP . . . . . . . . . . . . 3 3.1. Authentication . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Availability . . . . . . . . . . . . . . . . . . . . . . . 4 3.3. Data Confidentiality . . . . . . . . . . . . . . . . . . . 4 3.4. Data Integrity . . . . . . . . . . . . . . . . . . . . . . 5 3.5. Non-repudiation . . . . . . . . . . . . . . . . . . . . . . 5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 5 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 5 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 5 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 7.1. Normative References . . . . . . . . . . . . . . . . . . . 5 7.2. Informative References . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 6 Hollenbeck Expires March 4, 2013 [Page 2] Internet-Draft RDAP Security Services August 2012 1. Introduction The Registration Data Access Protocol (RDAP) core is specified in two documents: "Unified Registration Data Access Protocol Query Format" [I-D.hollenbeck-weirds-unified-rdap-query] and "JSON Responses to RESTful URL Queries for RIRs and DNRs" [I-D.newton-weirds-unified-json-response]. One goal of RDAP is to provide security services that do not exist in the WHOIS [RFC3912] protocol, including authentication, availability, data confidentiality, data integrity, and non-repudiation (note: some of these might be a stretch). This document describes each of these security services from the perspective of RDAP requirements and applicability. Where applicable, informational references to requirements for a WHOIS replacement service [RFC3707] are noted. 2. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. 2.1. Acronyms and Abbreviations DNR: Domain Name Registry RDAP: Registration Data Access Protocol RIR: Regional Internet Registry 3. Information Security Services and RDAP RDAP itself does not include native security services. Instead, RDAP relies on features that are available in other protocol layers to provide needed security services including authentication, availability, data confidentiality, data integrity, and non- repudiation. A description of each of these security services can be found in RFC 4949 [RFC4949]. 3.1. Authentication WHOIS does not provide features to identify and authenticate clients. As noted in section 3.1.4.2 of RFC 3707 [RFC3707], there is utility in allowing server operators to offer "varying degrees of access depending on policy and need". Clients have to be identified and Hollenbeck Expires March 4, 2013 [Page 3] Internet-Draft RDAP Security Services August 2012 authenticated to provide that utility. There are multiple ways to identify and authenticate RDAP clients. Examples include: - HTTP Basic Authentication [RFC2617]: The "basic" scheme can be used to send a client's user name and password to a server in plaintext, based64-encoded form. If this scheme is used another protocol (such as HTTP Over TLS [RFC2818]) MUST be used to protect the client's credentials from disclosure while in transit. - HTTP Digest Authentication [RFC2617]: The "digest" scheme can be used to authenticate a client without exposing the client's plaintext password. - X.509 Digital Certificates [RFC5280]: The Transport Layer Security Protocol [RFC5246] includes an option to identify and authenticate clients who possess and present a valid X.509 digital certificate. Web clients do not typically possess digital certificates so this option is likely impractical. - (What else? We've talked about OAuth, but it's a bit more complicated.) 3.2. Availability An RDAP service has to be available to be useful (need to talk about denial of service, anycasting, and anything else that addresses availability). 3.3. Data Confidentiality WHOIS does not provide the ability to encrypt data while in transit to protect it from inadvertent disclosure. Web services commonly use HTTP Over TLS [RFC2818] to provide that protection. Examples of data confidentiality utility include: - Encryption to protect plaintext passwords exchanged when using the HTTP "basic" authentication scheme. - Encryption to protect personal or otherwise sensitive data returned in response to RDAP queries. - (What else?) If data confidentiality is useful, we should also plan to review the JSON Web Encryption draft [I-D.ietf-jose-json-web-encryption]. Hollenbeck Expires March 4, 2013 [Page 4] Internet-Draft RDAP Security Services August 2012 3.4. Data Integrity TBD: is there value in signed responses? If so, the work being done in the JOSE working group (such as what's described in the JSON Web Signature draft [I-D.ietf-jose-json-web-signature]) may be useful. There's no mention of a "signed response" requirement in RFC 3707. 3.5. Non-repudiation TBD: does it make sense to talk about proof of integrity and data origin authentication for responses? It might in the context of law enforcement actions. Again, there's no requirement mentioned in RFC 3707. 4. IANA Considerations This document does not specify any IANA actions. 5. Security Considerations TBD 6. Acknowledgements The authors would like to acknowledge the following individuals for their contributions to this document: Andrew Newton. 7. References 7.1. Normative References [I-D.hollenbeck-weirds-unified-rdap-query] Newton, A., Hollenbeck, S., Ranjbar, K., Servin, A., and B. Ellacott, "Unified Registration Data Access Protocol Query Format", draft-hollenbeck-weirds-unified-rdap-query-00 (work in progress), August 2012. [I-D.newton-weirds-unified-json-response] Newton, A., Hollenbeck, S., Ranjbar, K., Servin, A., and B. Ellacott, "JSON Responses to RESTful URL Queries for RIRs and DNRs", draft-newton-weirds-unified-json-response-00 (work in progress), August 2012. Hollenbeck Expires March 4, 2013 [Page 5] Internet-Draft RDAP Security Services August 2012 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., and L. Stewart, "HTTP Authentication: Basic and Digest Access Authentication", RFC 2617, June 1999. [RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000. [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, August 2008. [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., and W. Polk, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 5280, May 2008. 7.2. Informative References [I-D.ietf-jose-json-web-encryption] Jones, M., Rescorla, E., and J. Hildebrand, "JSON Web Encryption (JWE)", draft-ietf-jose-json-web-encryption-05 (work in progress), July 2012. [I-D.ietf-jose-json-web-signature] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", draft-ietf-jose-json-web-signature-05 (work in progress), July 2012. [RFC3707] Newton, A., "Cross Registry Internet Service Protocol (CRISP) Requirements", RFC 3707, February 2004. [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, September 2004. [RFC4949] Shirey, R., "Internet Security Glossary, Version 2", RFC 4949, August 2007. Hollenbeck Expires March 4, 2013 [Page 6] Internet-Draft RDAP Security Services August 2012 Author's Address Scott Hollenbeck Verisign Labs 12061 Bluemont Way Reston, VA 20190 US Email: shollenbeck@verisign.com URI: http://www.verisignlabs.com/ Hollenbeck Expires March 4, 2013 [Page 7]