idnits 2.17.1 draft-hollenbeck-regext-rfc7482bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) == There are 3 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 23, 2020) is 1548 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Downref: Normative reference to an Informational RFC: RFC 5980 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7483 (Obsoleted by RFC 9083) ** Obsolete normative reference: RFC 7484 (Obsoleted by RFC 9224) ** Obsolete normative reference: RFC 8499 (Obsoleted by RFC 9499) -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' Summary: 9 errors (**), 0 flaws (~~), 2 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group S. Hollenbeck 3 Internet-Draft Verisign Labs 4 Intended status: Standards Track A. Newton 5 Expires: July 26, 2020 ARIN 6 January 23, 2020 8 Registration Data Access Protocol (RDAP) Query Format 9 draft-hollenbeck-regext-rfc7482bis-00 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. These 17 uniform patterns define the query syntax for the Registration Data 18 Access Protocol (RDAP). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on July 26, 2020. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions Used in This Document . . . . . . . . . . . . . . 4 56 2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 4 57 3. Path Segment Specification . . . . . . . . . . . . . . . . . 5 58 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 5 59 3.1.1. IP Network Path Segment Specification . . . . . . . . 6 60 3.1.2. Autonomous System Path Segment Specification . . . . 7 61 3.1.3. Domain Path Segment Specification . . . . . . . . . . 7 62 3.1.4. Nameserver Path Segment Specification . . . . . . . . 8 63 3.1.5. Entity Path Segment Specification . . . . . . . . . . 9 64 3.1.6. Help Path Segment Specification . . . . . . . . . . . 9 65 3.2. Search Path Segment Specification . . . . . . . . . . . . 9 66 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 10 67 3.2.2. Nameserver Search . . . . . . . . . . . . . . . . . . 11 68 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 12 69 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 12 70 4.1. Partial String Searching . . . . . . . . . . . . . . . . 13 71 4.2. Associated Records . . . . . . . . . . . . . . . . . . . 13 72 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 14 73 6. Internationalization Considerations . . . . . . . . . . . . . 14 74 6.1. Character Encoding Considerations . . . . . . . . . . . . 15 75 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 16 76 7.1. Viagenie . . . . . . . . . . . . . . . . . . . . . . . . 16 77 7.2. ARIN . . . . . . . . . . . . . . . . . . . . . . . . . . 17 78 7.3. LACNIC . . . . . . . . . . . . . . . . . . . . . . . . . 17 79 7.4. ICANN . . . . . . . . . . . . . . . . . . . . . . . . . . 18 80 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 81 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 82 9.1. Normative References . . . . . . . . . . . . . . . . . . 20 83 9.2. Informative References . . . . . . . . . . . . . . . . . 22 84 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 23 85 Change Log . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 88 1. Introduction 90 This document describes a specification for querying registration 91 data using a RESTful web service and uniform query patterns. The 92 service is implemented using the Hypertext Transfer Protocol (HTTP) 93 [RFC7230] and the conventions described in [RFC7480]. These uniform 94 patterns define the query syntax for the Registration Data Access 95 Protocol (RDAP). 97 The protocol described in this specification is intended to address 98 deficiencies with the WHOIS protocol [RFC3912] that have been 99 identified over time, including: 101 o lack of standardized command structures; 103 o lack of standardized output and error structures; 105 o lack of support for internationalization and localization; and 107 o lack of support for user identification, authentication, and 108 access control. 110 The patterns described in this document purposefully do not encompass 111 all of the methods employed in the WHOIS and other RESTful web 112 services used by the RIRs and DNRs. The intent of the patterns 113 described here are to enable queries of: 115 o networks by IP address; 117 o Autonomous System (AS) numbers by number; 119 o reverse DNS metadata by domain; 121 o nameservers by name; 123 o registrars by name; and 125 o entities (such as contacts) by identifier. 127 Server implementations are free to support only a subset of these 128 features depending on local requirements. Servers MUST return an 129 HTTP 501 (Not Implemented) [RFC7231] response to inform clients of 130 unsupported query types. It is also envisioned that each registry 131 will continue to maintain WHOIS and/or other RESTful web services 132 specific to their needs and those of their constituencies, and the 133 information retrieved through the patterns described here may 134 reference such services. 136 Likewise, future IETF standards may add additional patterns for 137 additional query types. A simple pattern namespacing scheme is 138 described in Section 5 to accommodate custom extensions that will not 139 interfere with the patterns defined in this document or patterns 140 defined in future IETF standards. 142 WHOIS services, in general, are read-only services. Therefore, URL 143 [RFC3986] patterns specified in this document are only applicable to 144 the HTTP [RFC7231] GET and HEAD methods. 146 This document does not describe the results or entities returned from 147 issuing the described URLs with an HTTP GET. The specification of 148 these entities is described in [RFC7483]. 150 Additionally, resource management, provisioning, and update functions 151 are out of scope for this document. Registries have various and 152 divergent methods covering these functions, and it is unlikely a 153 uniform approach is needed for interoperability. 155 HTTP contains mechanisms for servers to authenticate clients and for 156 clients to authenticate servers (from which authorization schemes may 157 be built), so such mechanisms are not described in this document. 158 Policy, provisioning, and processing of authentication and 159 authorization are out of scope for this document as deployments will 160 have to make choices based on local criteria. Supported 161 authentication mechanisms are described in [RFC7481]. 163 2. Conventions Used in This Document 165 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 166 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 167 document are to be interpreted as described in [RFC2119]. 169 2.1. Acronyms and Abbreviations 171 IDN: Internationalized Domain Name, a fully-qualified domain name 172 containing one or more labels that are intended to include one or 173 more Unicode code points outside the ASCII range (cf. "domain 174 name", "fully-qualified domain name" and "internationalized domain 175 name" in RFC 8499 [RFC8499]). 177 IDNA: Internationalized Domain Names in Applications, a protocol 178 for the handling of IDNs. In this document, "IDNA" refers 179 specifically to the version of those specifications known as 180 "IDNA2008" [RFC5980]. 182 DNR: Domain Name Registry 184 NFC: Unicode Normalization Form C [Unicode-UAX15] 186 NFKC: Unicode Normalization Form KC [Unicode-UAX15] 188 RDAP: Registration Data Access Protocol 190 REST: Representational State Transfer. The term was first 191 described in a doctoral dissertation [REST]. 193 RESTful: An adjective that describes a service using HTTP and the 194 principles of REST. 196 RIR: Regional Internet Registry 198 3. Path Segment Specification 200 The base URLs used to construct RDAP queries are maintained in an 201 IANA registry described in [RFC7484]. Queries are formed by 202 retrieving an appropriate base URL from the registry and appending a 203 path segment specified in either Sections 3.1 or 3.2. Generally, a 204 registry or other service provider will provide a base URL that 205 identifies the protocol, host, and port, and this will be used as a 206 base URL that the complete URL is resolved against, as per Section 5 208 of RFC 3986 [RFC3986]. For example, if the base URL is 209 "https://example.com/rdap/", all RDAP query URLs will begin with 210 "https://example.com/rdap/". 212 The bootstrap registry does not contain information for query objects 213 that are not part of a global namespace, including entities and help. 214 A base URL for an associated object is required to construct a 215 complete query. 217 For entities, a base URL is retrieved for the service (domain, 218 address, etc.) associated with a given entity. The query URL is 219 constructed by concatenating the base URL to the entity path segment 220 specified in either Sections 3.1.5 or 3.2.3. 222 For help, a base URL is retrieved for any service (domain, address, 223 etc.) for which additional information is required. The query URL is 224 constructed by concatenating the base URL to the help path segment 225 specified in Section 3.1.6. 227 3.1. Lookup Path Segment Specification 229 A simple lookup to determine if an object exists (or not) without 230 returning RDAP-encoded results can be performed using the HTTP HEAD 231 method as described in Section 4.1 of [RFC7480]. 233 The resource type path segments for exact match lookup are: 235 o 'ip': Used to identify IP networks and associated data referenced 236 using either an IPv4 or IPv6 address. 238 o 'autnum': Used to identify Autonomous System number registrations 239 and associated data referenced using an asplain Autonomous System 240 number. 242 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 243 information and associated data referenced using a fully qualified 244 domain name. 246 o 'nameserver': Used to identify a nameserver information query 247 using a host name. 249 o 'entity': Used to identify an entity information query using a 250 string identifier. 252 3.1.1. IP Network Path Segment Specification 254 Syntax: ip/ or ip// 256 Queries for information about IP networks are of the form /ip/XXX/... 257 or /ip/XXX/YY/... where the path segment following 'ip' is either an 258 IPv4 dotted decimal or IPv6 [RFC5952] address (i.e., XXX) or an IPv4 259 or IPv6 Classless Inter-domain Routing (CIDR) [RFC4632] notation 260 address block (i.e., XXX/YY). Semantically, the simpler form using 261 the address can be thought of as a CIDR block with a bitmask length 262 of 32 for IPv4 and a bitmask length of 128 for IPv6. A given 263 specific address or CIDR may fall within multiple IP networks in a 264 hierarchy of networks; therefore, this query targets the "most- 265 specific" or smallest IP network that completely encompasses it in a 266 hierarchy of IP networks. 268 The IPv4 and IPv6 address formats supported in this query are 269 described in Section 3.2.2 of RFC 3986 [RFC3986] as IPv4address and 270 IPv6address ABNF definitions. Any valid IPv6 text address format 271 [RFC4291] can be used. This includes IPv6 addresses written using 272 with or without compressed zeros and IPv6 addresses containing 273 embedded IPv4 addresses. The rules to write a text representation of 274 an IPv6 address [RFC5952] are RECOMMENDED. However, the zone_id 275 [RFC4007] is not appropriate in this context; therefore, the 276 corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT be 277 used, and servers are to ignore it if possible. 279 For example, the following URL would be used to find information for 280 the most specific network containing 192.0.2.0: 282 284 The following URL would be used to find information for the most 285 specific network containing 192.0.2.0/24: 287 288 The following URL would be used to find information for the most 289 specific network containing 2001:db8::0: 291 293 3.1.2. Autonomous System Path Segment Specification 295 Syntax: autnum/ 297 Queries for information regarding Autonomous System number 298 registrations are of the form /autnum/XXX/... where XXX is an asplain 299 Autonomous System number [RFC5396]. In some registries, registration 300 of Autonomous System numbers is done on an individual number basis, 301 while other registries may register blocks of Autonomous System 302 numbers. The semantics of this query are such that if a number falls 303 within a range of registered blocks, the target of the query is the 304 block registration and that individual number registrations are 305 considered a block of numbers with a size of 1. 307 For example, the following URL would be used to find information 308 describing Autonomous System number 12 (a number within a range of 309 registered blocks): 311 313 The following URL would be used to find information describing 4-byte 314 Autonomous System number 65538: 316 318 3.1.3. Domain Path Segment Specification 320 Syntax: domain/ 322 Queries for domain information are of the form /domain/XXXX/..., 323 where XXXX is a fully qualified (relative to the root) domain name 324 (as specified in [RFC0952] and [RFC1123]) in either the in-addr.arpa 325 or ip6.arpa zones (for RIRs) or a fully qualified domain name in a 326 zone administered by the server operator (for DNRs). 327 Internationalized Domain Names (IDNs) represented in either A-label 328 or U-label format [RFC5890] are also valid domain names. See 329 Section 6.1 for information on character encoding for the U-label 330 format. 332 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; 333 that is, internationalized labels in an IDN SHOULD be either all 334 A-labels or all U-labels. It is possible for an RDAP client to 335 assemble a query string from multiple independent data sources. Such 336 a client might not be able to perform conversions between A-labels 337 and U-labels. An RDAP server that receives a query string with a 338 mixture of A-labels and U-labels MAY convert all the U-labels to 339 A-labels, perform IDNA processing, and proceed with exact-match 340 lookup. In such cases, the response to be returned to the query 341 source may not match the input from the query source. Alternatively, 342 the server MAY refuse to process the query. 344 The server MAY perform the match using either the A-label or U-label 345 form. Using one consistent form for matching every label is likely 346 to be more reliable. 348 The following URL would be used to find information describing the 349 zone serving the network 192.0.2/24: 351 353 The following URL would be used to find information describing the 354 zone serving the network 2001:db8:1::/48: 356 358 The following URL would be used to find information for the 359 blah.example.com domain name: 361 363 The following URL would be used to find information for the xn--fo- 364 5ja.example IDN: 366 368 3.1.4. Nameserver Path Segment Specification 370 Syntax: nameserver/ 372 The parameter represents a fully qualified host 373 name as specified in [RFC0952] and [RFC1123]. Internationalized 374 names represented in either A-label or U-label format [RFC5890] are 375 also valid nameserver names. IDN processing for nameserver names 376 uses the domain name processing instructions specified in 377 Section 3.1.3. See Section 6.1 for information on character encoding 378 for the U-label format. 380 The following URL would be used to find information for the 381 ns1.example.com nameserver: 383 384 The following URL would be used to find information for the ns1.xn-- 385 fo-5ja.example nameserver: 387 389 3.1.5. Entity Path Segment Specification 391 Syntax: entity/ 393 The parameter represents an entity (such as a contact, 394 registrant, or registrar) identifier whose syntax is specific to the 395 registration provider. For example, for some DNRs, contact 396 identifiers are specified in [RFC5730] and [RFC5733]. 398 The following URL would be used to find information for the entity 399 associated with handle XXXX: 401 403 3.1.6. Help Path Segment Specification 405 Syntax: help 407 The help path segment can be used to request helpful information 408 (command syntax, terms of service, privacy policy, rate-limiting 409 policy, supported authentication methods, supported extensions, 410 technical support contact, etc.) from an RDAP server. The response 411 to "help" should provide basic information that a client needs to 412 successfully use the service. The following URL would be used to 413 return "help" information: 415 417 3.2. Search Path Segment Specification 419 Pattern matching semantics are described in Section 4.1. The 420 resource type path segments for search are: 422 o 'domains': Used to identify a domain name information search using 423 a pattern to match a fully qualified domain name. 425 o 'nameservers': Used to identify a nameserver information search 426 using a pattern to match a host name. 428 o 'entities': Used to identify an entity information search using a 429 pattern to match a string identifier. 431 RDAP search path segments are formed using a concatenation of the 432 plural form of the object being searched for and an HTTP query 433 string. The HTTP query string is formed using a concatenation of the 434 question mark character ('?', US-ASCII value 0x003F), the JSON object 435 value associated with the object being searched for, the equal sign 436 character ('=', US-ASCII value 0x003D), and the search pattern. 437 Search pattern query processing is described more fully in Section 4. 438 For the domain, nameserver, and entity objects described in this 439 document, the plural object forms are "domains", "nameservers", and 440 "entities". 442 Detailed results can be retrieved using the HTTP GET method and the 443 path segments specified here. 445 3.2.1. Domain Search 447 Syntax: domains?name= 449 Syntax: domains?nsLdhName= 451 Syntax: domains?nsIp= 453 Searches for domain information by name are specified using this 454 form: 456 domains?name=XXXX 458 XXXX is a search pattern representing a domain name in "letters, 459 digits, hyphen" (LDH) format [RFC5890] in a zone administered by the 460 server operator of a DNR. The following URL would be used to find 461 DNR information for domain names matching the "example*.com" pattern: 463 465 IDNs in U-label format [RFC5890] can also be used as search patterns 466 (see Section 4). Searches for these names are of the form 467 /domains?name=XXXX, where XXXX is a search pattern representing a 468 domain name in U-label format [RFC5890]. See Section 6.1 for 469 information on character encoding for the U-label format. 471 Searches for domain information by nameserver name are specified 472 using this form: 474 domains?nsLdhName=YYYY 476 YYYY is a search pattern representing a host name in "letters, 477 digits, hyphen" format [RFC5890] in a zone administered by the server 478 operator of a DNR. The following URL would be used to search for 479 domains delegated to nameservers matching the "ns1.example*.com" 480 pattern: 482 484 Searches for domain information by nameserver IP address are 485 specified using this form: 487 domains?nsIp=ZZZZ 489 ZZZZ is a search pattern representing an IPv4 [RFC1166] or IPv6 490 [RFC5952] address. The following URL would be used to search for 491 domains that have been delegated to nameservers that resolve to the 492 "192.0.2.0" address: 494 496 3.2.2. Nameserver Search 498 Syntax: nameservers?name= 500 Syntax: nameservers?ip= 502 Searches for nameserver information by nameserver name are specified 503 using this form: 505 nameservers?name=XXXX 507 XXXX is a search pattern representing a host name in "letters, 508 digits, hyphen" format [RFC5890] in a zone administered by the server 509 operator of a DNR. The following URL would be used to find DNR 510 information for nameserver names matching the "ns1.example*.com" 511 pattern: 513 515 Internationalized nameserver names in U-label format [RFC5890] can 516 also be used as search patterns (see Section 4). Searches for these 517 names are of the form /nameservers?name=XXXX, where XXXX is a search 518 pattern representing a nameserver name in U-label format [RFC5890]. 519 See Section 6.1 for information on character encoding for the U-label 520 format. 522 Searches for nameserver information by nameserver IP address are 523 specified using this form: 525 nameservers?ip=YYYY 526 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 527 [RFC5952] address. The following URL would be used to search for 528 nameserver names that resolve to the "192.0.2.0" address: 530 532 3.2.3. Entity Search 534 Syntax: entities?fn= 536 Syntax: entities?handle= 538 Searches for entity information by name are specified using this 539 form: 541 entities?fn=XXXX 543 XXXX is a search pattern representing the "FN" property of an entity 544 (such as a contact, registrant, or registrar) name as specified in 545 Section 5.1 of [RFC7483]. The following URL would be used to find 546 information for entity names matching the "Bobby Joe*" pattern: 548 550 Searches for entity information by handle are specified using this 551 form: 553 entities?handle=XXXX 555 XXXX is a search pattern representing an entity (such as a contact, 556 registrant, or registrar) identifier whose syntax is specific to the 557 registration provider. The following URL would be used to find 558 information for entity handles matching the "CID-40*" pattern: 560 562 URLs MUST be properly encoded according to the rules of [RFC3986]. 563 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 565 4. Query Processing 567 Servers indicate the success or failure of query processing by 568 returning an appropriate HTTP response code to the client. Response 569 codes not specifically identified in this document are described in 570 [RFC7480]. 572 4.1. Partial String Searching 574 Partial string searching uses the asterisk ('*', US-ASCII value 575 0x002A) character to match zero or more trailing characters. A 576 character string representing multiple domain name labels MAY be 577 concatenated to the end of the search pattern to limit the scope of 578 the search. For example, the search pattern "exam*" will match 579 "example.com" and "example.net". The search pattern "exam*.com" will 580 match "example.com". If an asterisk appears in a search string, any 581 label that contains the non-asterisk characters in sequence plus zero 582 or more characters in sequence in place of the asterisk would match. 583 Additional pattern matching processing is beyond the scope of this 584 specification. 586 If a server receives a search request but cannot process the request 587 because it does not support a particular style of partial match 588 searching, it SHOULD return an HTTP 422 (Unprocessable Entity) 589 [RFC4918] response. When returning a 422 error, the server MAY also 590 return an error response body as specified in Section 6 of [RFC7483] 591 if the requested media type is one that is specified in [RFC7480]. 593 Partial matching is not feasible across combinations of Unicode 594 characters because Unicode characters can be combined with each 595 other. Servers SHOULD NOT partially match combinations of Unicode 596 characters where a legal combination is possible. It should be 597 noted, though, that it may not always be possible to detect cases 598 where a character could have been combined with another character, 599 but was not, because characters can be combined in many different 600 ways. 602 Clients should avoid submitting a partial match search of Unicode 603 characters where a Unicode character may be legally combined with 604 another Unicode character or characters. Partial match searches with 605 incomplete combinations of characters where a character must be 606 combined with another character or characters are invalid. Partial 607 match searches with characters that may be combined with another 608 character or characters are to be considered non-combined characters 609 (that is, if character x may be combined with character y but 610 character y is not submitted in the search string, then character x 611 is a complete character and no combinations of character x are to be 612 searched). 614 4.2. Associated Records 616 Conceptually, any query-matching record in a server's database might 617 be a member of a set of related records, related in some fashion as 618 defined by the server -- for example, variants of an IDN. The entire 619 set ought to be considered as candidates for inclusion when 620 constructing the response. However, the construction of the final 621 response needs to be mindful of privacy and other data-releasing 622 policies when assembling the RDAP response set. 624 Note too that due to the nature of searching, there may be a list of 625 query-matching records. Each one of those is subject to being a 626 member of a set as described in the previous paragraph. What is 627 ultimately returned in a response will be the union of all the sets 628 that has been filtered by whatever policies are in place. 630 Note that this model includes arrangements for associated names, 631 including those that are linked by policy mechanisms and names bound 632 together for some other purposes. Note also that returning 633 information that was not explicitly selected by an exact-match 634 lookup, including additional names that match a relatively fuzzy 635 search as well as lists of names that are linked together, may cause 636 privacy issues. 638 Note that there might not be a single, static information return 639 policy that applies to all clients equally. Client identity and 640 associated authorizations can be a relevant factor in determining how 641 broad the response set will be for any particular query. 643 5. Extensibility 645 This document describes path segment specifications for a limited 646 number of objects commonly registered in both RIRs and DNRs. It does 647 not attempt to describe path segments for all of the objects 648 registered in all registries. Custom path segments can be created 649 for objects not specified here using the process described in 650 Section 6 of "HTTP Usage in the Registration Data Access Protocol 651 (RDAP)" [RFC7480]. 653 Custom path segments can be created by prefixing the segment with a 654 unique identifier followed by an underscore character (0x5F). For 655 example, a custom entity path segment could be created by prefixing 656 "entity" with "custom_", producing "custom_entity". Servers MUST 657 return an appropriate failure status code for a request with an 658 unrecognized path segment. 660 6. Internationalization Considerations 662 There is value in supporting the ability to submit either a U-label 663 (Unicode form of an IDN label) or an A-label (US-ASCII form of an IDN 664 label) as a query argument to an RDAP service. Clients capable of 665 processing non-US-ASCII characters may prefer a U-label since this is 666 more visually recognizable and familiar than A-label strings, but 667 clients using programmatic interfaces might find it easier to submit 668 and display A-labels if they are unable to input U-labels with their 669 keyboard configuration. Both query forms are acceptable. 671 Internationalized domain and nameserver names can contain character 672 variants and variant labels as described in [RFC4290]. Clients that 673 support queries for internationalized domain and nameserver names 674 MUST accept service provider responses that describe variants as 675 specified in "JSON Responses for the Registration Data Access 676 Protocol (RDAP)" [RFC7483]. 678 6.1. Character Encoding Considerations 680 Servers can expect to receive search patterns from clients that 681 contain character strings encoded in different forms supported by 682 HTTP. It is entirely possible to apply filters and normalization 683 rules to search patterns prior to making character comparisons, but 684 this type of processing is more typically needed to determine the 685 validity of registered strings than to match patterns. 687 An RDAP client submitting a query string containing non-US-ASCII 688 characters converts such strings into Unicode in UTF-8 encoding. It 689 then performs any local case mapping deemed necessary. Strings are 690 normalized using Normalization Form C (NFC) [Unicode-UAX15]; note 691 that clients might not be able to do this reliably. UTF-8 encoded 692 strings are then appropriately percent-encoded [RFC3986] in the query 693 URL. 695 After parsing any percent-encoding, an RDAP server treats each query 696 string as Unicode in UTF-8 encoding. If a string is not valid UTF-8, 697 the server can immediately stop processing the query and return an 698 HTTP 400 (Bad Request) response. 700 When processing queries, there is a difference in handling DNS names, 701 including those with putative U-labels, and everything else. DNS 702 names are treated according to the DNS matching rules as described in 703 Section 3.1 of RFC 1035 [RFC1035] for Non-Reserved LDH (NR-LDH) 704 labels and the matching rules described in Section 5.4 of RFC 5891 705 [RFC5891] for U-labels. Matching of DNS names proceeds one label at 706 a time because it is possible for a combination of U-labels and NR- 707 LDH labels to be found in a single domain or host name. The 708 determination of whether a label is a U-label or an NR-LDH label is 709 based on whether the label contains any characters outside of the US- 710 ASCII letters, digits, or hyphen (the so-called LDH rule). 712 For everything else, servers map fullwidth and halfwidth characters 713 to their decomposition equivalents. Servers convert strings to the 714 same coded character set of the target data that is to be looked up 715 or searched, and each string is normalized using the same 716 normalization that was used on the target data. In general, storage 717 of strings as Unicode is RECOMMENDED. For the purposes of 718 comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case 719 folding is used to maximize predictability and the number of matches. 720 Note the use of case-folded NFKC as opposed to NFC in this case. 722 7. Implementation Status 724 NOTE: Please remove this section and the reference to RFC 7942 prior 725 to publication as an RFC. 727 This section records the status of known implementations of the 728 protocol defined by this specification at the time of posting of this 729 Internet-Draft, and is based on a proposal described in RFC 7942 730 [RFC7942]. The description of implementations in this section is 731 intended to assist the IETF in its decision processes in progressing 732 drafts to RFCs. Please note that the listing of any individual 733 implementation here does not imply endorsement by the IETF. 734 Furthermore, no effort has been spent to verify the information 735 presented here that was supplied by IETF contributors. This is not 736 intended as, and must not be construed to be, a catalog of available 737 implementations or their features. Readers are advised to note that 738 other implementations may exist. 740 According to RFC 7942, "this will allow reviewers and working groups 741 to assign due consideration to documents that have the benefit of 742 running code, which may serve as evidence of valuable experimentation 743 and feedback that have made the implemented protocols more mature. 744 It is up to the individual working groups to use this information as 745 they see fit". 747 7.1. Viagenie 749 Responsible Organization: Viagenie 751 Location: RDAPBrowser (iOS and Android): https://viagenie.ca/ 752 rdapbrowser 754 Description: Mobile app (iOS and Android) implementing an RDAP 755 client for domains, IP addresses and AS numbers. 757 Level of Maturity: Production 759 Coverage: All except for nameserver, entity, help, and search path 760 segments. 762 Version Compatibility: RFC 7482 763 Licensing: Proprietary 765 Implementation Experience: Quite simple and easy to deploy. 766 Responses are much harder to parse because RDAP servers are not 767 compliant. 769 Contact Information: Marc Blanchet, rdapbrowser@viagenie.ca 771 Date Last Updated: September 27, 2019 773 7.2. ARIN 775 Responsible Organization: ARIN 777 Location: NicInfo https://github.com/arineng/nicinfo, and 778 search.arin.net https://search.arin.net/rdap/ 780 Description: NicInfo is a command line client written in Ruby. 781 search.arin.net is a public web page getting about 8k queries per 782 day. 784 Level of Maturity: NicInfo started as a research project, but is 785 known to be used by some organizations in a production capacity. 786 search.arin.net is production. 788 Coverage: NicInfo supports all query types. Search.arin.net 789 supports lookup of entities by handle, search of entities by name, 790 lookup of domain names, lookup of ip networks, lookup of autnums. 792 Version Compatibility: RFC 7482 794 Licensing: NicInfo is published under the ISC license. 795 Search.arin.net is not publicly licensed. 797 Implementation Experience: The RDAP queries are straightforward 798 for the most part. The vast majority of logic goes into 799 displaying information. 801 Contact Information: info@arin.net 803 Date Last Updated: NicInfo was last updated in Feb 2018. 804 Search.arin.net was last updated in July 2019. 806 7.3. LACNIC 808 Responsible Organization: LACNIC 810 Location: https://github.com/LACNIC/rdap-frontend-angular-dev 811 Description: The goal of this client is to have an RDAP client 812 that can be easily embedded in web pages. The original request 813 was for a web whois/rdap feature that was to replace a very, very 814 old web whois that just popen'd CLI WHOIS and just copied back the 815 output to html. We decided to implement something that could, in 816 the future, be embedded in any web page and is not tied to our 817 current web portal CMS. The client is implemented in Javascript 818 and AngularJS. 820 Level of Maturity: We consider the current version production 821 quality, it has been in use in our web portal for more than a year 822 now. 824 Coverage: The client implements /ip, /autnum, and /entity. The 825 client does not support searches. For these objects the 826 implementation follows the standard closely. There may be a few 827 gaps, but it's mostly aligned to the RFCs. 829 Version Compatibility: RFC 7482 831 Licensing: BSD-Style 833 Implementation Experience: Users of the traditional WHOIS service 834 are a bit confused at first when they realize that an RDAP query 835 does not necessarily return the same information and in some cases 836 they need to "navigate" the RDAP tree to get data that is normally 837 returned in a single WHOIS query. In our experience, this gap in 838 expectations has been one of the most significant hurdles in 839 adoption of RDAP. Our RDAP client makes this "navigation" easier 840 as it presents results in the form of a web page where the "next" 841 necessary RDAP query is a click on a link. On the plus side, the 842 protocol provides all the information needed to present this links 843 and clicks to the user. We have however introduced a few 844 extensions into our RDAP responses to get both services to parity 845 in the information presented in a single query. 847 Contact Information: Gerardo Rada (gerardo@lacnic.net), Carlos 848 Martinez (carlos@lacnic.net) 850 Date Last Updated: This application is currently in maintenance 851 mode. Also, we employ a rolling release update. Latest updates 852 are available in the git log of the repo. 854 7.4. ICANN 856 Responsible Organization: Internet Corporation for Assigned Names 857 and Numbers (ICANN) 858 Location: Domain Name Registration Data Lookup: 859 https://lookup.icann.org/ 861 Description: ICANN created the Domain Name Registration Data 862 Lookup web client as a free public service that gives users the 863 ability to look up and display publicly available registration 864 data related to a domain name using the top level domain's RDAP 865 service location listed in the IANA bootstrap service registry for 866 domain name space (RFC 7484), and the sponsoring Registrar's RDAP 867 server. This web client implementation also supports the 868 specifications defined in the "gTLD RDAP Profile" documents 869 (https://www.icann.org/gtld-rdap-profile). 871 Level of Maturity: Production. 873 Coverage: This web client implements RFC 7482 section 3.1.3 874 "Domain Path Segment Specification" to perform lookups exclusively 875 for the domain object class. 877 Version Compatibility: RFC 7482 879 Contact Information: globalSupport@icann.org 881 Date Last Updated: 07-Oct-2019 883 8. Security Considerations 885 Security services for the operations specified in this document are 886 described in "Security Services for the Registration Data Access 887 Protocol (RDAP)" [RFC7481]. 889 Search functionality typically requires more server resources (such 890 as memory, CPU cycles, and network bandwidth) when compared to basic 891 lookup functionality. This increases the risk of server resource 892 exhaustion and subsequent denial of service due to abuse. This risk 893 can be mitigated by developing and implementing controls to restrict 894 search functionality to identified and authorized clients. If those 895 clients behave badly, their search privileges can be suspended or 896 revoked. Rate limiting as described in Section 5.5 of "HTTP Usage in 897 the Registration Data Access Protocol (RDAP)" [RFC7480] can also be 898 used to control the rate of received search requests. Server 899 operators can also reduce their risk by restricting the amount of 900 information returned in response to a search request. 902 Search functionality also increases the privacy risk of disclosing 903 object relationships that might not otherwise be obvious. For 904 example, a search that returns IDN variants [RFC6927] that do not 905 explicitly match a client-provided search pattern can disclose 906 information about registered domain names that might not be otherwise 907 available. Implementers need to consider the policy and privacy 908 implications of returning information that was not explicitly 909 requested. 911 Note that there might not be a single, static information return 912 policy that applies to all clients equally. Client identity and 913 associated authorizations can be a relevant factor in determining how 914 broad the response set will be for any particular query. 916 9. References 918 9.1. Normative References 920 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 921 host table specification", RFC 952, DOI 10.17487/RFC0952, 922 October 1985, . 924 [RFC1035] Mockapetris, P., "Domain names - implementation and 925 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 926 November 1987, . 928 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts - 929 Application and Support", STD 3, RFC 1123, 930 DOI 10.17487/RFC1123, October 1989, 931 . 933 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 934 numbers", RFC 1166, DOI 10.17487/RFC1166, July 1990, 935 . 937 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 938 Requirement Levels", BCP 14, RFC 2119, 939 DOI 10.17487/RFC2119, March 1997, 940 . 942 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 943 Resource Identifier (URI): Generic Syntax", STD 66, 944 RFC 3986, DOI 10.17487/RFC3986, January 2005, 945 . 947 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 948 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 949 2006, . 951 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 952 (CIDR): The Internet Address Assignment and Aggregation 953 Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August 954 2006, . 956 [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed 957 Authoring and Versioning (WebDAV)", RFC 4918, 958 DOI 10.17487/RFC4918, June 2007, 959 . 961 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 962 Autonomous System (AS) Numbers", RFC 5396, 963 DOI 10.17487/RFC5396, December 2008, 964 . 966 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 967 STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, 968 . 970 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 971 Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733, 972 August 2009, . 974 [RFC5890] Klensin, J., "Internationalized Domain Names for 975 Applications (IDNA): Definitions and Document Framework", 976 RFC 5890, DOI 10.17487/RFC5890, August 2010, 977 . 979 [RFC5891] Klensin, J., "Internationalized Domain Names in 980 Applications (IDNA): Protocol", RFC 5891, 981 DOI 10.17487/RFC5891, August 2010, 982 . 984 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 985 Address Text Representation", RFC 5952, 986 DOI 10.17487/RFC5952, August 2010, 987 . 989 [RFC5980] Sanda, T., Ed., Fu, X., Jeong, S., Manner, J., and H. 990 Tschofenig, "NSIS Protocol Operation in Mobile 991 Environments", RFC 5980, DOI 10.17487/RFC5980, March 2011, 992 . 994 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 995 Protocol (HTTP/1.1): Message Syntax and Routing", 996 RFC 7230, DOI 10.17487/RFC7230, June 2014, 997 . 999 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1000 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 1001 DOI 10.17487/RFC7231, June 2014, 1002 . 1004 [RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the 1005 Registration Data Access Protocol (RDAP)", RFC 7480, 1006 DOI 10.17487/RFC7480, March 2015, 1007 . 1009 [RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the 1010 Registration Data Access Protocol (RDAP)", RFC 7481, 1011 DOI 10.17487/RFC7481, March 2015, 1012 . 1014 [RFC7483] Newton, A. and S. Hollenbeck, "JSON Responses for the 1015 Registration Data Access Protocol (RDAP)", RFC 7483, 1016 DOI 10.17487/RFC7483, March 2015, 1017 . 1019 [RFC7484] Blanchet, M., "Finding the Authoritative Registration Data 1020 (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March 1021 2015, . 1023 [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 1024 Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, 1025 January 2019, . 1027 [Unicode-UAX15] 1028 The Unicode Consortium, "Unicode Standard Annex #15: 1029 Unicode Normalization Forms", September 2013, 1030 . 1032 9.2. Informative References 1034 [REST] Fielding, R., "Architectural Styles and the Design of 1035 Network-based Software Architectures", Ph.D. 1036 Dissertation, University of California, Irvine, 2000, 1037 . 1040 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 1041 DOI 10.17487/RFC3912, September 2004, 1042 . 1044 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 1045 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 1046 DOI 10.17487/RFC4007, March 2005, 1047 . 1049 [RFC4290] Klensin, J., "Suggested Practices for Registration of 1050 Internationalized Domain Names (IDN)", RFC 4290, 1051 DOI 10.17487/RFC4290, December 2005, 1052 . 1054 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 1055 IPv6 Zone Identifiers in Address Literals and Uniform 1056 Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874, 1057 February 2013, . 1059 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 1060 Registered in Top-Level Domains", RFC 6927, 1061 DOI 10.17487/RFC6927, May 2013, 1062 . 1064 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 1065 Code: The Implementation Status Section", BCP 205, 1066 RFC 7942, DOI 10.17487/RFC7942, July 2016, 1067 . 1069 Acknowledgements 1071 This document is derived from original work on RIR query formats 1072 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 1073 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 1074 Additionally, this document incorporates DNR query formats originally 1075 described by Francisco Arias and Steve Sheng of ICANN and Scott 1076 Hollenbeck of Verisign Labs. 1078 The authors would like to acknowledge the following individuals for 1079 their contributions to this document: Francisco Arias, Marc Blanchet, 1080 Ernie Dainow, Jean-Philippe Dionne, Byron J. Ellacott, Behnam 1081 Esfahbod, John Klensin, John Levine, Edward Lewis, Mark Nottingham, 1082 Kaveh Ranjbar, Arturo L. Servin, Steve Sheng, and Andrew Sullivan. 1084 Change Log 1086 00: Initial version ported from RFC 7482. Added Implementation 1087 Status section. Addressed known errata. 1089 Authors' Addresses 1091 Scott Hollenbeck 1092 Verisign Labs 1093 12061 Bluemont Way 1094 Reston, VA 20190 1095 United States 1097 Email: shollenbeck@verisign.com 1098 URI: http://www.verisignlabs.com/ 1100 Andrew Lee Newton 1101 American Registry for Internet Numbers 1102 3635 Concorde Parkway 1103 Chantilly, VA 20151 1104 United States 1106 Email: andy@arin.net 1107 URI: http://www.arin.net