idnits 2.17.1 draft-hollenbeck-regext-rfc7482bis-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) == There are 3 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 4, 2020) is 1446 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7484 (Obsoleted by RFC 9224) ** Obsolete normative reference: RFC 8499 (Obsoleted by RFC 9499) == Outdated reference: A later version (-01) exists of draft-hollenbeck-regext-rfc7483bis-00 -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' Summary: 7 errors (**), 0 flaws (~~), 3 warnings (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 REGEXT Working Group S. Hollenbeck 3 Internet-Draft Verisign Labs 4 Intended status: Standards Track A. Newton 5 Expires: November 5, 2020 AWS 6 May 4, 2020 8 Registration Data Access Protocol (RDAP) Query Format 9 draft-hollenbeck-regext-rfc7482bis-04 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. These 17 uniform patterns define the query syntax for the Registration Data 18 Access Protocol (RDAP). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on November 5, 2020. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions Used in This Document . . . . . . . . . . . . . . 4 56 2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 4 57 3. Path Segment Specification . . . . . . . . . . . . . . . . . 5 58 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 5 59 3.1.1. IP Network Path Segment Specification . . . . . . . . 6 60 3.1.2. Autonomous System Path Segment Specification . . . . 7 61 3.1.3. Domain Path Segment Specification . . . . . . . . . . 7 62 3.1.4. Nameserver Path Segment Specification . . . . . . . . 8 63 3.1.5. Entity Path Segment Specification . . . . . . . . . . 9 64 3.1.6. Help Path Segment Specification . . . . . . . . . . . 9 65 3.2. Search Path Segment Specification . . . . . . . . . . . . 9 66 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 10 67 3.2.2. Nameserver Search . . . . . . . . . . . . . . . . . . 11 68 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 12 69 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 12 70 4.1. Partial String Searching . . . . . . . . . . . . . . . . 13 71 4.2. Associated Records . . . . . . . . . . . . . . . . . . . 14 72 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 14 73 6. Internationalization Considerations . . . . . . . . . . . . . 15 74 6.1. Character Encoding Considerations . . . . . . . . . . . . 15 75 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 16 76 7.1. Viagenie . . . . . . . . . . . . . . . . . . . . . . . . 16 77 7.2. ARIN . . . . . . . . . . . . . . . . . . . . . . . . . . 17 78 7.3. LACNIC . . . . . . . . . . . . . . . . . . . . . . . . . 18 79 7.4. ICANN . . . . . . . . . . . . . . . . . . . . . . . . . . 19 80 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 81 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 82 9.1. Normative References . . . . . . . . . . . . . . . . . . 20 83 9.2. Informative References . . . . . . . . . . . . . . . . . 22 84 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 23 85 Changes from RFC 7482 . . . . . . . . . . . . . . . . . . . . . . 24 86 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 88 1. Introduction 90 This document describes a specification for querying registration 91 data using a RESTful web service and uniform query patterns. The 92 service is implemented using the Hypertext Transfer Protocol (HTTP) 93 [RFC7230] and the conventions described in [RFC7480]. These uniform 94 patterns define the query syntax for the Registration Data Access 95 Protocol (RDAP). 97 The protocol described in this specification is intended to address 98 deficiencies with the WHOIS protocol [RFC3912] that have been 99 identified over time, including: 101 o lack of standardized command structures; 103 o lack of standardized output and error structures; 105 o lack of support for internationalization and localization; and 107 o lack of support for user identification, authentication, and 108 access control. 110 The patterns described in this document purposefully do not encompass 111 all of the methods employed in the WHOIS and other RESTful web 112 services used by the RIRs and DNRs. The intent of the patterns 113 described here are to enable queries of: 115 o networks by IP address; 117 o Autonomous System (AS) numbers by number; 119 o reverse DNS metadata by domain; 121 o nameservers by name; and 123 o entities (such as registrars and contacts) by identifier. 125 Server implementations are free to support only a subset of these 126 features depending on local requirements. Servers MUST return an 127 HTTP 501 (Not Implemented) [RFC7231] response to inform clients of 128 unsupported query types. It is also envisioned that each registry 129 will continue to maintain WHOIS and/or other RESTful web services 130 specific to their needs and those of their constituencies, and the 131 information retrieved through the patterns described here may 132 reference such services. 134 Likewise, future IETF standards may add additional patterns for 135 additional query types. A simple pattern namespacing scheme is 136 described in Section 5 to accommodate custom extensions that will not 137 interfere with the patterns defined in this document or patterns 138 defined in future IETF standards. 140 WHOIS services, in general, are read-only services. Therefore, URL 141 [RFC3986] patterns specified in this document are only applicable to 142 the HTTP [RFC7231] GET and HEAD methods. 144 This document does not describe the results or entities returned from 145 issuing the described URLs with an HTTP GET. The specification of 146 these entities is described in [I-D.hollenbeck-regext-rfc7483bis]. 148 Additionally, resource management, provisioning, and update functions 149 are out of scope for this document. Registries have various and 150 divergent methods covering these functions, and it is unlikely a 151 uniform approach is needed for interoperability. 153 HTTP contains mechanisms for servers to authenticate clients and for 154 clients to authenticate servers (from which authorization schemes may 155 be built), so such mechanisms are not described in this document. 156 Policy, provisioning, and processing of authentication and 157 authorization are out of scope for this document as deployments will 158 have to make choices based on local criteria. Supported 159 authentication mechanisms are described in [RFC7481]. 161 2. Conventions Used in This Document 163 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 164 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 165 document are to be interpreted as described in [RFC2119]. 167 2.1. Acronyms and Abbreviations 169 IDN: Internationalized Domain Name, a fully-qualified domain name 170 containing one or more labels that are intended to include one or 171 more Unicode code points outside the ASCII range (cf. "domain 172 name", "fully-qualified domain name" and "internationalized domain 173 name" in RFC 8499 [RFC8499]). 175 IDNA: Internationalized Domain Names in Applications, a protocol 176 for the handling of IDNs. In this document, "IDNA" refers 177 specifically to the version of those specifications known as 178 "IDNA2008" [RFC5890]. 180 DNR: Domain Name Registry or Domain Name Registrar 182 NFC: Unicode Normalization Form C [Unicode-UAX15] 184 NFKC: Unicode Normalization Form KC [Unicode-UAX15] 186 RDAP: Registration Data Access Protocol 188 REST: Representational State Transfer. The term was first 189 described in a doctoral dissertation [REST]. 191 RESTful: An adjective that describes a service using HTTP and the 192 principles of REST. 194 RIR: Regional Internet Registry 196 3. Path Segment Specification 198 The base URLs used to construct RDAP queries are maintained in an 199 IANA registry described in [RFC7484]. Queries are formed by 200 retrieving an appropriate base URL from the registry and appending a 201 path segment specified in either Sections 3.1 or 3.2. Generally, a 202 registry or other service provider will provide a base URL that 203 identifies the protocol, host, and port, and this will be used as a 204 base URL that the complete URL is resolved against, as per Section 5 205 of RFC 3986 [RFC3986]. For example, if the base URL is 206 "https://example.com/rdap/", all RDAP query URLs will begin with 207 "https://example.com/rdap/". 209 The bootstrap registry does not contain information for query objects 210 that are not part of a global namespace, including entities and help. 211 A base URL for an associated object is required to construct a 212 complete query. This limitation can be overcome for entities by 213 using the practice described in RFC 8521 [RFC8521]. 215 For entities, a base URL is retrieved for the service (domain, 216 address, etc.) associated with a given entity. The query URL is 217 constructed by concatenating the base URL to the entity path segment 218 specified in either Sections 3.1.5 or 3.2.3. 220 For help, a base URL is retrieved for any service (domain, address, 221 etc.) for which additional information is required. The query URL is 222 constructed by concatenating the base URL to the help path segment 223 specified in Section 3.1.6. 225 3.1. Lookup Path Segment Specification 227 A simple lookup to determine if an object exists (or not) without 228 returning RDAP-encoded results can be performed using the HTTP HEAD 229 method as described in Section 4.1 of [RFC7480]. 231 The resource type path segments for exact match lookup are: 233 o 'ip': Used to identify IP networks and associated data referenced 234 using either an IPv4 or IPv6 address. 236 o 'autnum': Used to identify Autonomous System number registrations 237 and associated data referenced using an asplain Autonomous System 238 number. 240 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 241 information and associated data referenced using a fully qualified 242 domain name. 244 o 'nameserver': Used to identify a nameserver information query 245 using a host name. 247 o 'entity': Used to identify an entity information query using a 248 string identifier. 250 3.1.1. IP Network Path Segment Specification 252 Syntax: ip/ or ip// 254 Queries for information about IP networks are of the form /ip/XXX or 255 /ip/XXX/YY where the path segment following 'ip' is either an IPv4 256 dotted decimal or IPv6 [RFC5952] address (i.e., XXX) or an IPv4 or 257 IPv6 Classless Inter-domain Routing (CIDR) [RFC4632] notation address 258 block (i.e., XXX/YY). Semantically, the simpler form using the 259 address can be thought of as a CIDR block with a bitmask length of 32 260 for IPv4 and a bitmask length of 128 for IPv6. A given specific 261 address or CIDR may fall within multiple IP networks in a hierarchy 262 of networks; therefore, this query targets the "most-specific" or 263 smallest IP network that completely encompasses it in a hierarchy of 264 IP networks. 266 The IPv4 and IPv6 address formats supported in this query are 267 described in Section 3.2.2 of RFC 3986 [RFC3986] as IPv4address and 268 IPv6address ABNF definitions. Any valid IPv6 text address format 269 [RFC4291] can be used. This includes IPv6 addresses written using 270 with or without compressed zeros and IPv6 addresses containing 271 embedded IPv4 addresses. The rules to write a text representation of 272 an IPv6 address [RFC5952] are RECOMMENDED. However, the zone_id 273 [RFC4007] is not appropriate in this context; therefore, the 274 corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT be 275 used, and servers are to ignore it if possible. 277 For example, the following URL would be used to find information for 278 the most specific network containing 192.0.2.0: 280 https://example.com/rdap/ip/192.0.2.0 282 The following URL would be used to find information for the most 283 specific network containing 192.0.2.0/24: 285 https://example.com/rdap/ip/192.0.2.0/24 286 The following URL would be used to find information for the most 287 specific network containing 2001:db8::0: 289 https://example.com/rdap/ip/2001:db8::0 291 3.1.2. Autonomous System Path Segment Specification 293 Syntax: autnum/ 295 Queries for information regarding Autonomous System number 296 registrations are of the form /autnum/XXX where XXX is an asplain 297 Autonomous System number [RFC5396]. In some registries, registration 298 of Autonomous System numbers is done on an individual number basis, 299 while other registries may register blocks of Autonomous System 300 numbers. The semantics of this query are such that if a number falls 301 within a range of registered blocks, the target of the query is the 302 block registration and that individual number registrations are 303 considered a block of numbers with a size of 1. 305 For example, the following URL would be used to find information 306 describing Autonomous System number 12 (a number within a range of 307 registered blocks): 309 https://example.com/rdap/autnum/12 311 The following URL would be used to find information describing 4-byte 312 Autonomous System number 65538: 314 https://example.com/rdap/autnum/65538 316 3.1.3. Domain Path Segment Specification 318 Syntax: domain/ 320 Queries for domain information are of the form /domain/XXXX, where 321 XXXX is a fully qualified (relative to the root) domain name (as 322 specified in [RFC0952] and [RFC1123]) in either the in-addr.arpa or 323 ip6.arpa zones (for RIRs) or a fully qualified domain name in a zone 324 administered by the server operator (for DNRs). Internationalized 325 Domain Names (IDNs) represented in either A-label or U-label format 326 [RFC5890] are also valid domain names. See Section 6.1 for 327 information on character encoding for the U-label format. 329 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; 330 that is, internationalized labels in an IDN SHOULD be either all 331 A-labels or all U-labels. It is possible for an RDAP client to 332 assemble a query string from multiple independent data sources. Such 333 a client might not be able to perform conversions between A-labels 334 and U-labels. An RDAP server that receives a query string with a 335 mixture of A-labels and U-labels MAY convert all the U-labels to 336 A-labels, perform IDNA processing, and proceed with exact-match 337 lookup. In such cases, the response to be returned to the query 338 source may not match the input from the query source. Alternatively, 339 the server MAY refuse to process the query. 341 The server MAY perform the match using either the A-label or U-label 342 form. Using one consistent form for matching every label is likely 343 to be more reliable. 345 The following URL would be used to find information describing the 346 zone serving the network 192.0.2/24: 348 https://example.com/rdap/domain/2.0.192.in-addr.arpa 350 The following URL would be used to find information describing the 351 zone serving the network 2001:db8:1::/48: 353 https://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 355 The following URL would be used to find information for the 356 blah.example.com domain name: 358 https://example.com/rdap/domain/blah.example.com 360 The following URL would be used to find information for the xn--fo- 361 5ja.example IDN: 363 https://example.com/rdap/domain/xn--fo-5ja.example 365 3.1.4. Nameserver Path Segment Specification 367 Syntax: nameserver/ 369 The parameter represents a fully qualified host 370 name as specified in [RFC0952] and [RFC1123]. Internationalized 371 names represented in either A-label or U-label format [RFC5890] are 372 also valid nameserver names. IDN processing for nameserver names 373 uses the domain name processing instructions specified in 374 Section 3.1.3. See Section 6.1 for information on character encoding 375 for the U-label format. 377 The following URL would be used to find information for the 378 ns1.example.com nameserver: 380 https://example.com/rdap/nameserver/ns1.example.com 381 The following URL would be used to find information for the ns1.xn-- 382 fo-5ja.example nameserver: 384 https://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 386 3.1.5. Entity Path Segment Specification 388 Syntax: entity/ 390 The parameter represents an entity (such as a contact, 391 registrant, or registrar) identifier whose syntax is specific to the 392 registration provider. For example, for some DNRs, contact 393 identifiers are specified in [RFC5730] and [RFC5733]. 395 The following URL would be used to find information for the entity 396 associated with handle XXXX: 398 https://example.com/rdap/entity/XXXX 400 3.1.6. Help Path Segment Specification 402 Syntax: help 404 The help path segment can be used to request helpful information 405 (command syntax, terms of service, privacy policy, rate-limiting 406 policy, supported authentication methods, supported extensions, 407 technical support contact, etc.) from an RDAP server. The response 408 to "help" should provide basic information that a client needs to 409 successfully use the service. The following URL would be used to 410 return "help" information: 412 https://example.com/rdap/help 414 3.2. Search Path Segment Specification 416 Pattern matching semantics are described in Section 4.1. The 417 resource type path segments for search are: 419 o 'domains': Used to identify a domain name information search using 420 a pattern to match a fully qualified domain name. 422 o 'nameservers': Used to identify a nameserver information search 423 using a pattern to match a host name. 425 o 'entities': Used to identify an entity information search using a 426 pattern to match a string identifier. 428 RDAP search path segments are formed using a concatenation of the 429 plural form of the object being searched for and an HTTP query 430 string. The HTTP query string is formed using a concatenation of the 431 question mark character ('?', US-ASCII value 0x003F), a noun 432 representing the JSON object property associated with the object 433 being searched for, the equal sign character ('=', US-ASCII value 434 0x003D), and the search pattern. Search pattern query processing is 435 described more fully in Section 4. For the domain, nameserver, and 436 entity objects described in this document, the plural object forms 437 are "domains", "nameservers", and "entities". 439 Detailed results can be retrieved using the HTTP GET method and the 440 path segments specified here. 442 3.2.1. Domain Search 444 Syntax: domains?name= 446 Syntax: domains?nsLdhName= 448 Syntax: domains?nsIp= 450 Searches for domain information by name are specified using this 451 form: 453 domains?name=XXXX 455 XXXX is a search pattern representing a domain name in "letters, 456 digits, hyphen" (LDH) format [RFC5890]. The following URL would be 457 used to find DNR information for domain names matching the 458 "example*.com" pattern: 460 https://example.com/rdap/domains?name=example*.com 462 IDNs in U-label format [RFC5890] can also be used as search patterns 463 (see Section 4). Searches for these names are of the form 464 /domains?name=XXXX, where XXXX is a search pattern representing a 465 domain name in U-label format [RFC5890]. See Section 6.1 for 466 information on character encoding for the U-label format. 468 Searches for domain information by nameserver name are specified 469 using this form: 471 domains?nsLdhName=YYYY 473 YYYY is a search pattern representing a host name in "letters, 474 digits, hyphen" format [RFC5890]. The following URL would be used to 475 search for domains delegated to nameservers matching the 476 "ns1.example*.com" pattern: 478 https://example.com/rdap/domains?nsLdhName=ns1.example*.com 480 Searches for domain information by nameserver IP address are 481 specified using this form: 483 domains?nsIp=ZZZZ 485 ZZZZ is a search pattern representing an IPv4 [RFC1166] or IPv6 486 [RFC5952] address. The following URL would be used to search for 487 domains that have been delegated to nameservers that resolve to the 488 "192.0.2.0" address: 490 https://example.com/rdap/domains?nsIp=192.0.2.0 492 3.2.2. Nameserver Search 494 Syntax: nameservers?name= 496 Syntax: nameservers?ip= 498 Searches for nameserver information by nameserver name are specified 499 using this form: 501 nameservers?name=XXXX 503 XXXX is a search pattern representing a host name in "letters, 504 digits, hyphen" format [RFC5890]. The following URL would be used to 505 find information for nameserver names matching the "ns1.example*.com" 506 pattern: 508 https://example.com/rdap/nameservers?name=ns1.example*.com 510 Internationalized nameserver names in U-label format [RFC5890] can 511 also be used as search patterns (see Section 4). Searches for these 512 names are of the form /nameservers?name=XXXX, where XXXX is a search 513 pattern representing a nameserver name in U-label format [RFC5890]. 514 See Section 6.1 for information on character encoding for the U-label 515 format. 517 Searches for nameserver information by nameserver IP address are 518 specified using this form: 520 nameservers?ip=YYYY 521 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 522 [RFC5952] address. The following URL would be used to search for 523 nameserver names that resolve to the "192.0.2.0" address: 525 https://example.com/rdap/nameservers?ip=192.0.2.0 527 3.2.3. Entity Search 529 Syntax: entities?fn= 531 Syntax: entities?handle= 533 Searches for entity information by name are specified using this 534 form: 536 entities?fn=XXXX 538 XXXX is a search pattern representing the "FN" property of an entity 539 (such as a contact, registrant, or registrar) name as specified in 540 Section 5.1 of [I-D.hollenbeck-regext-rfc7483bis]. The following URL 541 would be used to find information for entity names matching the 542 "Bobby Joe*" pattern: 544 https://example.com/rdap/entities?fn=Bobby%20Joe* 546 Searches for entity information by handle are specified using this 547 form: 549 entities?handle=XXXX 551 XXXX is a search pattern representing an entity (such as a contact, 552 registrant, or registrar) identifier whose syntax is specific to the 553 registration provider. The following URL would be used to find 554 information for entity handles matching the "CID-40*" pattern: 556 https://example.com/rdap/entities?handle=CID-40* 558 URLs MUST be properly encoded according to the rules of [RFC3986]. 559 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 561 4. Query Processing 563 Servers indicate the success or failure of query processing by 564 returning an appropriate HTTP response code to the client. Response 565 codes not specifically identified in this document are described in 566 [RFC7480]. 568 4.1. Partial String Searching 570 Partial string searching uses the asterisk ('*', US-ASCII value 571 0x002A) character to match zero or more trailing characters. A 572 character string representing a domain label suffix MAY be 573 concatenated to the end of the search pattern to limit the scope of 574 the search. For example, the search pattern "exam*" will match 575 "example.com" and "example.net". The search pattern "exam*.com" will 576 match "example.com". If an asterisk appears in a search string, any 577 label that contains the non-asterisk characters in sequence plus zero 578 or more characters in sequence in place of the asterisk would match. 579 Only a single asterisk is allowed for a partial string search. 580 Additional pattern matching processing is beyond the scope of this 581 specification. 583 If a server receives a search request but cannot process the request 584 because it does not support a particular style of partial match 585 searching, it SHOULD return an HTTP 422 (Unprocessable Entity) 586 [RFC4918] response. When returning a 422 error, the server MAY also 587 return an error response body as specified in Section 6 of 588 [I-D.hollenbeck-regext-rfc7483bis] if the requested media type is one 589 that is specified in [RFC7480]. 591 Partial matching is not feasible across combinations of Unicode 592 characters because Unicode characters can be combined with each 593 other. Servers SHOULD NOT partially match combinations of Unicode 594 characters where a legal combination is possible. It should be 595 noted, though, that it may not always be possible to detect cases 596 where a character could have been combined with another character, 597 but was not, because characters can be combined in many different 598 ways. 600 Clients should avoid submitting a partial match search of Unicode 601 characters where a Unicode character may be legally combined with 602 another Unicode character or characters. Partial match searches with 603 incomplete combinations of characters where a character must be 604 combined with another character or characters are invalid. Partial 605 match searches with characters that may be combined with another 606 character or characters are to be considered non-combined characters 607 (that is, if character x may be combined with character y but 608 character y is not submitted in the search string, then character x 609 is a complete character and no combinations of character x are to be 610 searched). 612 4.2. Associated Records 614 Conceptually, any query-matching record in a server's database might 615 be a member of a set of related records, related in some fashion as 616 defined by the server -- for example, variants of an IDN. The entire 617 set ought to be considered as candidates for inclusion when 618 constructing the response. However, the construction of the final 619 response needs to be mindful of privacy and other data-releasing 620 policies when assembling the RDAP response set. 622 Note too that due to the nature of searching, there may be a list of 623 query-matching records. Each one of those is subject to being a 624 member of a set as described in the previous paragraph. What is 625 ultimately returned in a response will be the union of all the sets 626 that has been filtered by whatever policies are in place. 628 Note that this model includes arrangements for associated names, 629 including those that are linked by policy mechanisms and names bound 630 together for some other purposes. Note also that returning 631 information that was not explicitly selected by an exact-match 632 lookup, including additional names that match a relatively fuzzy 633 search as well as lists of names that are linked together, may cause 634 privacy issues. 636 Note that there might not be a single, static information return 637 policy that applies to all clients equally. Client identity and 638 associated authorizations can be a relevant factor in determining how 639 broad the response set will be for any particular query. 641 5. Extensibility 643 This document describes path segment specifications for a limited 644 number of objects commonly registered in both RIRs and DNRs. It does 645 not attempt to describe path segments for all of the objects 646 registered in all registries. Custom path segments can be created 647 for objects not specified here using the process described in 648 Section 6 of "HTTP Usage in the Registration Data Access Protocol 649 (RDAP)" [RFC7480]. 651 Custom path segments can be created by prefixing the segment with a 652 unique identifier followed by an underscore character (0x5F). For 653 example, a custom entity path segment could be created by prefixing 654 "entity" with "custom_", producing "custom_entity". Servers MUST 655 return an appropriate failure status code for a request with an 656 unrecognized path segment. 658 6. Internationalization Considerations 660 There is value in supporting the ability to submit either a U-label 661 (Unicode form of an IDN label) or an A-label (US-ASCII form of an IDN 662 label) as a query argument to an RDAP service. Clients capable of 663 processing non-US-ASCII characters may prefer a U-label since this is 664 more visually recognizable and familiar than A-label strings, but 665 clients using programmatic interfaces might find it easier to submit 666 and display A-labels if they are unable to input U-labels with their 667 keyboard configuration. Both query forms are acceptable. 669 Internationalized domain and nameserver names can contain character 670 variants and variant labels as described in [RFC4290]. Clients that 671 support queries for internationalized domain and nameserver names 672 MUST accept service provider responses that describe variants as 673 specified in "JSON Responses for the Registration Data Access 674 Protocol (RDAP)" [I-D.hollenbeck-regext-rfc7483bis]. 676 6.1. Character Encoding Considerations 678 Servers can expect to receive search patterns from clients that 679 contain character strings encoded in different forms supported by 680 HTTP. It is entirely possible to apply filters and normalization 681 rules to search patterns prior to making character comparisons, but 682 this type of processing is more typically needed to determine the 683 validity of registered strings than to match patterns. 685 An RDAP client submitting a query string containing non-US-ASCII 686 characters converts such strings into Unicode in UTF-8 encoding. It 687 then performs any local case mapping deemed necessary. Strings are 688 normalized using Normalization Form C (NFC) [Unicode-UAX15]; note 689 that clients might not be able to do this reliably. UTF-8 encoded 690 strings are then appropriately percent-encoded [RFC3986] in the query 691 URL. 693 After parsing any percent-encoding, an RDAP server treats each query 694 string as Unicode in UTF-8 encoding. If a string is not valid UTF-8, 695 the server can immediately stop processing the query and return an 696 HTTP 400 (Bad Request) response. 698 When processing queries, there is a difference in handling DNS names, 699 including those with putative U-labels, and everything else. DNS 700 names are treated according to the DNS matching rules as described in 701 Section 3.1 of RFC 1035 [RFC1035] for Non-Reserved LDH (NR-LDH) 702 labels and the matching rules described in Section 5.4 of RFC 5891 703 [RFC5891] for U-labels. Matching of DNS names proceeds one label at 704 a time because it is possible for a combination of U-labels and NR- 705 LDH labels to be found in a single domain or host name. The 706 determination of whether a label is a U-label or an NR-LDH label is 707 based on whether the label contains any characters outside of the US- 708 ASCII letters, digits, or hyphen (the so-called LDH rule). 710 For everything else, servers map fullwidth and halfwidth characters 711 to their decomposition equivalents. Servers convert strings to the 712 same coded character set of the target data that is to be looked up 713 or searched, and each string is normalized using the same 714 normalization that was used on the target data. In general, storage 715 of strings as Unicode is RECOMMENDED. For the purposes of 716 comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case 717 folding is used to maximize predictability and the number of matches. 718 Note the use of case-folded NFKC as opposed to NFC in this case. 720 7. Implementation Status 722 NOTE: Please remove this section and the reference to RFC 7942 prior 723 to publication as an RFC. 725 This section records the status of known implementations of the 726 protocol defined by this specification at the time of posting of this 727 Internet-Draft, and is based on a proposal described in RFC 7942 728 [RFC7942]. The description of implementations in this section is 729 intended to assist the IETF in its decision processes in progressing 730 drafts to RFCs. Please note that the listing of any individual 731 implementation here does not imply endorsement by the IETF. 732 Furthermore, no effort has been spent to verify the information 733 presented here that was supplied by IETF contributors. This is not 734 intended as, and must not be construed to be, a catalog of available 735 implementations or their features. Readers are advised to note that 736 other implementations may exist. 738 According to RFC 7942, "this will allow reviewers and working groups 739 to assign due consideration to documents that have the benefit of 740 running code, which may serve as evidence of valuable experimentation 741 and feedback that have made the implemented protocols more mature. 742 It is up to the individual working groups to use this information as 743 they see fit". 745 7.1. Viagenie 747 Responsible Organization: Viagenie 749 Location: RDAPBrowser (iOS and Android): https://viagenie.ca/ 750 rdapbrowser 752 Description: Mobile app (iOS and Android) implementing an RDAP 753 client for domains, IP addresses and AS numbers. 755 Level of Maturity: Production 757 Coverage: All except for nameserver, entity, help, and search path 758 segments. 760 Version Compatibility: RFC 7482 762 Licensing: Proprietary 764 Implementation Experience: Quite simple and easy to deploy. 765 Responses are much harder to parse because RDAP servers are not 766 compliant. 768 Contact Information: Marc Blanchet, rdapbrowser@viagenie.ca 770 Date Last Updated: September 27, 2019 772 7.2. ARIN 774 Responsible Organization: ARIN 776 Location: NicInfo https://github.com/arineng/nicinfo, and 777 search.arin.net https://search.arin.net/rdap/ 779 Description: NicInfo is a command line client written in Ruby. 780 search.arin.net is a public web page getting about 8k queries per 781 day. 783 Level of Maturity: NicInfo started as a research project, but is 784 known to be used by some organizations in a production capacity. 785 search.arin.net is production. 787 Coverage: NicInfo supports all query types. Search.arin.net 788 supports lookup of entities by handle, search of entities by name, 789 lookup of domain names, lookup of ip networks, lookup of autnums. 791 Version Compatibility: RFC 7482 793 Licensing: NicInfo is published under the ISC license. 794 Search.arin.net is not publicly licensed. 796 Implementation Experience: The RDAP queries are straightforward 797 for the most part. The vast majority of logic goes into 798 displaying information. 800 Contact Information: info@arin.net 801 Date Last Updated: NicInfo was last updated in Feb 2018. 802 Search.arin.net was last updated in July 2019. 804 7.3. LACNIC 806 Responsible Organization: LACNIC 808 Location: https://github.com/LACNIC/rdap-frontend-angular-dev 810 Description: The goal of this client is to have an RDAP client 811 that can be easily embedded in web pages. The original request 812 was for a web whois/rdap feature that was to replace a very, very 813 old web whois that just popen'd CLI WHOIS and just copied back the 814 output to html. We decided to implement something that could, in 815 the future, be embedded in any web page and is not tied to our 816 current web portal CMS. The client is implemented in Javascript 817 and AngularJS. 819 Level of Maturity: We consider the current version production 820 quality, it has been in use in our web portal for more than a year 821 now. 823 Coverage: The client implements /ip, /autnum, and /entity. The 824 client does not support searches. For these objects the 825 implementation follows the standard closely. There may be a few 826 gaps, but it's mostly aligned to the RFCs. 828 Version Compatibility: RFC 7482 830 Licensing: BSD-Style 832 Implementation Experience: Users of the traditional WHOIS service 833 are a bit confused at first when they realize that an RDAP query 834 does not necessarily return the same information and in some cases 835 they need to "navigate" the RDAP tree to get data that is normally 836 returned in a single WHOIS query. In our experience, this gap in 837 expectations has been one of the most significant hurdles in 838 adoption of RDAP. Our RDAP client makes this "navigation" easier 839 as it presents results in the form of a web page where the "next" 840 necessary RDAP query is a click on a link. On the plus side, the 841 protocol provides all the information needed to present this links 842 and clicks to the user. We have however introduced a few 843 extensions into our RDAP responses to get both services to parity 844 in the information presented in a single query. 846 Contact Information: Gerardo Rada (gerardo@lacnic.net), Carlos 847 Martinez (carlos@lacnic.net) 848 Date Last Updated: This application is currently in maintenance 849 mode. Also, we employ a rolling release update. Latest updates 850 are available in the git log of the repo. 852 7.4. ICANN 854 Responsible Organization: Internet Corporation for Assigned Names 855 and Numbers (ICANN) 857 Location: Domain Name Registration Data Lookup: 858 https://lookup.icann.org/ 860 Description: ICANN created the Domain Name Registration Data 861 Lookup web client as a free public service that gives users the 862 ability to look up and display publicly available registration 863 data related to a domain name using the top level domain's RDAP 864 service location listed in the IANA bootstrap service registry for 865 domain name space (RFC 7484), and the sponsoring Registrar's RDAP 866 server. This web client implementation also supports the 867 specifications defined in the "gTLD RDAP Profile" documents 868 (https://www.icann.org/gtld-rdap-profile). 870 Level of Maturity: Production. 872 Coverage: This web client implements RFC 7482 section 3.1.3 873 "Domain Path Segment Specification" to perform lookups exclusively 874 for the domain object class. 876 Version Compatibility: RFC 7482 878 Contact Information: globalSupport@icann.org 880 Date Last Updated: 07-Oct-2019 882 8. Security Considerations 884 Security services for the operations specified in this document are 885 described in "Security Services for the Registration Data Access 886 Protocol (RDAP)" [RFC7481]. 888 Search functionality typically requires more server resources (such 889 as memory, CPU cycles, and network bandwidth) when compared to basic 890 lookup functionality. This increases the risk of server resource 891 exhaustion and subsequent denial of service due to abuse. This risk 892 can be mitigated by developing and implementing controls to restrict 893 search functionality to identified and authorized clients. If those 894 clients behave badly, their search privileges can be suspended or 895 revoked. Rate limiting as described in Section 5.5 of "HTTP Usage in 896 the Registration Data Access Protocol (RDAP)" [RFC7480] can also be 897 used to control the rate of received search requests. Server 898 operators can also reduce their risk by restricting the amount of 899 information returned in response to a search request. 901 Search functionality also increases the privacy risk of disclosing 902 object relationships that might not otherwise be obvious. For 903 example, a search that returns IDN variants [RFC6927] that do not 904 explicitly match a client-provided search pattern can disclose 905 information about registered domain names that might not be otherwise 906 available. Implementers need to consider the policy and privacy 907 implications of returning information that was not explicitly 908 requested. 910 Note that there might not be a single, static information return 911 policy that applies to all clients equally. Client identity and 912 associated authorizations can be a relevant factor in determining how 913 broad the response set will be for any particular query. 915 9. References 917 9.1. Normative References 919 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 920 host table specification", RFC 952, DOI 10.17487/RFC0952, 921 October 1985, . 923 [RFC1035] Mockapetris, P., "Domain names - implementation and 924 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 925 November 1987, . 927 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts - 928 Application and Support", STD 3, RFC 1123, 929 DOI 10.17487/RFC1123, October 1989, 930 . 932 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 933 numbers", RFC 1166, DOI 10.17487/RFC1166, July 1990, 934 . 936 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 937 Requirement Levels", BCP 14, RFC 2119, 938 DOI 10.17487/RFC2119, March 1997, 939 . 941 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 942 Resource Identifier (URI): Generic Syntax", STD 66, 943 RFC 3986, DOI 10.17487/RFC3986, January 2005, 944 . 946 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 947 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 948 2006, . 950 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 951 (CIDR): The Internet Address Assignment and Aggregation 952 Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August 953 2006, . 955 [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed 956 Authoring and Versioning (WebDAV)", RFC 4918, 957 DOI 10.17487/RFC4918, June 2007, 958 . 960 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 961 Autonomous System (AS) Numbers", RFC 5396, 962 DOI 10.17487/RFC5396, December 2008, 963 . 965 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 966 STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, 967 . 969 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 970 Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733, 971 August 2009, . 973 [RFC5890] Klensin, J., "Internationalized Domain Names for 974 Applications (IDNA): Definitions and Document Framework", 975 RFC 5890, DOI 10.17487/RFC5890, August 2010, 976 . 978 [RFC5891] Klensin, J., "Internationalized Domain Names in 979 Applications (IDNA): Protocol", RFC 5891, 980 DOI 10.17487/RFC5891, August 2010, 981 . 983 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 984 Address Text Representation", RFC 5952, 985 DOI 10.17487/RFC5952, August 2010, 986 . 988 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 989 Protocol (HTTP/1.1): Message Syntax and Routing", 990 RFC 7230, DOI 10.17487/RFC7230, June 2014, 991 . 993 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 994 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 995 DOI 10.17487/RFC7231, June 2014, 996 . 998 [RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the 999 Registration Data Access Protocol (RDAP)", RFC 7480, 1000 DOI 10.17487/RFC7480, March 2015, 1001 . 1003 [RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the 1004 Registration Data Access Protocol (RDAP)", RFC 7481, 1005 DOI 10.17487/RFC7481, March 2015, 1006 . 1008 [RFC7484] Blanchet, M., "Finding the Authoritative Registration Data 1009 (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March 1010 2015, . 1012 [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 1013 Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, 1014 January 2019, . 1016 [I-D.hollenbeck-regext-rfc7483bis] 1017 Hollenbeck, S. and A. Newton, "JSON Responses for the 1018 Registration Data Access Protocol (RDAP)", draft- 1019 hollenbeck-regext-rfc7483bis-00 (work in progress), 1020 February 2020. 1022 [Unicode-UAX15] 1023 The Unicode Consortium, "Unicode Standard Annex #15: 1024 Unicode Normalization Forms", September 2013, 1025 . 1027 9.2. Informative References 1029 [REST] Fielding, R., "Architectural Styles and the Design of 1030 Network-based Software Architectures", Ph.D. 1031 Dissertation, University of California, Irvine, 2000, 1032 . 1035 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 1036 DOI 10.17487/RFC3912, September 2004, 1037 . 1039 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 1040 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 1041 DOI 10.17487/RFC4007, March 2005, 1042 . 1044 [RFC4290] Klensin, J., "Suggested Practices for Registration of 1045 Internationalized Domain Names (IDN)", RFC 4290, 1046 DOI 10.17487/RFC4290, December 2005, 1047 . 1049 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 1050 IPv6 Zone Identifiers in Address Literals and Uniform 1051 Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874, 1052 February 2013, . 1054 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 1055 Registered in Top-Level Domains", RFC 6927, 1056 DOI 10.17487/RFC6927, May 2013, 1057 . 1059 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 1060 Code: The Implementation Status Section", BCP 205, 1061 RFC 7942, DOI 10.17487/RFC7942, July 2016, 1062 . 1064 [RFC8521] Hollenbeck, S. and A. Newton, "Registration Data Access 1065 Protocol (RDAP) Object Tagging", BCP 221, RFC 8521, 1066 DOI 10.17487/RFC8521, November 2018, 1067 . 1069 Acknowledgements 1071 This document is derived from original work on RIR query formats 1072 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 1073 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 1074 Additionally, this document incorporates DNR query formats originally 1075 described by Francisco Arias and Steve Sheng of ICANN and Scott 1076 Hollenbeck of Verisign Labs. 1078 The authors would like to acknowledge the following individuals for 1079 their contributions to this document: Francisco Arias, Marc Blanchet, 1080 Ernie Dainow, Jean-Philippe Dionne, Byron J. Ellacott, Behnam 1081 Esfahbod, John Klensin, John Levine, Edward Lewis, Mark Nottingham, 1082 Kaveh Ranjbar, Arturo L. Servin, Steve Sheng, and Andrew Sullivan. 1084 Changes from RFC 7482 1086 00: Initial version ported from RFC 7482. Added Implementation 1087 Status section. Addressed known errata. 1089 01: Addressed other reported clarifications and corrections: IDN/ 1090 IDNA definition, note that registrars are entities, definition of 1091 "DNR", RFC 8521 to address bootstrap registry limitation, removal 1092 of extraneous "...", HTTP query string clarification, search 1093 pattern clarification, name server search clarification, domain 1094 label suffix and asterisk search clarification. 1096 02: Addressed "The HTTP query string" clarification. 1098 03: Modified co-author address. 1100 04: Updated references to 7483 to 7483bis Internet-Draft. Updated 1101 "Change Log" to "Changes from RFC 7482". Added more detail to the 1102 changes made in the -01 version. 1104 Authors' Addresses 1106 Scott Hollenbeck 1107 Verisign Labs 1108 12061 Bluemont Way 1109 Reston, VA 20190 1110 United States of America 1112 Email: shollenbeck@verisign.com 1113 URI: https://www.verisignlabs.com/ 1115 Andy Newton 1116 Amazon Web Services, Inc. 1117 13200 Woodland Park Road 1118 Herndon, VA 20171 1119 United States of America 1121 Email: andy@hxr.us