idnits 2.17.1 draft-ietf-regext-rfc7482bis-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 5, 2020) is 1393 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Missing Reference: 'I-D.hollenbeck-regext-rfc7483bis' is mentioned on line 677, but not defined ** Obsolete undefined reference: RFC 7483 (Obsoleted by RFC 9083) == Unused Reference: 'I-D.ietf-regext-rfc7483bis' is defined on line 1040, but no explicit reference was found in the text ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7484 (Obsoleted by RFC 9224) ** Obsolete normative reference: RFC 8499 (Obsoleted by RFC 9499) == Outdated reference: A later version (-05) exists of draft-ietf-regext-rfc7483bis-00 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-regext-rfc7483bis' -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' Summary: 7 errors (**), 0 flaws (~~), 5 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 REGEXT Working Group S. Hollenbeck 3 Internet-Draft Verisign Labs 4 Intended status: Standards Track A. Newton 5 Expires: December 7, 2020 AWS 6 June 5, 2020 8 Registration Data Access Protocol (RDAP) Query Format 9 draft-ietf-regext-rfc7482bis-00 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. These 17 uniform patterns define the query syntax for the Registration Data 18 Access Protocol (RDAP). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at https://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on December 7, 2020. 37 Copyright Notice 39 Copyright (c) 2020 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (https://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 55 2. Conventions Used in This Document . . . . . . . . . . . . . . 4 56 2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 4 57 3. Path Segment Specification . . . . . . . . . . . . . . . . . 5 58 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 5 59 3.1.1. IP Network Path Segment Specification . . . . . . . . 6 60 3.1.2. Autonomous System Path Segment Specification . . . . 7 61 3.1.3. Domain Path Segment Specification . . . . . . . . . . 7 62 3.1.4. Nameserver Path Segment Specification . . . . . . . . 8 63 3.1.5. Entity Path Segment Specification . . . . . . . . . . 9 64 3.1.6. Help Path Segment Specification . . . . . . . . . . . 9 65 3.2. Search Path Segment Specification . . . . . . . . . . . . 9 66 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 10 67 3.2.2. Nameserver Search . . . . . . . . . . . . . . . . . . 11 68 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 12 69 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 12 70 4.1. Partial String Searching . . . . . . . . . . . . . . . . 13 71 4.2. Associated Records . . . . . . . . . . . . . . . . . . . 14 72 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 14 73 6. Internationalization Considerations . . . . . . . . . . . . . 15 74 6.1. Character Encoding Considerations . . . . . . . . . . . . 15 75 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 16 76 7.1. Viagenie . . . . . . . . . . . . . . . . . . . . . . . . 16 77 7.2. ARIN . . . . . . . . . . . . . . . . . . . . . . . . . . 17 78 7.3. NicInfo . . . . . . . . . . . . . . . . . . . . . . . . . 18 79 7.4. LACNIC . . . . . . . . . . . . . . . . . . . . . . . . . 18 80 7.5. ICANN . . . . . . . . . . . . . . . . . . . . . . . . . . 19 81 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 82 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 83 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 20 84 10.1. Normative References . . . . . . . . . . . . . . . . . . 20 85 10.2. Informative References . . . . . . . . . . . . . . . . . 23 86 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 24 87 Changes from RFC 7482 . . . . . . . . . . . . . . . . . . . . . . 24 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 90 1. Introduction 92 This document describes a specification for querying registration 93 data using a RESTful web service and uniform query patterns. The 94 service is implemented using the Hypertext Transfer Protocol (HTTP) 95 [RFC7230] and the conventions described in [RFC7480]. These uniform 96 patterns define the query syntax for the Registration Data Access 97 Protocol (RDAP). 99 The protocol described in this specification is intended to address 100 deficiencies with the WHOIS protocol [RFC3912] that have been 101 identified over time, including: 103 o lack of standardized command structures; 105 o lack of standardized output and error structures; 107 o lack of support for internationalization and localization; and 109 o lack of support for user identification, authentication, and 110 access control. 112 The patterns described in this document purposefully do not encompass 113 all of the methods employed in the WHOIS and other RESTful web 114 services used by the RIRs and DNRs. The intent of the patterns 115 described here are to enable queries of: 117 o networks by IP address; 119 o Autonomous System (AS) numbers by number; 121 o reverse DNS metadata by domain; 123 o nameservers by name; and 125 o entities (such as registrars and contacts) by identifier. 127 Server implementations are free to support only a subset of these 128 features depending on local requirements. Servers MUST return an 129 HTTP 501 (Not Implemented) [RFC7231] response to inform clients of 130 unsupported query types. It is also envisioned that each registry 131 will continue to maintain WHOIS and/or other RESTful web services 132 specific to their needs and those of their constituencies, and the 133 information retrieved through the patterns described here may 134 reference such services. 136 Likewise, future IETF standards may add additional patterns for 137 additional query types. A simple pattern namespacing scheme is 138 described in Section 5 to accommodate custom extensions that will not 139 interfere with the patterns defined in this document or patterns 140 defined in future IETF standards. 142 WHOIS services, in general, are read-only services. Therefore, URL 143 [RFC3986] patterns specified in this document are only applicable to 144 the HTTP [RFC7231] GET and HEAD methods. 146 This document does not describe the results or entities returned from 147 issuing the described URLs with an HTTP GET. The specification of 148 these entities is described in [I-D.hollenbeck-regext-rfc7483bis]. 150 Additionally, resource management, provisioning, and update functions 151 are out of scope for this document. Registries have various and 152 divergent methods covering these functions, and it is unlikely a 153 uniform approach is needed for interoperability. 155 HTTP contains mechanisms for servers to authenticate clients and for 156 clients to authenticate servers (from which authorization schemes may 157 be built), so such mechanisms are not described in this document. 158 Policy, provisioning, and processing of authentication and 159 authorization are out of scope for this document as deployments will 160 have to make choices based on local criteria. Supported 161 authentication mechanisms are described in [RFC7481]. 163 2. Conventions Used in This Document 165 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 166 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 167 document are to be interpreted as described in [RFC2119]. 169 2.1. Acronyms and Abbreviations 171 IDN: Internationalized Domain Name, a fully-qualified domain name 172 containing one or more labels that are intended to include one or 173 more Unicode code points outside the ASCII range (cf. "domain 174 name", "fully-qualified domain name" and "internationalized domain 175 name" in RFC 8499 [RFC8499]). 177 IDNA: Internationalized Domain Names in Applications, a protocol 178 for the handling of IDNs. In this document, "IDNA" refers 179 specifically to the version of those specifications known as 180 "IDNA2008" [RFC5890]. 182 DNR: Domain Name Registry or Domain Name Registrar 184 NFC: Unicode Normalization Form C [Unicode-UAX15] 186 NFKC: Unicode Normalization Form KC [Unicode-UAX15] 188 RDAP: Registration Data Access Protocol 189 REST: Representational State Transfer. The term was first 190 described in a doctoral dissertation [REST]. 192 RESTful: An adjective that describes a service using HTTP and the 193 principles of REST. 195 RIR: Regional Internet Registry 197 3. Path Segment Specification 199 The base URLs used to construct RDAP queries are maintained in an 200 IANA registry described in [RFC7484]. Queries are formed by 201 retrieving an appropriate base URL from the registry and appending a 202 path segment specified in either Sections 3.1 or 3.2. Generally, a 203 registry or other service provider will provide a base URL that 204 identifies the protocol, host, and port, and this will be used as a 205 base URL that the complete URL is resolved against, as per Section 5 206 of RFC 3986 [RFC3986]. For example, if the base URL is 207 "https://example.com/rdap/", all RDAP query URLs will begin with 208 "https://example.com/rdap/". 210 The bootstrap registry does not contain information for query objects 211 that are not part of a global namespace, including entities and help. 212 A base URL for an associated object is required to construct a 213 complete query. This limitation can be overcome for entities by 214 using the practice described in RFC 8521 [RFC8521]. 216 For entities, a base URL is retrieved for the service (domain, 217 address, etc.) associated with a given entity. The query URL is 218 constructed by concatenating the base URL to the entity path segment 219 specified in either Sections 3.1.5 or 3.2.3. 221 For help, a base URL is retrieved for any service (domain, address, 222 etc.) for which additional information is required. The query URL is 223 constructed by concatenating the base URL to the help path segment 224 specified in Section 3.1.6. 226 3.1. Lookup Path Segment Specification 228 A simple lookup to determine if an object exists (or not) without 229 returning RDAP-encoded results can be performed using the HTTP HEAD 230 method as described in Section 4.1 of [RFC7480]. 232 The resource type path segments for exact match lookup are: 234 o 'ip': Used to identify IP networks and associated data referenced 235 using either an IPv4 or IPv6 address. 237 o 'autnum': Used to identify Autonomous System number registrations 238 and associated data referenced using an asplain Autonomous System 239 number. 241 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 242 information and associated data referenced using a fully qualified 243 domain name. 245 o 'nameserver': Used to identify a nameserver information query 246 using a host name. 248 o 'entity': Used to identify an entity information query using a 249 string identifier. 251 3.1.1. IP Network Path Segment Specification 253 Syntax: ip/ or ip// 255 Queries for information about IP networks are of the form /ip/XXX or 256 /ip/XXX/YY where the path segment following 'ip' is either an IPv4 257 dotted decimal or IPv6 [RFC5952] address (i.e., XXX) or an IPv4 or 258 IPv6 Classless Inter-domain Routing (CIDR) [RFC4632] notation address 259 block (i.e., XXX/YY). Semantically, the simpler form using the 260 address can be thought of as a CIDR block with a bitmask length of 32 261 for IPv4 and a bitmask length of 128 for IPv6. A given specific 262 address or CIDR may fall within multiple IP networks in a hierarchy 263 of networks; therefore, this query targets the "most-specific" or 264 smallest IP network that completely encompasses it in a hierarchy of 265 IP networks. 267 The IPv4 and IPv6 address formats supported in this query are 268 described in Section 3.2.2 of RFC 3986 [RFC3986] as IPv4address and 269 IPv6address ABNF definitions. Any valid IPv6 text address format 270 [RFC4291] can be used. This includes IPv6 addresses written using 271 with or without compressed zeros and IPv6 addresses containing 272 embedded IPv4 addresses. The rules to write a text representation of 273 an IPv6 address [RFC5952] are RECOMMENDED. However, the zone_id 274 [RFC4007] is not appropriate in this context; therefore, the 275 corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT be 276 used, and servers are to ignore it if possible. 278 For example, the following URL would be used to find information for 279 the most specific network containing 192.0.2.0: 281 https://example.com/rdap/ip/192.0.2.0 283 The following URL would be used to find information for the most 284 specific network containing 192.0.2.0/24: 286 https://example.com/rdap/ip/192.0.2.0/24 288 The following URL would be used to find information for the most 289 specific network containing 2001:db8::0: 291 https://example.com/rdap/ip/2001:db8::0 293 3.1.2. Autonomous System Path Segment Specification 295 Syntax: autnum/ 297 Queries for information regarding Autonomous System number 298 registrations are of the form /autnum/XXX where XXX is an asplain 299 Autonomous System number [RFC5396]. In some registries, registration 300 of Autonomous System numbers is done on an individual number basis, 301 while other registries may register blocks of Autonomous System 302 numbers. The semantics of this query are such that if a number falls 303 within a range of registered blocks, the target of the query is the 304 block registration and that individual number registrations are 305 considered a block of numbers with a size of 1. 307 For example, the following URL would be used to find information 308 describing Autonomous System number 12 (a number within a range of 309 registered blocks): 311 https://example.com/rdap/autnum/12 313 The following URL would be used to find information describing 4-byte 314 Autonomous System number 65538: 316 https://example.com/rdap/autnum/65538 318 3.1.3. Domain Path Segment Specification 320 Syntax: domain/ 322 Queries for domain information are of the form /domain/XXXX, where 323 XXXX is a fully qualified (relative to the root) domain name (as 324 specified in [RFC0952] and [RFC1123]) in either the in-addr.arpa or 325 ip6.arpa zones (for RIRs) or a fully qualified domain name in a zone 326 administered by the server operator (for DNRs). Internationalized 327 Domain Names (IDNs) represented in either A-label or U-label format 328 [RFC5890] are also valid domain names. See Section 6.1 for 329 information on character encoding for the U-label format. 331 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; 332 that is, internationalized labels in an IDN SHOULD be either all 333 A-labels or all U-labels. It is possible for an RDAP client to 334 assemble a query string from multiple independent data sources. Such 335 a client might not be able to perform conversions between A-labels 336 and U-labels. An RDAP server that receives a query string with a 337 mixture of A-labels and U-labels MAY convert all the U-labels to 338 A-labels, perform IDNA processing, and proceed with exact-match 339 lookup. In such cases, the response to be returned to the query 340 source may not match the input from the query source. Alternatively, 341 the server MAY refuse to process the query. 343 The server MAY perform the match using either the A-label or U-label 344 form. Using one consistent form for matching every label is likely 345 to be more reliable. 347 The following URL would be used to find information describing the 348 zone serving the network 192.0.2/24: 350 https://example.com/rdap/domain/2.0.192.in-addr.arpa 352 The following URL would be used to find information describing the 353 zone serving the network 2001:db8:1::/48: 355 https://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 357 The following URL would be used to find information for the 358 blah.example.com domain name: 360 https://example.com/rdap/domain/blah.example.com 362 The following URL would be used to find information for the xn--fo- 363 5ja.example IDN: 365 https://example.com/rdap/domain/xn--fo-5ja.example 367 3.1.4. Nameserver Path Segment Specification 369 Syntax: nameserver/ 371 The parameter represents a fully qualified host 372 name as specified in [RFC0952] and [RFC1123]. Internationalized 373 names represented in either A-label or U-label format [RFC5890] are 374 also valid nameserver names. IDN processing for nameserver names 375 uses the domain name processing instructions specified in 376 Section 3.1.3. See Section 6.1 for information on character encoding 377 for the U-label format. 379 The following URL would be used to find information for the 380 ns1.example.com nameserver: 382 https://example.com/rdap/nameserver/ns1.example.com 384 The following URL would be used to find information for the ns1.xn-- 385 fo-5ja.example nameserver: 387 https://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 389 3.1.5. Entity Path Segment Specification 391 Syntax: entity/ 393 The parameter represents an entity (such as a contact, 394 registrant, or registrar) identifier whose syntax is specific to the 395 registration provider. For example, for some DNRs, contact 396 identifiers are specified in [RFC5730] and [RFC5733]. 398 The following URL would be used to find information for the entity 399 associated with handle XXXX: 401 https://example.com/rdap/entity/XXXX 403 3.1.6. Help Path Segment Specification 405 Syntax: help 407 The help path segment can be used to request helpful information 408 (command syntax, terms of service, privacy policy, rate-limiting 409 policy, supported authentication methods, supported extensions, 410 technical support contact, etc.) from an RDAP server. The response 411 to "help" should provide basic information that a client needs to 412 successfully use the service. The following URL would be used to 413 return "help" information: 415 https://example.com/rdap/help 417 3.2. Search Path Segment Specification 419 Pattern matching semantics are described in Section 4.1. The 420 resource type path segments for search are: 422 o 'domains': Used to identify a domain name information search using 423 a pattern to match a fully qualified domain name. 425 o 'nameservers': Used to identify a nameserver information search 426 using a pattern to match a host name. 428 o 'entities': Used to identify an entity information search using a 429 pattern to match a string identifier. 431 RDAP search path segments are formed using a concatenation of the 432 plural form of the object being searched for and an HTTP query 433 string. The HTTP query string is formed using a concatenation of the 434 question mark character ('?', US-ASCII value 0x003F), a noun 435 representing the JSON object property associated with the object 436 being searched for, the equal sign character ('=', US-ASCII value 437 0x003D), and the search pattern. Search pattern query processing is 438 described more fully in Section 4. For the domain, nameserver, and 439 entity objects described in this document, the plural object forms 440 are "domains", "nameservers", and "entities". 442 Detailed results can be retrieved using the HTTP GET method and the 443 path segments specified here. 445 3.2.1. Domain Search 447 Syntax: domains?name= 449 Syntax: domains?nsLdhName= 451 Syntax: domains?nsIp= 453 Searches for domain information by name are specified using this 454 form: 456 domains?name=XXXX 458 XXXX is a search pattern representing a domain name in "letters, 459 digits, hyphen" (LDH) format [RFC5890]. The following URL would be 460 used to find DNR information for domain names matching the 461 "example*.com" pattern: 463 https://example.com/rdap/domains?name=example*.com 465 IDNs in U-label format [RFC5890] can also be used as search patterns 466 (see Section 4). Searches for these names are of the form 467 /domains?name=XXXX, where XXXX is a search pattern representing a 468 domain name in U-label format [RFC5890]. See Section 6.1 for 469 information on character encoding for the U-label format. 471 Searches for domain information by nameserver name are specified 472 using this form: 474 domains?nsLdhName=YYYY 476 YYYY is a search pattern representing a host name in "letters, 477 digits, hyphen" format [RFC5890]. The following URL would be used to 478 search for domains delegated to nameservers matching the 479 "ns1.example*.com" pattern: 481 https://example.com/rdap/domains?nsLdhName=ns1.example*.com 483 Searches for domain information by nameserver IP address are 484 specified using this form: 486 domains?nsIp=ZZZZ 488 ZZZZ is a search pattern representing an IPv4 [RFC1166] or IPv6 489 [RFC5952] address. The following URL would be used to search for 490 domains that have been delegated to nameservers that resolve to the 491 "192.0.2.0" address: 493 https://example.com/rdap/domains?nsIp=192.0.2.0 495 3.2.2. Nameserver Search 497 Syntax: nameservers?name= 499 Syntax: nameservers?ip= 501 Searches for nameserver information by nameserver name are specified 502 using this form: 504 nameservers?name=XXXX 506 XXXX is a search pattern representing a host name in "letters, 507 digits, hyphen" format [RFC5890]. The following URL would be used to 508 find information for nameserver names matching the "ns1.example*.com" 509 pattern: 511 https://example.com/rdap/nameservers?name=ns1.example*.com 513 Internationalized nameserver names in U-label format [RFC5890] can 514 also be used as search patterns (see Section 4). Searches for these 515 names are of the form /nameservers?name=XXXX, where XXXX is a search 516 pattern representing a nameserver name in U-label format [RFC5890]. 517 See Section 6.1 for information on character encoding for the U-label 518 format. 520 Searches for nameserver information by nameserver IP address are 521 specified using this form: 523 nameservers?ip=YYYY 524 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 525 [RFC5952] address. The following URL would be used to search for 526 nameserver names that resolve to the "192.0.2.0" address: 528 https://example.com/rdap/nameservers?ip=192.0.2.0 530 3.2.3. Entity Search 532 Syntax: entities?fn= 534 Syntax: entities?handle= 536 Searches for entity information by name are specified using this 537 form: 539 entities?fn=XXXX 541 XXXX is a search pattern representing the "fn" property of an entity 542 (such as a contact, registrant, or registrar) name as described in 543 Section 5.1 of [I-D.hollenbeck-regext-rfc7483bis]. The following URL 544 would be used to find information for entity names matching the 545 "Bobby Joe*" pattern: 547 https://example.com/rdap/entities?fn=Bobby%20Joe* 549 Searches for entity information by handle are specified using this 550 form: 552 entities?handle=XXXX 554 XXXX is a search pattern representing an entity (such as a contact, 555 registrant, or registrar) identifier whose syntax is specific to the 556 registration provider. The following URL would be used to find 557 information for entity handles matching the "CID-40*" pattern: 559 https://example.com/rdap/entities?handle=CID-40* 561 URLs MUST be properly encoded according to the rules of [RFC3986]. 562 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 564 4. Query Processing 566 Servers indicate the success or failure of query processing by 567 returning an appropriate HTTP response code to the client. Response 568 codes not specifically identified in this document are described in 569 [RFC7480]. 571 4.1. Partial String Searching 573 Partial string searching uses the asterisk ('*', US-ASCII value 574 0x002A) character to match zero or more trailing characters. A 575 character string representing a domain label suffix MAY be 576 concatenated to the end of the search pattern to limit the scope of 577 the search. For example, the search pattern "exam*" will match 578 "example.com" and "example.net". The search pattern "exam*.com" will 579 match "example.com". If an asterisk appears in a search string, any 580 label that contains the non-asterisk characters in sequence plus zero 581 or more characters in sequence in place of the asterisk would match. 582 Only a single asterisk is allowed for a partial string search. 583 Additional pattern matching processing is beyond the scope of this 584 specification. 586 If a server receives a search request but cannot process the request 587 because it does not support a particular style of partial match 588 searching, it SHOULD return an HTTP 422 (Unprocessable Entity) 589 [RFC4918] response. When returning a 422 error, the server MAY also 590 return an error response body as specified in Section 6 of 591 [I-D.hollenbeck-regext-rfc7483bis] if the requested media type is one 592 that is specified in [RFC7480]. 594 Partial matching is not feasible across combinations of Unicode 595 characters because Unicode characters can be combined with each 596 other. Servers SHOULD NOT partially match combinations of Unicode 597 characters where a legal combination is possible. It should be 598 noted, though, that it may not always be possible to detect cases 599 where a character could have been combined with another character, 600 but was not, because characters can be combined in many different 601 ways. 603 Clients should avoid submitting a partial match search of Unicode 604 characters where a Unicode character may be legally combined with 605 another Unicode character or characters. Partial match searches with 606 incomplete combinations of characters where a character must be 607 combined with another character or characters are invalid. Partial 608 match searches with characters that may be combined with another 609 character or characters are to be considered non-combined characters 610 (that is, if character x may be combined with character y but 611 character y is not submitted in the search string, then character x 612 is a complete character and no combinations of character x are to be 613 searched). 615 4.2. Associated Records 617 Conceptually, any query-matching record in a server's database might 618 be a member of a set of related records, related in some fashion as 619 defined by the server -- for example, variants of an IDN. The entire 620 set ought to be considered as candidates for inclusion when 621 constructing the response. However, the construction of the final 622 response needs to be mindful of privacy and other data-releasing 623 policies when assembling the RDAP response set. 625 Note too that due to the nature of searching, there may be a list of 626 query-matching records. Each one of those is subject to being a 627 member of a set as described in the previous paragraph. What is 628 ultimately returned in a response will be the union of all the sets 629 that has been filtered by whatever policies are in place. 631 Note that this model includes arrangements for associated names, 632 including those that are linked by policy mechanisms and names bound 633 together for some other purposes. Note also that returning 634 information that was not explicitly selected by an exact-match 635 lookup, including additional names that match a relatively fuzzy 636 search as well as lists of names that are linked together, may cause 637 privacy issues. 639 Note that there might not be a single, static information return 640 policy that applies to all clients equally. Client identity and 641 associated authorizations can be a relevant factor in determining how 642 broad the response set will be for any particular query. 644 5. Extensibility 646 This document describes path segment specifications for a limited 647 number of objects commonly registered in both RIRs and DNRs. It does 648 not attempt to describe path segments for all of the objects 649 registered in all registries. Custom path segments can be created 650 for objects not specified here using the process described in 651 Section 6 of "HTTP Usage in the Registration Data Access Protocol 652 (RDAP)" [RFC7480]. 654 Custom path segments can be created by prefixing the segment with a 655 unique identifier followed by an underscore character (0x5F). For 656 example, a custom entity path segment could be created by prefixing 657 "entity" with "custom_", producing "custom_entity". Servers MUST 658 return an appropriate failure status code for a request with an 659 unrecognized path segment. 661 6. Internationalization Considerations 663 There is value in supporting the ability to submit either a U-label 664 (Unicode form of an IDN label) or an A-label (US-ASCII form of an IDN 665 label) as a query argument to an RDAP service. Clients capable of 666 processing non-US-ASCII characters may prefer a U-label since this is 667 more visually recognizable and familiar than A-label strings, but 668 clients using programmatic interfaces might find it easier to submit 669 and display A-labels if they are unable to input U-labels with their 670 keyboard configuration. Both query forms are acceptable. 672 Internationalized domain and nameserver names can contain character 673 variants and variant labels as described in [RFC4290]. Clients that 674 support queries for internationalized domain and nameserver names 675 MUST accept service provider responses that describe variants as 676 specified in "JSON Responses for the Registration Data Access 677 Protocol (RDAP)" [I-D.hollenbeck-regext-rfc7483bis]. 679 6.1. Character Encoding Considerations 681 Servers can expect to receive search patterns from clients that 682 contain character strings encoded in different forms supported by 683 HTTP. It is entirely possible to apply filters and normalization 684 rules to search patterns prior to making character comparisons, but 685 this type of processing is more typically needed to determine the 686 validity of registered strings than to match patterns. 688 An RDAP client submitting a query string containing non-US-ASCII 689 characters converts such strings into Unicode in UTF-8 encoding. It 690 then performs any local case mapping deemed necessary. Strings are 691 normalized using Normalization Form C (NFC) [Unicode-UAX15]; note 692 that clients might not be able to do this reliably. UTF-8 encoded 693 strings are then appropriately percent-encoded [RFC3986] in the query 694 URL. 696 After parsing any percent-encoding, an RDAP server treats each query 697 string as Unicode in UTF-8 encoding. If a string is not valid UTF-8, 698 the server can immediately stop processing the query and return an 699 HTTP 400 (Bad Request) response. 701 When processing queries, there is a difference in handling DNS names, 702 including those with putative U-labels, and everything else. DNS 703 names are treated according to the DNS matching rules as described in 704 Section 3.1 of RFC 1035 [RFC1035] for Non-Reserved LDH (NR-LDH) 705 labels and the matching rules described in Section 5.4 of RFC 5891 706 [RFC5891] for U-labels. Matching of DNS names proceeds one label at 707 a time because it is possible for a combination of U-labels and NR- 708 LDH labels to be found in a single domain or host name. The 709 determination of whether a label is a U-label or an NR-LDH label is 710 based on whether the label contains any characters outside of the US- 711 ASCII letters, digits, or hyphen (the so-called LDH rule). 713 For everything else, servers map fullwidth and halfwidth characters 714 to their decomposition equivalents. Servers convert strings to the 715 same coded character set of the target data that is to be looked up 716 or searched, and each string is normalized using the same 717 normalization that was used on the target data. In general, storage 718 of strings as Unicode is RECOMMENDED. For the purposes of 719 comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case 720 folding is used to maximize predictability and the number of matches. 721 Note the use of case-folded NFKC as opposed to NFC in this case. 723 7. Implementation Status 725 NOTE: Please remove this section and the reference to RFC 7942 prior 726 to publication as an RFC. 728 This section records the status of known implementations of the 729 protocol defined by this specification at the time of posting of this 730 Internet-Draft, and is based on a proposal described in RFC 7942 731 [RFC7942]. The description of implementations in this section is 732 intended to assist the IETF in its decision processes in progressing 733 drafts to RFCs. Please note that the listing of any individual 734 implementation here does not imply endorsement by the IETF. 735 Furthermore, no effort has been spent to verify the information 736 presented here that was supplied by IETF contributors. This is not 737 intended as, and must not be construed to be, a catalog of available 738 implementations or their features. Readers are advised to note that 739 other implementations may exist. 741 According to RFC 7942, "this will allow reviewers and working groups 742 to assign due consideration to documents that have the benefit of 743 running code, which may serve as evidence of valuable experimentation 744 and feedback that have made the implemented protocols more mature. 745 It is up to the individual working groups to use this information as 746 they see fit". 748 7.1. Viagenie 750 Responsible Organization: Viagenie 752 Location: RDAPBrowser (iOS and Android): https://viagenie.ca/ 753 rdapbrowser 755 Description: Mobile app (iOS and Android) implementing an RDAP 756 client for domains, IP addresses and AS numbers. 758 Level of Maturity: Production 760 Coverage: All except for nameserver, entity, help, and search path 761 segments. 763 Version Compatibility: RFC 7482 765 Licensing: Proprietary 767 Implementation Experience: Quite simple and easy to deploy. 768 Responses are much harder to parse because RDAP servers are not 769 compliant. 771 Contact Information: Marc Blanchet, rdapbrowser@viagenie.ca 773 Date Last Updated: September 27, 2019 775 7.2. ARIN 777 Responsible Organization: ARIN 779 Location: search.arin.net https://search.arin.net/rdap/ 781 Description: search.arin.net is a public web page getting about 8k 782 queries per day. 784 Level of Maturity: Production. 786 Coverage: Search.arin.net supports lookup of entities by handle, 787 search of entities by name, lookup of domain names, lookup of ip 788 networks, lookup of autnums. 790 Version Compatibility: RFC 7482 792 Licensing: Search.arin.net is not publicly licensed. 794 Implementation Experience: The RDAP queries are straightforward 795 for the most part. The vast majority of logic goes into 796 displaying information. 798 Contact Information: info@arin.net 800 Date Last Updated: July 2019. 802 7.3. NicInfo 804 Responsible Organization: ARIN 806 Location: NicInfo https://github.com/arineng/nicinfo 808 Description: NicInfo is a command line client written in Ruby. 810 Level of Maturity: NicInfo started as a research project, but is 811 known to be used by some organizations in a production capacity. 813 Version Compatibility: RFC 7482 815 Licensing: NicInfo is published under the ISC license. 817 Implementation Experience: The RDAP queries are straightforward 818 for the most part. The vast majority of logic goes into 819 displaying information. 821 Contact Information: info@arin.net 823 Date Last Updated: NicInfo was last updated in Feb 2018. 825 7.4. LACNIC 827 Responsible Organization: LACNIC 829 Location: https://github.com/LACNIC/rdap-frontend-angular-dev 831 Description: The goal of this client is to have an RDAP client 832 that can be easily embedded in web pages. The original request 833 was for a web whois/rdap feature that was to replace a very, very 834 old web whois that just popen'd CLI WHOIS and just copied back the 835 output to html. We decided to implement something that could, in 836 the future, be embedded in any web page and is not tied to our 837 current web portal CMS. The client is implemented in Javascript 838 and AngularJS. 840 Level of Maturity: We consider the current version production 841 quality, it has been in use in our web portal for more than a year 842 now. 844 Coverage: The client implements /ip, /autnum, and /entity. The 845 client does not support searches. For these objects the 846 implementation follows the standard closely. There may be a few 847 gaps, but it's mostly aligned to the RFCs. 849 Version Compatibility: RFC 7482 850 Licensing: BSD-Style 852 Implementation Experience: Users of the traditional WHOIS service 853 are a bit confused at first when they realize that an RDAP query 854 does not necessarily return the same information and in some cases 855 they need to "navigate" the RDAP tree to get data that is normally 856 returned in a single WHOIS query. In our experience, this gap in 857 expectations has been one of the most significant hurdles in 858 adoption of RDAP. Our RDAP client makes this "navigation" easier 859 as it presents results in the form of a web page where the "next" 860 necessary RDAP query is a click on a link. On the plus side, the 861 protocol provides all the information needed to present this links 862 and clicks to the user. We have however introduced a few 863 extensions into our RDAP responses to get both services to parity 864 in the information presented in a single query. 866 Contact Information: Gerardo Rada (gerardo@lacnic.net), Carlos 867 Martinez (carlos@lacnic.net) 869 Date Last Updated: This application is currently in maintenance 870 mode. Also, we employ a rolling release update. Latest updates 871 are available in the git log of the repo. 873 7.5. ICANN 875 Responsible Organization: Internet Corporation for Assigned Names 876 and Numbers (ICANN) 878 Location: Domain Name Registration Data Lookup: 879 https://lookup.icann.org/ 881 Description: ICANN created the Domain Name Registration Data 882 Lookup web client as a free public service that gives users the 883 ability to look up and display publicly available registration 884 data related to a domain name using the top level domain's RDAP 885 service location listed in the IANA bootstrap service registry for 886 domain name space (RFC 7484), and the sponsoring Registrar's RDAP 887 server. This web client implementation also supports the 888 specifications defined in the "gTLD RDAP Profile" documents 889 (https://www.icann.org/gtld-rdap-profile). 891 Level of Maturity: Production. 893 Coverage: This web client implements RFC 7482 section 3.1.3 894 "Domain Path Segment Specification" to perform lookups exclusively 895 for the domain object class. 897 Version Compatibility: RFC 7482 898 Contact Information: globalSupport@icann.org 900 Date Last Updated: 07-Oct-2019 902 8. IANA Considerations 904 This document has no actions for IANA. 906 9. Security Considerations 908 Security services for the operations specified in this document are 909 described in "Security Services for the Registration Data Access 910 Protocol (RDAP)" [RFC7481]. 912 Search functionality typically requires more server resources (such 913 as memory, CPU cycles, and network bandwidth) when compared to basic 914 lookup functionality. This increases the risk of server resource 915 exhaustion and subsequent denial of service due to abuse. This risk 916 can be mitigated by developing and implementing controls to restrict 917 search functionality to identified and authorized clients. If those 918 clients behave badly, their search privileges can be suspended or 919 revoked. Rate limiting as described in Section 5.5 of "HTTP Usage in 920 the Registration Data Access Protocol (RDAP)" [RFC7480] can also be 921 used to control the rate of received search requests. Server 922 operators can also reduce their risk by restricting the amount of 923 information returned in response to a search request. 925 Search functionality also increases the privacy risk of disclosing 926 object relationships that might not otherwise be obvious. For 927 example, a search that returns IDN variants [RFC6927] that do not 928 explicitly match a client-provided search pattern can disclose 929 information about registered domain names that might not be otherwise 930 available. Implementers need to consider the policy and privacy 931 implications of returning information that was not explicitly 932 requested. 934 Note that there might not be a single, static information return 935 policy that applies to all clients equally. Client identity and 936 associated authorizations can be a relevant factor in determining how 937 broad the response set will be for any particular query. 939 10. References 941 10.1. Normative References 943 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 944 host table specification", RFC 952, DOI 10.17487/RFC0952, 945 October 1985, . 947 [RFC1035] Mockapetris, P., "Domain names - implementation and 948 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 949 November 1987, . 951 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts - 952 Application and Support", STD 3, RFC 1123, 953 DOI 10.17487/RFC1123, October 1989, 954 . 956 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 957 numbers", RFC 1166, DOI 10.17487/RFC1166, July 1990, 958 . 960 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 961 Requirement Levels", BCP 14, RFC 2119, 962 DOI 10.17487/RFC2119, March 1997, 963 . 965 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 966 Resource Identifier (URI): Generic Syntax", STD 66, 967 RFC 3986, DOI 10.17487/RFC3986, January 2005, 968 . 970 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 971 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 972 2006, . 974 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 975 (CIDR): The Internet Address Assignment and Aggregation 976 Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August 977 2006, . 979 [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed 980 Authoring and Versioning (WebDAV)", RFC 4918, 981 DOI 10.17487/RFC4918, June 2007, 982 . 984 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 985 Autonomous System (AS) Numbers", RFC 5396, 986 DOI 10.17487/RFC5396, December 2008, 987 . 989 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 990 STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, 991 . 993 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 994 Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733, 995 August 2009, . 997 [RFC5890] Klensin, J., "Internationalized Domain Names for 998 Applications (IDNA): Definitions and Document Framework", 999 RFC 5890, DOI 10.17487/RFC5890, August 2010, 1000 . 1002 [RFC5891] Klensin, J., "Internationalized Domain Names in 1003 Applications (IDNA): Protocol", RFC 5891, 1004 DOI 10.17487/RFC5891, August 2010, 1005 . 1007 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 1008 Address Text Representation", RFC 5952, 1009 DOI 10.17487/RFC5952, August 2010, 1010 . 1012 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1013 Protocol (HTTP/1.1): Message Syntax and Routing", 1014 RFC 7230, DOI 10.17487/RFC7230, June 2014, 1015 . 1017 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1018 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 1019 DOI 10.17487/RFC7231, June 2014, 1020 . 1022 [RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the 1023 Registration Data Access Protocol (RDAP)", RFC 7480, 1024 DOI 10.17487/RFC7480, March 2015, 1025 . 1027 [RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the 1028 Registration Data Access Protocol (RDAP)", RFC 7481, 1029 DOI 10.17487/RFC7481, March 2015, 1030 . 1032 [RFC7484] Blanchet, M., "Finding the Authoritative Registration Data 1033 (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March 1034 2015, . 1036 [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 1037 Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, 1038 January 2019, . 1040 [I-D.ietf-regext-rfc7483bis] 1041 Hollenbeck, S. and A. Newton, "JSON Responses for the 1042 Registration Data Access Protocol (RDAP)", draft- 1043 ietf-regext-rfc7483bis-00 (work in progress), June 1044 2020. 1046 [Unicode-UAX15] 1047 The Unicode Consortium, "Unicode Standard Annex #15: 1048 Unicode Normalization Forms", September 2013, 1049 . 1051 10.2. Informative References 1053 [REST] Fielding, R., "Architectural Styles and the Design of 1054 Network-based Software Architectures", Ph.D. 1055 Dissertation, University of California, Irvine, 2000, 1056 . 1059 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 1060 DOI 10.17487/RFC3912, September 2004, 1061 . 1063 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 1064 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 1065 DOI 10.17487/RFC4007, March 2005, 1066 . 1068 [RFC4290] Klensin, J., "Suggested Practices for Registration of 1069 Internationalized Domain Names (IDN)", RFC 4290, 1070 DOI 10.17487/RFC4290, December 2005, 1071 . 1073 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 1074 IPv6 Zone Identifiers in Address Literals and Uniform 1075 Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874, 1076 February 2013, . 1078 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 1079 Registered in Top-Level Domains", RFC 6927, 1080 DOI 10.17487/RFC6927, May 2013, 1081 . 1083 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 1084 Code: The Implementation Status Section", BCP 205, 1085 RFC 7942, DOI 10.17487/RFC7942, July 2016, 1086 . 1088 [RFC8521] Hollenbeck, S. and A. Newton, "Registration Data Access 1089 Protocol (RDAP) Object Tagging", BCP 221, RFC 8521, 1090 DOI 10.17487/RFC8521, November 2018, 1091 . 1093 Acknowledgements 1095 This document is derived from original work on RIR query formats 1096 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 1097 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 1098 Additionally, this document incorporates DNR query formats originally 1099 described by Francisco Arias and Steve Sheng of ICANN and Scott 1100 Hollenbeck of Verisign Labs. 1102 The authors would like to acknowledge the following individuals for 1103 their contributions to this document: Francisco Arias, Marc Blanchet, 1104 Ernie Dainow, Jean-Philippe Dionne, Byron J. Ellacott, Behnam 1105 Esfahbod, John Klensin, John Levine, Edward Lewis, Mario Loffredo, 1106 Patrick Mevzek, Mark Nottingham, Kaveh Ranjbar, Arturo L. Servin, 1107 Steve Sheng, Jasdip Singh, and Andrew Sullivan. 1109 Changes from RFC 7482 1111 00: Initial version ported from RFC 7482. Added Implementation 1112 Status section. Addressed known errata. 1114 01: Addressed other reported clarifications and corrections: IDN/ 1115 IDNA definition, note that registrars are entities, definition of 1116 "DNR", RFC 8521 to address bootstrap registry limitation, removal 1117 of extraneous "...", HTTP query string clarification, search 1118 pattern clarification, name server search clarification, domain 1119 label suffix and asterisk search clarification. 1121 02: Addressed "The HTTP query string" clarification. 1123 03: Modified co-author address. 1125 04: Updated references to 7483 to 7483bis Internet-Draft. Updated 1126 "Change Log" to "Changes from RFC 7482". Added more detail to the 1127 changes made in the -01 version. 1129 05: Added an empty IANA Considerations section to satisfy IDNits. 1130 Changed references to use HTTPS for targets. Split ARIN and 1131 NicInfo implementation status into two sections. 1133 06: Changed "XXXX is a search pattern representing the "FN" property 1134 of an entity (such as a contact, registrant, or registrar) name as 1135 specified in Section 5.1" to "Changed "XXXX is a search pattern 1136 representing the "fn" property of an entity (such as a contact, 1137 registrant, or registrar) name as described in Section 5.1". 1139 00: Initial working group version. Added acknowledgements. 1141 Authors' Addresses 1143 Scott Hollenbeck 1144 Verisign Labs 1145 12061 Bluemont Way 1146 Reston, VA 20190 1147 United States of America 1149 Email: shollenbeck@verisign.com 1150 URI: https://www.verisignlabs.com/ 1152 Andy Newton 1153 Amazon Web Services, Inc. 1154 13200 Woodland Park Road 1155 Herndon, VA 20171 1156 United States of America 1158 Email: andy@hxr.us