idnits 2.17.1 draft-ietf-regext-rfc7482bis-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == There are 2 instances of lines with non-RFC2606-compliant FQDNs in the document. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (22 February 2021) is 1156 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) ** Obsolete normative reference: RFC 7484 (Obsoleted by RFC 9224) ** Obsolete normative reference: RFC 8499 (Obsoleted by RFC 9499) == Outdated reference: A later version (-05) exists of draft-ietf-regext-rfc7483bis-04 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-regext-rfc7483bis' -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' Summary: 6 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 REGEXT Working Group S. Hollenbeck 3 Internet-Draft Verisign Labs 4 Obsoletes: 7482 (if approved) A. Newton 5 Intended status: Standards Track AWS 6 Expires: 26 August 2021 22 February 2021 8 Registration Data Access Protocol (RDAP) Query Format 9 draft-ietf-regext-rfc7482bis-03 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. These 17 uniform patterns define the query syntax for the Registration Data 18 Access Protocol (RDAP). If approved, this document obsoletes RFC 19 7482. 21 Status of This Memo 23 This Internet-Draft is submitted in full conformance with the 24 provisions of BCP 78 and BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF). Note that other groups may also distribute 28 working documents as Internet-Drafts. The list of current Internet- 29 Drafts is at https://datatracker.ietf.org/drafts/current/. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 This Internet-Draft will expire on 26 August 2021. 38 Copyright Notice 40 Copyright (c) 2021 IETF Trust and the persons identified as the 41 document authors. All rights reserved. 43 This document is subject to BCP 78 and the IETF Trust's Legal 44 Provisions Relating to IETF Documents (https://trustee.ietf.org/ 45 license-info) in effect on the date of publication of this document. 46 Please review these documents carefully, as they describe your rights 47 and restrictions with respect to this document. Code Components 48 extracted from this document must include Simplified BSD License text 49 as described in Section 4.e of the Trust Legal Provisions and are 50 provided without warranty as described in the Simplified BSD License. 52 Table of Contents 54 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 2. Conventions Used in This Document . . . . . . . . . . . . . . 4 56 2.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 4 57 3. Path Segment Specification . . . . . . . . . . . . . . . . . 5 58 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 6 59 3.1.1. IP Network Path Segment Specification . . . . . . . . 6 60 3.1.2. Autonomous System Path Segment Specification . . . . 7 61 3.1.3. Domain Path Segment Specification . . . . . . . . . . 7 62 3.1.4. Nameserver Path Segment Specification . . . . . . . . 9 63 3.1.5. Entity Path Segment Specification . . . . . . . . . . 9 64 3.1.6. Help Path Segment Specification . . . . . . . . . . . 9 65 3.2. Search Path Segment Specification . . . . . . . . . . . . 10 66 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 10 67 3.2.2. Nameserver Search . . . . . . . . . . . . . . . . . . 11 68 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 12 69 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 13 70 4.1. Partial String Searching . . . . . . . . . . . . . . . . 13 71 4.2. Associated Records . . . . . . . . . . . . . . . . . . . 14 72 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 15 73 6. Internationalization Considerations . . . . . . . . . . . . . 15 74 6.1. Character Encoding Considerations . . . . . . . . . . . . 15 75 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 16 76 7.1. Viagenie . . . . . . . . . . . . . . . . . . . . . . . . 17 77 7.2. ARIN . . . . . . . . . . . . . . . . . . . . . . . . . . 17 78 7.3. NicInfo . . . . . . . . . . . . . . . . . . . . . . . . . 18 79 7.4. LACNIC . . . . . . . . . . . . . . . . . . . . . . . . . 18 80 7.5. ICANN . . . . . . . . . . . . . . . . . . . . . . . . . . 19 81 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20 82 9. Security Considerations . . . . . . . . . . . . . . . . . . . 20 83 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 84 10.1. Normative References . . . . . . . . . . . . . . . . . . 21 85 10.2. Informative References . . . . . . . . . . . . . . . . . 23 86 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 24 87 Changes from RFC 7482 . . . . . . . . . . . . . . . . . . . . . . 25 88 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 26 90 1. Introduction 92 This document describes a specification for querying registration 93 data using a RESTful web service and uniform query patterns. The 94 service is implemented using the Hypertext Transfer Protocol (HTTP) 95 [RFC7230] and the conventions described in [RFC7480]. These uniform 96 patterns define the query syntax for the Registration Data Access 97 Protocol (RDAP). If approved, this document obsoletes RFC 7482. 99 The protocol described in this specification is intended to address 100 deficiencies with the WHOIS protocol [RFC3912] that have been 101 identified over time, including: 103 * lack of standardized command structures; 105 * lack of standardized output and error structures; 107 * lack of support for internationalization and localization; and 109 * lack of support for user identification, authentication, and 110 access control. 112 The patterns described in this document purposefully do not encompass 113 all of the methods employed in the WHOIS and other RESTful web 114 services used by the RIRs and DNRs. The intent of the patterns 115 described here is to enable queries of: 117 * networks by IP address; 119 * Autonomous System (AS) numbers by number; 121 * reverse DNS metadata by domain; 123 * nameservers by name; and 125 * entities (such as registrars and contacts) by identifier. 127 Server implementations are free to support only a subset of these 128 features depending on local requirements. Servers MUST return an 129 HTTP 501 (Not Implemented) [RFC7231] response to inform clients of 130 unsupported query types. It is also envisioned that each registry 131 will continue to maintain WHOIS and/or other RESTful web services 132 specific to their needs and those of their constituencies, and the 133 information retrieved through the patterns described here may 134 reference such services. 136 Likewise, future IETF specifications may add additional patterns for 137 additional query types. A simple pattern namespacing scheme is 138 described in Section 5 to accommodate custom extensions that will not 139 interfere with the patterns defined in this document or patterns 140 defined in future IETF specifications. 142 WHOIS services, in general, are read-only services. Accordingly, URL 143 [RFC3986] patterns specified in this document are only applicable to 144 the HTTP [RFC7231] GET and HEAD methods. 146 This document does not describe the results or entities returned from 147 issuing the described URLs with an HTTP GET. The specification of 148 these entities is described in [I-D.ietf-regext-rfc7483bis]. 150 Additionally, resource management, provisioning, and update functions 151 are out of scope for this document. Registries have various and 152 divergent methods covering these functions, and it is unlikely a 153 uniform approach is needed for interoperability. 155 HTTP contains mechanisms for servers to authenticate clients and for 156 clients to authenticate servers (from which authorization schemes may 157 be built), so such mechanisms are not described in this document. 158 Policy, provisioning, and processing of authentication and 159 authorization are out of scope for this document as deployments will 160 have to make choices based on local criteria. Supported 161 authentication mechanisms are described in [RFC7481]. 163 2. Conventions Used in This Document 165 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 166 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 167 "OPTIONAL" in this document are to be interpreted as described in BCP 168 14 [RFC2119] [RFC8174] when, and only when, they appear in all 169 capitals, as shown here. 171 2.1. Acronyms and Abbreviations 173 IDN: Internationalized Domain Name, a fully-qualified domain name 174 containing one or more labels that are intended to include one or 175 more Unicode code points outside the ASCII range (cf. "domain 176 name", "fully-qualified domain name" and "internationalized domain 177 name" in RFC 8499 [RFC8499]). 179 IDNA: Internationalized Domain Names in Applications, a protocol 180 for the handling of IDNs. In this document, "IDNA" refers 181 specifically to the version of those specifications known as 182 "IDNA2008" [RFC5890]. 184 DNR: Domain Name Registry or Domain Name Registrar 186 NFC: Unicode Normalization Form C [Unicode-UAX15] 188 NFKC: Unicode Normalization Form KC [Unicode-UAX15] 190 RDAP: Registration Data Access Protocol 192 REST: Representational State Transfer. The term was first 193 described in a doctoral dissertation [REST]. 195 RESTful: An adjective that describes a service using HTTP and the 196 principles of REST. 198 RIR: Regional Internet Registry 200 3. Path Segment Specification 202 The base URLs used to construct RDAP queries are maintained in an 203 IANA registry (the "bootstrap registry") described in [RFC7484]. 204 Queries are formed by retrieving an appropriate base URL from the 205 registry and appending a path segment specified in either Sections 206 3.1 or 3.2. Generally, a registry or other service provider will 207 provide a base URL that identifies the protocol, host, and port, and 208 this will be used as a base URL that the complete URL is resolved 209 against, as per Section 5 of RFC 3986 [RFC3986]. For example, if the 210 base URL is "https://example.com/rdap/", all RDAP query URLs will 211 begin with "https://example.com/rdap/". 213 The bootstrap registry does not contain information for query objects 214 that are not part of a global namespace, including entities and help. 215 A base URL for an associated object is required to construct a 216 complete query. This limitation can be overcome for entities by 217 using the practice described in RFC 8521 [RFC8521]. 219 For entities, a base URL is retrieved for the service (domain, 220 address, etc.) associated with a given entity. The query URL is 221 constructed by concatenating the base URL with the entity path 222 segment specified in either Sections 3.1.5 or 3.2.3. 224 For help, a base URL is retrieved for any service (domain, address, 225 etc.) for which additional information is required. The query URL is 226 constructed by concatenating the base URL with the help path segment 227 specified in Section 3.1.6. 229 3.1. Lookup Path Segment Specification 231 A simple lookup to determine if an object exists (or not) without 232 returning RDAP-encoded results can be performed using the HTTP HEAD 233 method as described in Section 4.1 of [RFC7480]. 235 The resource type path segments for exact match lookup are: 237 * 'ip': Used to identify IP networks and associated data referenced 238 using either an IPv4 or IPv6 address. 240 * 'autnum': Used to identify Autonomous System number registrations 241 and associated data referenced using an asplain Autonomous System 242 number. 244 * 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 245 information and associated data referenced using a fully qualified 246 domain name. 248 * 'nameserver': Used to identify a nameserver information query 249 using a host name. 251 * 'entity': Used to identify an entity information query using a 252 string identifier. 254 3.1.1. IP Network Path Segment Specification 256 Syntax: ip/ or ip// 258 Queries for information about IP networks are of the form /ip/XXX or 259 /ip/XXX/YY where the path segment following 'ip' is either an IPv4 260 dotted decimal or IPv6 [RFC5952] address (i.e., XXX) or an IPv4 or 261 IPv6 Classless Inter-domain Routing (CIDR) [RFC4632] notation address 262 block (i.e., XXX/YY). Semantically, the simpler form using the 263 address can be thought of as a CIDR block with a prefix length of 32 264 for IPv4 and a prefix length of 128 for IPv6. A given specific 265 address or CIDR may fall within multiple IP networks in a hierarchy 266 of networks; therefore, this query targets the "most-specific" or 267 smallest IP network that completely encompasses it in a hierarchy of 268 IP networks. 270 The IPv4 and IPv6 address formats supported in this query are 271 described in Section 3.2.2 of RFC 3986 [RFC3986] as IPv4address and 272 IPv6address ABNF definitions. Any valid IPv6 text address format 273 [RFC4291] can be used. This includes IPv6 addresses written using 274 with or without compressed zeros and IPv6 addresses containing 275 embedded IPv4 addresses. The rules to write a text representation of 276 an IPv6 address [RFC5952] are RECOMMENDED. However, the zone_id 278 [RFC4007] is not appropriate in this context; therefore, the 279 corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT be 280 used, and servers SHOULD ignore it. 282 For example, the following URL would be used to find information for 283 the most specific network containing 192.0.2.0: 285 https://example.com/rdap/ip/192.0.2.0 287 The following URL would be used to find information for the most 288 specific network containing 192.0.2.0/24: 290 https://example.com/rdap/ip/192.0.2.0/24 292 The following URL would be used to find information for the most 293 specific network containing 2001:db8:: 295 https://example.com/rdap/ip/2001:db8:: 297 3.1.2. Autonomous System Path Segment Specification 299 Syntax: autnum/ 301 Queries for information regarding Autonomous System number 302 registrations are of the form /autnum/XXX where XXX is an asplain 303 Autonomous System number [RFC5396]. In some registries, registration 304 of Autonomous System numbers is done on an individual number basis, 305 while other registries may register blocks of Autonomous System 306 numbers. The semantics of this query are such that if a number falls 307 within a range of registered blocks, the target of the query is the 308 block registration and that individual number registrations are 309 considered a block of numbers with a size of 1. 311 For example, the following URL would be used to find information 312 describing Autonomous System number 12 (a number within a range of 313 registered blocks): 315 https://example.com/rdap/autnum/12 317 The following URL would be used to find information describing 4-byte 318 Autonomous System number 65538: 320 https://example.com/rdap/autnum/65538 322 3.1.3. Domain Path Segment Specification 324 Syntax: domain/ 325 Queries for domain information are of the form /domain/XXXX, where 326 XXXX is a fully qualified (relative to the root) domain name (as 327 specified in [RFC0952] and [RFC1123]) in either the in-addr.arpa or 328 ip6.arpa zones (for RIRs) or a fully qualified domain name in a zone 329 administered by the server operator (for DNRs). Internationalized 330 Domain Names (IDNs) represented in either A-label or U-label format 331 [RFC5890] are also valid domain names. See Section 6.1 for 332 information on character encoding for the U-label format. 334 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; 335 that is, internationalized labels in an IDN SHOULD be either all 336 A-labels or all U-labels. It is possible for an RDAP client to 337 assemble a query string from multiple independent data sources. Such 338 a client might not be able to perform conversions between A-labels 339 and U-labels. An RDAP server that receives a query string with a 340 mixture of A-labels and U-labels MAY convert all the U-labels to 341 A-labels, perform IDNA processing, and proceed with exact-match 342 lookup. In such cases, the response to be returned to the query 343 source may not match the input from the query source. Alternatively, 344 the server MAY refuse to process the query. 346 The server MAY perform the match using either the A-label or U-label 347 form. Using one consistent form for matching every label is likely 348 to be more reliable. 350 The following URL would be used to find information describing the 351 zone serving the network 192.0.2/24: 353 https://example.com/rdap/domain/2.0.192.in-addr.arpa 355 The following URL would be used to find information describing the 356 zone serving the network 2001:db8:1::/48: 358 https://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 360 The following URL would be used to find information for the 361 blah.example.com domain name: 363 https://example.com/rdap/domain/blah.example.com 365 The following URL would be used to find information for the xn--fo- 366 5ja.example IDN: 368 https://example.com/rdap/domain/xn--fo-5ja.example 370 3.1.4. Nameserver Path Segment Specification 372 Syntax: nameserver/ 374 The parameter represents a fully qualified host 375 name as specified in [RFC0952] and [RFC1123]. Internationalized 376 names represented in either A-label or U-label format [RFC5890] are 377 also valid nameserver names. IDN processing for nameserver names 378 uses the domain name processing instructions specified in 379 Section 3.1.3. See Section 6.1 for information on character encoding 380 for the U-label format. 382 The following URL would be used to find information for the 383 ns1.example.com nameserver: 385 https://example.com/rdap/nameserver/ns1.example.com 387 The following URL would be used to find information for the ns1.xn-- 388 fo-5ja.example nameserver: 390 https://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 392 3.1.5. Entity Path Segment Specification 394 Syntax: entity/ 396 The parameter represents an entity (such as a contact, 397 registrant, or registrar) identifier whose syntax is specific to the 398 registration provider. For example, for some DNRs, contact 399 identifiers are specified in [RFC5730] and [RFC5733]. 401 The following URL would be used to find information for the entity 402 associated with handle XXXX: 404 https://example.com/rdap/entity/XXXX 406 3.1.6. Help Path Segment Specification 408 Syntax: help 410 The help path segment can be used to request helpful information 411 (command syntax, terms of service, privacy policy, rate-limiting 412 policy, supported authentication methods, supported extensions, 413 technical support contact, etc.) from an RDAP server. The response 414 to "help" should provide basic information that a client needs to 415 successfully use the service. The following URL would be used to 416 return "help" information: 418 https://example.com/rdap/help 420 3.2. Search Path Segment Specification 422 Pattern matching semantics are described in Section 4.1. The 423 resource type path segments for search are: 425 * 'domains': Used to identify a domain name information search using 426 a pattern to match a fully qualified domain name. 428 * 'nameservers': Used to identify a nameserver information search 429 using a pattern to match a host name. 431 * 'entities': Used to identify an entity information search using a 432 pattern to match a string identifier. 434 RDAP search path segments are formed using a concatenation of the 435 plural form of the object being searched for and an HTTP query 436 string. The HTTP query string is formed using a concatenation of the 437 question mark character ('?', US-ASCII value 0x003F), a noun 438 representing the JSON object property associated with the object 439 being searched for, the equal sign character ('=', US-ASCII value 440 0x003D), and the search pattern (this is in contrast to the more 441 generic HTTP query string that allows multiple simultaneous 442 parameters). Search pattern query processing is described more fully 443 in Section 4. For the domain, nameserver, and entity objects 444 described in this document, the plural object forms are "domains", 445 "nameservers", and "entities". 447 Detailed results can be retrieved using the HTTP GET method and the 448 path segments specified here. 450 3.2.1. Domain Search 452 Syntax: domains?name= 454 Syntax: domains?nsLdhName= 456 Syntax: domains?nsIp= 458 Searches for domain information by name are specified using this 459 form: 461 domains?name=XXXX 462 XXXX is a search pattern representing a domain name in "letters, 463 digits, hyphen" (LDH) format [RFC5890]. The following URL would be 464 used to find DNR information for domain names matching the 465 "example*.com" pattern: 467 https://example.com/rdap/domains?name=example*.com 469 IDNs in U-label format [RFC5890] can also be used as search patterns 470 (see Section 4). Searches for these names are of the form 471 /domains?name=XXXX, where XXXX is a search pattern representing a 472 domain name in U-label format [RFC5890]. See Section 6.1 for 473 information on character encoding for the U-label format. 475 Searches for domain information by nameserver name are specified 476 using this form: 478 domains?nsLdhName=YYYY 480 YYYY is a search pattern representing a host name in "letters, 481 digits, hyphen" format [RFC5890]. The following URL would be used to 482 search for domains delegated to nameservers matching the 483 "ns1.example*.com" pattern: 485 https://example.com/rdap/domains?nsLdhName=ns1.example*.com 487 Searches for domain information by nameserver IP address are 488 specified using this form: 490 domains?nsIp=ZZZZ 492 ZZZZ is an IPv4 [RFC1166] or IPv6 [RFC5952] address. The following 493 URL would be used to search for domains that have been delegated to 494 nameservers that resolve to the "192.0.2.0" address: 496 https://example.com/rdap/domains?nsIp=192.0.2.0 498 3.2.2. Nameserver Search 500 Syntax: nameservers?name= 502 Syntax: nameservers?ip= 504 Searches for nameserver information by nameserver name are specified 505 using this form: 507 nameservers?name=XXXX 508 XXXX is a search pattern representing a host name in "letters, 509 digits, hyphen" format [RFC5890]. The following URL would be used to 510 find information for nameserver names matching the "ns1.example*.com" 511 pattern: 513 https://example.com/rdap/nameservers?name=ns1.example*.com 515 Internationalized nameserver names in U-label format [RFC5890] can 516 also be used as search patterns (see Section 4). Searches for these 517 names are of the form /nameservers?name=XXXX, where XXXX is a search 518 pattern representing a nameserver name in U-label format [RFC5890]. 519 See Section 6.1 for information on character encoding for the U-label 520 format. 522 Searches for nameserver information by nameserver IP address are 523 specified using this form: 525 nameservers?ip=YYYY 527 YYYY is an IPv4 [RFC1166] or IPv6 [RFC5952] address. The following 528 URL would be used to search for nameserver names that resolve to the 529 "192.0.2.0" address: 531 https://example.com/rdap/nameservers?ip=192.0.2.0 533 3.2.3. Entity Search 535 Syntax: entities?fn= 537 Syntax: entities?handle= 539 Searches for entity information by name are specified using this 540 form: 542 entities?fn=XXXX 544 XXXX is a search pattern representing the "fn" property of an entity 545 (such as a contact, registrant, or registrar) name as described in 546 Section 5.1 of [I-D.ietf-regext-rfc7483bis]. The following URL would 547 be used to find information for entity names matching the "Bobby 548 Joe*" pattern: 550 https://example.com/rdap/entities?fn=Bobby%20Joe* 552 Searches for entity information by handle are specified using this 553 form: 555 entities?handle=XXXX 556 XXXX is a search pattern representing an entity (such as a contact, 557 registrant, or registrar) identifier whose syntax is specific to the 558 registration provider. The following URL would be used to find 559 information for entity handles matching the "CID-40*" pattern: 561 https://example.com/rdap/entities?handle=CID-40* 563 URLs MUST be properly encoded according to the rules of [RFC3986]. 564 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 566 4. Query Processing 568 Servers indicate the success or failure of query processing by 569 returning an appropriate HTTP response code to the client. Response 570 codes not specifically identified in this document are described in 571 [RFC7480]. 573 4.1. Partial String Searching 575 Partial string searching uses the asterisk ('*', US-ASCII value 0x2A) 576 character to match zero or more trailing characters. A character 577 string representing a domain label suffix MAY be concatenated to the 578 end of the search pattern to limit the scope of the search. For 579 example, the search pattern "exam*" will match "example.com" and 580 "example.net". The search pattern "exam*.com" will match 581 "example.com". If an asterisk appears in a search string, any label 582 that contains the non-asterisk characters in sequence plus zero or 583 more characters in sequence in place of the asterisk would match. A 584 partial string search MUST NOT include more than one asterisk. 585 Additional pattern matching processing is beyond the scope of this 586 specification. 588 If a server receives a search request but cannot process the request 589 because it does not support a particular style of partial match 590 searching, it SHOULD return an HTTP 422 (Unprocessable Entity) 591 [RFC4918] response (unless another response code is more appropriate 592 based on a server's policy settings) to note that search 593 functionality is supported, but this particular query cannot be 594 processed. When returning a 422 error, the server MAY also return an 595 error response body as specified in Section 6 of 596 [I-D.ietf-regext-rfc7483bis] if the requested media type is one that 597 is specified in [RFC7480]. 599 Partial matching is not feasible across combinations of Unicode 600 characters because Unicode characters can be combined with each 601 other. Servers SHOULD NOT partially match combinations of Unicode 602 characters where a legal combination is possible. It should be 603 noted, though, that it may not always be possible to detect cases 604 where a character could have been combined with another character, 605 but was not, because characters can be combined in many different 606 ways. 608 Clients SHOULD NOT submit a partial match search of Unicode 609 characters where a Unicode character may be legally combined with 610 another Unicode character or characters. Partial match searches with 611 incomplete combinations of characters where a character must be 612 combined with another character or characters are invalid. Partial 613 match searches with characters that may be combined with another 614 character or characters are to be considered non-combined characters 615 (that is, if character x may be combined with character y but 616 character y is not submitted in the search string, then character x 617 is a complete character and no combinations of character x are to be 618 searched). 620 4.2. Associated Records 622 Conceptually, any query-matching record in a server's database might 623 be a member of a set of related records, related in some fashion as 624 defined by the server -- for example, variants of an IDN. The entire 625 set ought to be considered as candidates for inclusion when 626 constructing the response. However, the construction of the final 627 response needs to be mindful of privacy and other data-releasing 628 policies when assembling the RDAP response set. 630 Note too that due to the nature of searching, there may be a list of 631 query-matching records. Each one of those is subject to being a 632 member of a set as described in the previous paragraph. What is 633 ultimately returned in a response will be the union of all the sets 634 that has been filtered by whatever policies are in place. 636 Note that this model includes arrangements for associated names, 637 including those that are linked by policy mechanisms and names bound 638 together for some other purposes. Note also that returning 639 information that was not explicitly selected by an exact-match 640 lookup, including additional names that match a relatively fuzzy 641 search as well as lists of names that are linked together, may cause 642 privacy issues. 644 Note that there might not be a single, static information return 645 policy that applies to all clients equally. Client identity and 646 associated authorizations can be a relevant factor in determining how 647 broad the response set will be for any particular query. 649 5. Extensibility 651 This document describes path segment specifications for a limited 652 number of objects commonly registered in both RIRs and DNRs. It does 653 not attempt to describe path segments for all of the objects 654 registered in all registries. Custom path segments can be created 655 for objects not specified here using the process described in 656 Section 6 of "HTTP Usage in the Registration Data Access Protocol 657 (RDAP)" [RFC7480]. 659 Custom path segments can be created by prefixing the segment with a 660 unique identifier followed by an underscore character (0x5F). For 661 example, a custom entity path segment could be created by prefixing 662 "entity" with "custom_", producing "custom_entity". Servers MUST 663 return an appropriate failure status code for a request with an 664 unrecognized path segment. 666 6. Internationalization Considerations 668 There is value in supporting the ability to submit either a U-label 669 (Unicode form of an IDN label) or an A-label (US-ASCII form of an IDN 670 label) as a query argument to an RDAP service. Clients capable of 671 processing non-US-ASCII characters may prefer a U-label since this is 672 more visually recognizable and familiar than A-label strings, but 673 clients using programmatic interfaces might find it easier to submit 674 and display A-labels if they are unable to input U-labels with their 675 keyboard configuration. Both query forms are acceptable. 677 Internationalized domain and nameserver names can contain character 678 variants and variant labels as described in [RFC4290]. Clients that 679 support queries for internationalized domain and nameserver names 680 MUST accept service provider responses that describe variants as 681 specified in "JSON Responses for the Registration Data Access 682 Protocol (RDAP)" [I-D.ietf-regext-rfc7483bis]. 684 6.1. Character Encoding Considerations 686 Servers can expect to receive search patterns from clients that 687 contain character strings encoded in different forms supported by 688 HTTP. It is entirely possible to apply filters and normalization 689 rules to search patterns prior to making character comparisons, but 690 this type of processing is more typically needed to determine the 691 validity of registered strings than to match patterns. 693 An RDAP client submitting a query string containing non-US-ASCII 694 characters converts such strings into Unicode in UTF-8 encoding. It 695 then performs any local case mapping deemed necessary. Strings are 696 normalized using Normalization Form C (NFC) [Unicode-UAX15]; note 697 that clients might not be able to do this reliably. UTF-8 encoded 698 strings are then appropriately percent-encoded [RFC3986] in the query 699 URL. 701 After parsing any percent-encoding, an RDAP server treats each query 702 string as Unicode in UTF-8 encoding. If a string is not valid UTF-8, 703 the server can immediately stop processing the query and return an 704 HTTP 400 (Bad Request) response. 706 When processing queries, there is a difference in handling DNS names, 707 including those with putative U-labels, and everything else. DNS 708 names are treated according to the DNS matching rules as described in 709 Section 3.1 of RFC 1035 [RFC1035] for Non-Reserved LDH (NR-LDH) 710 labels and the matching rules described in Section 5.4 of RFC 5891 711 [RFC5891] for U-labels. Matching of DNS names proceeds one label at 712 a time because it is possible for a combination of U-labels and NR- 713 LDH labels to be found in a single domain or host name. The 714 determination of whether a label is a U-label or an NR-LDH label is 715 based on whether the label contains any characters outside of the US- 716 ASCII letters, digits, or hyphen (the so-called LDH rule). 718 For everything else, servers map fullwidth and halfwidth characters 719 to their decomposition equivalents. Servers convert strings to the 720 same coded character set of the target data that is to be looked up 721 or searched, and each string is normalized using the same 722 normalization that was used on the target data. In general, storage 723 of strings as Unicode is RECOMMENDED. For the purposes of 724 comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case 725 folding is used to maximize predictability and the number of matches. 726 Note the use of case-folded NFKC as opposed to NFC in this case. 728 7. Implementation Status 730 NOTE: Please remove this section and the reference to RFC 7942 prior 731 to publication as an RFC. 733 This section records the status of known implementations of the 734 protocol defined by this specification at the time of posting of this 735 Internet-Draft, and is based on a proposal described in RFC 7942 736 [RFC7942]. The description of implementations in this section is 737 intended to assist the IETF in its decision processes in progressing 738 drafts to RFCs. Please note that the listing of any individual 739 implementation here does not imply endorsement by the IETF. 740 Furthermore, no effort has been spent to verify the information 741 presented here that was supplied by IETF contributors. This is not 742 intended as, and must not be construed to be, a catalog of available 743 implementations or their features. Readers are advised to note that 744 other implementations may exist. 746 According to RFC 7942, "this will allow reviewers and working groups 747 to assign due consideration to documents that have the benefit of 748 running code, which may serve as evidence of valuable experimentation 749 and feedback that have made the implemented protocols more mature. 750 It is up to the individual working groups to use this information as 751 they see fit". 753 7.1. Viagenie 755 * Responsible Organization: Viagenie 757 * Location: RDAPBrowser (iOS and Android): https://viagenie.ca/ 758 rdapbrowser 760 * Description: Mobile app (iOS and Android) implementing an RDAP 761 client for domains, IP addresses and AS numbers. 763 * Level of Maturity: Production 765 * Coverage: All except for nameserver, entity, help, and search path 766 segments. 768 * Version Compatibility: RFC 7482 770 * Licensing: Proprietary 772 * Implementation Experience: Quite simple and easy to deploy. 773 Responses are much harder to parse because RDAP servers are not 774 compliant. 776 * Contact Information: Marc Blanchet, rdapbrowser@viagenie.ca 778 * Date Last Updated: September 27, 2019 780 7.2. ARIN 782 * Responsible Organization: ARIN 784 * Location: search.arin.net https://search.arin.net/rdap/ 786 * Description: search.arin.net is a public web page getting about 8k 787 queries per day. 789 * Level of Maturity: Production. 791 * Coverage: Search.arin.net supports lookup of entities by handle, 792 search of entities by name, lookup of domain names, lookup of ip 793 networks, lookup of autnums. 795 * Version Compatibility: RFC 7482 797 * Licensing: Search.arin.net is not publicly licensed. 799 * Implementation Experience: The RDAP queries are straightforward 800 for the most part. The vast majority of logic goes into 801 displaying information. 803 * Contact Information: info@arin.net 805 * Date Last Updated: July 2019. 807 7.3. NicInfo 809 * Responsible Organization: ARIN 811 * Location: NicInfo https://github.com/arineng/nicinfo 813 * Description: NicInfo is a command line client written in Ruby. 815 * Level of Maturity: NicInfo started as a research project, but is 816 known to be used by some organizations in a production capacity. 818 * Version Compatibility: RFC 7482 820 * Licensing: NicInfo is published under the ISC license. 822 * Implementation Experience: The RDAP queries are straightforward 823 for the most part. The vast majority of logic goes into 824 displaying information. 826 * Contact Information: info@arin.net 828 * Date Last Updated: NicInfo was last updated in Feb 2018. 830 7.4. LACNIC 832 * Responsible Organization: LACNIC 834 * Location: https://github.com/LACNIC/rdap-frontend-angular-dev 835 * Description: The goal of this client is to have an RDAP client 836 that can be easily embedded in web pages. The original request 837 was for a web whois/rdap feature that was to replace a very, very 838 old web whois that just popen'd CLI WHOIS and just copied back the 839 output to html. We decided to implement something that could, in 840 the future, be embedded in any web page and is not tied to our 841 current web portal CMS. The client is implemented in Javascript 842 and AngularJS. 844 * Level of Maturity: We consider the current version production 845 quality, it has been in use in our web portal for more than a year 846 now. 848 * Coverage: The client implements /ip, /autnum, and /entity. The 849 client does not support searches. For these objects the 850 implementation follows the standard closely. There may be a few 851 gaps, but it's mostly aligned to the RFCs. 853 * Version Compatibility: RFC 7482 855 * Licensing: BSD-Style 857 * Implementation Experience: Users of the traditional WHOIS service 858 are a bit confused at first when they realize that an RDAP query 859 does not necessarily return the same information and in some cases 860 they need to "navigate" the RDAP tree to get data that is normally 861 returned in a single WHOIS query. In our experience, this gap in 862 expectations has been one of the most significant hurdles in 863 adoption of RDAP. Our RDAP client makes this "navigation" easier 864 as it presents results in the form of a web page where the "next" 865 necessary RDAP query is a click on a link. On the plus side, the 866 protocol provides all the information needed to present this links 867 and clicks to the user. We have however introduced a few 868 extensions into our RDAP responses to get both services to parity 869 in the information presented in a single query. 871 * Contact Information: Gerardo Rada (gerardo@lacnic.net), Carlos 872 Martinez (carlos@lacnic.net) 874 * Date Last Updated: This application is currently in maintenance 875 mode. Also, we employ a rolling release update. Latest updates 876 are available in the git log of the repo. 878 7.5. ICANN 880 * Responsible Organization: Internet Corporation for Assigned Names 881 and Numbers (ICANN) 883 * Location: Domain Name Registration Data Lookup: 884 https://lookup.icann.org/ 886 * Description: ICANN created the Domain Name Registration Data 887 Lookup web client as a free public service that gives users the 888 ability to look up and display publicly available registration 889 data related to a domain name using the top level domain's RDAP 890 service location listed in the IANA bootstrap service registry for 891 domain name space (RFC 7484), and the sponsoring Registrar's RDAP 892 server. This web client implementation also supports the 893 specifications defined in the "gTLD RDAP Profile" documents 894 (https://www.icann.org/gtld-rdap-profile). 896 * Level of Maturity: Production. 898 * Coverage: This web client implements RFC 7482 section 3.1.3 899 "Domain Path Segment Specification" to perform lookups exclusively 900 for the domain object class. 902 * Version Compatibility: RFC 7482 904 * Contact Information: globalSupport@icann.org 906 * Date Last Updated: 07-Oct-2019 908 8. IANA Considerations 910 This document has no actions for IANA. 912 9. Security Considerations 914 Security services for the operations specified in this document are 915 described in "Security Services for the Registration Data Access 916 Protocol (RDAP)" [RFC7481]. 918 Search functionality typically requires more server resources (such 919 as memory, CPU cycles, and network bandwidth) when compared to basic 920 lookup functionality. This increases the risk of server resource 921 exhaustion and subsequent denial of service due to abuse. This risk 922 can be mitigated by developing and implementing controls to restrict 923 search functionality to identified and authorized clients. If those 924 clients behave badly, their search privileges can be suspended or 925 revoked. Rate limiting as described in Section 5.5 of "HTTP Usage in 926 the Registration Data Access Protocol (RDAP)" [RFC7480] can also be 927 used to control the rate of received search requests. Server 928 operators can also reduce their risk by restricting the amount of 929 information returned in response to a search request. 931 Search functionality also increases the privacy risk of disclosing 932 object relationships that might not otherwise be obvious. For 933 example, a search that returns IDN variants [RFC6927] that do not 934 explicitly match a client-provided search pattern can disclose 935 information about registered domain names that might not be otherwise 936 available. Implementers need to consider the policy and privacy 937 implications of returning information that was not explicitly 938 requested. 940 Note that there might not be a single, static information return 941 policy that applies to all clients equally. Client identity and 942 associated authorizations can be a relevant factor in determining how 943 broad the response set will be for any particular query. 945 10. References 947 10.1. Normative References 949 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 950 host table specification", RFC 952, DOI 10.17487/RFC0952, 951 October 1985, . 953 [RFC1035] Mockapetris, P., "Domain names - implementation and 954 specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, 955 November 1987, . 957 [RFC1123] Braden, R., Ed., "Requirements for Internet Hosts - 958 Application and Support", STD 3, RFC 1123, 959 DOI 10.17487/RFC1123, October 1989, 960 . 962 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 963 numbers", RFC 1166, DOI 10.17487/RFC1166, July 1990, 964 . 966 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 967 Requirement Levels", BCP 14, RFC 2119, 968 DOI 10.17487/RFC2119, March 1997, 969 . 971 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 972 Resource Identifier (URI): Generic Syntax", STD 66, 973 RFC 3986, DOI 10.17487/RFC3986, January 2005, 974 . 976 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 977 Architecture", RFC 4291, DOI 10.17487/RFC4291, February 978 2006, . 980 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 981 (CIDR): The Internet Address Assignment and Aggregation 982 Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August 983 2006, . 985 [RFC4918] Dusseault, L., Ed., "HTTP Extensions for Web Distributed 986 Authoring and Versioning (WebDAV)", RFC 4918, 987 DOI 10.17487/RFC4918, June 2007, 988 . 990 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 991 Autonomous System (AS) Numbers", RFC 5396, 992 DOI 10.17487/RFC5396, December 2008, 993 . 995 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 996 STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009, 997 . 999 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 1000 Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733, 1001 August 2009, . 1003 [RFC5890] Klensin, J., "Internationalized Domain Names for 1004 Applications (IDNA): Definitions and Document Framework", 1005 RFC 5890, DOI 10.17487/RFC5890, August 2010, 1006 . 1008 [RFC5891] Klensin, J., "Internationalized Domain Names in 1009 Applications (IDNA): Protocol", RFC 5891, 1010 DOI 10.17487/RFC5891, August 2010, 1011 . 1013 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 1014 Address Text Representation", RFC 5952, 1015 DOI 10.17487/RFC5952, August 2010, 1016 . 1018 [RFC7230] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1019 Protocol (HTTP/1.1): Message Syntax and Routing", 1020 RFC 7230, DOI 10.17487/RFC7230, June 2014, 1021 . 1023 [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer 1024 Protocol (HTTP/1.1): Semantics and Content", RFC 7231, 1025 DOI 10.17487/RFC7231, June 2014, 1026 . 1028 [RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the 1029 Registration Data Access Protocol (RDAP)", RFC 7480, 1030 DOI 10.17487/RFC7480, March 2015, 1031 . 1033 [RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the 1034 Registration Data Access Protocol (RDAP)", RFC 7481, 1035 DOI 10.17487/RFC7481, March 2015, 1036 . 1038 [RFC7484] Blanchet, M., "Finding the Authoritative Registration Data 1039 (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March 1040 2015, . 1042 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1043 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1044 May 2017, . 1046 [RFC8499] Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS 1047 Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499, 1048 January 2019, . 1050 [I-D.ietf-regext-rfc7483bis] 1051 Hollenbeck, S. and A. Newton, "JSON Responses for the 1052 Registration Data Access Protocol (RDAP)", Work in 1053 Progress, Internet-Draft, draft-ietf-regext-rfc7483bis-04, 1054 21 October 2020, . 1057 [Unicode-UAX15] 1058 The Unicode Consortium, "Unicode Standard Annex #15: 1059 Unicode Normalization Forms", September 2013, 1060 . 1062 10.2. Informative References 1064 [REST] Fielding, R., "Architectural Styles and the Design of 1065 Network-based Software Architectures", Ph.D. 1066 Dissertation, University of California, Irvine, 2000, 1067 . 1070 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 1071 DOI 10.17487/RFC3912, September 2004, 1072 . 1074 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 1075 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 1076 DOI 10.17487/RFC4007, March 2005, 1077 . 1079 [RFC4290] Klensin, J., "Suggested Practices for Registration of 1080 Internationalized Domain Names (IDN)", RFC 4290, 1081 DOI 10.17487/RFC4290, December 2005, 1082 . 1084 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 1085 IPv6 Zone Identifiers in Address Literals and Uniform 1086 Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874, 1087 February 2013, . 1089 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 1090 Registered in Top-Level Domains", RFC 6927, 1091 DOI 10.17487/RFC6927, May 2013, 1092 . 1094 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 1095 Code: The Implementation Status Section", BCP 205, 1096 RFC 7942, DOI 10.17487/RFC7942, July 2016, 1097 . 1099 [RFC8521] Hollenbeck, S. and A. Newton, "Registration Data Access 1100 Protocol (RDAP) Object Tagging", BCP 221, RFC 8521, 1101 DOI 10.17487/RFC8521, November 2018, 1102 . 1104 Acknowledgments 1106 This document is derived from original work on RIR query formats 1107 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 1108 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 1109 Additionally, this document incorporates DNR query formats originally 1110 described by Francisco Arias and Steve Sheng of ICANN and Scott 1111 Hollenbeck of Verisign Labs. 1113 The authors would like to acknowledge the following individuals for 1114 their contributions to this document: Francisco Arias, Marc Blanchet, 1115 Ernie Dainow, Jean-Philippe Dionne, Byron J. Ellacott, Behnam 1116 Esfahbod, John Klensin, John Levine, Edward Lewis, Mario Loffredo, 1117 Patrick Mevzek, Mark Nottingham, Kaveh Ranjbar, Arturo L. Servin, 1118 Steve Sheng, Jasdip Singh, and Andrew Sullivan. 1120 Changes from RFC 7482 1122 00: Initial version ported from RFC 7482. Added Implementation 1123 Status section. Addressed known errata. 1125 01: Addressed other reported clarifications and corrections: IDN/ 1126 IDNA definition, note that registrars are entities, definition of 1127 "DNR", RFC 8521 to address bootstrap registry limitation, removal 1128 of extraneous "...", HTTP query string clarification, search 1129 pattern clarification, name server search clarification, domain 1130 label suffix and asterisk search clarification. 1132 02: Addressed "The HTTP query string" clarification. 1134 03: Modified co-author address. 1136 04: Updated references to 7483 to 7483bis Internet-Draft. Updated 1137 "Change Log" to "Changes from RFC 7482". Added more detail to the 1138 changes made in the -01 version. 1140 05: Added an empty IANA Considerations section to satisfy IDNits. 1141 Changed references to use HTTPS for targets. Split ARIN and 1142 NicInfo implementation status into two sections. 1144 06: Changed "XXXX is a search pattern representing the "FN" property 1145 of an entity (such as a contact, registrant, or registrar) name as 1146 specified in Section 5.1" to "Changed "XXXX is a search pattern 1147 representing the "fn" property of an entity (such as a contact, 1148 registrant, or registrar) name as described in Section 5.1". 1150 00: Initial working group version. Added acknowledgments. 1152 01: Changed "The intent of the patterns described here are to enable 1153 queries" to "The intent of the patterns described here is to 1154 enable queries". Changed "the corresponding syntax extension in 1155 RFC 6874 [RFC6874] MUST NOT be used, and servers are to ignore it 1156 if possible" to "the corresponding syntax extension in RFC 6874 1157 [RFC6874] MUST NOT be used, and servers SHOULD ignore it". 1158 Changed "Only a single asterisk is allowed for a partial string 1159 search" to "A partial string search MUST NOT include more than one 1160 asterisk". Changed "Clients should avoid submitting a partial 1161 match search of Unicode characters where a Unicode character may 1162 be legally combined with another Unicode character or characters" 1163 to "Clients SHOULD NOT submit a partial match search of Unicode 1164 characters where a Unicode character may be legally combined with 1165 another Unicode character or characters". 1167 02: Changed description of nameserver IP address "search pattern" in 1168 Sections 3.2.1 and 3.2.2. 1170 03: IESG review feedback: Added "obsoletes 7482" to the headers, 1171 Abstract, and Introduction. Changed "IETF standards" to "IETF 1172 specifications" and "Therefore" to "Accordingly" in Section 1. 1173 Updated BCP14 template. Added definition of "bootstrap registry" 1174 and changed "concatenating ... to" to "concatenating ... with" in 1175 Section 3. Changed "bitmask length" to "prefix length" and 1176 "2001:db8::0" to "2001:db8::" in Section 3.1.1. Added "in 1177 contrast to the more generic HTTP query string that admits 1178 multiple simultaneous parameters" in Section 3.2. Changed 1179 "0x002A" to "0x2A" in Section 4.1. Clarified use of HTTP 422 1180 SHOULD in Section 4.1. 1182 Authors' Addresses 1184 Scott Hollenbeck 1185 Verisign Labs 1186 12061 Bluemont Way 1187 Reston, VA 20190 1188 United States of America 1190 Email: shollenbeck@verisign.com 1191 URI: https://www.verisignlabs.com/ 1193 Andy Newton 1194 Amazon Web Services, Inc. 1195 13200 Woodland Park Road 1196 Herndon, VA 20171 1197 United States of America 1199 Email: andy@hxr.us