idnits 2.17.1 draft-ietf-weirds-rdap-query-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 4, 2014) is 3733 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-14) exists of draft-ietf-weirds-json-response-06 == Outdated reference: A later version (-12) exists of draft-ietf-weirds-rdap-sec-05 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-rdap-sec' == Outdated reference: A later version (-15) exists of draft-ietf-weirds-using-http-07 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-using-http' ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Obsolete normative reference: RFC 2616 (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) ** Downref: Normative reference to an Informational RFC: RFC 4290 ** Obsolete normative reference: RFC 5785 (Obsoleted by RFC 8615) -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' -- Obsolete informational reference (is this intentional?): RFC 1594 (Obsoleted by RFC 2664) -- Obsolete informational reference (is this intentional?): RFC 4627 (Obsoleted by RFC 7158, RFC 7159) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Newton 3 Internet-Draft ARIN 4 Intended status: Standards Track S. Hollenbeck 5 Expires: August 8, 2014 Verisign Labs 6 February 4, 2014 8 Registration Data Access Protocol Query Format 9 draft-ietf-weirds-rdap-query-10 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on August 8, 2014. 35 Copyright Notice 37 Copyright (c) 2014 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Conventions Used in This Document . . . . . . . . . . . . . . 2 53 1.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 2 54 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Path Segment Specification . . . . . . . . . . . . . . . . . 4 56 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 4 57 3.1.1. IP Network Path Segment Specification . . . . . . . . 5 58 3.1.2. Autonomous System Path Segment Specification . . . . 5 59 3.1.3. Domain Path Segment Specification . . . . . . . . . . 6 60 3.1.4. Name Server Path Segment Specification . . . . . . . 7 61 3.1.5. Entity Path Segment Specification . . . . . . . . . . 7 62 3.1.6. Help Path Segment Specification . . . . . . . . . . . 8 63 3.2. Search Path Segment Specification . . . . . . . . . . . . 8 64 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 8 65 3.2.2. Name Server Search . . . . . . . . . . . . . . . . . 9 66 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 9 67 4. Search Processing . . . . . . . . . . . . . . . . . . . . . . 10 68 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 12 69 6. Internationalization Considerations . . . . . . . . . . . . . 12 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 71 8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 72 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 13 73 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 74 10.1. Normative References . . . . . . . . . . . . . . . . . . 14 75 10.2. Informative References . . . . . . . . . . . . . . . . . 16 76 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 16 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 79 1. Conventions Used in This Document 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in RFC 2119 [RFC2119]. 85 1.1. Acronyms and Abbreviations 87 IDN: Internationalized Domain Name 88 IDNA: Internationalized Domain Names in Applications 89 DNR: Domain Name Registry 90 NFC: Unicode Normalization Form C 91 NFKC: Unicode Normalization Form KC 92 RDAP: Registration Data Access Protocol 93 REST: Representational State Transfer State Transfer. The term 94 was first described in a doctoral dissertation [REST]. 95 RESTful: An adjective that describes a service using HTTP and the 96 principles of REST. 97 RIR: Regional Internet Registry 99 2. Introduction 101 This document describes a specification for querying registration 102 data using a RESTful web service and uniform query patterns. The 103 service is implemented using the Hypertext Transfer Protocol (HTTP) 104 [RFC2616]. 106 The protocol described in this specification is intended to address 107 deficiencies with the WHOIS protocol [RFC3912] that have been 108 identified over time, including: 110 o Lack of standardized command structures, 111 o lack of standardized output and error structures, 112 o lack of support for internationalization and localization, and 113 o lack of support for user identification, authentication, and 114 access control. 116 The patterns described in this document purposefully do not encompass 117 all of the methods employed in the WHOIS and RESTful web services of 118 all of the RIRs and DNRs. The intent of the patterns described here 119 are to enable queries of: 121 o networks by IP address, 122 o autonomous system numbers by number, 123 o reverse DNS meta-data by domain, 124 o name servers by name, 125 o registrars by name, and 126 o entities (such as contacts) by identifier. 128 It is envisioned that each registry will continue to maintain NICNAME 129 /WHOIS and/or RESTful web services specific to their needs and those 130 of their constituencies, and the information retrieved through the 131 patterns described here may reference such services. 133 Likewise, future IETF standards may add additional patterns for 134 additional query types. A simple pattern namespacing scheme is 135 described in Section 5 to accommodate custom extensions that will not 136 interfere with the patterns defined in this document or patterns 137 defined in future IETF standards. 139 WHOIS services, in general, are read-only services. Therefore URL 140 [RFC3986] patterns specified in this document are only applicable to 141 the HTTP [RFC2616] GET and HEAD methods. 143 This document does not describe the results or entities returned from 144 issuing the described URLs with an HTTP GET. JSON [RFC4627] result 145 formatting and processing is described in 146 [I-D.ietf-weirds-json-response]. 148 Additionally, resource management, provisioning and update functions 149 are out of scope for this document. Registries have various and 150 divergent methods covering these functions, and it is unlikely a 151 uniform approach for these functions will ever be possible. 153 HTTP contains mechanisms for servers to authenticate clients and for 154 clients to authenticate servers (from which authorization schemes may 155 be built) so such mechanisms are not described in this document. 156 Policy, provisioning, and processing of authentication and 157 authorization are out-of-scope for this document as deployments will 158 have to make choices based on local criteria. Specified 159 authentication mechanisms MUST use HTTP. 161 3. Path Segment Specification 163 RDAP queries use well-known URLs [RFC5785] with the "rdap" prefix. 164 Generally, a registry or other service provider will provide a base 165 URL that identifies the protocol, host and port, and this will be 166 used as a base URL that the well-known URL is resolved against, as 167 per Section 5 of RFC 3986 [RFC3986]. 169 For example, if the base URL is "http://example.com/", all RDAP query 170 URLs will begin with "http://example.com/.well-known/rdap". 172 Note that path and query information in the base URL are not used, 173 because the well-known URL is rooted at "/.well-known/rdap"; for 174 example, if a registry provides "http://example.com/other/path" as a 175 base URL, RDAP query URLs will still begin with "http://example.com/ 176 .well-known/rdap". 178 3.1. Lookup Path Segment Specification 180 The resource type path segments for exact match lookup are: 182 o 'ip': Used to identify IP networks and associated data referenced 183 using either an IPv4 or IPv6 address. 184 o 'autnum': Used to identify autonomous system registrations and 185 associated data referenced using an AS Plain autonomous system 186 number. 187 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 188 information and associated data referenced using a fully-qualified 189 domain name. 190 o 'nameserver': Used to identify a name server information query 191 using a host name. 192 o 'entity': Used to identify an entity information query using a 193 string identifier. 195 3.1.1. IP Network Path Segment Specification 197 Syntax: ip/ or ip// 199 Queries for information about IP networks are of the form /ip/XXX/... 200 or /ip/XXX/YY/... where the path segment following 'ip' is either an 201 IPv4 [RFC1166] or IPv6 [RFC5952] address (i.e. XXX) or an IPv4 or 202 IPv6 CIDR [RFC4632] notation address block (i.e. XXX/YY). 203 Semantically, the simpler form using the address can be thought of as 204 a CIDR block with a bitmask length of 32 for IPv4 and a bitmask 205 length of 128 for IPv6. A given specific address or CIDR may fall 206 within multiple IP networks in a hierarchy of networks, therefore 207 this query targets the "most-specific" or smallest IP network which 208 completely encompasses it in a hierarchy of IP networks. 210 The IPv4 and IPv6 address formats supported in this query are 211 described in section 3.2.2 of [RFC3986], as IPv4address and 212 IPv6address ABNF definitions. Any valid IPv6 text address format 213 [RFC4291] can be used, compressed or not compressed. The restricted 214 rules to write a text representation of an IPv6 address [RFC5952] are 215 not mandatory. However, the zone id [RFC4007] is not appropriate in 216 this context and therefore prohibited. 218 For example, the following URL would be used to find information for 219 the most specific network containing 192.0.2.0: 221 http://example.com/.well-known/rdap/ip/192.0.2.0 223 The following URL would be used to find information for the most 224 specific network containing 192.0.2.0/24: 226 http://example.com/.well-known/rdap/ip/192.0.2.0/24 228 The following URL would be used to find information for the most 229 specific network containing 2001:db8::0: 231 http://example.com/.well-known/rdap/ip/2001:db8::0 233 3.1.2. Autonomous System Path Segment Specification 235 Syntax: autnum/ 237 Queries for information regarding autonomous system number 238 registrations are of the form /autnum/XXX/... where XXX is an AS 239 Plain autonomous system number [RFC5396]. In some registries, 240 registration of autonomous system numbers is done on an individual 241 number basis, while other registries may register blocks of 242 autonomous system numbers. The semantics of this query are such that 243 if a number falls within a range of registered blocks, the target of 244 the query is the block registration, and that individual number 245 registrations are considered a block of numbers with a size of 1. 247 For example, the following URL would be used to find information 248 describing autonomous system number 12 (a number within a range of 249 registered blocks): 251 http://example.com/.well-known/rdap/autnum/12 253 The following URL would be used to find information describing 4-byte 254 autonomous system number 65538: 256 http://example.com/.well-known/rdap/autnum/65538 258 3.1.3. Domain Path Segment Specification 260 Syntax: domain/ 262 Queries for domain information are of the form /domain/XXXX/..., 263 where XXXX is a fully-qualified (relative to the root) domain name 264 [RFC1594] in either the in-addr.arpa or ip6.arpa zones (for RIRs) or 265 a fully-qualified domain name in a zone administered by the server 266 operator (for DNRs). Internationalized domain names represented in 267 either A-label or U-label format [RFC5890] are also valid domain 268 names. IDNs SHOULD NOT be represented as a mixture of A-labels and 269 U-labels; that is, any IDN SHOULD use only A-labels or only U-labels. 271 If the client sends the server an IDN in U-label format, servers that 272 support IDNs MUST convert the IDN into A-label format and perform 273 IDNA processing as specified in RFC 5891 [RFC5891]. The server 274 should perform an exact match lookup using the A-label. 276 The following URL would be used to find information describing the 277 zone serving the network 192.0.2/24: 279 http://example.com/.well-known/rdap/domain/2.0.192.in-addr.arpa 281 The following URL would be used to find information describing the 282 zone serving the network 2001:db8:1::/48: 284 http://example.com/.well-known/rdap/domain/ 285 1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 287 The following URL would be used to find information for the 288 blah.example.com domain name: 290 http://example.com/.well-known/rdap/domain/blah.example.com 291 The following URL would be used to find information for the 292 xn--fo-5ja.example IDN: 294 http://example.com/.well-known/rdap/domain/xn--fo-5ja.example 296 3.1.4. Name Server Path Segment Specification 298 Syntax: nameserver/ 300 The parameter represents a fully qualified name as 301 specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123]. 302 Internationalized names represented in either A-label or U-label 303 format [RFC5890] are also valid name server names. IDN labels SHOULD 304 NOT be represented as a mixture of A-labels and U-labels. 306 If the client sends the server an IDN in U-label format, servers that 307 support IDNs MUST convert the IDN into A-label format and perform 308 IDNA processing as specified in RFC 5891 [RFC5891]. The server 309 should perform an exact match lookup using the A-label. 311 The following URL would be used to find information for the 312 ns1.example.com name server: 314 http://example.com/.well-known/rdap/nameserver/ns1.example.com 316 The following URL would be used to find information for the 317 ns1.xn--fo-5ja.example name server: 319 http://example.com/.well-known/rdap/nameserver/ns1.xn--fo-5ja.example 321 3.1.5. Entity Path Segment Specification 323 Syntax: entity/ 325 The parameter represents an entity (such as a contact, 326 registrant, or registrar) identifier. For example, for some DNRs 327 contact identifiers are specified in RFC 5730 [RFC5730] and RFC 5733 328 [RFC5733]. 330 The following URL would be used to find information for the entity 331 associated with handle XXXX: 333 http://example.com/.well-known/rdap/entity/XXXX 335 3.1.6. Help Path Segment Specification 337 Syntax: help 339 The help path segment can be used to request helpful information 340 (command syntax, terms of service, privacy policy, rate limiting 341 policy, supported authentication methods, supported extensions, 342 technical support contact, etc.) from an RDAP server. The response 343 to "help" should provide basic information that a client needs to 344 successfully use the service. The following URL would be used to 345 return "help" information: 347 http://example.com/.well-known/rdap/help 349 3.2. Search Path Segment Specification 351 The resource type path segments for search are: 353 o 'domains': Used to identify a domain name information search using 354 a pattern to match a fully-qualified domain name. 355 o 'nameservers': Used to identify a name server information search 356 using a pattern to match a host name. 357 o 'entities': Used to identify an entity information search using a 358 pattern to match a string identifier. 360 RDAP search path segments are formed using a concatenation of the 361 plural form of the object being searched for, a forward slash 362 character ('/', ASCII value 0x002F), and an HTTP query string. The 363 HTTP query string is formed using a concatenation of the question 364 mark character ('?', ASCII value 0x003F), the JSON object value 365 associated with the object being searched for, the equal sign 366 character ('=', ASCII value 0x003D), and the search pattern. For the 367 domain and entity objects described in this document the plural 368 object forms are "domains" and "entities". 370 3.2.1. Domain Search 372 Syntax: domains?name= 374 Searches for domain information are of the form 376 /domains?name=XXXX 378 where XXXX is a search pattern representing a domain name in 379 "letters, digits, hyphen" format [RFC5890] in a zone administered by 380 the server operator of a DNR. The following URL would be used to 381 find DNR information for domain names matching the "example*.com" 382 pattern: 384 http://example.com/.well-known/rdap/domains?name=example*.com 386 Internationalized Domain Names (IDNs) in U-label format [RFC5890] can 387 also be used as search patterns (see Section 4). Searches for these 388 names are of the form /domains?name=XXXX, where XXXX is a search 389 pattern representing a domain name in U-label format [RFC5890]. 391 3.2.2. Name Server Search 393 Syntax: nameservers?name= 395 Searches for name server information can take one of two forms: 397 /nameservers?name=XXXX 399 /nameservers?ip=YYYY 401 XXXX is a search pattern representing a host name in "letters, 402 digits, hyphen" format [RFC5890] in a zone administered by the server 403 operator of a DNR. The following URL would be used to find DNR 404 information for name server names matching the "ns1.example*.com" 405 pattern: 407 http://example.com/.well-known/rdap/nameservers?name=ns1.example*.com 409 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 410 [RFC5952] address. The following URL would be used to search for 411 name server names that resolve to the "192.0.2.0" address: 413 http://example.com/.well-known/rdap/nameservers?ip=192.0.2.0 415 Internationalized name server names in U-label format [RFC5890] can 416 also be used as search patterns (see Section 4). Searches for these 417 names are of the form /nameservers?name=XXXX, where XXXX is a search 418 pattern representing a name server name in U-label format [RFC5890]. 420 3.2.3. Entity Search 422 Syntax: entities?fn= 424 Syntax: entities?handle= 426 Searches for entity information by name are of the form 428 /entities?fn=XXXX 430 where XXXX is a search pattern representing an entity name as 431 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 432 following URL would be used to find information for entity names 433 matching the "Bobby Joe*" pattern. 435 http://example.com/.well-known/rdap/entities?fn=Bobby%20Joe* 437 Searches for entity information by handle are of the form 439 /entities?handle=XXXX 441 where XXXX is a search pattern representing an entity handle as 442 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 443 following URL would be used to find information for entity names 444 matching the "CID-40*" pattern. 446 http://example.com/.well-known/rdap/entities?handle=CID-40* 448 URLs MUST be properly encoded according to the rules of [RFC3986]. 449 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 451 4. Search Processing 453 Partial string searching uses the asterisk ('*', ASCII value 0x002A) 454 character to match zero or more trailing characters. A character 455 string representing multiple domain name labels MAY be concatenated 456 to the end of the search pattern to limit the scope of the search. 457 For example, the search pattern "exam*" will match "example.com" and 458 "example.net". The search pattern "exam*.com" will match 459 "example.com". Additional pattern matching processing is beyond the 460 scope of this specification. 462 If a server receives a search request but cannot process the request 463 because it does not support a particular style of partial match 464 searching, it SHOULD return an HTTP 422 [RFC4918] error. When 465 returning a 422 error, the server MAY also return an error response 466 body as specified in Section 7 of [I-D.ietf-weirds-json-response] if 467 the requested media type is one that is specified in 468 [I-D.ietf-weirds-using-http]. 470 Partial matching is not feasible across combinations of Unicode 471 characters because Unicode characters can be combined with another 472 Unicode character or characters. Servers SHOULD NOT partially match 473 combinations of Unicode characters where a Unicode character may be 474 legally combined with another Unicode character or characters. 475 Clients should avoid submitting a partial match search of Unicode 476 characters where a Unicode character may be legally combined with 477 another Unicode character or characters. Partial match searches with 478 incomplete combinations of characters where a character must be 479 combined with another character or characters are invalid. Partial 480 match searches with characters that may be combined with another 481 character or characters are to be considered non-combined characters 482 (that is, if character x may be combined with character y but 483 character y is not submitted in the search string then character x is 484 a complete character and no combinations of character x are to be 485 searched). 487 Servers can expect to receive search patterns from clients that 488 contain character strings encoded in different forms supported by 489 HTTP. It is entirely possible to apply filters and normalization 490 rules to search patterns prior to making character comparisons, but 491 this type of processing is more typically needed to determine the 492 validity of registered strings than to match patterns. 494 An RDAP client submitting a query string containing non-US-ASCII 495 characters converts such strings into Unicode in UTF-8 encoding. It 496 then performs any local case mapping deemed necessary. Strings are 497 normalized using Normalization Form C (NFC, [Unicode-UAX15]); note 498 that clients might not be able to do this reliably. 500 An RDAP server treats each query string as Unicode in UTF-8 encoding. 501 If a string is not valid UTF-8, the server can immediately stop 502 processing the query and return an HTTP 400 error response code. 504 When processing queries, there is a difference in handling DNS names, 505 including those including putative U-labels, and everything else. 506 DNS names are treated according to the DNS matching rules as 507 described in Section 3.1 of RFC 1035 [RFC1035] for NR-LDH labels and 508 the matching rules described in Section 5.4 of RFC 5891 [RFC5891] for 509 U-labels. Matching of DNS names proceeds one label at a time, 510 because it is possible for a combination of U-labels and NR-LDH 511 labels to be found in a single domain or host name. The 512 determination of whether a label is a U-label or an NR-LDH label is 513 based on whether the label contains any characters outside of the US- 514 ASCII letters, digits, or hyphen (the so-called LDH rule). 516 For everything else, servers map fullwidth and halfwidth characters 517 to their decomposition equivalents. Servers convert strings to the 518 same coded character set of the target data that is to be looked up 519 or searched and each string is normalized using the same 520 normalization that was used on the target data. In general, storage 521 of strings as Unicode is RECOMMENDED. For the purposes of 522 comparison, Normalization Form KC (NFKC, [Unicode-UAX15]) with case 523 folding is used to maximize predictability and the number of matches. 524 Note the use of case-folded NFKC as opposed to NFC in this case. 526 Conceptually, a name-record in a database may include a link to an 527 associated name-record, which may include a link to another such 528 record, and so on. If an implementation is to return more than one 529 name-record in response to a query, information from the records 530 thereby identified is returned. 532 Note that this model includes arrangements for associated names, 533 including those that are linked by policy mechanisms and names bound 534 together for some other purposes. Note also that returning 535 information that was not explicitly selected by an exact-match 536 lookup, including additional names that match a relatively fuzzy 537 search as well as lists of names that are linked together, may cause 538 privacy issues. 540 5. Extensibility 542 This document describes path segment specifications for a limited 543 number of objects commonly registered in both RIRs and DNRs. It does 544 not attempt to describe path segments for all of the objects 545 registered in all registries. Custom path segments can be created 546 for objects not specified here using the process described in 547 Section 6 of "HTTP usage in the Registration Data Access Protocol 548 (RDAP)" [I-D.ietf-weirds-using-http]. 550 Custom path segments can be created by prefixing the segment with a 551 unique identifier followed by an underscore character (0x5F). For 552 example, a custom entity path segment could be created by prefixing 553 "entity" with "custom_", producing "custom_entity". Servers MUST 554 return an appropriate failure status code for a request with an 555 unrecognized path segment. 557 6. Internationalization Considerations 559 There is value in supporting the ability to submit either a U-label 560 (Unicode form of an IDN label) or an A-label (ASCII form of an IDN 561 label) as a query argument to an RDAP service. Clients capable of 562 processing non-ASCII characters may prefer a U-label since this is 563 more visually recognizable and familiar than A-label strings, but 564 clients using programmatic interfaces might find it easier to submit 565 and display A-labels if they are unable to input U-labels with their 566 keyboard configuration. Both query forms are acceptable. 568 Internationalized domain and name server names can contain character 569 variants and variant labels as described in RFC 4290 [RFC4290]. 570 Clients that support queries for internationalized domain and name 571 server names MUST accept service provider responses that describe 572 variants as specified in "JSON Responses for the Registration Data 573 Access Protocol" [I-D.ietf-weirds-json-response]. 575 7. IANA Considerations 577 IANA is requested to register the "rdap" well-known URI suffix 578 following the procedures identified in RFC 5785 [RFC5785]. 580 URI suffix: "rdap" 582 Change controller: IETF 584 Specification document: This document, Section 3. 586 Related information: None 588 8. Security Considerations 590 Security services for the operations specified in this document are 591 described in "Security Services for the Registration Data Access 592 Protocol" [I-D.ietf-weirds-rdap-sec]. 594 Search functionality typically requires more server resources (such 595 as memory, CPU cycles, and network bandwidth) when compared to basic 596 lookup functionality. This increases the risk of server resource 597 exhaustion and subsequent denial of service due to abuse. This risk 598 can be mitigated by developing and implementing controls to restrict 599 search functionality to identified and authorized clients. If those 600 clients behave badly, their search privileges can be suspended or 601 revoked. Rate limiting as described in Section 5.5 of "HTTP usage in 602 the Registration Data Access Protocol (RDAP)" 603 [I-D.ietf-weirds-using-http] can also be used to control the rate of 604 received search requests. Server operators can also reduce their 605 risk by restricting the amount of information returned in response to 606 a search request. 608 Search functionality also increases the privacy risk of disclosing 609 object relationships that might not otherwise be obvious. For 610 example, a search that returns IDN variants [RFC6927] that do not 611 explicitly match a client-provided search pattern can disclose 612 information about registered domain names that might not be otherwise 613 available. Implementers need to consider the policy and privacy 614 implications of returning information that was not explicitly 615 requested. 617 9. Acknowledgements 619 This document is derived from original work on RIR query formats 620 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of LACNIC, 621 Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 622 Additionally, this document incorporates DNR query formats originally 623 described by Francisco Arias and Steve Sheng of ICANN and Scott 624 Hollenbeck of Verisign Labs. 626 The authors would like to acknowledge the following individuals for 627 their contributions to this document: Francisco Arias, Marc Blanchet, 628 Ernie Dainow, Jean-Philippe Dionne, Behnam Esfahbod, John Klensin, 629 Edward Lewis, John Levine, Mark Nottingham, and Andrew Sullivan. 631 10. References 633 10.1. Normative References 635 [I-D.ietf-weirds-json-response] 636 Newton, A. and S. Hollenbeck, "JSON Responses for the 637 Registration Data Access Protocol (RDAP)", draft-ietf- 638 weirds-json-response-06 (work in progress), October 2013. 640 [I-D.ietf-weirds-rdap-sec] 641 Hollenbeck, S. and N. Kong, "Security Services for the 642 Registration Data Access Protocol", draft-ietf-weirds- 643 rdap-sec-05 (work in progress), August 2013. 645 [I-D.ietf-weirds-using-http] 646 Newton, A., Ellacott, B., and N. Kong, "HTTP usage in the 647 Registration Data Access Protocol (RDAP)", draft-ietf- 648 weirds-using-http-07 (work in progress), July 2013. 650 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 651 host table specification", RFC 952, October 1985. 653 [RFC1035] Mockapetris, P., "Domain names - implementation and 654 specification", STD 13, RFC 1035, November 1987. 656 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application 657 and Support", STD 3, RFC 1123, October 1989. 659 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 660 numbers", RFC 1166, July 1990. 662 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 663 Requirement Levels", BCP 14, RFC 2119, March 1997. 665 [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., 666 Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext 667 Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. 669 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 670 Resource Identifier (URI): Generic Syntax", STD 66, RFC 671 3986, January 2005. 673 [RFC4290] Klensin, J., "Suggested Practices for Registration of 674 Internationalized Domain Names (IDN)", RFC 4290, December 675 2005. 677 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 678 Architecture", RFC 4291, February 2006. 680 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 681 (CIDR): The Internet Address Assignment and Aggregation 682 Plan", BCP 122, RFC 4632, August 2006. 684 [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed 685 Authoring and Versioning (WebDAV)", RFC 4918, June 2007. 687 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 688 Autonomous System (AS) Numbers", RFC 5396, December 2008. 690 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 691 STD 69, RFC 5730, August 2009. 693 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 694 Contact Mapping", STD 69, RFC 5733, August 2009. 696 [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known 697 Uniform Resource Identifiers (URIs)", RFC 5785, April 698 2010. 700 [RFC5890] Klensin, J., "Internationalized Domain Names for 701 Applications (IDNA): Definitions and Document Framework", 702 RFC 5890, August 2010. 704 [RFC5891] Klensin, J., "Internationalized Domain Names in 705 Applications (IDNA): Protocol", RFC 5891, August 2010. 707 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 708 Address Text Representation", RFC 5952, August 2010. 710 [Unicode-UAX15] 711 The Unicode Consortium, "Unicode Standard Annex #15: 712 Unicode Normalization Forms", September 2013, 713 . 715 10.2. Informative References 717 [REST] Fielding, R. and R. Taylor, "Principled Design of the 718 Modern Web Architecture", ACM Transactions on Internet 719 Technology Vol. 2, No. 2, May 2002. 721 [RFC1594] Marine, A., Reynolds, J., and G. Malkin, "FYI on Questions 722 and Answers - Answers to Commonly asked "New Internet 723 User" Questions", RFC 1594, March 1994. 725 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 726 September 2004. 728 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 729 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 730 March 2005. 732 [RFC4627] Crockford, D., "The application/json Media Type for 733 JavaScript Object Notation (JSON)", RFC 4627, July 2006. 735 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 736 Registered in Top-Level Domains", RFC 6927, May 2013. 738 Appendix A. Change Log 740 Initial -00: Adopted as working group document. 741 -01: Added "Conventions Used in This Document" section. Added 742 normative reference to draft-ietf-weirds-rdap-sec and some 743 wrapping text in the Security Considerations section. 744 -02: Removed "unified" from the title. Rewrote the last paragraph 745 of section 2. Edited the first paragraph of section 3 to more 746 clearly note that only one path segment is provided. Added 747 "bitmask" to "length" in section 3.1. Changed "lowest IP network" 748 to "smallest IP network" in section 3.1. Added "asplain" to the 749 description of autonomous system numbers in section 3.2. Minor 750 change from "semantics is" to "semantics are" in section 3.2. 751 Changed the last sentence in section 4 to more clearly specify 752 error response behavior. Added acknowledgements. Added a 753 paragraph in the introduction regarding future IETF standards and 754 extensibility. 755 -03: Changed 'query' to 'lookup' in document title to better 756 describe the 'exact match lookup' purpose of this document. 757 Included a multitude of minor additions and clarifications 758 provided by Marc Blanchet and Jean-Philippe Dionne. Modified the 759 domain and name server sections to include support for IDN 760 U-labels. 762 -04: Updated the domain and name server sections to use .example IDN 763 U-labels. Added text to note that mixed IDN labels SHOULD NOT be 764 used. Fixed broken sentences in Section 6. 765 -05: Added "help" path segment. 766 -06: Added search text and removed or edited old search text. 767 -07: Fixed query parameter typo by replacing "/?" with "?". Changed 768 "asplain" to "AS Plain". Added entity search by handle. 769 Corrected section references. Updated IDN search text. 770 -08: Revised URI formats and added IANA instructions to create a 771 registry entry for the "rdap" well-known prefix. Revised search 772 processing text and added search privacy consideration. 773 Synchronized examples with response draft. 774 -09: More search processing and URI prefix updates. Updated fully- 775 qualified domain name reference. 776 -10: Added name server search by IP address. 778 Authors' Addresses 780 Andrew Lee Newton 781 American Registry for Internet Numbers 782 3635 Concorde Parkway 783 Chantilly, VA 20151 784 US 786 Email: andy@arin.net 787 URI: http://www.arin.net 789 Scott Hollenbeck 790 Verisign Labs 791 12061 Bluemont Way 792 Reston, VA 20190 793 US 795 Email: shollenbeck@verisign.com 796 URI: http://www.verisignlabs.com/