idnits 2.17.1 draft-ietf-weirds-rdap-query-11.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (July 29, 2014) is 3558 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-17) exists of draft-ietf-httpbis-http2-13 == Outdated reference: A later version (-11) exists of draft-ietf-weirds-bootstrap-04 == Outdated reference: A later version (-14) exists of draft-ietf-weirds-json-response-07 == Outdated reference: A later version (-12) exists of draft-ietf-weirds-rdap-sec-06 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-rdap-sec' == Outdated reference: A later version (-15) exists of draft-ietf-weirds-using-http-08 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-using-http' ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Downref: Normative reference to an Informational RFC: RFC 4290 ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' -- Obsolete informational reference (is this intentional?): RFC 1594 (Obsoleted by RFC 2664) -- Obsolete informational reference (is this intentional?): RFC 7159 (Obsoleted by RFC 8259) Summary: 4 errors (**), 0 flaws (~~), 6 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Newton 3 Internet-Draft ARIN 4 Intended status: Standards Track S. Hollenbeck 5 Expires: January 30, 2015 Verisign Labs 6 July 29, 2014 8 Registration Data Access Protocol Query Format 9 draft-ietf-weirds-rdap-query-11 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. 18 Normative Reference Note 20 Normative references to RFC 7231 and draft-ietf-httpbis-http2 can be 21 replaced with a reference to RFC 2616 if draft-ietf-httpbis-http2 is 22 still a work in progress when this document is ready for publication. 24 Status of This Memo 26 This Internet-Draft is submitted in full conformance with the 27 provisions of BCP 78 and BCP 79. 29 Internet-Drafts are working documents of the Internet Engineering 30 Task Force (IETF). Note that other groups may also distribute 31 working documents as Internet-Drafts. The list of current Internet- 32 Drafts is at http://datatracker.ietf.org/drafts/current/. 34 Internet-Drafts are draft documents valid for a maximum of six months 35 and may be updated, replaced, or obsoleted by other documents at any 36 time. It is inappropriate to use Internet-Drafts as reference 37 material or to cite them other than as "work in progress." 39 This Internet-Draft will expire on January 30, 2015. 41 Copyright Notice 43 Copyright (c) 2014 IETF Trust and the persons identified as the 44 document authors. All rights reserved. 46 This document is subject to BCP 78 and the IETF Trust's Legal 47 Provisions Relating to IETF Documents 48 (http://trustee.ietf.org/license-info) in effect on the date of 49 publication of this document. Please review these documents 50 carefully, as they describe your rights and restrictions with respect 51 to this document. Code Components extracted from this document must 52 include Simplified BSD License text as described in Section 4.e of 53 the Trust Legal Provisions and are provided without warranty as 54 described in the Simplified BSD License. 56 Table of Contents 58 1. Conventions Used in This Document . . . . . . . . . . . . . . 2 59 1.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 2 60 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 61 3. Path Segment Specification . . . . . . . . . . . . . . . . . 4 62 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 5 63 3.1.1. IP Network Path Segment Specification . . . . . . . . 5 64 3.1.2. Autonomous System Path Segment Specification . . . . 6 65 3.1.3. Domain Path Segment Specification . . . . . . . . . . 6 66 3.1.4. Name Server Path Segment Specification . . . . . . . 7 67 3.1.5. Entity Path Segment Specification . . . . . . . . . . 8 68 3.1.6. Help Path Segment Specification . . . . . . . . . . . 8 69 3.2. Search Path Segment Specification . . . . . . . . . . . . 8 70 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 9 71 3.2.2. Name Server Search . . . . . . . . . . . . . . . . . 9 72 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 10 73 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 10 74 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 12 75 6. Internationalization Considerations . . . . . . . . . . . . . 13 76 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 77 8. Security Considerations . . . . . . . . . . . . . . . . . . . 13 78 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 79 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 80 10.1. Normative References . . . . . . . . . . . . . . . . . . 14 81 10.2. Informative References . . . . . . . . . . . . . . . . . 16 82 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 16 83 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 17 85 1. Conventions Used in This Document 87 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 88 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 89 document are to be interpreted as described in RFC 2119 [RFC2119]. 91 1.1. Acronyms and Abbreviations 93 IDN: Internationalized Domain Name 94 IDNA: Internationalized Domain Names in Applications 95 DNR: Domain Name Registry 96 NFC: Unicode Normalization Form C 97 NFKC: Unicode Normalization Form KC 98 RDAP: Registration Data Access Protocol 99 REST: Representational State Transfer State Transfer. The term 100 was first described in a doctoral dissertation [REST]. 101 RESTful: An adjective that describes a service using HTTP and the 102 principles of REST. 103 RIR: Regional Internet Registry 105 2. Introduction 107 This document describes a specification for querying registration 108 data using a RESTful web service and uniform query patterns. The 109 service is implemented using the Hypertext Transfer Protocol (HTTP) 110 [I-D.ietf-httpbis-http2]. 112 The protocol described in this specification is intended to address 113 deficiencies with the WHOIS protocol [RFC3912] that have been 114 identified over time, including: 116 o Lack of standardized command structures, 117 o lack of standardized output and error structures, 118 o lack of support for internationalization and localization, and 119 o lack of support for user identification, authentication, and 120 access control. 122 The patterns described in this document purposefully do not encompass 123 all of the methods employed in the WHOIS and RESTful web services of 124 all of the RIRs and DNRs. The intent of the patterns described here 125 are to enable queries of: 127 o networks by IP address, 128 o autonomous system numbers by number, 129 o reverse DNS meta-data by domain, 130 o name servers by name, 131 o registrars by name, and 132 o entities (such as contacts) by identifier. 134 It is envisioned that each registry will continue to maintain 135 NICNAME/WHOIS and/or RESTful web services specific to their needs and 136 those of their constituencies, and the information retrieved through 137 the patterns described here may reference such services. 139 Likewise, future IETF standards may add additional patterns for 140 additional query types. A simple pattern namespacing scheme is 141 described in Section 5 to accommodate custom extensions that will not 142 interfere with the patterns defined in this document or patterns 143 defined in future IETF standards. 145 WHOIS services, in general, are read-only services. Therefore URL 146 [RFC3986] patterns specified in this document are only applicable to 147 the HTTP [RFC7231] GET and HEAD methods. 149 This document does not describe the results or entities returned from 150 issuing the described URLs with an HTTP GET. JSON [RFC7159] result 151 formatting and processing is described in 152 [I-D.ietf-weirds-json-response]. 154 Additionally, resource management, provisioning and update functions 155 are out of scope for this document. Registries have various and 156 divergent methods covering these functions, and it is unlikely a 157 uniform approach for these functions will ever be possible. 159 HTTP contains mechanisms for servers to authenticate clients and for 160 clients to authenticate servers (from which authorization schemes may 161 be built) so such mechanisms are not described in this document. 162 Policy, provisioning, and processing of authentication and 163 authorization are out-of-scope for this document as deployments will 164 have to make choices based on local criteria. Specified 165 authentication mechanisms MUST use HTTP. 167 3. Path Segment Specification 169 The base URLs used to construct RDAP queries are maintained in an 170 IANA registry described in [I-D.ietf-weirds-bootstrap]. Queries are 171 formed by retrieving the appropriate base URL from the registry and 172 appending a path segment specified in either Section 3.1 or 173 Section 3.2. Generally, a registry or other service provider will 174 provide a base URL that identifies the protocol, host and port, and 175 this will be used as a base URL that the complete URL is resolved 176 against, as per Section 5 of RFC 3986 [RFC3986]. For example, if the 177 base URL is "http://example.com/rdap/", all RDAP query URLs will 178 begin with "http://example.com/rdap/". 180 The bootstrap registry does not contain information for query objects 181 that are not part of a global namespace, including entities and help. 182 A base URL for an associated object is required to construct a 183 complete query. 185 For entities: Retrieve a base URL for the service (domain, address, 186 etc.) associated with a given entity. The query URL is constructed 187 by concatenating the base URL to the entity path segment specified in 188 either Section 3.1.5 or Section 3.2.3. 190 For help: Retrieve a base URL for any service (domain, address, etc.) 191 for which additional information is required. The query URL is 192 constructed by concatenating the base URL to the help path segment 193 specified in either Section 3.1.6. 195 3.1. Lookup Path Segment Specification 197 The resource type path segments for exact match lookup are: 199 o 'ip': Used to identify IP networks and associated data referenced 200 using either an IPv4 or IPv6 address. 201 o 'autnum': Used to identify autonomous system registrations and 202 associated data referenced using an AS Plain autonomous system 203 number. 204 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 205 information and associated data referenced using a fully-qualified 206 domain name. 207 o 'nameserver': Used to identify a name server information query 208 using a host name. 209 o 'entity': Used to identify an entity information query using a 210 string identifier. 212 3.1.1. IP Network Path Segment Specification 214 Syntax: ip/ or ip// 216 Queries for information about IP networks are of the form /ip/XXX/... 217 or /ip/XXX/YY/... where the path segment following 'ip' is either an 218 IPv4 [RFC1166] or IPv6 [RFC5952] address (i.e. XXX) or an IPv4 or 219 IPv6 CIDR [RFC4632] notation address block (i.e. XXX/YY). 220 Semantically, the simpler form using the address can be thought of as 221 a CIDR block with a bitmask length of 32 for IPv4 and a bitmask 222 length of 128 for IPv6. A given specific address or CIDR may fall 223 within multiple IP networks in a hierarchy of networks, therefore 224 this query targets the "most-specific" or smallest IP network which 225 completely encompasses it in a hierarchy of IP networks. 227 The IPv4 and IPv6 address formats supported in this query are 228 described in section 3.2.2 of [RFC3986], as IPv4address and 229 IPv6address ABNF definitions. Any valid IPv6 text address format 230 [RFC4291] can be used, compressed or not compressed. The restricted 231 rules to write a text representation of an IPv6 address [RFC5952] are 232 not mandatory. However, the zone id [RFC4007] is not appropriate in 233 this context and therefore prohibited. 235 For example, the following URL would be used to find information for 236 the most specific network containing 192.0.2.0: 238 http://example.com/rdap/ip/192.0.2.0 239 The following URL would be used to find information for the most 240 specific network containing 192.0.2.0/24: 242 http://example.com/rdap/ip/192.0.2.0/24 244 The following URL would be used to find information for the most 245 specific network containing 2001:db8::0: 247 http://example.com/rdap/ip/2001:db8::0 249 3.1.2. Autonomous System Path Segment Specification 251 Syntax: autnum/ 253 Queries for information regarding autonomous system number 254 registrations are of the form /autnum/XXX/... where XXX is an AS 255 Plain autonomous system number [RFC5396]. In some registries, 256 registration of autonomous system numbers is done on an individual 257 number basis, while other registries may register blocks of 258 autonomous system numbers. The semantics of this query are such that 259 if a number falls within a range of registered blocks, the target of 260 the query is the block registration, and that individual number 261 registrations are considered a block of numbers with a size of 1. 263 For example, the following URL would be used to find information 264 describing autonomous system number 12 (a number within a range of 265 registered blocks): 267 http://example.com/rdap/autnum/12 269 The following URL would be used to find information describing 4-byte 270 autonomous system number 65538: 272 http://example.com/rdap/autnum/65538 274 3.1.3. Domain Path Segment Specification 276 Syntax: domain/ 278 Queries for domain information are of the form /domain/XXXX/..., 279 where XXXX is a fully-qualified (relative to the root) domain name 280 [RFC1594] in either the in-addr.arpa or ip6.arpa zones (for RIRs) or 281 a fully-qualified domain name in a zone administered by the server 282 operator (for DNRs). Internationalized domain names represented in 283 either A-label or U-label format [RFC5890] are also valid domain 284 names. IDNs SHOULD NOT be represented as a mixture of A-labels and 285 U-labels; that is, any IDN SHOULD use only A-labels or only U-labels. 287 If the client sends the server an IDN in U-label format, servers that 288 support IDNs MUST convert the IDN into A-label format and perform 289 IDNA processing as specified in RFC 5891 [RFC5891]. The server 290 should perform an exact match lookup using the A-label. 292 The following URL would be used to find information describing the 293 zone serving the network 192.0.2/24: 295 http://example.com/rdap/domain/2.0.192.in-addr.arpa 297 The following URL would be used to find information describing the 298 zone serving the network 2001:db8:1::/48: 300 http://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 302 The following URL would be used to find information for the 303 blah.example.com domain name: 305 http://example.com/rdap/domain/blah.example.com 307 The following URL would be used to find information for the 308 xn--fo-5ja.example IDN: 310 http://example.com/rdap/domain/xn--fo-5ja.example 312 3.1.4. Name Server Path Segment Specification 314 Syntax: nameserver/ 316 The parameter represents a fully qualified name as 317 specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123]. 318 Internationalized names represented in either A-label or U-label 319 format [RFC5890] are also valid name server names. IDN labels SHOULD 320 NOT be represented as a mixture of A-labels and U-labels. 322 If the client sends the server an IDN in U-label format, servers that 323 support IDNs MUST convert the IDN into A-label format and perform 324 IDNA processing as specified in RFC 5891 [RFC5891]. The server 325 should perform an exact match lookup using the A-label. 327 The following URL would be used to find information for the 328 ns1.example.com name server: 330 http://example.com/rdap/nameserver/ns1.example.com 332 The following URL would be used to find information for the 333 ns1.xn--fo-5ja.example name server: 335 http://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 337 3.1.5. Entity Path Segment Specification 339 Syntax: entity/ 341 The parameter represents an entity (such as a contact, 342 registrant, or registrar) identifier. For example, for some DNRs 343 contact identifiers are specified in RFC 5730 [RFC5730] and RFC 5733 344 [RFC5733]. 346 The following URL would be used to find information for the entity 347 associated with handle XXXX: 349 http://example.com/rdap/entity/XXXX 351 3.1.6. Help Path Segment Specification 353 Syntax: help 355 The help path segment can be used to request helpful information 356 (command syntax, terms of service, privacy policy, rate limiting 357 policy, supported authentication methods, supported extensions, 358 technical support contact, etc.) from an RDAP server. The response 359 to "help" should provide basic information that a client needs to 360 successfully use the service. The following URL would be used to 361 return "help" information: 363 http://example.com/rdap/help 365 3.2. Search Path Segment Specification 367 The resource type path segments for search are: 369 o 'domains': Used to identify a domain name information search using 370 a pattern to match a fully-qualified domain name. 371 o 'nameservers': Used to identify a name server information search 372 using a pattern to match a host name. 373 o 'entities': Used to identify an entity information search using a 374 pattern to match a string identifier. 376 RDAP search path segments are formed using a concatenation of the 377 plural form of the object being searched for, a forward slash 378 character ('/', ASCII value 0x002F), and an HTTP query string. The 379 HTTP query string is formed using a concatenation of the question 380 mark character ('?', ASCII value 0x003F), the JSON object value 381 associated with the object being searched for, the equal sign 382 character ('=', ASCII value 0x003D), and the search pattern. For the 383 domain and entity objects described in this document the plural 384 object forms are "domains" and "entities". 386 3.2.1. Domain Search 388 Syntax: domains?name= 390 Searches for domain information are of the form 392 /domains?name=XXXX 394 where XXXX is a search pattern representing a domain name in 395 "letters, digits, hyphen" format [RFC5890] in a zone administered by 396 the server operator of a DNR. The following URL would be used to 397 find DNR information for domain names matching the "example*.com" 398 pattern: 400 http://example.com/rdap/domains?name=example*.com 402 Internationalized Domain Names (IDNs) in U-label format [RFC5890] can 403 also be used as search patterns (see Section 4). Searches for these 404 names are of the form /domains?name=XXXX, where XXXX is a search 405 pattern representing a domain name in U-label format [RFC5890]. 407 3.2.2. Name Server Search 409 Syntax: nameservers?name= 411 Searches for name server information can take one of two forms: 413 /nameservers?name=XXXX 415 /nameservers?ip=YYYY 417 XXXX is a search pattern representing a host name in "letters, 418 digits, hyphen" format [RFC5890] in a zone administered by the server 419 operator of a DNR. The following URL would be used to find DNR 420 information for name server names matching the "ns1.example*.com" 421 pattern: 423 http://example.com/rdap/nameservers?name=ns1.example*.com 425 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 426 [RFC5952] address. The following URL would be used to search for 427 name server names that resolve to the "192.0.2.0" address: 429 http://example.com/rdap/nameservers?ip=192.0.2.0 430 Internationalized name server names in U-label format [RFC5890] can 431 also be used as search patterns (see Section 4). Searches for these 432 names are of the form /nameservers?name=XXXX, where XXXX is a search 433 pattern representing a name server name in U-label format [RFC5890]. 435 3.2.3. Entity Search 437 Syntax: entities?fn= 439 Syntax: entities?handle= 441 Searches for entity information by name are of the form 443 /entities?fn=XXXX 445 where XXXX is a search pattern representing an entity name as 446 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 447 following URL would be used to find information for entity names 448 matching the "Bobby Joe*" pattern. 450 http://example.com/rdap/entities?fn=Bobby%20Joe* 452 Searches for entity information by handle are of the form 454 /entities?handle=XXXX 456 where XXXX is a search pattern representing an entity handle as 457 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 458 following URL would be used to find information for entity names 459 matching the "CID-40*" pattern. 461 http://example.com/rdap/entities?handle=CID-40* 463 URLs MUST be properly encoded according to the rules of [RFC3986]. 464 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 466 4. Query Processing 468 Servers indicate the success or failure of query processing by 469 returning an appropriate HTTP response code to the client. Response 470 codes not specifically identified in this document are described in 471 [I-D.ietf-weirds-using-http]. 473 Partial string searching uses the asterisk ('*', ASCII value 0x002A) 474 character to match zero or more trailing characters. A character 475 string representing multiple domain name labels MAY be concatenated 476 to the end of the search pattern to limit the scope of the search. 477 For example, the search pattern "exam*" will match "example.com" and 478 "example.net". The search pattern "exam*.com" will match 479 "example.com". Note that these search patterns include implied 480 beginning and end of string regular expression markers, and the 481 "example*.com" search would be translated into a POSIX regular 482 expression as "^example.*\.com$". Additional pattern matching 483 processing is beyond the scope of this specification. 485 If a server receives a search request but cannot process the request 486 because it does not support a particular style of partial match 487 searching, it SHOULD return an HTTP 422 [RFC4918] error. When 488 returning a 422 error, the server MAY also return an error response 489 body as specified in Section 7 of [I-D.ietf-weirds-json-response] if 490 the requested media type is one that is specified in 491 [I-D.ietf-weirds-using-http]. 493 Partial matching is not feasible across combinations of Unicode 494 characters because Unicode characters can be combined with another 495 Unicode character or characters. Servers SHOULD NOT partially match 496 combinations of Unicode characters where a Unicode character may be 497 legally combined with another Unicode character or characters. 498 Clients should avoid submitting a partial match search of Unicode 499 characters where a Unicode character may be legally combined with 500 another Unicode character or characters. Partial match searches with 501 incomplete combinations of characters where a character must be 502 combined with another character or characters are invalid. Partial 503 match searches with characters that may be combined with another 504 character or characters are to be considered non-combined characters 505 (that is, if character x may be combined with character y but 506 character y is not submitted in the search string then character x is 507 a complete character and no combinations of character x are to be 508 searched). 510 Servers can expect to receive search patterns from clients that 511 contain character strings encoded in different forms supported by 512 HTTP. It is entirely possible to apply filters and normalization 513 rules to search patterns prior to making character comparisons, but 514 this type of processing is more typically needed to determine the 515 validity of registered strings than to match patterns. 517 An RDAP client submitting a query string containing non-US-ASCII 518 characters converts such strings into Unicode in UTF-8 encoding. It 519 then performs any local case mapping deemed necessary. Strings are 520 normalized using Normalization Form C (NFC, [Unicode-UAX15]); note 521 that clients might not be able to do this reliably. 523 An RDAP server treats each query string as Unicode in UTF-8 encoding. 524 If a string is not valid UTF-8, the server can immediately stop 525 processing the query and return an HTTP 400 error response code. 527 When processing queries, there is a difference in handling DNS names, 528 including those including putative U-labels, and everything else. 529 DNS names are treated according to the DNS matching rules as 530 described in Section 3.1 of RFC 1035 [RFC1035] for NR-LDH labels and 531 the matching rules described in Section 5.4 of RFC 5891 [RFC5891] for 532 U-labels. Matching of DNS names proceeds one label at a time, 533 because it is possible for a combination of U-labels and NR-LDH 534 labels to be found in a single domain or host name. The 535 determination of whether a label is a U-label or an NR-LDH label is 536 based on whether the label contains any characters outside of the US- 537 ASCII letters, digits, or hyphen (the so-called LDH rule). 539 For everything else, servers map fullwidth and halfwidth characters 540 to their decomposition equivalents. Servers convert strings to the 541 same coded character set of the target data that is to be looked up 542 or searched and each string is normalized using the same 543 normalization that was used on the target data. In general, storage 544 of strings as Unicode is RECOMMENDED. For the purposes of 545 comparison, Normalization Form KC (NFKC, [Unicode-UAX15]) with case 546 folding is used to maximize predictability and the number of matches. 547 Note the use of case-folded NFKC as opposed to NFC in this case. 549 Conceptually, a name-record in a database may include a link to an 550 associated name-record, which may include a link to another such 551 record, and so on. If an implementation is to return more than one 552 name-record in response to a query, information from the records 553 thereby identified is returned. 555 Note that this model includes arrangements for associated names, 556 including those that are linked by policy mechanisms and names bound 557 together for some other purposes. Note also that returning 558 information that was not explicitly selected by an exact-match 559 lookup, including additional names that match a relatively fuzzy 560 search as well as lists of names that are linked together, may cause 561 privacy issues. 563 5. Extensibility 565 This document describes path segment specifications for a limited 566 number of objects commonly registered in both RIRs and DNRs. It does 567 not attempt to describe path segments for all of the objects 568 registered in all registries. Custom path segments can be created 569 for objects not specified here using the process described in 570 Section 6 of "HTTP usage in the Registration Data Access Protocol 571 (RDAP)" [I-D.ietf-weirds-using-http]. 573 Custom path segments can be created by prefixing the segment with a 574 unique identifier followed by an underscore character (0x5F). For 575 example, a custom entity path segment could be created by prefixing 576 "entity" with "custom_", producing "custom_entity". Servers MUST 577 return an appropriate failure status code for a request with an 578 unrecognized path segment. 580 6. Internationalization Considerations 582 There is value in supporting the ability to submit either a U-label 583 (Unicode form of an IDN label) or an A-label (ASCII form of an IDN 584 label) as a query argument to an RDAP service. Clients capable of 585 processing non-ASCII characters may prefer a U-label since this is 586 more visually recognizable and familiar than A-label strings, but 587 clients using programmatic interfaces might find it easier to submit 588 and display A-labels if they are unable to input U-labels with their 589 keyboard configuration. Both query forms are acceptable. 591 Internationalized domain and name server names can contain character 592 variants and variant labels as described in RFC 4290 [RFC4290]. 593 Clients that support queries for internationalized domain and name 594 server names MUST accept service provider responses that describe 595 variants as specified in "JSON Responses for the Registration Data 596 Access Protocol" [I-D.ietf-weirds-json-response]. 598 7. IANA Considerations 600 This document does not specify any IANA actions. 602 8. Security Considerations 604 Security services for the operations specified in this document are 605 described in "Security Services for the Registration Data Access 606 Protocol" [I-D.ietf-weirds-rdap-sec]. 608 Search functionality typically requires more server resources (such 609 as memory, CPU cycles, and network bandwidth) when compared to basic 610 lookup functionality. This increases the risk of server resource 611 exhaustion and subsequent denial of service due to abuse. This risk 612 can be mitigated by developing and implementing controls to restrict 613 search functionality to identified and authorized clients. If those 614 clients behave badly, their search privileges can be suspended or 615 revoked. Rate limiting as described in Section 5.5 of "HTTP usage in 616 the Registration Data Access Protocol (RDAP)" 617 [I-D.ietf-weirds-using-http] can also be used to control the rate of 618 received search requests. Server operators can also reduce their 619 risk by restricting the amount of information returned in response to 620 a search request. 622 Search functionality also increases the privacy risk of disclosing 623 object relationships that might not otherwise be obvious. For 624 example, a search that returns IDN variants [RFC6927] that do not 625 explicitly match a client-provided search pattern can disclose 626 information about registered domain names that might not be otherwise 627 available. Implementers need to consider the policy and privacy 628 implications of returning information that was not explicitly 629 requested. 631 9. Acknowledgements 633 This document is derived from original work on RIR query formats 634 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 635 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 636 Additionally, this document incorporates DNR query formats originally 637 described by Francisco Arias and Steve Sheng of ICANN and Scott 638 Hollenbeck of Verisign Labs. 640 The authors would like to acknowledge the following individuals for 641 their contributions to this document: Francisco Arias, Marc Blanchet, 642 Ernie Dainow, Jean-Philippe Dionne, Behnam Esfahbod, John Klensin, 643 Edward Lewis, John Levine, Mark Nottingham, and Andrew Sullivan. 645 10. References 647 10.1. Normative References 649 [I-D.ietf-httpbis-http2] 650 Belshe, M., Peon, R., and M. Thomson, "Hypertext Transfer 651 Protocol version 2", draft-ietf-httpbis-http2-13 (work in 652 progress), June 2014. 654 [I-D.ietf-weirds-bootstrap] 655 Blanchet, M. and G. Leclanche, "Finding the Authoritative 656 Registration Data (RDAP) Service", draft-ietf-weirds- 657 bootstrap-04 (work in progress), July 2014. 659 [I-D.ietf-weirds-json-response] 660 Newton, A. and S. Hollenbeck, "JSON Responses for the 661 Registration Data Access Protocol (RDAP)", draft-ietf- 662 weirds-json-response-07 (work in progress), April 2014. 664 [I-D.ietf-weirds-rdap-sec] 665 Hollenbeck, S. and N. Kong, "Security Services for the 666 Registration Data Access Protocol", draft-ietf-weirds- 667 rdap-sec-06 (work in progress), February 2014. 669 [I-D.ietf-weirds-using-http] 670 Newton, A., Ellacott, B., and N. Kong, "HTTP usage in the 671 Registration Data Access Protocol (RDAP)", draft-ietf- 672 weirds-using-http-08 (work in progress), February 2014. 674 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 675 host table specification", RFC 952, October 1985. 677 [RFC1035] Mockapetris, P., "Domain names - implementation and 678 specification", STD 13, RFC 1035, November 1987. 680 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application 681 and Support", STD 3, RFC 1123, October 1989. 683 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 684 numbers", RFC 1166, July 1990. 686 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 687 Requirement Levels", BCP 14, RFC 2119, March 1997. 689 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 690 Resource Identifier (URI): Generic Syntax", STD 66, RFC 691 3986, January 2005. 693 [RFC4290] Klensin, J., "Suggested Practices for Registration of 694 Internationalized Domain Names (IDN)", RFC 4290, December 695 2005. 697 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 698 Architecture", RFC 4291, February 2006. 700 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 701 (CIDR): The Internet Address Assignment and Aggregation 702 Plan", BCP 122, RFC 4632, August 2006. 704 [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed 705 Authoring and Versioning (WebDAV)", RFC 4918, June 2007. 707 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 708 Autonomous System (AS) Numbers", RFC 5396, December 2008. 710 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 711 STD 69, RFC 5730, August 2009. 713 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 714 Contact Mapping", STD 69, RFC 5733, August 2009. 716 [RFC5890] Klensin, J., "Internationalized Domain Names for 717 Applications (IDNA): Definitions and Document Framework", 718 RFC 5890, August 2010. 720 [RFC5891] Klensin, J., "Internationalized Domain Names in 721 Applications (IDNA): Protocol", RFC 5891, August 2010. 723 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 724 Address Text Representation", RFC 5952, August 2010. 726 [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 727 (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. 729 [Unicode-UAX15] 730 The Unicode Consortium, "Unicode Standard Annex #15: 731 Unicode Normalization Forms", September 2013, 732 . 734 10.2. Informative References 736 [REST] Fielding, R. and R. Taylor, "Principled Design of the 737 Modern Web Architecture", ACM Transactions on Internet 738 Technology Vol. 2, No. 2, May 2002. 740 [RFC1594] Marine, A., Reynolds, J., and G. Malkin, "FYI on Questions 741 and Answers - Answers to Commonly asked "New Internet 742 User" Questions", RFC 1594, March 1994. 744 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 745 September 2004. 747 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 748 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 749 March 2005. 751 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 752 Registered in Top-Level Domains", RFC 6927, May 2013. 754 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 755 Interchange Format", RFC 7159, March 2014. 757 Appendix A. Change Log 759 Initial -00: Adopted as working group document. 760 -01: Added "Conventions Used in This Document" section. Added 761 normative reference to draft-ietf-weirds-rdap-sec and some 762 wrapping text in the Security Considerations section. 764 -02: Removed "unified" from the title. Rewrote the last paragraph 765 of section 2. Edited the first paragraph of section 3 to more 766 clearly note that only one path segment is provided. Added 767 "bitmask" to "length" in section 3.1. Changed "lowest IP network" 768 to "smallest IP network" in section 3.1. Added "asplain" to the 769 description of autonomous system numbers in section 3.2. Minor 770 change from "semantics is" to "semantics are" in section 3.2. 771 Changed the last sentence in section 4 to more clearly specify 772 error response behavior. Added acknowledgements. Added a 773 paragraph in the introduction regarding future IETF standards and 774 extensibility. 775 -03: Changed 'query' to 'lookup' in document title to better 776 describe the 'exact match lookup' purpose of this document. 777 Included a multitude of minor additions and clarifications 778 provided by Marc Blanchet and Jean-Philippe Dionne. Modified the 779 domain and name server sections to include support for IDN 780 U-labels. 781 -04: Updated the domain and name server sections to use .example IDN 782 U-labels. Added text to note that mixed IDN labels SHOULD NOT be 783 used. Fixed broken sentences in Section 6. 784 -05: Added "help" path segment. 785 -06: Added search text and removed or edited old search text. 786 -07: Fixed query parameter typo by replacing "/?" with "?". Changed 787 "asplain" to "AS Plain". Added entity search by handle. 788 Corrected section references. Updated IDN search text. 789 -08: Revised URI formats and added IANA instructions to create a 790 registry entry for the "rdap" well-known prefix. Revised search 791 processing text and added search privacy consideration. 792 Synchronized examples with response draft. 793 -09: More search processing and URI prefix updates. Updated fully- 794 qualified domain name reference. 795 -10: Added name server search by IP address. 796 -11: Replaced reference to RFC 4627 with reference to RFC 7159. 797 Replaced .well-known with bootstrap-defined prefix. Replaced 798 references to RFC 2616 with references to RFC 7231 and draft-ietf- 799 httpbis-http2, adding a note to make it clear that 2616 is an 800 acceptable reference if http2 isn't ready when needed. 802 Authors' Addresses 804 Andrew Lee Newton 805 American Registry for Internet Numbers 806 3635 Concorde Parkway 807 Chantilly, VA 20151 808 US 810 Email: andy@arin.net 811 URI: http://www.arin.net 812 Scott Hollenbeck 813 Verisign Labs 814 12061 Bluemont Way 815 Reston, VA 20190 816 US 818 Email: shollenbeck@verisign.com 819 URI: http://www.verisignlabs.com/