idnits 2.17.1 draft-ietf-weirds-rdap-query-13.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (August 25, 2014) is 3532 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-weirds-bootstrap-04 == Outdated reference: A later version (-14) exists of draft-ietf-weirds-json-response-08 == Outdated reference: A later version (-12) exists of draft-ietf-weirds-rdap-sec-08 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-rdap-sec' == Outdated reference: A later version (-15) exists of draft-ietf-weirds-using-http-10 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-using-http' ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Downref: Normative reference to an Informational RFC: RFC 4290 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' -- Obsolete informational reference (is this intentional?): RFC 1594 (Obsoleted by RFC 2664) -- Obsolete informational reference (is this intentional?): RFC 7159 (Obsoleted by RFC 8259) Summary: 5 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Newton 3 Internet-Draft ARIN 4 Intended status: Standards Track S. Hollenbeck 5 Expires: February 26, 2015 Verisign Labs 6 August 25, 2014 8 Registration Data Access Protocol Query Format 9 draft-ietf-weirds-rdap-query-13 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. 18 Status of This Memo 20 This Internet-Draft is submitted in full conformance with the 21 provisions of BCP 78 and BCP 79. 23 Internet-Drafts are working documents of the Internet Engineering 24 Task Force (IETF). Note that other groups may also distribute 25 working documents as Internet-Drafts. The list of current Internet- 26 Drafts is at http://datatracker.ietf.org/drafts/current/. 28 Internet-Drafts are draft documents valid for a maximum of six months 29 and may be updated, replaced, or obsoleted by other documents at any 30 time. It is inappropriate to use Internet-Drafts as reference 31 material or to cite them other than as "work in progress." 33 This Internet-Draft will expire on February 26, 2015. 35 Copyright Notice 37 Copyright (c) 2014 IETF Trust and the persons identified as the 38 document authors. All rights reserved. 40 This document is subject to BCP 78 and the IETF Trust's Legal 41 Provisions Relating to IETF Documents 42 (http://trustee.ietf.org/license-info) in effect on the date of 43 publication of this document. Please review these documents 44 carefully, as they describe your rights and restrictions with respect 45 to this document. Code Components extracted from this document must 46 include Simplified BSD License text as described in Section 4.e of 47 the Trust Legal Provisions and are provided without warranty as 48 described in the Simplified BSD License. 50 Table of Contents 52 1. Conventions Used in This Document . . . . . . . . . . . . . . 2 53 1.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 2 54 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. Path Segment Specification . . . . . . . . . . . . . . . . . 4 56 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 4 57 3.1.1. IP Network Path Segment Specification . . . . . . . . 5 58 3.1.2. Autonomous System Path Segment Specification . . . . 6 59 3.1.3. Domain Path Segment Specification . . . . . . . . . . 6 60 3.1.4. Name Server Path Segment Specification . . . . . . . 7 61 3.1.5. Entity Path Segment Specification . . . . . . . . . . 7 62 3.1.6. Help Path Segment Specification . . . . . . . . . . . 8 63 3.2. Search Path Segment Specification . . . . . . . . . . . . 8 64 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 9 65 3.2.2. Name Server Search . . . . . . . . . . . . . . . . . 10 66 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 10 67 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 11 68 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 13 69 6. Internationalization Considerations . . . . . . . . . . . . . 13 70 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 71 8. Security Considerations . . . . . . . . . . . . . . . . . . . 14 72 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 14 73 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 74 10.1. Normative References . . . . . . . . . . . . . . . . . . 15 75 10.2. Informative References . . . . . . . . . . . . . . . . . 17 76 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 17 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 79 1. Conventions Used in This Document 81 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 82 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 83 document are to be interpreted as described in RFC 2119 [RFC2119]. 85 1.1. Acronyms and Abbreviations 87 IDN: Internationalized Domain Name 88 IDNA: Internationalized Domain Names in Applications 89 DNR: Domain Name Registry 90 NFC: Unicode Normalization Form C 91 NFKC: Unicode Normalization Form KC 92 RDAP: Registration Data Access Protocol 93 REST: Representational State Transfer State Transfer. The term 94 was first described in a doctoral dissertation [REST]. 95 RESTful: An adjective that describes a service using HTTP and the 96 principles of REST. 97 RIR: Regional Internet Registry 99 2. Introduction 101 This document describes a specification for querying registration 102 data using a RESTful web service and uniform query patterns. The 103 service is implemented using the Hypertext Transfer Protocol (HTTP) 104 [RFC7230]. 106 The protocol described in this specification is intended to address 107 deficiencies with the WHOIS protocol [RFC3912] that have been 108 identified over time, including: 110 o Lack of standardized command structures, 111 o lack of standardized output and error structures, 112 o lack of support for internationalization and localization, and 113 o lack of support for user identification, authentication, and 114 access control. 116 The patterns described in this document purposefully do not encompass 117 all of the methods employed in the WHOIS and RESTful web services of 118 all of the RIRs and DNRs. The intent of the patterns described here 119 are to enable queries of: 121 o networks by IP address, 122 o autonomous system numbers by number, 123 o reverse DNS meta-data by domain, 124 o name servers by name, 125 o registrars by name, and 126 o entities (such as contacts) by identifier. 128 It is envisioned that each registry will continue to maintain 129 NICNAME/WHOIS and/or RESTful web services specific to their needs and 130 those of their constituencies, and the information retrieved through 131 the patterns described here may reference such services. 133 Likewise, future IETF standards may add additional patterns for 134 additional query types. A simple pattern namespacing scheme is 135 described in Section 5 to accommodate custom extensions that will not 136 interfere with the patterns defined in this document or patterns 137 defined in future IETF standards. 139 WHOIS services, in general, are read-only services. Therefore URL 140 [RFC3986] patterns specified in this document are only applicable to 141 the HTTP [RFC7231] GET and HEAD methods. 143 This document does not describe the results or entities returned from 144 issuing the described URLs with an HTTP GET. JSON [RFC7159] result 145 formatting and processing is described in 146 [I-D.ietf-weirds-json-response]. 148 Additionally, resource management, provisioning and update functions 149 are out of scope for this document. Registries have various and 150 divergent methods covering these functions, and it is unlikely a 151 uniform approach for these functions will ever be possible. 153 HTTP contains mechanisms for servers to authenticate clients and for 154 clients to authenticate servers (from which authorization schemes may 155 be built) so such mechanisms are not described in this document. 156 Policy, provisioning, and processing of authentication and 157 authorization are out-of-scope for this document as deployments will 158 have to make choices based on local criteria. Specified 159 authentication mechanisms MUST use HTTP. 161 3. Path Segment Specification 163 The base URLs used to construct RDAP queries are maintained in an 164 IANA registry described in [I-D.ietf-weirds-bootstrap]. Queries are 165 formed by retrieving the appropriate base URL from the registry and 166 appending a path segment specified in either Section 3.1 or 167 Section 3.2. Generally, a registry or other service provider will 168 provide a base URL that identifies the protocol, host and port, and 169 this will be used as a base URL that the complete URL is resolved 170 against, as per Section 5 of RFC 3986 [RFC3986]. For example, if the 171 base URL is "http://example.com/rdap/", all RDAP query URLs will 172 begin with "http://example.com/rdap/". 174 The bootstrap registry does not contain information for query objects 175 that are not part of a global namespace, including entities and help. 176 A base URL for an associated object is required to construct a 177 complete query. 179 For entities: Retrieve a base URL for the service (domain, address, 180 etc.) associated with a given entity. The query URL is constructed 181 by concatenating the base URL to the entity path segment specified in 182 either Section 3.1.5 or Section 3.2.3. 184 For help: Retrieve a base URL for any service (domain, address, etc.) 185 for which additional information is required. The query URL is 186 constructed by concatenating the base URL to the help path segment 187 specified in either Section 3.1.6. 189 3.1. Lookup Path Segment Specification 191 The resource type path segments for exact match lookup are: 193 o 'ip': Used to identify IP networks and associated data referenced 194 using either an IPv4 or IPv6 address. 196 o 'autnum': Used to identify autonomous system registrations and 197 associated data referenced using an AS Plain autonomous system 198 number. 199 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 200 information and associated data referenced using a fully-qualified 201 domain name. 202 o 'nameserver': Used to identify a name server information query 203 using a host name. 204 o 'entity': Used to identify an entity information query using a 205 string identifier. 207 3.1.1. IP Network Path Segment Specification 209 Syntax: ip/ or ip// 211 Queries for information about IP networks are of the form /ip/XXX/... 212 or /ip/XXX/YY/... where the path segment following 'ip' is either an 213 IPv4 [RFC1166] or IPv6 [RFC5952] address (i.e. XXX) or an IPv4 or 214 IPv6 CIDR [RFC4632] notation address block (i.e. XXX/YY). 215 Semantically, the simpler form using the address can be thought of as 216 a CIDR block with a bitmask length of 32 for IPv4 and a bitmask 217 length of 128 for IPv6. A given specific address or CIDR may fall 218 within multiple IP networks in a hierarchy of networks, therefore 219 this query targets the "most-specific" or smallest IP network which 220 completely encompasses it in a hierarchy of IP networks. 222 The IPv4 and IPv6 address formats supported in this query are 223 described in section 3.2.2 of [RFC3986], as IPv4address and 224 IPv6address ABNF definitions. Any valid IPv6 text address format 225 [RFC4291] can be used, compressed or not compressed. The restricted 226 rules to write a text representation of an IPv6 address [RFC5952] are 227 not mandatory. However, the zone id [RFC4007] is not appropriate in 228 this context and therefore prohibited. 230 For example, the following URL would be used to find information for 231 the most specific network containing 192.0.2.0: 233 http://example.com/rdap/ip/192.0.2.0 235 The following URL would be used to find information for the most 236 specific network containing 192.0.2.0/24: 238 http://example.com/rdap/ip/192.0.2.0/24 240 The following URL would be used to find information for the most 241 specific network containing 2001:db8::0: 243 http://example.com/rdap/ip/2001:db8::0 245 3.1.2. Autonomous System Path Segment Specification 247 Syntax: autnum/ 249 Queries for information regarding autonomous system number 250 registrations are of the form /autnum/XXX/... where XXX is an AS 251 Plain autonomous system number [RFC5396]. In some registries, 252 registration of autonomous system numbers is done on an individual 253 number basis, while other registries may register blocks of 254 autonomous system numbers. The semantics of this query are such that 255 if a number falls within a range of registered blocks, the target of 256 the query is the block registration, and that individual number 257 registrations are considered a block of numbers with a size of 1. 259 For example, the following URL would be used to find information 260 describing autonomous system number 12 (a number within a range of 261 registered blocks): 263 http://example.com/rdap/autnum/12 265 The following URL would be used to find information describing 4-byte 266 autonomous system number 65538: 268 http://example.com/rdap/autnum/65538 270 3.1.3. Domain Path Segment Specification 272 Syntax: domain/ 274 Queries for domain information are of the form /domain/XXXX/..., 275 where XXXX is a fully-qualified (relative to the root) domain name 276 [RFC1594] in either the in-addr.arpa or ip6.arpa zones (for RIRs) or 277 a fully-qualified domain name in a zone administered by the server 278 operator (for DNRs). Internationalized domain names represented in 279 either A-label or U-label format [RFC5890] are also valid domain 280 names. IDNs SHOULD NOT be represented as a mixture of A-labels and 281 U-labels; that is, all internationalized labels in an IDN SHOULD be 282 either A-labels or U-labels. 284 If the client sends the server an IDN in U-label format, servers that 285 support IDNs MUST convert the IDN into A-label format and perform 286 IDNA processing as specified in RFC 5891 [RFC5891]. The server 287 should perform an exact match lookup using the A-label. 289 The following URL would be used to find information describing the 290 zone serving the network 192.0.2/24: 292 http://example.com/rdap/domain/2.0.192.in-addr.arpa 293 The following URL would be used to find information describing the 294 zone serving the network 2001:db8:1::/48: 296 http://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 298 The following URL would be used to find information for the 299 blah.example.com domain name: 301 http://example.com/rdap/domain/blah.example.com 303 The following URL would be used to find information for the 304 xn--fo-5ja.example IDN: 306 http://example.com/rdap/domain/xn--fo-5ja.example 308 3.1.4. Name Server Path Segment Specification 310 Syntax: nameserver/ 312 The parameter represents a fully qualified name as 313 specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123]. 314 Internationalized names represented in either A-label or U-label 315 format [RFC5890] are also valid name server names. IDNs SHOULD NOT 316 be represented as a mixture of A-labels and U-labels; that is, all 317 internationalized labels in an IDN SHOULD be either A-labels or 318 U-labels. 320 If the client sends the server an IDN in U-label format, servers that 321 support IDNs MUST convert the IDN into A-label format and perform 322 IDNA processing as specified in RFC 5891 [RFC5891]. The server 323 should perform an exact match lookup using the A-label. 325 The following URL would be used to find information for the 326 ns1.example.com name server: 328 http://example.com/rdap/nameserver/ns1.example.com 330 The following URL would be used to find information for the 331 ns1.xn--fo-5ja.example name server: 333 http://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 335 3.1.5. Entity Path Segment Specification 337 Syntax: entity/ 339 The parameter represents an entity (such as a contact, 340 registrant, or registrar) identifier. For example, for some DNRs 341 contact identifiers are specified in RFC 5730 [RFC5730] and RFC 5733 342 [RFC5733]. 344 The following URL would be used to find information for the entity 345 associated with handle XXXX: 347 http://example.com/rdap/entity/XXXX 349 3.1.6. Help Path Segment Specification 351 Syntax: help 353 The help path segment can be used to request helpful information 354 (command syntax, terms of service, privacy policy, rate limiting 355 policy, supported authentication methods, supported extensions, 356 technical support contact, etc.) from an RDAP server. The response 357 to "help" should provide basic information that a client needs to 358 successfully use the service. The following URL would be used to 359 return "help" information: 361 http://example.com/rdap/help 363 3.2. Search Path Segment Specification 365 A simple search to determine if an object exists (or not) without 366 returning RDAP-encoded results can be performed using the HTTP HEAD 367 method as described in Section 4.1 of [I-D.ietf-weirds-using-http]. 368 Detailed results can be retrieved using the path segments specified 369 here. 371 The resource type path segments for search are: 373 o 'domains': Used to identify a domain name information search using 374 a pattern to match a fully-qualified domain name. 375 o 'nameservers': Used to identify a name server information search 376 using a pattern to match a host name. 377 o 'entities': Used to identify an entity information search using a 378 pattern to match a string identifier. 380 RDAP search path segments are formed using a concatenation of the 381 plural form of the object being searched for, a forward slash 382 character ('/', ASCII value 0x002F), and an HTTP query string. The 383 HTTP query string is formed using a concatenation of the question 384 mark character ('?', ASCII value 0x003F), the JSON object value 385 associated with the object being searched for, the equal sign 386 character ('=', ASCII value 0x003D), and the search pattern. For the 387 domain and entity objects described in this document the plural 388 object forms are "domains" and "entities". 390 3.2.1. Domain Search 392 Syntax: domains?name= 394 Syntax: domains?nsLdhName= 396 Syntax: domains?nsIp= 398 Searches for domain information by name are specified using this 399 form: 401 /domains?name=XXXX 403 XXXX is a search pattern representing a domain name in "letters, 404 digits, hyphen" format [RFC5890] in a zone administered by the server 405 operator of a DNR. The following URL would be used to find DNR 406 information for domain names matching the "example*.com" pattern: 408 http://example.com/rdap/domains?name=example*.com 410 Internationalized Domain Names (IDNs) in U-label format [RFC5890] can 411 also be used as search patterns (see Section 4). Searches for these 412 names are of the form /domains?name=XXXX, where XXXX is a search 413 pattern representing a domain name in U-label format [RFC5890]. 415 Searches for domain information by name server name are specified 416 using this form: 418 /domains?nsLdhName=YYYY 420 YYYY is a search pattern representing a host name in "letters, 421 digits, hyphen" format [RFC5890] in a zone administered by the server 422 operator of a DNR. The following URL would be used to search for 423 domains delegated to name servers matching the "ns1.example*.com" 424 pattern: 426 http://example.com/rdap/domains?nsLdhName=ns1.example*.com 428 Searches for domain information by name server IP address are 429 specified using this form: 431 /domains?nsIp=ZZZZ 433 ZZZZ is a search pattern representing an IPv4 [RFC1166] or IPv6 434 [RFC5952] address. The following URL would be used to search for 435 domains that have been delegated to name servers that resolve to the 436 "192.0.2.0" address: 438 http://example.com/rdap/domains?nsIp=192.0.2.0 440 3.2.2. Name Server Search 442 Syntax: nameservers?name= 444 Syntax: nameservers?ip= 446 Searches for name server information by name server name are 447 specified using this form: 449 /nameservers?name=XXXX 451 XXXX is a search pattern representing a host name in "letters, 452 digits, hyphen" format [RFC5890] in a zone administered by the server 453 operator of a DNR. The following URL would be used to find DNR 454 information for name server names matching the "ns1.example*.com" 455 pattern: 457 http://example.com/rdap/nameservers?name=ns1.example*.com 459 Internationalized name server names in U-label format [RFC5890] can 460 also be used as search patterns (see Section 4). Searches for these 461 names are of the form /nameservers?name=XXXX, where XXXX is a search 462 pattern representing a name server name in U-label format [RFC5890]. 464 Searches for name server information by name server IP address are 465 specified using this form: 467 /nameservers?ip=YYYY 469 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 470 [RFC5952] address. The following URL would be used to search for 471 name server names that resolve to the "192.0.2.0" address: 473 http://example.com/rdap/nameservers?ip=192.0.2.0 475 3.2.3. Entity Search 477 Syntax: entities?fn= 479 Syntax: entities?handle= 481 Searches for entity information by name are specified using this 482 form: 484 /entities?fn=XXXX 485 where XXXX is a search pattern representing an entity name as 486 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 487 following URL would be used to find information for entity names 488 matching the "Bobby Joe*" pattern. 490 http://example.com/rdap/entities?fn=Bobby%20Joe* 492 Searches for entity information by handle are specified using this 493 form: 495 /entities?handle=XXXX 497 where XXXX is a search pattern representing an entity handle as 498 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 499 following URL would be used to find information for entity names 500 matching the "CID-40*" pattern. 502 http://example.com/rdap/entities?handle=CID-40* 504 URLs MUST be properly encoded according to the rules of [RFC3986]. 505 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 507 4. Query Processing 509 Servers indicate the success or failure of query processing by 510 returning an appropriate HTTP response code to the client. Response 511 codes not specifically identified in this document are described in 512 [I-D.ietf-weirds-using-http]. 514 Partial string searching uses the asterisk ('*', ASCII value 0x002A) 515 character to match zero or more trailing characters. A character 516 string representing multiple domain name labels MAY be concatenated 517 to the end of the search pattern to limit the scope of the search. 518 For example, the search pattern "exam*" will match "example.com" and 519 "example.net". The search pattern "exam*.com" will match 520 "example.com". Note that these search patterns include implied 521 beginning and end of string regular expression markers, and the 522 "example*.com" search would be translated into a POSIX regular 523 expression as "^example.*\.com$". Additional pattern matching 524 processing is beyond the scope of this specification. 526 If a server receives a search request but cannot process the request 527 because it does not support a particular style of partial match 528 searching, it SHOULD return an HTTP 422 [RFC4918] error. When 529 returning a 422 error, the server MAY also return an error response 530 body as specified in Section 7 of [I-D.ietf-weirds-json-response] if 531 the requested media type is one that is specified in 532 [I-D.ietf-weirds-using-http]. 534 Partial matching is not feasible across combinations of Unicode 535 characters because Unicode characters can be combined with another 536 Unicode character or characters. Servers SHOULD NOT partially match 537 combinations of Unicode characters where a Unicode character may be 538 legally combined with another Unicode character or characters. 539 Clients should avoid submitting a partial match search of Unicode 540 characters where a Unicode character may be legally combined with 541 another Unicode character or characters. Partial match searches with 542 incomplete combinations of characters where a character must be 543 combined with another character or characters are invalid. Partial 544 match searches with characters that may be combined with another 545 character or characters are to be considered non-combined characters 546 (that is, if character x may be combined with character y but 547 character y is not submitted in the search string then character x is 548 a complete character and no combinations of character x are to be 549 searched). 551 Servers can expect to receive search patterns from clients that 552 contain character strings encoded in different forms supported by 553 HTTP. It is entirely possible to apply filters and normalization 554 rules to search patterns prior to making character comparisons, but 555 this type of processing is more typically needed to determine the 556 validity of registered strings than to match patterns. 558 An RDAP client submitting a query string containing non-US-ASCII 559 characters converts such strings into Unicode in UTF-8 encoding. It 560 then performs any local case mapping deemed necessary. Strings are 561 normalized using Normalization Form C (NFC, [Unicode-UAX15]); note 562 that clients might not be able to do this reliably. 564 An RDAP server treats each query string as Unicode in UTF-8 encoding. 565 If a string is not valid UTF-8, the server can immediately stop 566 processing the query and return an HTTP 400 error response code. 568 When processing queries, there is a difference in handling DNS names, 569 including those including putative U-labels, and everything else. 570 DNS names are treated according to the DNS matching rules as 571 described in Section 3.1 of RFC 1035 [RFC1035] for NR-LDH labels and 572 the matching rules described in Section 5.4 of RFC 5891 [RFC5891] for 573 U-labels. Matching of DNS names proceeds one label at a time, 574 because it is possible for a combination of U-labels and NR-LDH 575 labels to be found in a single domain or host name. The 576 determination of whether a label is a U-label or an NR-LDH label is 577 based on whether the label contains any characters outside of the US- 578 ASCII letters, digits, or hyphen (the so-called LDH rule). 580 For everything else, servers map fullwidth and halfwidth characters 581 to their decomposition equivalents. Servers convert strings to the 582 same coded character set of the target data that is to be looked up 583 or searched and each string is normalized using the same 584 normalization that was used on the target data. In general, storage 585 of strings as Unicode is RECOMMENDED. For the purposes of 586 comparison, Normalization Form KC (NFKC, [Unicode-UAX15]) with case 587 folding is used to maximize predictability and the number of matches. 588 Note the use of case-folded NFKC as opposed to NFC in this case. 590 Conceptually, a name-record in a database may include a link to an 591 associated name-record, which may include a link to another such 592 record, and so on. If an implementation is to return more than one 593 name-record in response to a query, information from the records 594 thereby identified is returned. 596 Note that this model includes arrangements for associated names, 597 including those that are linked by policy mechanisms and names bound 598 together for some other purposes. Note also that returning 599 information that was not explicitly selected by an exact-match 600 lookup, including additional names that match a relatively fuzzy 601 search as well as lists of names that are linked together, may cause 602 privacy issues. 604 5. Extensibility 606 This document describes path segment specifications for a limited 607 number of objects commonly registered in both RIRs and DNRs. It does 608 not attempt to describe path segments for all of the objects 609 registered in all registries. Custom path segments can be created 610 for objects not specified here using the process described in 611 Section 6 of "HTTP usage in the Registration Data Access Protocol 612 (RDAP)" [I-D.ietf-weirds-using-http]. 614 Custom path segments can be created by prefixing the segment with a 615 unique identifier followed by an underscore character (0x5F). For 616 example, a custom entity path segment could be created by prefixing 617 "entity" with "custom_", producing "custom_entity". Servers MUST 618 return an appropriate failure status code for a request with an 619 unrecognized path segment. 621 6. Internationalization Considerations 623 There is value in supporting the ability to submit either a U-label 624 (Unicode form of an IDN label) or an A-label (ASCII form of an IDN 625 label) as a query argument to an RDAP service. Clients capable of 626 processing non-ASCII characters may prefer a U-label since this is 627 more visually recognizable and familiar than A-label strings, but 628 clients using programmatic interfaces might find it easier to submit 629 and display A-labels if they are unable to input U-labels with their 630 keyboard configuration. Both query forms are acceptable. 632 Internationalized domain and name server names can contain character 633 variants and variant labels as described in RFC 4290 [RFC4290]. 634 Clients that support queries for internationalized domain and name 635 server names MUST accept service provider responses that describe 636 variants as specified in "JSON Responses for the Registration Data 637 Access Protocol" [I-D.ietf-weirds-json-response]. 639 7. IANA Considerations 641 This document does not specify any IANA actions. 643 8. Security Considerations 645 Security services for the operations specified in this document are 646 described in "Security Services for the Registration Data Access 647 Protocol" [I-D.ietf-weirds-rdap-sec]. 649 Search functionality typically requires more server resources (such 650 as memory, CPU cycles, and network bandwidth) when compared to basic 651 lookup functionality. This increases the risk of server resource 652 exhaustion and subsequent denial of service due to abuse. This risk 653 can be mitigated by developing and implementing controls to restrict 654 search functionality to identified and authorized clients. If those 655 clients behave badly, their search privileges can be suspended or 656 revoked. Rate limiting as described in Section 5.5 of "HTTP usage in 657 the Registration Data Access Protocol (RDAP)" 658 [I-D.ietf-weirds-using-http] can also be used to control the rate of 659 received search requests. Server operators can also reduce their 660 risk by restricting the amount of information returned in response to 661 a search request. 663 Search functionality also increases the privacy risk of disclosing 664 object relationships that might not otherwise be obvious. For 665 example, a search that returns IDN variants [RFC6927] that do not 666 explicitly match a client-provided search pattern can disclose 667 information about registered domain names that might not be otherwise 668 available. Implementers need to consider the policy and privacy 669 implications of returning information that was not explicitly 670 requested. 672 9. Acknowledgements 674 This document is derived from original work on RIR query formats 675 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 676 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 678 Additionally, this document incorporates DNR query formats originally 679 described by Francisco Arias and Steve Sheng of ICANN and Scott 680 Hollenbeck of Verisign Labs. 682 The authors would like to acknowledge the following individuals for 683 their contributions to this document: Francisco Arias, Marc Blanchet, 684 Ernie Dainow, Jean-Philippe Dionne, Behnam Esfahbod, John Klensin, 685 Edward Lewis, John Levine, Mark Nottingham, and Andrew Sullivan. 687 10. References 689 10.1. Normative References 691 [I-D.ietf-weirds-bootstrap] 692 Blanchet, M. and G. Leclanche, "Finding the Authoritative 693 Registration Data (RDAP) Service", draft-ietf-weirds- 694 bootstrap-04 (work in progress), July 2014. 696 [I-D.ietf-weirds-json-response] 697 Newton, A. and S. Hollenbeck, "JSON Responses for the 698 Registration Data Access Protocol (RDAP)", draft-ietf- 699 weirds-json-response-08 (work in progress), August 2014. 701 [I-D.ietf-weirds-rdap-sec] 702 Hollenbeck, S. and N. Kong, "Security Services for the 703 Registration Data Access Protocol", draft-ietf-weirds- 704 rdap-sec-08 (work in progress), August 2014. 706 [I-D.ietf-weirds-using-http] 707 Newton, A., Ellacott, B., and N. Kong, "HTTP usage in the 708 Registration Data Access Protocol (RDAP)", draft-ietf- 709 weirds-using-http-10 (work in progress), August 2014. 711 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 712 host table specification", RFC 952, October 1985. 714 [RFC1035] Mockapetris, P., "Domain names - implementation and 715 specification", STD 13, RFC 1035, November 1987. 717 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application 718 and Support", STD 3, RFC 1123, October 1989. 720 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 721 numbers", RFC 1166, July 1990. 723 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 724 Requirement Levels", BCP 14, RFC 2119, March 1997. 726 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 727 Resource Identifier (URI): Generic Syntax", STD 66, RFC 728 3986, January 2005. 730 [RFC4290] Klensin, J., "Suggested Practices for Registration of 731 Internationalized Domain Names (IDN)", RFC 4290, December 732 2005. 734 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 735 Architecture", RFC 4291, February 2006. 737 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 738 (CIDR): The Internet Address Assignment and Aggregation 739 Plan", BCP 122, RFC 4632, August 2006. 741 [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed 742 Authoring and Versioning (WebDAV)", RFC 4918, June 2007. 744 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 745 Autonomous System (AS) Numbers", RFC 5396, December 2008. 747 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 748 STD 69, RFC 5730, August 2009. 750 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 751 Contact Mapping", STD 69, RFC 5733, August 2009. 753 [RFC5890] Klensin, J., "Internationalized Domain Names for 754 Applications (IDNA): Definitions and Document Framework", 755 RFC 5890, August 2010. 757 [RFC5891] Klensin, J., "Internationalized Domain Names in 758 Applications (IDNA): Protocol", RFC 5891, August 2010. 760 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 761 Address Text Representation", RFC 5952, August 2010. 763 [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 764 (HTTP/1.1): Message Syntax and Routing", RFC 7230, June 765 2014. 767 [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 768 (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. 770 [Unicode-UAX15] 771 The Unicode Consortium, "Unicode Standard Annex #15: 772 Unicode Normalization Forms", September 2013, 773 . 775 10.2. Informative References 777 [REST] Fielding, R. and R. Taylor, "Principled Design of the 778 Modern Web Architecture", ACM Transactions on Internet 779 Technology Vol. 2, No. 2, May 2002. 781 [RFC1594] Marine, A., Reynolds, J., and G. Malkin, "FYI on Questions 782 and Answers - Answers to Commonly asked "New Internet 783 User" Questions", RFC 1594, March 1994. 785 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 786 September 2004. 788 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 789 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 790 March 2005. 792 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 793 Registered in Top-Level Domains", RFC 6927, May 2013. 795 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 796 Interchange Format", RFC 7159, March 2014. 798 Appendix A. Change Log 800 Initial -00: Adopted as working group document. 801 -01: Added "Conventions Used in This Document" section. Added 802 normative reference to draft-ietf-weirds-rdap-sec and some 803 wrapping text in the Security Considerations section. 804 -02: Removed "unified" from the title. Rewrote the last paragraph 805 of section 2. Edited the first paragraph of section 3 to more 806 clearly note that only one path segment is provided. Added 807 "bitmask" to "length" in section 3.1. Changed "lowest IP network" 808 to "smallest IP network" in section 3.1. Added "asplain" to the 809 description of autonomous system numbers in section 3.2. Minor 810 change from "semantics is" to "semantics are" in section 3.2. 811 Changed the last sentence in section 4 to more clearly specify 812 error response behavior. Added acknowledgements. Added a 813 paragraph in the introduction regarding future IETF standards and 814 extensibility. 815 -03: Changed 'query' to 'lookup' in document title to better 816 describe the 'exact match lookup' purpose of this document. 817 Included a multitude of minor additions and clarifications 818 provided by Marc Blanchet and Jean-Philippe Dionne. Modified the 819 domain and name server sections to include support for IDN 820 U-labels. 822 -04: Updated the domain and name server sections to use .example IDN 823 U-labels. Added text to note that mixed IDN labels SHOULD NOT be 824 used. Fixed broken sentences in Section 6. 825 -05: Added "help" path segment. 826 -06: Added search text and removed or edited old search text. 827 -07: Fixed query parameter typo by replacing "/?" with "?". Changed 828 "asplain" to "AS Plain". Added entity search by handle. 829 Corrected section references. Updated IDN search text. 830 -08: Revised URI formats and added IANA instructions to create a 831 registry entry for the "rdap" well-known prefix. Revised search 832 processing text and added search privacy consideration. 833 Synchronized examples with response draft. 834 -09: More search processing and URI prefix updates. Updated fully- 835 qualified domain name reference. 836 -10: Added name server search by IP address. 837 -11: Replaced reference to RFC 4627 with reference to RFC 7159. 838 Replaced .well-known with bootstrap-defined prefix. Replaced 839 references to RFC 2616 with references to RFC 7231 and draft-ietf- 840 httpbis-http2, adding a note to make it clear that 2616 is an 841 acceptable reference if http2 isn't ready when needed. 842 -12: IDN label processing clarification. Added domain search by 843 name server name and name server IP address. Minor text editing 844 for consistency in the search sections. Replaced reference to 845 draft-ietf-httpbis-http2 with a reference to RFC 7230 and removed 846 reference note. 847 -13: Added HTTP HEAD reference in Section 3.2. 849 Authors' Addresses 851 Andrew Lee Newton 852 American Registry for Internet Numbers 853 3635 Concorde Parkway 854 Chantilly, VA 20151 855 US 857 Email: andy@arin.net 858 URI: http://www.arin.net 860 Scott Hollenbeck 861 Verisign Labs 862 12061 Bluemont Way 863 Reston, VA 20190 864 US 866 Email: shollenbeck@verisign.com 867 URI: http://www.verisignlabs.com/