idnits 2.17.1 draft-ietf-weirds-rdap-query-14.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 22, 2014) is 3503 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-weirds-bootstrap-06 == Outdated reference: A later version (-14) exists of draft-ietf-weirds-json-response-08 == Outdated reference: A later version (-12) exists of draft-ietf-weirds-rdap-sec-08 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-rdap-sec' == Outdated reference: A later version (-15) exists of draft-ietf-weirds-using-http-11 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-using-http' ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Downref: Normative reference to an Informational RFC: RFC 4290 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' -- Obsolete informational reference (is this intentional?): RFC 1594 (Obsoleted by RFC 2664) -- Obsolete informational reference (is this intentional?): RFC 7159 (Obsoleted by RFC 8259) Summary: 5 errors (**), 0 flaws (~~), 5 warnings (==), 6 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Newton 3 Internet-Draft ARIN 4 Intended status: Standards Track S. Hollenbeck 5 Expires: March 26, 2015 Verisign Labs 6 September 22, 2014 8 Registration Data Access Protocol Query Format 9 draft-ietf-weirds-rdap-query-14 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. These 17 uniform patterns define the query syntax for the Registration Data 18 Access Protocol (RDAP). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on March 26, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Conventions Used in This Document . . . . . . . . . . . . . . 2 55 1.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 2 56 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Path Segment Specification . . . . . . . . . . . . . . . . . 4 58 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 5 59 3.1.1. IP Network Path Segment Specification . . . . . . . . 5 60 3.1.2. Autonomous System Path Segment Specification . . . . 6 61 3.1.3. Domain Path Segment Specification . . . . . . . . . . 6 62 3.1.4. Name Server Path Segment Specification . . . . . . . 7 63 3.1.5. Entity Path Segment Specification . . . . . . . . . . 8 64 3.1.6. Help Path Segment Specification . . . . . . . . . . . 8 65 3.2. Search Path Segment Specification . . . . . . . . . . . . 8 66 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 9 67 3.2.2. Name Server Search . . . . . . . . . . . . . . . . . 10 68 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 11 69 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 12 70 4.1. Partial String Searching . . . . . . . . . . . . . . . . 12 71 4.2. Character Encoding Considerations . . . . . . . . . . . . 13 72 4.3. Associated Records . . . . . . . . . . . . . . . . . . . 14 73 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 14 74 6. Internationalization Considerations . . . . . . . . . . . . . 14 75 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 76 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 77 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 15 78 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 79 10.1. Normative References . . . . . . . . . . . . . . . . . . 16 80 10.2. Informative References . . . . . . . . . . . . . . . . . 18 81 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 18 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 84 1. Conventions Used in This Document 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 88 document are to be interpreted as described in RFC 2119 [RFC2119]. 90 1.1. Acronyms and Abbreviations 92 IDN: Internationalized Domain Name 93 IDNA: Internationalized Domain Names in Applications 94 DNR: Domain Name Registry 95 NFC: Unicode Normalization Form C 96 NFKC: Unicode Normalization Form KC 97 RDAP: Registration Data Access Protocol 98 REST: Representational State Transfer State Transfer. The term 99 was first described in a doctoral dissertation [REST]. 100 RESTful: An adjective that describes a service using HTTP and the 101 principles of REST. 102 RIR: Regional Internet Registry 104 2. Introduction 106 This document describes a specification for querying registration 107 data using a RESTful web service and uniform query patterns. The 108 service is implemented using the Hypertext Transfer Protocol (HTTP) 109 [RFC7230]. These uniform patterns define the query syntax for the 110 Registration Data Access Protocol (RDAP). 112 The protocol described in this specification is intended to address 113 deficiencies with the WHOIS protocol [RFC3912] that have been 114 identified over time, including: 116 o Lack of standardized command structures, 117 o lack of standardized output and error structures, 118 o lack of support for internationalization and localization, and 119 o lack of support for user identification, authentication, and 120 access control. 122 The patterns described in this document purposefully do not encompass 123 all of the methods employed in the WHOIS and RESTful web services of 124 all of the RIRs and DNRs. The intent of the patterns described here 125 are to enable queries of: 127 o networks by IP address, 128 o autonomous system numbers by number, 129 o reverse DNS meta-data by domain, 130 o name servers by name, 131 o registrars by name, and 132 o entities (such as contacts) by identifier. 134 Server implementations are free to support only a subset of these 135 features depending on local requirements. If a server receives a 136 query that it cannot process because it is not implemented it SHOULD 137 return an HTTP 501 [RFC7231] error. It is also envisioned that each 138 registry will continue to maintain WHOIS and/or RESTful web services 139 specific to their needs and those of their constituencies, and the 140 information retrieved through the patterns described here may 141 reference such services. 143 Likewise, future IETF standards may add additional patterns for 144 additional query types. A simple pattern namespacing scheme is 145 described in Section 5 to accommodate custom extensions that will not 146 interfere with the patterns defined in this document or patterns 147 defined in future IETF standards. 149 WHOIS services, in general, are read-only services. Therefore URL 150 [RFC3986] patterns specified in this document are only applicable to 151 the HTTP [RFC7231] GET and HEAD methods. 153 This document does not describe the results or entities returned from 154 issuing the described URLs with an HTTP GET. JSON [RFC7159] result 155 formatting and processing is described in 156 [I-D.ietf-weirds-json-response]. 158 Additionally, resource management, provisioning and update functions 159 are out of scope for this document. Registries have various and 160 divergent methods covering these functions, and it is unlikely a 161 uniform approach for these functions will ever be possible. 163 HTTP contains mechanisms for servers to authenticate clients and for 164 clients to authenticate servers (from which authorization schemes may 165 be built) so such mechanisms are not described in this document. 166 Policy, provisioning, and processing of authentication and 167 authorization are out-of-scope for this document as deployments will 168 have to make choices based on local criteria. Supported 169 authentication mechanisms are described in 170 [I-D.ietf-weirds-rdap-sec]. 172 3. Path Segment Specification 174 The base URLs used to construct RDAP queries are maintained in an 175 IANA registry described in [I-D.ietf-weirds-bootstrap]. Queries are 176 formed by retrieving the appropriate base URL from the registry and 177 appending a path segment specified in either Section 3.1 or 178 Section 3.2. Generally, a registry or other service provider will 179 provide a base URL that identifies the protocol, host and port, and 180 this will be used as a base URL that the complete URL is resolved 181 against, as per Section 5 of RFC 3986 [RFC3986]. For example, if the 182 base URL is "http://example.com/rdap/", all RDAP query URLs will 183 begin with "http://example.com/rdap/". 185 The bootstrap registry does not contain information for query objects 186 that are not part of a global namespace, including entities and help. 187 A base URL for an associated object is required to construct a 188 complete query. 190 For entities: Retrieve a base URL for the service (domain, address, 191 etc.) associated with a given entity. The query URL is constructed 192 by concatenating the base URL to the entity path segment specified in 193 either Section 3.1.5 or Section 3.2.3. 195 For help: Retrieve a base URL for any service (domain, address, etc.) 196 for which additional information is required. The query URL is 197 constructed by concatenating the base URL to the help path segment 198 specified in either Section 3.1.6. 200 3.1. Lookup Path Segment Specification 202 The resource type path segments for exact match lookup are: 204 o 'ip': Used to identify IP networks and associated data referenced 205 using either an IPv4 or IPv6 address. 206 o 'autnum': Used to identify autonomous system registrations and 207 associated data referenced using an AS Plain autonomous system 208 number. 209 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 210 information and associated data referenced using a fully-qualified 211 domain name. 212 o 'nameserver': Used to identify a name server information query 213 using a host name. 214 o 'entity': Used to identify an entity information query using a 215 string identifier. 217 3.1.1. IP Network Path Segment Specification 219 Syntax: ip/ or ip// 221 Queries for information about IP networks are of the form /ip/XXX/... 222 or /ip/XXX/YY/... where the path segment following 'ip' is either an 223 IPv4 [RFC1166] or IPv6 [RFC5952] address (i.e. XXX) or an IPv4 or 224 IPv6 CIDR [RFC4632] notation address block (i.e. XXX/YY). 225 Semantically, the simpler form using the address can be thought of as 226 a CIDR block with a bitmask length of 32 for IPv4 and a bitmask 227 length of 128 for IPv6. A given specific address or CIDR may fall 228 within multiple IP networks in a hierarchy of networks, therefore 229 this query targets the "most-specific" or smallest IP network which 230 completely encompasses it in a hierarchy of IP networks. 232 The IPv4 and IPv6 address formats supported in this query are 233 described in section 3.2.2 of [RFC3986], as IPv4address and 234 IPv6address ABNF definitions. Any valid IPv6 text address format 235 [RFC4291] can be used, compressed or not compressed. The restricted 236 rules to write a text representation of an IPv6 address [RFC5952] are 237 not mandatory. However, the zone id [RFC4007] is not appropriate in 238 this context and therefore prohibited. 240 For example, the following URL would be used to find information for 241 the most specific network containing 192.0.2.0: 243 http://example.com/rdap/ip/192.0.2.0 245 The following URL would be used to find information for the most 246 specific network containing 192.0.2.0/24: 248 http://example.com/rdap/ip/192.0.2.0/24 250 The following URL would be used to find information for the most 251 specific network containing 2001:db8::0: 253 http://example.com/rdap/ip/2001:db8::0 255 3.1.2. Autonomous System Path Segment Specification 257 Syntax: autnum/ 259 Queries for information regarding autonomous system number 260 registrations are of the form /autnum/XXX/... where XXX is an AS 261 Plain autonomous system number [RFC5396]. In some registries, 262 registration of autonomous system numbers is done on an individual 263 number basis, while other registries may register blocks of 264 autonomous system numbers. The semantics of this query are such that 265 if a number falls within a range of registered blocks, the target of 266 the query is the block registration, and that individual number 267 registrations are considered a block of numbers with a size of 1. 269 For example, the following URL would be used to find information 270 describing autonomous system number 12 (a number within a range of 271 registered blocks): 273 http://example.com/rdap/autnum/12 275 The following URL would be used to find information describing 4-byte 276 autonomous system number 65538: 278 http://example.com/rdap/autnum/65538 280 3.1.3. Domain Path Segment Specification 282 Syntax: domain/ 284 Queries for domain information are of the form /domain/XXXX/..., 285 where XXXX is a fully-qualified (relative to the root) domain name 286 [RFC1594] in either the in-addr.arpa or ip6.arpa zones (for RIRs) or 287 a fully-qualified domain name in a zone administered by the server 288 operator (for DNRs). Internationalized domain names represented in 289 either A-label or U-label format [RFC5890] are also valid domain 290 names. 292 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; 293 that is, all internationalized labels in an IDN SHOULD be either 294 A-labels or U-labels. It is possible for an RDAP client to assemble 295 a query string from multiple independent data sources. Such a client 296 might not be able to perform conversions between A-labels and 297 U-labels. An RDAP server that receives a query string with a mixture 298 of A-labels and U-labels MAY convert all the U-labels to A-labels, 299 perform IDNA processing, and proceed with exact-match lookup. In 300 such cases, the response to be returned to the query source may not 301 match the input from the query source. Alternatively, the server MAY 302 refuse to process the query. 304 The server MAY perform the match using either the A-label or U-label 305 form. Using one consistent form for matching every label is likely 306 to be more reliable. 308 The following URL would be used to find information describing the 309 zone serving the network 192.0.2/24: 311 http://example.com/rdap/domain/2.0.192.in-addr.arpa 313 The following URL would be used to find information describing the 314 zone serving the network 2001:db8:1::/48: 316 http://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 318 The following URL would be used to find information for the 319 blah.example.com domain name: 321 http://example.com/rdap/domain/blah.example.com 323 The following URL would be used to find information for the 324 xn--fo-5ja.example IDN: 326 http://example.com/rdap/domain/xn--fo-5ja.example 328 3.1.4. Name Server Path Segment Specification 330 Syntax: nameserver/ 332 The parameter represents a fully qualified name as 333 specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123]. 334 Internationalized names represented in either A-label or U-label 335 format [RFC5890] are also valid name server names. IDN processing 336 for name server names uses the domain name processing instructions 337 specified in Section 3.1.3. 339 The following URL would be used to find information for the 340 ns1.example.com name server: 342 http://example.com/rdap/nameserver/ns1.example.com 344 The following URL would be used to find information for the 345 ns1.xn--fo-5ja.example name server: 347 http://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 349 3.1.5. Entity Path Segment Specification 351 Syntax: entity/ 353 The parameter represents an entity (such as a contact, 354 registrant, or registrar) identifier whose syntax is specific to the 355 registration provider. For example, for some DNRs contact 356 identifiers are specified in RFC 5730 [RFC5730] and RFC 5733 357 [RFC5733]. 359 The following URL would be used to find information for the entity 360 associated with handle XXXX: 362 http://example.com/rdap/entity/XXXX 364 3.1.6. Help Path Segment Specification 366 Syntax: help 368 The help path segment can be used to request helpful information 369 (command syntax, terms of service, privacy policy, rate limiting 370 policy, supported authentication methods, supported extensions, 371 technical support contact, etc.) from an RDAP server. The response 372 to "help" should provide basic information that a client needs to 373 successfully use the service. The following URL would be used to 374 return "help" information: 376 http://example.com/rdap/help 378 3.2. Search Path Segment Specification 380 A simple search to determine if an object exists (or not) without 381 returning RDAP-encoded results can be performed using the HTTP HEAD 382 method as described in Section 4.1 of [I-D.ietf-weirds-using-http]. 384 The resource type path segments for search are: 386 o 'domains': Used to identify a domain name information search using 387 a pattern to match a fully-qualified domain name. 388 o 'nameservers': Used to identify a name server information search 389 using a pattern to match a host name. 390 o 'entities': Used to identify an entity information search using a 391 pattern to match a string identifier. 393 RDAP search path segments are formed using a concatenation of the 394 plural form of the object being searched for and an HTTP query 395 string. The HTTP query string is formed using a concatenation of the 396 question mark character ('?', ASCII value 0x003F), the JSON object 397 value associated with the object being searched for, the equal sign 398 character ('=', ASCII value 0x003D), and the search pattern. Search 399 pattern query processing is described more fully in Section 4. For 400 the domain and entity objects described in this document the plural 401 object forms are "domains" and "entities". 403 Detailed results can be retrieved using the HTTP GET method and the 404 path segments specified here. 406 3.2.1. Domain Search 408 Syntax: domains?name= 410 Syntax: domains?nsLdhName= 412 Syntax: domains?nsIp= 414 Searches for domain information by name are specified using this 415 form: 417 /domains?name=XXXX 419 XXXX is a search pattern representing a domain name in "letters, 420 digits, hyphen" format [RFC5890] in a zone administered by the server 421 operator of a DNR. The following URL would be used to find DNR 422 information for domain names matching the "example*.com" pattern: 424 http://example.com/rdap/domains?name=example*.com 426 Internationalized Domain Names (IDNs) in U-label format [RFC5890] can 427 also be used as search patterns (see Section 4). Searches for these 428 names are of the form /domains?name=XXXX, where XXXX is a search 429 pattern representing a domain name in U-label format [RFC5890]. 431 Searches for domain information by name server name are specified 432 using this form: 434 /domains?nsLdhName=YYYY 436 YYYY is a search pattern representing a host name in "letters, 437 digits, hyphen" format [RFC5890] in a zone administered by the server 438 operator of a DNR. The following URL would be used to search for 439 domains delegated to name servers matching the "ns1.example*.com" 440 pattern: 442 http://example.com/rdap/domains?nsLdhName=ns1.example*.com 444 Searches for domain information by name server IP address are 445 specified using this form: 447 /domains?nsIp=ZZZZ 449 ZZZZ is a search pattern representing an IPv4 [RFC1166] or IPv6 450 [RFC5952] address. The following URL would be used to search for 451 domains that have been delegated to name servers that resolve to the 452 "192.0.2.0" address: 454 http://example.com/rdap/domains?nsIp=192.0.2.0 456 3.2.2. Name Server Search 458 Syntax: nameservers?name= 460 Syntax: nameservers?ip= 462 Searches for name server information by name server name are 463 specified using this form: 465 /nameservers?name=XXXX 467 XXXX is a search pattern representing a host name in "letters, 468 digits, hyphen" format [RFC5890] in a zone administered by the server 469 operator of a DNR. The following URL would be used to find DNR 470 information for name server names matching the "ns1.example*.com" 471 pattern: 473 http://example.com/rdap/nameservers?name=ns1.example*.com 475 Internationalized name server names in U-label format [RFC5890] can 476 also be used as search patterns (see Section 4). Searches for these 477 names are of the form /nameservers?name=XXXX, where XXXX is a search 478 pattern representing a name server name in U-label format [RFC5890]. 480 Searches for name server information by name server IP address are 481 specified using this form: 483 /nameservers?ip=YYYY 485 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 486 [RFC5952] address. The following URL would be used to search for 487 name server names that resolve to the "192.0.2.0" address: 489 http://example.com/rdap/nameservers?ip=192.0.2.0 491 3.2.3. Entity Search 493 Syntax: entities?fn= 495 Syntax: entities?handle= 497 Searches for entity information by name are specified using this 498 form: 500 /entities?fn=XXXX 502 where XXXX is a search pattern representing an entity name as 503 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 504 following URL would be used to find information for entity names 505 matching the "Bobby Joe*" pattern. 507 http://example.com/rdap/entities?fn=Bobby%20Joe* 509 Searches for entity information by handle are specified using this 510 form: 512 /entities?handle=XXXX 514 where XXXX is a search pattern representing an entity handle as 515 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 516 following URL would be used to find information for entity names 517 matching the "CID-40*" pattern. 519 http://example.com/rdap/entities?handle=CID-40* 521 URLs MUST be properly encoded according to the rules of [RFC3986]. 522 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 524 4. Query Processing 526 Servers indicate the success or failure of query processing by 527 returning an appropriate HTTP response code to the client. Response 528 codes not specifically identified in this document are described in 529 [I-D.ietf-weirds-using-http]. 531 4.1. Partial String Searching 533 Partial string searching uses the asterisk ('*', ASCII value 0x002A) 534 character to match zero or more trailing characters. A character 535 string representing multiple domain name labels MAY be concatenated 536 to the end of the search pattern to limit the scope of the search. 537 For example, the search pattern "exam*" will match "example.com" and 538 "example.net". The search pattern "exam*.com" will match 539 "example.com". Note that these search patterns include implied 540 beginning and end of string regular expression markers, and the 541 "example*.com" search would be translated into a POSIX regular 542 expression as "^example.*\.com$". Additional pattern matching 543 processing is beyond the scope of this specification. 545 If a server receives a search request but cannot process the request 546 because it does not support a particular style of partial match 547 searching, it SHOULD return an HTTP 422 [RFC4918] error. When 548 returning a 422 error, the server MAY also return an error response 549 body as specified in Section 7 of [I-D.ietf-weirds-json-response] if 550 the requested media type is one that is specified in 551 [I-D.ietf-weirds-using-http]. 553 Partial matching is not feasible across combinations of Unicode 554 characters because Unicode characters can be combined with another 555 Unicode character or characters. Servers SHOULD NOT partially match 556 combinations of Unicode characters where a Unicode character may be 557 legally combined with another Unicode character or characters. It 558 should be noted, though, that it may not always be possible to detect 559 possible cases where a character could have been combined with 560 another character, but was not, because of the way combining 561 characters can be combined with many other characters. 563 Clients should avoid submitting a partial match search of Unicode 564 characters where a Unicode character may be legally combined with 565 another Unicode character or characters. Partial match searches with 566 incomplete combinations of characters where a character must be 567 combined with another character or characters are invalid. Partial 568 match searches with characters that may be combined with another 569 character or characters are to be considered non-combined characters 570 (that is, if character x may be combined with character y but 571 character y is not submitted in the search string then character x is 572 a complete character and no combinations of character x are to be 573 searched). 575 4.2. Character Encoding Considerations 577 Servers can expect to receive search patterns from clients that 578 contain character strings encoded in different forms supported by 579 HTTP. It is entirely possible to apply filters and normalization 580 rules to search patterns prior to making character comparisons, but 581 this type of processing is more typically needed to determine the 582 validity of registered strings than to match patterns. 584 An RDAP client submitting a query string containing non-US-ASCII 585 characters converts such strings into Unicode in UTF-8 encoding. It 586 then performs any local case mapping deemed necessary. Strings are 587 normalized using Normalization Form C (NFC, [Unicode-UAX15]); note 588 that clients might not be able to do this reliably. 590 An RDAP server treats each query string as Unicode in UTF-8 encoding. 591 If a string is not valid UTF-8, the server can immediately stop 592 processing the query and return an HTTP 400 error response code. 594 When processing queries, there is a difference in handling DNS names, 595 including those including putative U-labels, and everything else. 596 DNS names are treated according to the DNS matching rules as 597 described in Section 3.1 of RFC 1035 [RFC1035] for NR-LDH labels and 598 the matching rules described in Section 5.4 of RFC 5891 [RFC5891] for 599 U-labels. Matching of DNS names proceeds one label at a time, 600 because it is possible for a combination of U-labels and NR-LDH 601 labels to be found in a single domain or host name. The 602 determination of whether a label is a U-label or an NR-LDH label is 603 based on whether the label contains any characters outside of the US- 604 ASCII letters, digits, or hyphen (the so-called LDH rule). 606 For everything else, servers map fullwidth and halfwidth characters 607 to their decomposition equivalents. Servers convert strings to the 608 same coded character set of the target data that is to be looked up 609 or searched and each string is normalized using the same 610 normalization that was used on the target data. In general, storage 611 of strings as Unicode is RECOMMENDED. For the purposes of 612 comparison, Normalization Form KC (NFKC, [Unicode-UAX15]) with case 613 folding is used to maximize predictability and the number of matches. 614 Note the use of case-folded NFKC as opposed to NFC in this case. 616 4.3. Associated Records 618 Conceptually, a name-record in a database may include a link to an 619 associated name-record, which may include a link to another such 620 record, and so on. If an implementation is to return more than one 621 name-record in response to a query, information from the records 622 thereby identified is returned. 624 Note that this model includes arrangements for associated names, 625 including those that are linked by policy mechanisms and names bound 626 together for some other purposes. Note also that returning 627 information that was not explicitly selected by an exact-match 628 lookup, including additional names that match a relatively fuzzy 629 search as well as lists of names that are linked together, may cause 630 privacy issues. 632 5. Extensibility 634 This document describes path segment specifications for a limited 635 number of objects commonly registered in both RIRs and DNRs. It does 636 not attempt to describe path segments for all of the objects 637 registered in all registries. Custom path segments can be created 638 for objects not specified here using the process described in 639 Section 6 of "HTTP usage in the Registration Data Access Protocol 640 (RDAP)" [I-D.ietf-weirds-using-http]. 642 Custom path segments can be created by prefixing the segment with a 643 unique identifier followed by an underscore character (0x5F). For 644 example, a custom entity path segment could be created by prefixing 645 "entity" with "custom_", producing "custom_entity". Servers MUST 646 return an appropriate failure status code for a request with an 647 unrecognized path segment. 649 6. Internationalization Considerations 651 There is value in supporting the ability to submit either a U-label 652 (Unicode form of an IDN label) or an A-label (ASCII form of an IDN 653 label) as a query argument to an RDAP service. Clients capable of 654 processing non-ASCII characters may prefer a U-label since this is 655 more visually recognizable and familiar than A-label strings, but 656 clients using programmatic interfaces might find it easier to submit 657 and display A-labels if they are unable to input U-labels with their 658 keyboard configuration. Both query forms are acceptable. 660 Internationalized domain and name server names can contain character 661 variants and variant labels as described in RFC 4290 [RFC4290]. 662 Clients that support queries for internationalized domain and name 663 server names MUST accept service provider responses that describe 664 variants as specified in "JSON Responses for the Registration Data 665 Access Protocol" [I-D.ietf-weirds-json-response]. 667 7. IANA Considerations 669 This document does not specify any IANA actions. 671 8. Security Considerations 673 Security services for the operations specified in this document are 674 described in "Security Services for the Registration Data Access 675 Protocol" [I-D.ietf-weirds-rdap-sec]. 677 Search functionality typically requires more server resources (such 678 as memory, CPU cycles, and network bandwidth) when compared to basic 679 lookup functionality. This increases the risk of server resource 680 exhaustion and subsequent denial of service due to abuse. This risk 681 can be mitigated by developing and implementing controls to restrict 682 search functionality to identified and authorized clients. If those 683 clients behave badly, their search privileges can be suspended or 684 revoked. Rate limiting as described in Section 5.5 of "HTTP usage in 685 the Registration Data Access Protocol (RDAP)" 686 [I-D.ietf-weirds-using-http] can also be used to control the rate of 687 received search requests. Server operators can also reduce their 688 risk by restricting the amount of information returned in response to 689 a search request. 691 Search functionality also increases the privacy risk of disclosing 692 object relationships that might not otherwise be obvious. For 693 example, a search that returns IDN variants [RFC6927] that do not 694 explicitly match a client-provided search pattern can disclose 695 information about registered domain names that might not be otherwise 696 available. Implementers need to consider the policy and privacy 697 implications of returning information that was not explicitly 698 requested. 700 9. Acknowledgements 702 This document is derived from original work on RIR query formats 703 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 704 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 705 Additionally, this document incorporates DNR query formats originally 706 described by Francisco Arias and Steve Sheng of ICANN and Scott 707 Hollenbeck of Verisign Labs. 709 The authors would like to acknowledge the following individuals for 710 their contributions to this document: Francisco Arias, Marc Blanchet, 711 Ernie Dainow, Jean-Philippe Dionne, Behnam Esfahbod, John Klensin, 712 Edward Lewis, John Levine, Mark Nottingham, and Andrew Sullivan. 714 10. References 716 10.1. Normative References 718 [I-D.ietf-weirds-bootstrap] 719 Blanchet, M. and G. Leclanche, "Finding the Authoritative 720 Registration Data (RDAP) Service", draft-ietf-weirds- 721 bootstrap-06 (work in progress), September 2014. 723 [I-D.ietf-weirds-json-response] 724 Newton, A. and S. Hollenbeck, "JSON Responses for the 725 Registration Data Access Protocol (RDAP)", draft-ietf- 726 weirds-json-response-08 (work in progress), August 2014. 728 [I-D.ietf-weirds-rdap-sec] 729 Hollenbeck, S. and N. Kong, "Security Services for the 730 Registration Data Access Protocol", draft-ietf-weirds- 731 rdap-sec-08 (work in progress), August 2014. 733 [I-D.ietf-weirds-using-http] 734 Newton, A., Ellacott, B., and N. Kong, "HTTP usage in the 735 Registration Data Access Protocol (RDAP)", draft-ietf- 736 weirds-using-http-11 (work in progress), September 2014. 738 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 739 host table specification", RFC 952, October 1985. 741 [RFC1035] Mockapetris, P., "Domain names - implementation and 742 specification", STD 13, RFC 1035, November 1987. 744 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application 745 and Support", STD 3, RFC 1123, October 1989. 747 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 748 numbers", RFC 1166, July 1990. 750 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 751 Requirement Levels", BCP 14, RFC 2119, March 1997. 753 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 754 Resource Identifier (URI): Generic Syntax", STD 66, RFC 755 3986, January 2005. 757 [RFC4290] Klensin, J., "Suggested Practices for Registration of 758 Internationalized Domain Names (IDN)", RFC 4290, December 759 2005. 761 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 762 Architecture", RFC 4291, February 2006. 764 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 765 (CIDR): The Internet Address Assignment and Aggregation 766 Plan", BCP 122, RFC 4632, August 2006. 768 [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed 769 Authoring and Versioning (WebDAV)", RFC 4918, June 2007. 771 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 772 Autonomous System (AS) Numbers", RFC 5396, December 2008. 774 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 775 STD 69, RFC 5730, August 2009. 777 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 778 Contact Mapping", STD 69, RFC 5733, August 2009. 780 [RFC5890] Klensin, J., "Internationalized Domain Names for 781 Applications (IDNA): Definitions and Document Framework", 782 RFC 5890, August 2010. 784 [RFC5891] Klensin, J., "Internationalized Domain Names in 785 Applications (IDNA): Protocol", RFC 5891, August 2010. 787 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 788 Address Text Representation", RFC 5952, August 2010. 790 [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 791 (HTTP/1.1): Message Syntax and Routing", RFC 7230, June 792 2014. 794 [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 795 (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. 797 [Unicode-UAX15] 798 The Unicode Consortium, "Unicode Standard Annex #15: 799 Unicode Normalization Forms", September 2013, 800 . 802 10.2. Informative References 804 [REST] Fielding, R. and R. Taylor, "Principled Design of the 805 Modern Web Architecture", ACM Transactions on Internet 806 Technology Vol. 2, No. 2, May 2002. 808 [RFC1594] Marine, A., Reynolds, J., and G. Malkin, "FYI on Questions 809 and Answers - Answers to Commonly asked "New Internet 810 User" Questions", RFC 1594, March 1994. 812 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 813 September 2004. 815 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 816 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 817 March 2005. 819 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 820 Registered in Top-Level Domains", RFC 6927, May 2013. 822 [RFC7159] Bray, T., "The JavaScript Object Notation (JSON) Data 823 Interchange Format", RFC 7159, March 2014. 825 Appendix A. Change Log 827 Initial -00: Adopted as working group document. 828 -01: Added "Conventions Used in This Document" section. Added 829 normative reference to draft-ietf-weirds-rdap-sec and some 830 wrapping text in the Security Considerations section. 831 -02: Removed "unified" from the title. Rewrote the last paragraph 832 of section 2. Edited the first paragraph of section 3 to more 833 clearly note that only one path segment is provided. Added 834 "bitmask" to "length" in section 3.1. Changed "lowest IP network" 835 to "smallest IP network" in section 3.1. Added "asplain" to the 836 description of autonomous system numbers in section 3.2. Minor 837 change from "semantics is" to "semantics are" in section 3.2. 838 Changed the last sentence in section 4 to more clearly specify 839 error response behavior. Added acknowledgements. Added a 840 paragraph in the introduction regarding future IETF standards and 841 extensibility. 842 -03: Changed 'query' to 'lookup' in document title to better 843 describe the 'exact match lookup' purpose of this document. 844 Included a multitude of minor additions and clarifications 845 provided by Marc Blanchet and Jean-Philippe Dionne. Modified the 846 domain and name server sections to include support for IDN 847 U-labels. 849 -04: Updated the domain and name server sections to use .example IDN 850 U-labels. Added text to note that mixed IDN labels SHOULD NOT be 851 used. Fixed broken sentences in Section 6. 852 -05: Added "help" path segment. 853 -06: Added search text and removed or edited old search text. 854 -07: Fixed query parameter typo by replacing "/?" with "?". Changed 855 "asplain" to "AS Plain". Added entity search by handle. 856 Corrected section references. Updated IDN search text. 857 -08: Revised URI formats and added IANA instructions to create a 858 registry entry for the "rdap" well-known prefix. Revised search 859 processing text and added search privacy consideration. 860 Synchronized examples with response draft. 861 -09: More search processing and URI prefix updates. Updated fully- 862 qualified domain name reference. 863 -10: Added name server search by IP address. 864 -11: Replaced reference to RFC 4627 with reference to RFC 7159. 865 Replaced .well-known with bootstrap-defined prefix. Replaced 866 references to RFC 2616 with references to RFC 7231 and draft-ietf- 867 httpbis-http2, adding a note to make it clear that 2616 is an 868 acceptable reference if http2 isn't ready when needed. 869 -12: IDN label processing clarification. Added domain search by 870 name server name and name server IP address. Minor text editing 871 for consistency in the search sections. Replaced reference to 872 draft-ietf-httpbis-http2 with a reference to RFC 7230 and removed 873 reference note. 874 -13: Added HTTP HEAD reference in Section 3.2. 875 -14: Address WG last call comments. 877 Authors' Addresses 879 Andrew Lee Newton 880 American Registry for Internet Numbers 881 3635 Concorde Parkway 882 Chantilly, VA 20151 883 US 885 Email: andy@arin.net 886 URI: http://www.arin.net 888 Scott Hollenbeck 889 Verisign Labs 890 12061 Bluemont Way 891 Reston, VA 20190 892 US 894 Email: shollenbeck@verisign.com 895 URI: http://www.verisignlabs.com/