idnits 2.17.1 draft-ietf-weirds-rdap-query-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (October 27, 2014) is 3463 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Outdated reference: A later version (-11) exists of draft-ietf-weirds-bootstrap-09 == Outdated reference: A later version (-14) exists of draft-ietf-weirds-json-response-10 == Outdated reference: A later version (-12) exists of draft-ietf-weirds-rdap-sec-09 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-rdap-sec' == Outdated reference: A later version (-15) exists of draft-ietf-weirds-using-http-13 -- Possible downref: Normative reference to a draft: ref. 'I-D.ietf-weirds-using-http' ** Downref: Normative reference to an Unknown state RFC: RFC 952 ** Downref: Normative reference to an Informational RFC: RFC 1166 ** Obsolete normative reference: RFC 7230 (Obsoleted by RFC 9110, RFC 9112) ** Obsolete normative reference: RFC 7231 (Obsoleted by RFC 9110) -- Possible downref: Non-RFC (?) normative reference: ref. 'Unicode-UAX15' Summary: 4 errors (**), 0 flaws (~~), 5 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group A. Newton 3 Internet-Draft ARIN 4 Intended status: Standards Track S. Hollenbeck 5 Expires: April 30, 2015 Verisign Labs 6 October 27, 2014 8 Registration Data Access Protocol Query Format 9 draft-ietf-weirds-rdap-query-16 11 Abstract 13 This document describes uniform patterns to construct HTTP URLs that 14 may be used to retrieve registration information from registries 15 (including both Regional Internet Registries (RIRs) and Domain Name 16 Registries (DNRs)) using "RESTful" web access patterns. These 17 uniform patterns define the query syntax for the Registration Data 18 Access Protocol (RDAP). 20 Status of This Memo 22 This Internet-Draft is submitted in full conformance with the 23 provisions of BCP 78 and BCP 79. 25 Internet-Drafts are working documents of the Internet Engineering 26 Task Force (IETF). Note that other groups may also distribute 27 working documents as Internet-Drafts. The list of current Internet- 28 Drafts is at http://datatracker.ietf.org/drafts/current/. 30 Internet-Drafts are draft documents valid for a maximum of six months 31 and may be updated, replaced, or obsoleted by other documents at any 32 time. It is inappropriate to use Internet-Drafts as reference 33 material or to cite them other than as "work in progress." 35 This Internet-Draft will expire on April 30, 2015. 37 Copyright Notice 39 Copyright (c) 2014 IETF Trust and the persons identified as the 40 document authors. All rights reserved. 42 This document is subject to BCP 78 and the IETF Trust's Legal 43 Provisions Relating to IETF Documents 44 (http://trustee.ietf.org/license-info) in effect on the date of 45 publication of this document. Please review these documents 46 carefully, as they describe your rights and restrictions with respect 47 to this document. Code Components extracted from this document must 48 include Simplified BSD License text as described in Section 4.e of 49 the Trust Legal Provisions and are provided without warranty as 50 described in the Simplified BSD License. 52 Table of Contents 54 1. Conventions Used in This Document . . . . . . . . . . . . . . 2 55 1.1. Acronyms and Abbreviations . . . . . . . . . . . . . . . 2 56 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 57 3. Path Segment Specification . . . . . . . . . . . . . . . . . 4 58 3.1. Lookup Path Segment Specification . . . . . . . . . . . . 5 59 3.1.1. IP Network Path Segment Specification . . . . . . . . 5 60 3.1.2. Autonomous System Path Segment Specification . . . . 6 61 3.1.3. Domain Path Segment Specification . . . . . . . . . . 7 62 3.1.4. Name Server Path Segment Specification . . . . . . . 8 63 3.1.5. Entity Path Segment Specification . . . . . . . . . . 8 64 3.1.6. Help Path Segment Specification . . . . . . . . . . . 8 65 3.2. Search Path Segment Specification . . . . . . . . . . . . 9 66 3.2.1. Domain Search . . . . . . . . . . . . . . . . . . . . 9 67 3.2.2. Name Server Search . . . . . . . . . . . . . . . . . 10 68 3.2.3. Entity Search . . . . . . . . . . . . . . . . . . . . 11 69 4. Query Processing . . . . . . . . . . . . . . . . . . . . . . 12 70 4.1. Partial String Searching . . . . . . . . . . . . . . . . 12 71 4.2. Associated Records . . . . . . . . . . . . . . . . . . . 13 72 5. Extensibility . . . . . . . . . . . . . . . . . . . . . . . . 13 73 6. Internationalization Considerations . . . . . . . . . . . . . 14 74 6.1. Character Encoding Considerations . . . . . . . . . . . . 14 75 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 76 8. Security Considerations . . . . . . . . . . . . . . . . . . . 15 77 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 16 78 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 16 79 10.1. Normative References . . . . . . . . . . . . . . . . . . 16 80 10.2. Informative References . . . . . . . . . . . . . . . . . 18 81 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 18 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 84 1. Conventions Used in This Document 86 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 87 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 88 document are to be interpreted as described in RFC 2119 [RFC2119]. 90 1.1. Acronyms and Abbreviations 92 IDN: Internationalized Domain Name 93 IDNA: Internationalized Domain Names in Applications 94 DNR: Domain Name Registry 95 NFC: Unicode Normalization Form C 96 NFKC: Unicode Normalization Form KC 97 RDAP: Registration Data Access Protocol 98 REST: Representational State Transfer State Transfer. The term 99 was first described in a doctoral dissertation [REST]. 100 RESTful: An adjective that describes a service using HTTP and the 101 principles of REST. 102 RIR: Regional Internet Registry 104 2. Introduction 106 This document describes a specification for querying registration 107 data using a RESTful web service and uniform query patterns. The 108 service is implemented using the Hypertext Transfer Protocol (HTTP) 109 [RFC7230] and the conventions described in 110 [I-D.ietf-weirds-using-http]. These uniform patterns define the 111 query syntax for the Registration Data Access Protocol (RDAP). 113 The protocol described in this specification is intended to address 114 deficiencies with the WHOIS protocol [RFC3912] that have been 115 identified over time, including: 117 o Lack of standardized command structures, 118 o lack of standardized output and error structures, 119 o lack of support for internationalization and localization, and 120 o lack of support for user identification, authentication, and 121 access control. 123 The patterns described in this document purposefully do not encompass 124 all of the methods employed in the WHOIS and other RESTful web 125 services of all of the RIRs and DNRs. The intent of the patterns 126 described here are to enable queries of: 128 o networks by IP address, 129 o autonomous system numbers by number, 130 o reverse DNS meta-data by domain, 131 o name servers by name, 132 o registrars by name, and 133 o entities (such as contacts) by identifier. 135 Server implementations are free to support only a subset of these 136 features depending on local requirements. Servers MUST return an 137 HTTP 501 (Not Implemented) [RFC7231] response to inform clients of 138 unsupported queries. It is also envisioned that each registry will 139 continue to maintain WHOIS and/or other RESTful web services specific 140 to their needs and those of their constituencies, and the information 141 retrieved through the patterns described here may reference such 142 services. 144 Likewise, future IETF standards may add additional patterns for 145 additional query types. A simple pattern namespacing scheme is 146 described in Section 5 to accommodate custom extensions that will not 147 interfere with the patterns defined in this document or patterns 148 defined in future IETF standards. 150 WHOIS services, in general, are read-only services. Therefore URL 151 [RFC3986] patterns specified in this document are only applicable to 152 the HTTP [RFC7231] GET and HEAD methods. 154 This document does not describe the results or entities returned from 155 issuing the described URLs with an HTTP GET. The specification of 156 these entities is described in [I-D.ietf-weirds-json-response]. 158 Additionally, resource management, provisioning and update functions 159 are out of scope for this document. Registries have various and 160 divergent methods covering these functions, and it is unlikely a 161 uniform approach is needed for interoperability. 163 HTTP contains mechanisms for servers to authenticate clients and for 164 clients to authenticate servers (from which authorization schemes may 165 be built) so such mechanisms are not described in this document. 166 Policy, provisioning, and processing of authentication and 167 authorization are out-of-scope for this document as deployments will 168 have to make choices based on local criteria. Supported 169 authentication mechanisms are described in 170 [I-D.ietf-weirds-rdap-sec]. 172 3. Path Segment Specification 174 The base URLs used to construct RDAP queries are maintained in an 175 IANA registry described in [I-D.ietf-weirds-bootstrap]. Queries are 176 formed by retrieving the appropriate base URL from the registry and 177 appending a path segment specified in either Section 3.1 or 178 Section 3.2. Generally, a registry or other service provider will 179 provide a base URL that identifies the protocol, host and port, and 180 this will be used as a base URL that the complete URL is resolved 181 against, as per Section 5 of RFC 3986 [RFC3986]. For example, if the 182 base URL is "http://example.com/rdap/", all RDAP query URLs will 183 begin with "http://example.com/rdap/". 185 The bootstrap registry does not contain information for query objects 186 that are not part of a global namespace, including entities and help. 187 A base URL for an associated object is required to construct a 188 complete query. 190 For entities, a base URL is retrieved for the service (domain, 191 address, etc.) associated with a given entity. The query URL is 192 constructed by concatenating the base URL to the entity path segment 193 specified in either Section 3.1.5 or Section 3.2.3. 195 For help, a base URL is retrieved for any service (domain, address, 196 etc.) for which additional information is required. The query URL is 197 constructed by concatenating the base URL to the help path segment 198 specified in either Section 3.1.6. 200 3.1. Lookup Path Segment Specification 202 A simple lookup to determine if an object exists (or not) without 203 returning RDAP-encoded results can be performed using the HTTP HEAD 204 method as described in Section 4.1 of [I-D.ietf-weirds-using-http]. 206 The resource type path segments for exact match lookup are: 208 o 'ip': Used to identify IP networks and associated data referenced 209 using either an IPv4 or IPv6 address. 210 o 'autnum': Used to identify autonomous system registrations and 211 associated data referenced using an AS Plain autonomous system 212 number. 213 o 'domain': Used to identify reverse DNS (RIR) or domain name (DNR) 214 information and associated data referenced using a fully-qualified 215 domain name. 216 o 'nameserver': Used to identify a name server information query 217 using a host name. 218 o 'entity': Used to identify an entity information query using a 219 string identifier. 221 3.1.1. IP Network Path Segment Specification 223 Syntax: ip/ or ip// 225 Queries for information about IP networks are of the form /ip/XXX/... 226 or /ip/XXX/YY/... where the path segment following 'ip' is either an 227 IPv4 dotted-decimal or IPv6 [RFC5952] address (i.e. XXX) or an IPv4 228 or IPv6 CIDR [RFC4632] notation address block (i.e. XXX/YY). 229 Semantically, the simpler form using the address can be thought of as 230 a CIDR block with a bitmask length of 32 for IPv4 and a bitmask 231 length of 128 for IPv6. A given specific address or CIDR may fall 232 within multiple IP networks in a hierarchy of networks, therefore 233 this query targets the "most-specific" or smallest IP network which 234 completely encompasses it in a hierarchy of IP networks. 236 The IPv4 and IPv6 address formats supported in this query are 237 described in Section 3.2.2 of RFC 3986 [RFC3986], as IPv4address and 238 IPv6address ABNF definitions. Any valid IPv6 text address format 239 [RFC4291] can be used, compressed or not compressed. The rules to 240 write a text representation of an IPv6 address [RFC5952] are 241 RECOMMENDED. However, the zone_id [RFC4007] is not appropriate in 242 this context and therefore the corresponding syntax extension in RFC 243 6874 [RFC6874] MUST NOT be used. 245 For example, the following URL would be used to find information for 246 the most specific network containing 192.0.2.0: 248 http://example.com/rdap/ip/192.0.2.0 250 The following URL would be used to find information for the most 251 specific network containing 192.0.2.0/24: 253 http://example.com/rdap/ip/192.0.2.0/24 255 The following URL would be used to find information for the most 256 specific network containing 2001:db8::0: 258 http://example.com/rdap/ip/2001:db8::0 260 3.1.2. Autonomous System Path Segment Specification 262 Syntax: autnum/ 264 Queries for information regarding autonomous system number 265 registrations are of the form /autnum/XXX/... where XXX is an AS 266 Plain autonomous system number [RFC5396]. In some registries, 267 registration of autonomous system numbers is done on an individual 268 number basis, while other registries may register blocks of 269 autonomous system numbers. The semantics of this query are such that 270 if a number falls within a range of registered blocks, the target of 271 the query is the block registration, and that individual number 272 registrations are considered a block of numbers with a size of 1. 274 For example, the following URL would be used to find information 275 describing autonomous system number 12 (a number within a range of 276 registered blocks): 278 http://example.com/rdap/autnum/12 280 The following URL would be used to find information describing 4-byte 281 autonomous system number 65538: 283 http://example.com/rdap/autnum/65538 285 3.1.3. Domain Path Segment Specification 287 Syntax: domain/ 289 Queries for domain information are of the form /domain/XXXX/..., 290 where XXXX is a fully-qualified (relative to the root) domain name 291 (as specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123]) in either 292 the in-addr.arpa or ip6.arpa zones (for RIRs) or a fully-qualified 293 domain name in a zone administered by the server operator (for DNRs). 294 Internationalized domain names represented in either A-label or 295 U-label format [RFC5890] are also valid domain names. See 296 Section 6.1 for information on character encoding for the U-label 297 format. 299 IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; 300 that is, all internationalized labels in an IDN SHOULD be either 301 A-labels or U-labels. It is possible for an RDAP client to assemble 302 a query string from multiple independent data sources. Such a client 303 might not be able to perform conversions between A-labels and 304 U-labels. An RDAP server that receives a query string with a mixture 305 of A-labels and U-labels MAY convert all the U-labels to A-labels, 306 perform IDNA processing, and proceed with exact-match lookup. In 307 such cases, the response to be returned to the query source may not 308 match the input from the query source. Alternatively, the server MAY 309 refuse to process the query. 311 The server MAY perform the match using either the A-label or U-label 312 form. Using one consistent form for matching every label is likely 313 to be more reliable. 315 The following URL would be used to find information describing the 316 zone serving the network 192.0.2/24: 318 http://example.com/rdap/domain/2.0.192.in-addr.arpa 320 The following URL would be used to find information describing the 321 zone serving the network 2001:db8:1::/48: 323 http://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa 325 The following URL would be used to find information for the 326 blah.example.com domain name: 328 http://example.com/rdap/domain/blah.example.com 330 The following URL would be used to find information for the 331 xn--fo-5ja.example IDN: 333 http://example.com/rdap/domain/xn--fo-5ja.example 335 3.1.4. Name Server Path Segment Specification 337 Syntax: nameserver/ 339 The parameter represents a fully qualified host 340 name as specified in RFC 952 [RFC0952] and RFC 1123 [RFC1123]. 341 Internationalized names represented in either A-label or U-label 342 format [RFC5890] are also valid name server names. IDN processing 343 for name server names uses the domain name processing instructions 344 specified in Section 3.1.3. See Section 6.1 for information on 345 character encoding for the U-label format. 347 The following URL would be used to find information for the 348 ns1.example.com name server: 350 http://example.com/rdap/nameserver/ns1.example.com 352 The following URL would be used to find information for the 353 ns1.xn--fo-5ja.example name server: 355 http://example.com/rdap/nameserver/ns1.xn--fo-5ja.example 357 3.1.5. Entity Path Segment Specification 359 Syntax: entity/ 361 The parameter represents an entity (such as a contact, 362 registrant, or registrar) identifier whose syntax is specific to the 363 registration provider. For example, for some DNRs contact 364 identifiers are specified in RFC 5730 [RFC5730] and RFC 5733 365 [RFC5733]. 367 The following URL would be used to find information for the entity 368 associated with handle XXXX: 370 http://example.com/rdap/entity/XXXX 372 3.1.6. Help Path Segment Specification 374 Syntax: help 376 The help path segment can be used to request helpful information 377 (command syntax, terms of service, privacy policy, rate limiting 378 policy, supported authentication methods, supported extensions, 379 technical support contact, etc.) from an RDAP server. The response 380 to "help" should provide basic information that a client needs to 381 successfully use the service. The following URL would be used to 382 return "help" information: 384 http://example.com/rdap/help 386 3.2. Search Path Segment Specification 388 Pattern matching semantics are described in Section 4.1. The 389 resource type path segments for search are: 391 o 'domains': Used to identify a domain name information search using 392 a pattern to match a fully-qualified domain name. 393 o 'nameservers': Used to identify a name server information search 394 using a pattern to match a host name. 395 o 'entities': Used to identify an entity information search using a 396 pattern to match a string identifier. 398 RDAP search path segments are formed using a concatenation of the 399 plural form of the object being searched for and an HTTP query 400 string. The HTTP query string is formed using a concatenation of the 401 question mark character ('?', ASCII value 0x003F), the JSON object 402 value associated with the object being searched for, the equal sign 403 character ('=', ASCII value 0x003D), and the search pattern. Search 404 pattern query processing is described more fully in Section 4. For 405 the domain, nameserver, and entity objects described in this document 406 the plural object forms are "domains", "nameservers", and "entities". 408 Detailed results can be retrieved using the HTTP GET method and the 409 path segments specified here. 411 3.2.1. Domain Search 413 Syntax: domains?name= 415 Syntax: domains?nsLdhName= 417 Syntax: domains?nsIp= 419 Searches for domain information by name are specified using this 420 form: 422 /domains?name=XXXX 424 XXXX is a search pattern representing a domain name in "letters, 425 digits, hyphen" format [RFC5890] in a zone administered by the server 426 operator of a DNR. The following URL would be used to find DNR 427 information for domain names matching the "example*.com" pattern: 429 http://example.com/rdap/domains?name=example*.com 431 Internationalized Domain Names (IDNs) in U-label format [RFC5890] can 432 also be used as search patterns (see Section 4). Searches for these 433 names are of the form /domains?name=XXXX, where XXXX is a search 434 pattern representing a domain name in U-label format [RFC5890]. See 435 Section 6.1 for information on character encoding for the U-label 436 format. 438 Searches for domain information by name server name are specified 439 using this form: 441 /domains?nsLdhName=YYYY 443 YYYY is a search pattern representing a host name in "letters, 444 digits, hyphen" format [RFC5890] in a zone administered by the server 445 operator of a DNR. The following URL would be used to search for 446 domains delegated to name servers matching the "ns1.example*.com" 447 pattern: 449 http://example.com/rdap/domains?nsLdhName=ns1.example*.com 451 Searches for domain information by name server IP address are 452 specified using this form: 454 /domains?nsIp=ZZZZ 456 ZZZZ is a search pattern representing an IPv4 [RFC1166] or IPv6 457 [RFC5952] address. The following URL would be used to search for 458 domains that have been delegated to name servers that resolve to the 459 "192.0.2.0" address: 461 http://example.com/rdap/domains?nsIp=192.0.2.0 463 3.2.2. Name Server Search 465 Syntax: nameservers?name= 467 Syntax: nameservers?ip= 469 Searches for name server information by name server name are 470 specified using this form: 472 /nameservers?name=XXXX 474 XXXX is a search pattern representing a host name in "letters, 475 digits, hyphen" format [RFC5890] in a zone administered by the server 476 operator of a DNR. The following URL would be used to find DNR 477 information for name server names matching the "ns1.example*.com" 478 pattern: 480 http://example.com/rdap/nameservers?name=ns1.example*.com 482 Internationalized name server names in U-label format [RFC5890] can 483 also be used as search patterns (see Section 4). Searches for these 484 names are of the form /nameservers?name=XXXX, where XXXX is a search 485 pattern representing a name server name in U-label format [RFC5890]. 486 See Section 6.1 for information on character encoding for the U-label 487 format. 489 Searches for name server information by name server IP address are 490 specified using this form: 492 /nameservers?ip=YYYY 494 YYYY is a search pattern representing an IPv4 [RFC1166] or IPv6 495 [RFC5952] address. The following URL would be used to search for 496 name server names that resolve to the "192.0.2.0" address: 498 http://example.com/rdap/nameservers?ip=192.0.2.0 500 3.2.3. Entity Search 502 Syntax: entities?fn= 504 Syntax: entities?handle= 506 Searches for entity information by name are specified using this 507 form: 509 /entities?fn=XXXX 511 where XXXX is a search pattern representing an entity name as 512 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 513 following URL would be used to find information for entity names 514 matching the "Bobby Joe*" pattern. 516 http://example.com/rdap/entities?fn=Bobby%20Joe* 518 Searches for entity information by handle are specified using this 519 form: 521 /entities?handle=XXXX 523 where XXXX is a search pattern representing an entity handle as 524 specified in Section 6.1 of [I-D.ietf-weirds-json-response]. The 525 following URL would be used to find information for entity names 526 matching the "CID-40*" pattern. 528 http://example.com/rdap/entities?handle=CID-40* 530 URLs MUST be properly encoded according to the rules of [RFC3986]. 531 In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*". 533 4. Query Processing 535 Servers indicate the success or failure of query processing by 536 returning an appropriate HTTP response code to the client. Response 537 codes not specifically identified in this document are described in 538 [I-D.ietf-weirds-using-http]. 540 4.1. Partial String Searching 542 Partial string searching uses the asterisk ('*', ASCII value 0x002A) 543 character to match zero or more trailing characters. A character 544 string representing multiple domain name labels MAY be concatenated 545 to the end of the search pattern to limit the scope of the search. 546 For example, the search pattern "exam*" will match "example.com" and 547 "example.net". The search pattern "exam*.com" will match 548 "example.com". Note that these search patterns include implied 549 beginning and end of string regular expression markers, and the 550 "example*.com" search would be translated into a POSIX regular 551 expression as "^example.*\.com$". Additional pattern matching 552 processing is beyond the scope of this specification. 554 If a server receives a search request but cannot process the request 555 because it does not support a particular style of partial match 556 searching, it SHOULD return an HTTP 422 (Unprocessable Entity) 557 [RFC4918] response. When returning a 422 error, the server MAY also 558 return an error response body as specified in Section 7 of 559 [I-D.ietf-weirds-json-response] if the requested media type is one 560 that is specified in [I-D.ietf-weirds-using-http]. 562 Partial matching is not feasible across combinations of Unicode 563 characters because Unicode characters can be combined with another 564 Unicode character or characters. Servers SHOULD NOT partially match 565 combinations of Unicode characters where a Unicode character may be 566 legally combined with another Unicode character or characters. It 567 should be noted, though, that it may not always be possible to detect 568 possible cases where a character could have been combined with 569 another character, but was not, because of the way combining 570 characters can be combined with many other characters. 572 Clients should avoid submitting a partial match search of Unicode 573 characters where a Unicode character may be legally combined with 574 another Unicode character or characters. Partial match searches with 575 incomplete combinations of characters where a character must be 576 combined with another character or characters are invalid. Partial 577 match searches with characters that may be combined with another 578 character or characters are to be considered non-combined characters 579 (that is, if character x may be combined with character y but 580 character y is not submitted in the search string then character x is 581 a complete character and no combinations of character x are to be 582 searched). 584 4.2. Associated Records 586 Conceptually, any query-matching record in a server's database might 587 be a member of a set of related records, related in some fashion as 588 defined by the server - for example, variants of an IDN. The entire 589 set ought to be considered as candidates for inclusion when 590 constructing the response. However, the construction of the final 591 response needs to be mindful of privacy and other data-releasing 592 policies when assembling the RDAP response set. 594 Note too that due to the nature of searching, there may be a list of 595 query-matching records. Each one of those is subject to being a 596 member of a set as described in the previous paragraph. What is 597 ultimately returned in a response will be the union of all the sets 598 that has been filtered by whatever policies are in place. 600 Note that this model includes arrangements for associated names, 601 including those that are linked by policy mechanisms and names bound 602 together for some other purposes. Note also that returning 603 information that was not explicitly selected by an exact-match 604 lookup, including additional names that match a relatively fuzzy 605 search as well as lists of names that are linked together, may cause 606 privacy issues. 608 5. Extensibility 610 This document describes path segment specifications for a limited 611 number of objects commonly registered in both RIRs and DNRs. It does 612 not attempt to describe path segments for all of the objects 613 registered in all registries. Custom path segments can be created 614 for objects not specified here using the process described in 615 Section 6 of "HTTP usage in the Registration Data Access Protocol 616 (RDAP)" [I-D.ietf-weirds-using-http]. 618 Custom path segments can be created by prefixing the segment with a 619 unique identifier followed by an underscore character (0x5F). For 620 example, a custom entity path segment could be created by prefixing 621 "entity" with "custom_", producing "custom_entity". Servers MUST 622 return an appropriate failure status code for a request with an 623 unrecognized path segment. 625 6. Internationalization Considerations 627 There is value in supporting the ability to submit either a U-label 628 (Unicode form of an IDN label) or an A-label (ASCII form of an IDN 629 label) as a query argument to an RDAP service. Clients capable of 630 processing non-ASCII characters may prefer a U-label since this is 631 more visually recognizable and familiar than A-label strings, but 632 clients using programmatic interfaces might find it easier to submit 633 and display A-labels if they are unable to input U-labels with their 634 keyboard configuration. Both query forms are acceptable. 636 Internationalized domain and name server names can contain character 637 variants and variant labels as described in RFC 4290 [RFC4290]. 638 Clients that support queries for internationalized domain and name 639 server names MUST accept service provider responses that describe 640 variants as specified in "JSON Responses for the Registration Data 641 Access Protocol" [I-D.ietf-weirds-json-response]. 643 6.1. Character Encoding Considerations 645 Servers can expect to receive search patterns from clients that 646 contain character strings encoded in different forms supported by 647 HTTP. It is entirely possible to apply filters and normalization 648 rules to search patterns prior to making character comparisons, but 649 this type of processing is more typically needed to determine the 650 validity of registered strings than to match patterns. 652 An RDAP client submitting a query string containing non-US-ASCII 653 characters converts such strings into Unicode in UTF-8 encoding. It 654 then performs any local case mapping deemed necessary. Strings are 655 normalized using Normalization Form C (NFC, [Unicode-UAX15]); note 656 that clients might not be able to do this reliably. UTF-8 encoded 657 strings are then appropriately percent-encoded [RFC3986] in the query 658 URL. 660 After parsing any percent-encoding, an RDAP server treats each query 661 string as Unicode in UTF-8 encoding. If a string is not valid UTF-8, 662 the server can immediately stop processing the query and return an 663 HTTP 400 (Bad Request) response. 665 When processing queries, there is a difference in handling DNS names, 666 including those including putative U-labels, and everything else. 667 DNS names are treated according to the DNS matching rules as 668 described in Section 3.1 of RFC 1035 [RFC1035] for NR-LDH labels and 669 the matching rules described in Section 5.4 of RFC 5891 [RFC5891] for 670 U-labels. Matching of DNS names proceeds one label at a time, 671 because it is possible for a combination of U-labels and NR-LDH 672 labels to be found in a single domain or host name. The 673 determination of whether a label is a U-label or an NR-LDH label is 674 based on whether the label contains any characters outside of the US- 675 ASCII letters, digits, or hyphen (the so-called LDH rule). 677 For everything else, servers map fullwidth and halfwidth characters 678 to their decomposition equivalents. Servers convert strings to the 679 same coded character set of the target data that is to be looked up 680 or searched and each string is normalized using the same 681 normalization that was used on the target data. In general, storage 682 of strings as Unicode is RECOMMENDED. For the purposes of 683 comparison, Normalization Form KC (NFKC, [Unicode-UAX15]) with case 684 folding is used to maximize predictability and the number of matches. 685 Note the use of case-folded NFKC as opposed to NFC in this case. 687 7. IANA Considerations 689 This document does not specify any IANA actions. 691 8. Security Considerations 693 Security services for the operations specified in this document are 694 described in "Security Services for the Registration Data Access 695 Protocol" [I-D.ietf-weirds-rdap-sec]. 697 Search functionality typically requires more server resources (such 698 as memory, CPU cycles, and network bandwidth) when compared to basic 699 lookup functionality. This increases the risk of server resource 700 exhaustion and subsequent denial of service due to abuse. This risk 701 can be mitigated by developing and implementing controls to restrict 702 search functionality to identified and authorized clients. If those 703 clients behave badly, their search privileges can be suspended or 704 revoked. Rate limiting as described in Section 5.5 of "HTTP usage in 705 the Registration Data Access Protocol (RDAP)" 706 [I-D.ietf-weirds-using-http] can also be used to control the rate of 707 received search requests. Server operators can also reduce their 708 risk by restricting the amount of information returned in response to 709 a search request. 711 Search functionality also increases the privacy risk of disclosing 712 object relationships that might not otherwise be obvious. For 713 example, a search that returns IDN variants [RFC6927] that do not 714 explicitly match a client-provided search pattern can disclose 715 information about registered domain names that might not be otherwise 716 available. Implementers need to consider the policy and privacy 717 implications of returning information that was not explicitly 718 requested. 720 9. Acknowledgements 722 This document is derived from original work on RIR query formats 723 developed by Byron J. Ellacott of APNIC, Arturo L. Servin of 724 LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. 725 Additionally, this document incorporates DNR query formats originally 726 described by Francisco Arias and Steve Sheng of ICANN and Scott 727 Hollenbeck of Verisign Labs. 729 The authors would like to acknowledge the following individuals for 730 their contributions to this document: Francisco Arias, Marc Blanchet, 731 Ernie Dainow, Jean-Philippe Dionne, Behnam Esfahbod, John Klensin, 732 Edward Lewis, John Levine, Mark Nottingham, and Andrew Sullivan. 734 10. References 736 10.1. Normative References 738 [I-D.ietf-weirds-bootstrap] 739 Blanchet, M., "Finding the Authoritative Registration Data 740 (RDAP) Service", draft-ietf-weirds-bootstrap-09 (work in 741 progress), October 2014. 743 [I-D.ietf-weirds-json-response] 744 Newton, A. and S. Hollenbeck, "JSON Responses for the 745 Registration Data Access Protocol (RDAP)", draft-ietf- 746 weirds-json-response-10 (work in progress), October 2014. 748 [I-D.ietf-weirds-rdap-sec] 749 Hollenbeck, S. and N. Kong, "Security Services for the 750 Registration Data Access Protocol", draft-ietf-weirds- 751 rdap-sec-09 (work in progress), September 2014. 753 [I-D.ietf-weirds-using-http] 754 Newton, A., Ellacott, B., and N. Kong, "HTTP usage in the 755 Registration Data Access Protocol (RDAP)", draft-ietf- 756 weirds-using-http-13 (work in progress), October 2014. 758 [RFC0952] Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet 759 host table specification", RFC 952, October 1985. 761 [RFC1035] Mockapetris, P., "Domain names - implementation and 762 specification", STD 13, RFC 1035, November 1987. 764 [RFC1123] Braden, R., "Requirements for Internet Hosts - Application 765 and Support", STD 3, RFC 1123, October 1989. 767 [RFC1166] Kirkpatrick, S., Stahl, M., and M. Recker, "Internet 768 numbers", RFC 1166, July 1990. 770 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 771 Requirement Levels", BCP 14, RFC 2119, March 1997. 773 [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform 774 Resource Identifier (URI): Generic Syntax", STD 66, RFC 775 3986, January 2005. 777 [RFC4291] Hinden, R. and S. Deering, "IP Version 6 Addressing 778 Architecture", RFC 4291, February 2006. 780 [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing 781 (CIDR): The Internet Address Assignment and Aggregation 782 Plan", BCP 122, RFC 4632, August 2006. 784 [RFC4918] Dusseault, L., "HTTP Extensions for Web Distributed 785 Authoring and Versioning (WebDAV)", RFC 4918, June 2007. 787 [RFC5396] Huston, G. and G. Michaelson, "Textual Representation of 788 Autonomous System (AS) Numbers", RFC 5396, December 2008. 790 [RFC5730] Hollenbeck, S., "Extensible Provisioning Protocol (EPP)", 791 STD 69, RFC 5730, August 2009. 793 [RFC5733] Hollenbeck, S., "Extensible Provisioning Protocol (EPP) 794 Contact Mapping", STD 69, RFC 5733, August 2009. 796 [RFC5890] Klensin, J., "Internationalized Domain Names for 797 Applications (IDNA): Definitions and Document Framework", 798 RFC 5890, August 2010. 800 [RFC5891] Klensin, J., "Internationalized Domain Names in 801 Applications (IDNA): Protocol", RFC 5891, August 2010. 803 [RFC5952] Kawamura, S. and M. Kawashima, "A Recommendation for IPv6 804 Address Text Representation", RFC 5952, August 2010. 806 [RFC7230] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 807 (HTTP/1.1): Message Syntax and Routing", RFC 7230, June 808 2014. 810 [RFC7231] Fielding, R. and J. Reschke, "Hypertext Transfer Protocol 811 (HTTP/1.1): Semantics and Content", RFC 7231, June 2014. 813 [Unicode-UAX15] 814 The Unicode Consortium, "Unicode Standard Annex #15: 815 Unicode Normalization Forms", September 2013, 816 . 818 10.2. Informative References 820 [REST] Fielding, R., "Architectural Styles and the Design of 821 Network-based Software Architectures", Ph.D. Dissertation, 822 University of California, Irvine, 2000, 823 . 826 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 827 September 2004. 829 [RFC4007] Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and 830 B. Zill, "IPv6 Scoped Address Architecture", RFC 4007, 831 March 2005. 833 [RFC4290] Klensin, J., "Suggested Practices for Registration of 834 Internationalized Domain Names (IDN)", RFC 4290, December 835 2005. 837 [RFC6874] Carpenter, B., Cheshire, S., and R. Hinden, "Representing 838 IPv6 Zone Identifiers in Address Literals and Uniform 839 Resource Identifiers", RFC 6874, February 2013. 841 [RFC6927] Levine, J. and P. Hoffman, "Variants in Second-Level Names 842 Registered in Top-Level Domains", RFC 6927, May 2013. 844 Appendix A. Change Log 846 Initial -00: Adopted as working group document. 847 -01: Added "Conventions Used in This Document" section. Added 848 normative reference to draft-ietf-weirds-rdap-sec and some 849 wrapping text in the Security Considerations section. 850 -02: Removed "unified" from the title. Rewrote the last paragraph 851 of section 2. Edited the first paragraph of section 3 to more 852 clearly note that only one path segment is provided. Added 853 "bitmask" to "length" in section 3.1. Changed "lowest IP network" 854 to "smallest IP network" in section 3.1. Added "asplain" to the 855 description of autonomous system numbers in section 3.2. Minor 856 change from "semantics is" to "semantics are" in section 3.2. 857 Changed the last sentence in section 4 to more clearly specify 858 error response behavior. Added acknowledgements. Added a 859 paragraph in the introduction regarding future IETF standards and 860 extensibility. 862 -03: Changed 'query' to 'lookup' in document title to better 863 describe the 'exact match lookup' purpose of this document. 864 Included a multitude of minor additions and clarifications 865 provided by Marc Blanchet and Jean-Philippe Dionne. Modified the 866 domain and name server sections to include support for IDN 867 U-labels. 868 -04: Updated the domain and name server sections to use .example IDN 869 U-labels. Added text to note that mixed IDN labels SHOULD NOT be 870 used. Fixed broken sentences in Section 6. 871 -05: Added "help" path segment. 872 -06: Added search text and removed or edited old search text. 873 -07: Fixed query parameter typo by replacing "/?" with "?". Changed 874 "asplain" to "AS Plain". Added entity search by handle. 875 Corrected section references. Updated IDN search text. 876 -08: Revised URI formats and added IANA instructions to create a 877 registry entry for the "rdap" well-known prefix. Revised search 878 processing text and added search privacy consideration. 879 Synchronized examples with response draft. 880 -09: More search processing and URI prefix updates. Updated fully- 881 qualified domain name reference. 882 -10: Added name server search by IP address. 883 -11: Replaced reference to RFC 4627 with reference to RFC 7159. 884 Replaced .well-known with bootstrap-defined prefix. Replaced 885 references to RFC 2616 with references to RFC 7231 and draft-ietf- 886 httpbis-http2, adding a note to make it clear that 2616 is an 887 acceptable reference if http2 isn't ready when needed. 888 -12: IDN label processing clarification. Added domain search by 889 name server name and name server IP address. Minor text editing 890 for consistency in the search sections. Replaced reference to 891 draft-ietf-httpbis-http2 with a reference to RFC 7230 and removed 892 reference note. 893 -13: Added HTTP HEAD reference in Section 3.2. 894 -14: Address WG last call comments. 895 -15: Address AD review comments. 896 -16: Address IETF last call comments. 898 Authors' Addresses 900 Andrew Lee Newton 901 American Registry for Internet Numbers 902 3635 Concorde Parkway 903 Chantilly, VA 20151 904 US 906 Email: andy@arin.net 907 URI: http://www.arin.net 908 Scott Hollenbeck 909 Verisign Labs 910 12061 Bluemont Way 911 Reston, VA 20190 912 US 914 Email: shollenbeck@verisign.com 915 URI: http://www.verisignlabs.com/