idnits 2.17.1 draft-viathinksoft-oidwhois-01.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (February 2021) is 1159 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 INTERNET-DRAFT D. Marschall 3 Intended Status: Informational ViaThinkSoft 4 Expires: August 24, 2021 February 2021 6 Retrieving information about Object Identifiers 7 using the WHOIS protocol 8 draft-viathinksoft-oidwhois-01 10 Abstract 12 This document defines a method for retrieving information about 13 Object Identifiers (OIDs) and their associated Registration 14 Authorities (RAs) using the WHOIS protocol, in a way that is both 15 human-readable and machine-readable. 17 Status of This Memo 19 This Internet-Draft is submitted in full conformance with the 20 provisions of BCP 78 and BCP 79. 22 Internet-Drafts are working documents of the Internet Engineering 23 Task Force (IETF). Note that other groups may also distribute 24 working documents as Internet-Drafts. The list of current Internet- 25 Drafts is at https://datatracker.ietf.org/drafts/current/. 27 Internet-Drafts are draft documents valid for a maximum of six months 28 and may be updated, replaced, or obsoleted by other documents at any 29 time. It is inappropriate to use Internet-Drafts as reference 30 material or to cite them other than as "work in progress." 32 This Internet-Draft will expire on August 13, 2021. 34 Copyright Notice 36 Copyright (c) 2021 IETF Trust and the persons identified as the 37 document authors. All rights reserved. 39 This document is subject to BCP 78 and the IETF Trust's Legal 40 Provisions Relating to IETF Documents 41 (https://trustee.ietf.org/license-info) in effect on the date of 42 publication of this document. Please review these documents 43 carefully, as they describe your rights and restrictions with respect 44 to this document. Code Components extracted from this document must 45 include Simplified BSD License text as described in Section 4.e of 46 the Trust Legal Provisions and are provided without warranty as 47 described in the Simplified BSD License. 49 Table of Contents 51 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 52 1.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . 4 53 2 Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 54 2.1 Authentication Tokens . . . . . . . . . . . . . . . . . . . 4 55 2.2 Request ABNF Notation . . . . . . . . . . . . . . . . . . . 5 56 3 Response . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 57 3.1 Format and Encoding . . . . . . . . . . . . . . . . . . . . 6 58 3.2 Structure . . . . . . . . . . . . . . . . . . . . . . . . . 6 59 3.2.1 Query-Section (Information about Query and Result) . . 7 60 3.2.2 Object-Section (Information about the OID) . . . . . . 8 61 3.2.3 RA-Section (Information about the Current RA) . . . . . 11 62 3.2.4 Sections for Previous Registration Authorities . . . . 13 63 3.3 Digital Signature . . . . . . . . . . . . . . . . . . . . . 13 64 3.4 Date/Time Format . . . . . . . . . . . . . . . . . . . . . 13 65 3.4.1 Date/Time Format ABNF Notation . . . . . . . . . . . . 14 66 3.4.2 Date/Time Format Examples . . . . . . . . . . . . . . . 14 67 4 Referral . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 68 5 Full Example . . . . . . . . . . . . . . . . . . . . . . . . . 16 69 5.1 Request . . . . . . . . . . . . . . . . . . . . . . . . . . 16 70 5.2 Response . . . . . . . . . . . . . . . . . . . . . . . . . 16 71 6 Alternative Namespaces . . . . . . . . . . . . . . . . . . . . 17 72 6.1 Example: UUID Namespace . . . . . . . . . . . . . . . . . . 18 73 7 Internationalization Considerations . . . . . . . . . . . . . . 18 74 8 Security Considerations . . . . . . . . . . . . . . . . . . . . 19 75 9 IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 19 76 10 Annotation about the deprecation of the WHOIS protocol . . . . 20 77 11 References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 78 11.1 Normative References . . . . . . . . . . . . . . . . . . . 20 79 11.2 Informative References . . . . . . . . . . . . . . . . . . 21 80 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . . 22 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 22 83 1 Introduction 85 An Object Identifier (OID) is an extensively used identification 86 mechanism jointly developed by ITU-T and ISO/IEC for naming any type 87 of object with a globally unambiguous name. OIDs provide a 88 persistent identification of objects based on a hierarchical 89 structure of Registration Authorities (RA), where each parent has an 90 Object Identifier and allocates Object Identifiers to child nodes. 91 More information about Object Identifiers can be found in 92 Recommendation ITU-T X.660 (2011) | ISO/IEC 9834-1:2012 [X660]. 94 There are a few methods of retrieving information about an OID, like: 96 (A) Searching through web repositories like 97 or . This has the disadvantage 98 that the information is usually not machine-readable without 99 functionalities like an API. 101 (B) Retrieving information using the Object Identifier Resolution 102 System (ORS) as defined in Recommendation ITU-T X.672 (2010) | 103 ISO/IEC 29168-1:2011 [X672]. This has the disadvantage that 104 Registration Authorities need to include specific DNS Resource 105 Records to their domains, and additionally, all RAs of the superior 106 OIDs must implement the ORS. 108 This document describes an additional method for retrieving 109 information about OIDs, which is both human-readable and machine- 110 readable. 112 Three of many possible use-case scenarios are: 114 (1) Many web-browsers and Operating Systems can handle ITU-T X.509 115 certificates [X509] and usually contain a viewer application that 116 shows the contents of these certificates. Attributes which are 117 unknown by the application are either only displayed by their OID, or 118 hidden to avoid confusion to the user. With OID-WHOIS, the 119 application could query the name of these unknown OIDs or even 120 retrieve instructions on how the data described by this OID can be 121 parsed and displayed. 123 (2) Applications that handle SNMP (Simple Network Management 124 Protocol) [RFC1157] might need information about additional MIB files 125 or their OIDs. OID-WHOIS could aid these applications in gathering 126 the required information. 128 (3) In directory services like LDAP (Lightweight Directory Access 129 Protocol) [RFC4511], applications could query the name of attributes 130 that are described by an OID the application doesn't know. 132 1.1 Terminology 134 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 135 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 136 document are to be interpreted as described in RFC 2119 [RFC2119]. 138 In this document, "RA" is an abbreviation for "Registration 139 Authority" and "OID" is an abbreviation for "Object Identifier". 141 2 Request 143 OID-WHOIS is based on the WHOIS protocol specified in RFC 3912 144 [RFC3912]. 146 During the request, the client sends a query beginning with "oid:", 147 followed by an OID in dot-notation, as defined in RFC 3061, section 2 148 [RFC3061], but with the following differences: 150 (1) The OID MAY contain a leading dot. 152 (2) To query the root of the OID tree, the OID MUST be either missing 153 or consisting only of a single dot. 155 Examples of valid queries are: 157 oid: 158 oid:. 159 oid:2.999 160 oid:.2.999 162 All OIDs MUST be interpreted as absolute OIDs. Relative OIDs (e.g. 163 relative to the OID of the Registration Authority operating the WHOIS 164 service) are not allowed. 166 The namespace identifier (i.e. "oid") MUST be written in lower-case. 168 Note: Existing WHOIS servers can add the functionalities described in 169 this document in addition to their usual operation, i.e. they may 170 accept queries beginning with "oid:" as well as other types of 171 queries. 173 2.1 Authentication Tokens 175 Some organizations might not want to present their OID information 176 (or part of it) to the public, e.g. for reasons like privacy or 177 confidentiality. Therefore, at the end of the query, the client can 178 append case-sensitive, non-empty alphanumeric authentication tokens 179 to control the display of confidential information. 181 Each authentication token MUST be prepended by a dollar sign ("$"). 183 Examples of valid queries are: 185 oid:2.999$firstToken 186 oid:2.999$firstToken$secondToken 188 Please note that authentication tokens are only weak protection. For 189 more information, see section 8 "Security Considerations". 191 2.2 Request ABNF Notation 193 To define the query string, the following Augmented BNF definitions 194 will be used. They are based on the ABNF styles of RFC 5234 195 [RFC5234]. 197 query = namespace ":" optional-oid *( "$" authtoken ) 199 namespace = %x6F %x69 %x64 ; "oid" 201 optional-oid = [ "." ] [ oid ] 203 oid = unsigned-number *( "." unsigned-number ) 205 authtoken = 1*( char-or-digit ) 207 digit = %x30-39 ; 0-9 209 nonzero-digit = %x31-39 ; 1-9 211 uppercase-char = %x41-5A ; A-Z 213 lowercase-char = %x61-7A ; a-z 215 char-or-digit = uppercase-char / lowercase-char / digit 217 unsigned-number = "0" / nonzero-digit *( digit ) 219 3 Response 221 3.1 Format and Encoding 223 (1) The response MUST be UTF-8 encoded (as defined in RFC 3629 224 [RFC3629]), without Byte-Order-Mark (BOM). 226 (2) The response contains multiple lines with field names and values, 227 which MUST be separated by a double colon (":"). Whitespace 228 characters after the double colon are allowed. 230 (3) If possible, each line SHOULD be limited to 80 characters, 231 including the field name, double colon, value, and whitespaces. 233 (4) Field names and values MUST be treated case-sensitive. 235 (5) If a value needs to be split into multiple lines, e.g. if the 236 line would exceed the length limit, the same field name including 237 double colon MUST be repeated at the beginning of the next line. 239 (6) If an attribute has multiple values (e.g. multiple Unicode 240 labels, alternative email-addresses, etc.), each value MUST be 241 written in a new line with the same field name. 243 (7) Lines with the same field name SHALL be kept together. 245 (8) Comment lines MUST start with a percent sign ("%") at the 246 beginning of a line, without prepending whitespaces. They MUST NOT 247 be evaluated by machines (except for signature validation, as 248 mentioned in section 3.3 "Digital Signature"). 250 3.2 Structure 252 A response consists of sections, which SHOULD be separated by at 253 least one empty line and/or comment line. 255 This document specifies the following sections (which SHALL stay in 256 this order): 258 (1) Query-Section which contains the request and the result. This 259 section MUST start with the field "query". 261 (2) Object-Section which contains information about the OID. This 262 section MUST start with the field "object". 264 (3) RA-Section which contains information about the current 265 Registration Authority. This section MUST start with the field "ra". 267 (4) Optional RA-Sections containing information about RAs which were 268 previously in charge of managing the OID. 270 The WHOIS service MAY define additional sections after any of these 271 sections, but the Query-Section MUST be the first section in the 272 response. 274 3.2.1 Query-Section (Information about Query and Result) 276 This section MUST always be present and MUST start with the field 277 "query". It MUST be the first section in the response. 279 Possible fields are: 281 (1) "query" MUST be present and contain the request of the client 282 (beginning with the namespace identifier and double colon, i.e. 283 "oid:"). Canonization or sanitation (like removing a leading dot) 284 SHOULD NOT be applied at this step. Authentication tokens SHOULD be 285 omitted, though. 287 (2) "result" MUST be present and SHALL be one of the following 288 values: 290 "Found" means that the WHOIS service can verify that the 291 requested OID exists. The following sections will contain 292 information about this OID. 294 "Not found; superior object found" means that the WHOIS service 295 cannot verify that the requested OID exists, or it denies that 296 the OID exists (e.g. because it is confidential). However, the 297 WHOIS service knows a superior OID which does exist. The 298 following sections will contain information about that superior 299 OID instead. 301 "Not found" means that the WHOIS service cannot verify that the 302 requested OID exists, or it denies that the OID exists (e.g. 303 because it is confidential). Additionally, the WHOIS service 304 does not have information about any superior OID, or their 305 existence is also denied. 307 "Service error" means that an internal error occurred, or that 308 the system is in maintenance mode. The client should try again 309 later. 311 (3) "distance" SHOULD be present if it is applicable in the requested 312 namespace (it is always applicable for OIDs) and if the result is 313 "Not found; superior object found". A distance of 1 means that the 314 direct parent was found. A distance of 2 means that the grand-parent 315 was found, etc. 317 (4) "message" SHOULD be present if the result is "Service error". It 318 contains a message explaining why the service is not available (e.g. 319 displaying an error message). It MUST NOT be present if the result 320 has a different value. 322 The WHOIS service SHOULD NOT add additional fields to this section. 324 3.2.2 Object-Section (Information about the OID) 326 This section MUST be present if the result is "Found" or "Not found; 327 superior object found". It MUST start with the field "object". It 328 MUST NOT be present if the result is "Not found" or "Service error". 330 Possible fields are: 332 (1) "object" contains the OID in dot-notation, prepended by the 333 namespace identifier and double colon ("oid:"). This field MUST be 334 present. 336 (2) "status" MUST be present and SHALL be one of the following 337 values: 339 "Information available" means that information about the OID is 340 fully available. 342 "Information partially available" means that part of the 343 information about the OID is not available. Possible reasons 344 could be that part of the information is redacted due to 345 confidentiality, or the WHOIS service does only know basic 346 information, while the full information can be found somewhere 347 else (e.g. at a referred WHOIS service). The field "attribute" 348 MAY be used with the value "confidential". 350 "Information unavailable" means that the information about the 351 OID is missing, redacted due to confidentiality, or otherwise 352 unavailable. The field "attribute" MAY be used with the value 353 "confidential". 355 (3) "name" (OPTIONAL) contains the name of the OID. It SHOULD be as 356 short as possible. 358 (4) "description" (OPTIONAL) contains a short description of the OID. 359 The description SHOULD only be a single sentence. 361 (5) "information" (OPTIONAL) contains additional information, e.g. 362 Management Information Base (MIB) definitions. 364 (6) "url" (OPTIONAL, multiple values allowed) contains a URL (as 365 defined in RFC 3986 [RFC3986]) leading to more information about the 366 OID. 368 (7) "asn1-notation" (OPTIONAL, multiple values allowed) contains one 369 or more possible notations in the ASN.1 syntax, as defined in 370 Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 32.3 371 [X680], e.g. {joint-iso-itu-t(2) example(999)}. 373 Note: A line-break, to break up lines which are too long, as 374 defined in section 3.1 ("Format and Encoding") SHOULD be used. 375 This is no problem because multiple ASN.1 notations can be 376 distinguished by their opening curly bracket and their closing 377 curly bracket. 379 (8) "iri-notation" (OPTIONAL, multiple values allowed) contains one 380 or more possible notations in the OID-IRI syntax, as defined in 381 Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 34.3 382 [X680] (but without quotation marks), e.g. /Joint-ISO-ITU-T/Example. 384 Note: A line-break, to break up lines which are too long, as 385 defined in section 3.1 ("Format and Encoding") SHALL NOT be used, 386 otherwise, it would be ambiguous if the line-break was used to 387 shorten the line, or if the line-break indicates a new value in 388 case multiple OID-IRI notations are supplied. 390 (9) "identifier" (OPTIONAL, multiple values allowed) contains an 391 alphanumeric identifier ("NameForm") as defined in Recommendation 392 ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 12.3 [X680]. 394 (10) "standardized-id" (OPTIONAL, multiple values allowed) contains 395 an alphanumeric identifier that has a standardized "NameForm", i.e. 396 in ASN.1 notation, it can be written without its associated number. 397 See more information in Recommendation ITU-T X.680 (2015) | ISO/IEC 398 8824-1:2015, clause 32.7 [X680]. 400 (11) "unicode-label" (OPTIONAL, multiple values allowed) contains a 401 Non-integer Unicode label, as defined in Recommendation ITU-T X.680 402 (2015) | ISO/IEC 8824-1:2015, clause 12.27 [X680]. 404 (12) "long-arc" (OPTIONAL, multiple values allowed) contains a Non- 405 integer Unicode label that can be used as the first identifier in an 406 OID Internationalized Resource Identifier (OID-IRI), shortening it. 407 More information can be found in Recommendation ITU-T X.660 (2011) | 408 ISO/IEC 9834-1:2012, clause 3.5.8 [X660]. 410 (13) "whois-service" (OPTIONAL) contains an IP-address or hostname of 411 a system that offers a WHOIS service that can supply information 412 about the OID and/or its subordinate OIDs. If the result is "Found" 413 (i.e. the OID is existing in the local database), then the 414 information "whois-service" is only informational; its existence is 415 most likely a hint that subordinate OIDs will be found at that WHOIS 416 server. If the result is "Not found; superior object found", then 417 the client SHOULD query the referred WHOIS server to receive more 418 information about the OID. See more information in section 4 419 "Referral". 421 (14) "attribute" (OPTIONAL, multiple values allowed) contains 422 attributes of the OID. An attribute MUST be one of the following 423 values: 425 "confidential" means that information about the OID or part of it 426 is confidential. 428 "draft" means that the allocation of the OID is not yet official 429 and the information is subject to change without notice. This 430 includes deletion and relocation. 432 "frozen" means that no more child OIDs can be created under this 433 OID, e.g. because the RA has stopped operating, but the existing 434 child OIDs stay valid. 436 "leaf" means that no child OIDs can be allocated under this OID. 437 The field "subordinate" SHALL therefore not be present. 439 "no-identifiers" means that the RA is not allocating alphanumeric 440 identifiers. 442 "no-unicode-labels" means that the RA is not allocating Non- 443 integer Unicode labels. 445 "retired" means that the OID is withdrawn, revoked, retired, 446 expired, etc. Please consult Recommendation ITU-T X.660 (2011) | 447 ISO/IEC 9834-1:2012 [X660] for more information about such cases. 449 (15) "parent" (OPTIONAL) contains the OID of the nearest known parent 450 OID, prepended by namespace identifier and double colon, i.e. "oid:". 451 It MAY be followed by additional human-readable information, e.g. a 452 description or a list of ASN.1 identifiers. There SHALL be at least 453 1 whitespace in between. 455 (16) "subordinate" (OPTIONAL, multiple values allowed) contains a 456 list of subordinate OIDs, prepended by namespace identifier and 457 double colon, i.e. "oid:". It MAY be followed by additional human- 458 readable information, e.g. a description or a list of ASN.1 459 identifiers. There SHALL be at least 1 whitespace in between. 461 (17) "created" (OPTIONAL) contains the date and time (as specified in 462 section 3.4 "Date/Time Format") when the OID was first allocated by 463 the RA of the superior OID. 465 (18) "updated" (OPTIONAL) contains the date and time (as specified in 466 section 3.4 "Date/Time Format") when the OID information was last 467 updated. 469 Additional fields can be defined by the WHOIS service. The field 470 names SHALL only consist of the lower-case letters "a..z", hyphens 471 ("-") and numbers, and SHOULD be written in the English language. 472 The field name MUST NOT begin or end with a hyphen and a hyphen MUST 473 NOT be followed by another hyphen. 475 3.2.3 RA-Section (Information about the Current RA) 477 This section MUST NOT be present if the result is "Not found" or 478 "Service error", otherwise it MAY be present. If it is present, it 479 MUST start with the field "ra". 481 Possible fields are: 483 (1) "ra" contains a general name of the RA, like the name of a 484 person, the name of a group, or the name of an organization. This 485 field MUST be present. 487 (2) "ra-status" MUST be present and SHALL be one of the following 488 values: 490 "Information available" means that information about this RA is 491 fully available. 493 "Information partially available" means that part of the 494 information is not available. A possible reason could be that 495 part of the information is redacted due to confidentiality. The 496 field "attribute" MAY be used with the value "confidential". 498 "Information unavailable" means that the data is missing (if the 499 WHOIS service does only know the name of the RA and nothing 500 else), redacted due to confidentiality or otherwise unavailable. 501 The field "attribute" MAY be used with the value "confidential". 503 (3) "ra-contact-name" (OPTIONAL, multiple values allowed) contains 504 the name of a person responsible for the allocation of subordinate 505 OIDs, in case "ra" is a group or organization. 507 (4) "ra-address" (OPTIONAL) contains the physical location of the RA. 508 While a fully qualified postal address is recommended, the field can 510 also just contain a rough location like city and country name, state 511 and country name, or just the country name, etc. The name of the 512 country SHOULD always be present. 514 (5) "ra-phone" (OPTIONAL, multiple values allowed) contains a 515 landline phone number of the Registration Authority. It SHOULD be 516 written in the international number format specified in 517 Recommendation ITU-T E.164 (2010) [E164], e.g. +1 206 555 0100. 519 (6) "ra-mobile" (OPTIONAL, multiple values allowed) contains a mobile 520 phone number of the Registration Authority. It SHOULD be written in 521 the international number format specified in Recommendation ITU-T 522 E.164 (2010) [E164], e.g. +1 206 555 0100. 524 (7) "ra-fax" (OPTIONAL, multiple values allowed) contains a fax 525 number of the Registration Authority. It SHOULD be written in the 526 international number format specified in Recommendation ITU-T E.164 527 (2010) [E164], e.g. +1 206 555 0100. 529 (8) "ra-email" (OPTIONAL, multiple values allowed) contains an email 530 address of the Registration Authority. 532 (9) "ra-url" (OPTIONAL, multiple values allowed) contains a URL (as 533 defined in RFC 3986 [RFC3986]) leading to more information about the 534 RA (usually the website of the RA). 536 (10) "ra-attribute" (OPTIONAL, multiple values allowed) contains 537 attributes of the RA. An attribute MUST be one of the following 538 values: 540 "confidential" means that the information about the RA or part of 541 it is confidential. 543 "retired" means that the RA is defunct. If this attribute is set 544 to the current RA, then the OID MUST have the attribute "frozen" 545 (until the responsibility is transferred to a non-defunct RA, or 546 until the current RA becomes active again). 548 (11) "ra-created" (OPTIONAL) contains the date and time (as specified 549 in section 3.4 "Date/Time Format") when the RA was created/registered 550 in the database. 552 (12) "ra-updated" (OPTIONAL) contains the date and time (as specified 553 in section 3.4 "Date/Time Format") when the RA information was last 554 modified. 556 Additional fields can be defined by the WHOIS service, but they MUST 557 begin with "ra-". The field names SHALL only consist of the lower- 558 case letters "a..z", hyphens ("-") and numbers, and SHOULD be written 559 in the English language. The field name MUST NOT begin or end with a 560 hyphen and a hyphen MUST NOT be followed by another hyphen. 562 3.2.4 Sections for Previous Registration Authorities 564 To optionally display information about RAs which were previously in 565 charge of managing the OID, a new section per RA can be added with 566 the following field name prefixes: 568 "ra-" is the prefix of the current Registration Authority. 570 "ra1-" is the prefix of the first RA. It is the very first person or 571 company to whom the OID was allocated by the RA of the superior OID. 572 "ra2-" is the prefix of the second RA, after the responsibility has 573 been transferred. etc. 575 The definition of these sections is identical to the definition of 576 the RA-Section (described in section 3.2.3 "RA-Section"), just with a 577 different prefix. 579 The history does not need to be complete, e.g. it is no problem to 580 only serve information about the first and the current RA, or only 581 serve information about the current RA. 583 3.3 Digital Signature 585 If integrity/authenticity is required, the whole response can be 586 signed, e.g. by using S/MIME, RSA, or PGP. This document does not 587 describe a mechanism for detecting which signature method was used. 588 The creation and verification of the signature are therefore 589 implementation-specific and no interoperability regarding signature 590 creation and validation is given at this time. 592 Depending on the signature method being used, various things need to 593 be appended and/or prepended to the response. These additional lines 594 MUST be prepended by a percent sign ("%") to avoid that an 595 application confuses these additional lines (e.g. lines belonging to 596 a PGP header, as defined in RFC 4880 [RFC4880]) with parts of the 597 actual WHOIS response. 599 3.4 Date/Time Format 601 Date/Time references SHALL be formatted as described in 602 section 3.4.1. 604 If parts of the date/time reference are uncertain, then they SHOULD 605 be omitted until the date/time reference has the highest correctness. 607 Examples of valid date/time references can be found in section 3.4.2. 609 3.4.1 Date/Time Format ABNF Notation 611 To define the format of a Date/Time reference, the following 612 Augmented BNF definitions will be used. They are based on the ABNF 613 styles of RFC 5234 [RFC5234]. 615 date-time = year [ "-" month [ "-" day [ " " time ] ] ] 617 year = 4*4DIGIT 619 month = ( "0" %x31-39 ) / 620 ( "1" %x30-32 ) ; 01-12 622 day = ( "0" %x31-39 ) / 623 ( "1" %x30-39 ) / 624 ( "2" %x30-39 ) / 625 ( "3" %x30-31 ) / ; 01-31 627 time = hour ":" minute [ ":" second ] [ " " timezone ] 629 hour = ( "0" %x30-39 ) / 630 ( "1" %x30-39 ) / 631 ( "2" %x30-33 ) ; 00-23 633 minute = %x30-35 DIGIT ; 00-59 635 second = %x30-35 DIGIT ; 00-59 637 timezone = ( "+" / "-" ) hour minute 639 3.4.2 Date/Time Format Examples 641 Examples of valid date/time references are: 643 2020-06-29 18:32:00 +0200 644 2020-06-29 18:32:00 645 2020-06-29 18:32 +0200 646 2020-06-29 18:32 647 2020-06-29 648 2020-06 649 2020 651 4 Referral 653 By using the field "whois-service", the WHOIS service can instruct 654 the client to query another WHOIS service that might have more 655 information about the requested OID. 657 If Registration Authorities maintain up-to-date WHOIS service 658 references of their OID delegations, it is possible to automatically 659 retrieve information about any OID. 661 Example: OID "2.999" is owned by Registration Authority "A", 662 operating a WHOIS service at "a.example.com". 664 Registration Authority "A" allocated OID "2.999.1000" to Registration 665 Authority "B" who is operating a WHOIS service at "b.example.com". 667 The client asks a.example.com for information about OID 668 "2.999.1000.1" and should receive the following reply: 670 query: oid:2.999.1000.1 671 result: Not found; superior object found 672 distance: 1 674 object: oid:2.999.1000 675 status: Information available 676 name: Company "B" 677 whois-service: b.example.com 679 ra: "B" 680 ra-status: Information unavailable 682 The client is now aware that "a.example.com" only knows OID 683 "2.999.1000", and that there is a reference to another WHOIS service 684 located at "b.example.com". So, the client should then accordingly 685 query "b.example.com", asking for information about OID 686 "2.999.1000.1": 688 query: oid:2.999.1000.1 689 result: Found 691 object: oid:2.999.1000.1 692 status: Information available 693 name: Example OID 1 695 ra: "B" 696 ra-status: Information unavailable 698 5 Full Example 700 5.1 Request 702 oid:2.999 704 5.2 Response 706 query: oid:2.999 707 result: Found 709 object: oid:2.999 710 status: Information available 711 name: Example 712 description: This OID can be used by anyone, for the purposes of 713 description: documenting examples of Object Identifiers. 714 asn1-notation: {joint-iso-itu-t(2) example(999)} 715 iri-notation: /Example 716 identifier: example 717 unicode-label: Beispiel 718 unicode-label: Ejemplo 719 unicode-label: Example 720 unicode-label: Exemple 721 unicode-label: (Korean characters are omitted in this example) 722 unicode-label: (Arabian characters are omitted in this example) 723 unicode-label: (Japanese characters are omitted in this example) 724 unicode-label: (Chinese characters are omitted in this example) 725 unicode-label: (Russian characters are omitted in this example) 726 long-arc: Beispiel 727 long-arc: Ejemplo 728 long-arc: Example 729 long-arc: Exemple 730 long-arc: (Korean characters are omitted in this example) 731 long-arc: (Arabian characters are omitted in this example) 732 long-arc: (Japanese characters are omitted in this example) 733 long-arc: (Chinese characters are omitted in this example) 734 long-arc: (Russian characters are omitted in this example) 735 parent: oid:2 (joint-iso-itu-t) 736 created: 2011-06 737 updated: 2011-09 739 ra: ITU-T SG 17 & ISO/IEC JTC 1/SC 6 740 ra-status: Information unavailable 741 % -----BEGIN RSA SIGNATURE----- 742 % DwnqRtx/ONtPh4onXnrZPl9jF+G50RMLZkSwuClaoH2t/yK8CnYJrmzkzA5+gkfWkoQ 743 % cq+J8J9cvnwXvBfpVHh+7lyNOVW1N016TYFcBt8MVxb6K2KhkKclqeA6wz0kSUuE4qR 744 % ZohzrZBcCP7aLIpcaoVi6QACAt6J0vOvYBaf0= 745 % -----END RSA SIGNATURE----- 747 6 Alternative Namespaces 749 This document describes the retrieval of information about OIDs using 750 the WHOIS protocol. In addition to the OID namespace, the methods 751 described in this document can also be applied to other namespaces 752 like "uuid", "isbn", "gtin" etc. 754 Following things need to be considered if alternative namespaces are 755 implemented: 757 (1) The request MUST be UTF-8 encoded (as defined in RFC 3629 758 [RFC3629]), without Byte-Order-Mark (BOM). 760 (2) The namespace SHALL be a namespace identifier (NID) as defined in 761 RFC 8141 [RFC8141]. 763 (3) The namespace identifier SHALL be written in lower-case (this is 764 already defined in section 2 "Request"). 766 (4) If available, a formal URN namespace identifier (as defined in 767 RFC 8141, section 5.1 [RFC8141]) SHOULD be used, e.g. "uuid" should 768 be used instead of "guid". 770 (5) If things like "Owner", "Creator", "Manager", "Administrator", 771 etc., are relevant to the identifiers in the namespace, then the RA- 772 section as described in section 3.2.3 SHALL be used, even though the 773 word "Registration Authority" might not be appropriate in the 774 terminology of the namespace. 776 (6) The namespace specific identifier MUST NOT contain dollar signs 777 ("$"), because section 2.1 "Authentication Tokens" defines them as a 778 separator for authentication tokens. 780 (7) The namespace specific identifier MUST be treated case-sensitive 781 if the namespace distinguishes between lower-case and upper-case. 783 (8) Fields which can only be used in the OID namespace (e.g. 784 "unicode-label") MUST NOT be used for other namespaces. 786 6.1 Example: UUID Namespace 788 The following example shows the retrieval of information about 789 Universally Unique Identifiers (e.g. UUIDs used by the Microsoft 790 Common Object Model, also known as GUIDs). The UUID namespace has no 791 hierarchical structure, which means that the WHOIS service can only 792 respond with the result "Found", "Not found" or "Service error" and 793 the fields "parent" and "subordinate" cannot be used. 795 Request: 797 uuid:b4bfcc3a-db2c-424c-b029-7fe99a87c641 799 Response: 801 query: uuid:b4bfcc3a-db2c-424c-b029-7fe99a87c641 802 result: Found 804 object: uuid:b4bfcc3a-db2c-424c-b029-7fe99a87c641 805 status: Information available 806 name: Desktop 807 information: GUID can be used in file dialogs as "Custom Place". 809 ra: Microsoft Corp. 810 ra-status: Information unavailable 812 More information about UUIDs can be found in Recommendation ITU-T 813 X.667 (2012) | ISO/IEC 9834-8:2014 [X667]. 815 More information about the Microsoft Common Object Model (COM) can be 816 found at Microsoft Docs . 819 7 Internationalization Considerations 821 The WHOIS protocol as defined in RFC 3912 [RFC3912] does not define 822 any character set and there is no mechanism for indicating which 823 character set is in use. 825 To enhance interoperability, this document specifies that the request 826 and response MUST be UTF-8 encoded (as defined in RFC 3629 827 [RFC3629]), without Byte-Order-Mark (BOM). 829 The WHOIS service can define additional field names, but they SHOULD 830 be written in the English language so that there is consistency with 831 the field names defined in this document. 833 8 Security Considerations 835 (1) The knowledge of existence or information about some OIDs could 836 be considered confidential. In this case, the WHOIS service can 837 either deny the existence of the requested OID (by setting the result 838 to "Not found") or redact information in the Object-Section, as 839 defined in section 3.2.2 "Object-Section". 841 (2) Registration Authorities might demand that their data is kept 842 confidential, or at least be partially redacted to increase privacy 843 or as measurement against spam. In this case, the WHOIS service can 844 redact information in the RA-Section, as defined in section 3.2.3 845 "RA-Section". 847 (3) The WHOIS service can decide if confidential material is omitted 848 or shown, based on authentication mechanisms like white-listing 849 client IP addresses or by using authentication tokens supplied by the 850 client, as defined in section 2.1 "Authentication Tokens". 852 (4) The usage of authentication tokens is not recommended if the 853 traffic between client and server is transmitted through an untrusted 854 network, because the WHOIS protocol is not encrypted. 856 (5) Authentication tokens must have a sufficient length and 857 complexity to avoid successful brute force attacks, or the WHOIS 858 service must limit the number of requests per time. 860 (6) The WHOIS protocol itself has no mechanism for verifying the 861 integrity of data received. Due to this fact, the information should 862 not be trusted if it is transmitted through an untrusted network. If 863 integrity/authenticity is required, the WHOIS response can be signed, 864 as described in section 3.3 "Digital Signature". However, this 865 document does not describe a mechanism for detecting which signature 866 method was used. Therefore, no interoperability of signature 867 creation/validation is given at this time. 869 9 IANA Considerations 871 This document has no actions for IANA. 873 10 Annotation about the deprecation of the WHOIS protocol 875 The WHOIS protocol is currently extensively used for querying 876 databases that store the registered users or assignees of an Internet 877 resource, such as a domain name, an IP address block, or an 878 autonomous system. Due to various reasons, there are efforts in 879 deprecating the WHOIS protocol to introduce the Registration Data 880 Access Protocol (RDAP). This document is not meant to interfere with 881 these efforts. 883 As this document describes a new way to use the WHOIS protocol, it 884 should be noted that while the usage of e.g. domain holder 885 information exchange will be deprecated, the protocol itself still 886 can be used for other purposes and therefore doesn't need to be 887 completely deprecated. 889 The WHOIS protocol was chosen as the base of OID-WHOIS because it is 890 better human-readable. Furthermore, OID-WHOIS fixes some of the 891 weaknesses of the WHOIS protocol, for example, the format is 892 standardized, internationalization is addressed (UTF-8), users can be 893 authenticated, redirections are standardized, etc. Therefore, a good 894 machine-readability is also ensured. 896 11 References 898 11.1 Normative References 900 [E164] "The international public telecommunication numbering 901 plan", Recommendation ITU-T E.164 (2010), November 2010. 902 . 904 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 905 Requirement Levels", BCP 14, RFC 2119, 906 DOI 10.17487/RFC2119, March 1997. 907 . 909 [RFC3061] Mealling, M., "A URN Namespace of Object Identifiers", 910 RFC 3061, DOI 10.17487/RFC3061, February 2001. 911 . 913 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 914 10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, 915 November 2003. 916 . 918 [RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912, 919 DOI 10.17487/RFC3912, September 2004. 920 . 922 [RFC3986] Berners-Lee, T., "Uniform Resource Identifier (URI): 923 Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, 924 January 2005. 925 . 927 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax 928 Specifications: ABNF", STD 68, RFC 5234, 929 DOI 10.17487/RFC5234, January 2008. 930 . 932 [RFC8141] Saint-Andre, P., "Uniform Resource Names (URNs)", 933 RFC 8141, DOI 10.17487/RFC8141, April 2017. 934 . 936 [X660] "Information technology - Procedures for the operation of 937 object identifier registration authorities: General 938 procedures and top arcs of the international object 939 identifier tree", Recommendation ITU-T X.660 (2011) | 940 ISO/IEC 9834-1:2012, July 2011. 941 . 943 [X680] "Information technology - Abstract Syntax Notation One 944 (ASN.1): Specification of basic notation", Recommendation 945 ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, August 2015. 946 . 948 11.2 Informative References 950 [RFC1157] Case, J., Fedor, M., Schoffstall, M., Davin, J., "A Simple 951 Network Management Protocol (SNMP)", RFC 1157, 952 DOI 10.17487/RFC1157, May 1990. 953 . 955 [RFC4511] Sermersheim, J., "Lightweight Directory Access Protocol 956 (LDAP): The Protocol", RFC 4511, DOI 10.17487/RFC4511, 957 June 2006. 958 . 960 [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., Thayer, 961 R., "OpenPGP Message Format", RFC 4880, 962 DOI 10.17487/RFC4880, November 2007. 963 . 965 [X509] "Information technology - Open Systems Interconnection - 966 The Directory: Public-key and attribute certificate 967 frameworks", Recommendation ITU-T X.509 (2016) | 968 ISO/IEC 9594-8:2017, October 2016. 969 . 971 [X667] "Information technology - Procedures for the operation of 972 object identifier registration authorities: Generation of 973 universally unique identifiers and their use in object 974 identifiers", Recommendation ITU-T X.667 (2012) | 975 ISO/IEC 9834-8:2014, October 2012. 976 . 978 [X672] "Information technology - Open systems interconnection - 979 Object identifier resolution system", 980 Recommendation ITU-T X.672 (2010) | ISO/IEC 29168-1:2011, 981 August 2010. 982 . 984 Acknowledgements 986 Olivier Dubuisson 988 Authors' Addresses 990 Daniel Marschall 991 Postfach 11 53 992 69243 Bammental 993 Germany 995 EMail: daniel-marschall@viathinksoft.de