principleshttp

InternetEngineeringTaskForce(IETF)A.
NewtonRequestforComments:7482ARINCategory:StandardsTrackS.
HollenbeckISSN:2070-1721VerisignLabsMarch2015RegistrationDataAccessProtocol(RDAP)QueryFormatAbstractThisdocumentdescribesuniformpatternstoconstructHTTPURLsthatmaybeusedtoretrieveregistrationinformationfromregistries(includingbothRegionalInternetRegistries(RIRs)andDomainNameRegistries(DNRs))using"RESTful"webaccesspatterns.
TheseuniformpatternsdefinethequerysyntaxfortheRegistrationDataAccessProtocol(RDAP).
StatusofThisMemoThisisanInternetStandardsTrackdocument.
ThisdocumentisaproductoftheInternetEngineeringTaskForce(IETF).
ItrepresentstheconsensusoftheIETFcommunity.
IthasreceivedpublicreviewandhasbeenapprovedforpublicationbytheInternetEngineeringSteeringGroup(IESG).
FurtherinformationonInternetStandardsisavailableinSection2ofRFC5741.
Informationaboutthecurrentstatusofthisdocument,anyerrata,andhowtoprovidefeedbackonitmaybeobtainedathttp://www.
rfc-editor.
org/info/rfc7482.
CopyrightNoticeCopyright(c)2015IETFTrustandthepersonsidentifiedasthedocumentauthors.
Allrightsreserved.
ThisdocumentissubjecttoBCP78andtheIETFTrust'sLegalProvisionsRelatingtoIETFDocuments(http://trustee.
ietf.
org/license-info)ineffectonthedateofpublicationofthisdocument.
Pleasereviewthesedocumentscarefully,astheydescribeyourrightsandrestrictionswithrespecttothisdocument.
CodeComponentsextractedfromthisdocumentmustincludeSimplifiedBSDLicensetextasdescribedinSection4.
eoftheTrustLegalProvisionsandareprovidedwithoutwarrantyasdescribedintheSimplifiedBSDLicense.
Newton&HollenbeckStandardsTrack[Page1]RFC7482RDAPQueryFormatMarch2015TableofContents1.
Introduction22.
ConventionsUsedinThisDocument42.
1.
AcronymsandAbbreviations43.
PathSegmentSpecification43.
1.
LookupPathSegmentSpecification53.
1.
1.
IPNetworkPathSegmentSpecification63.
1.
2.
AutonomousSystemPathSegmentSpecification.
.
.
.
73.
1.
3.
DomainPathSegmentSpecification73.
1.
4.
NameserverPathSegmentSpecification83.
1.
5.
EntityPathSegmentSpecification93.
1.
6.
HelpPathSegmentSpecification93.
2.
SearchPathSegmentSpecification93.
2.
1.
DomainSearch103.
2.
2.
NameserverSearch113.
2.
3.
EntitySearch124.
QueryProcessing134.
1.
PartialStringSearching134.
2.
AssociatedRecords145.
Extensibility146.
InternationalizationConsiderations156.
1.
CharacterEncodingConsiderations157.
SecurityConsiderations168.
References178.
1.
NormativeReferences178.
2.
InformativeReferences19Acknowledgements19Authors'Addresses201.
IntroductionThisdocumentdescribesaspecificationforqueryingregistrationdatausingaRESTfulwebserviceanduniformquerypatterns.
TheserviceisimplementedusingtheHypertextTransferProtocol(HTTP)[RFC7230]andtheconventionsdescribedin[RFC7480].
TheseuniformpatternsdefinethequerysyntaxfortheRegistrationDataAccessProtocol(RDAP).
TheprotocoldescribedinthisspecificationisintendedtoaddressdeficiencieswiththeWHOISprotocol[RFC3912]thathavebeenidentifiedovertime,including:olackofstandardizedcommandstructures;olackofstandardizedoutputanderrorstructures;olackofsupportforinternationalizationandlocalization;andNewton&HollenbeckStandardsTrack[Page2]RFC7482RDAPQueryFormatMarch2015olackofsupportforuseridentification,authentication,andaccesscontrol.
ThepatternsdescribedinthisdocumentpurposefullydonotencompassallofthemethodsemployedintheWHOISandotherRESTfulwebservicesusedbytheRIRsandDNRs.
Theintentofthepatternsdescribedherearetoenablequeriesof:onetworksbyIPaddress;oAutonomousSystem(AS)numbersbynumber;oreverseDNSmetadatabydomain;onameserversbyname;oregistrarsbyname;andoentities(suchascontacts)byidentifier.
Serverimplementationsarefreetosupportonlyasubsetofthesefeaturesdependingonlocalrequirements.
ServersMUSTreturnanHTTP501(NotImplemented)[RFC7231]responsetoinformclientsofunsupportedquerytypes.
ItisalsoenvisionedthateachregistrywillcontinuetomaintainWHOISand/orotherRESTfulwebservicesspecifictotheirneedsandthoseoftheirconstituencies,andtheinformationretrievedthroughthepatternsdescribedheremayreferencesuchservices.
Likewise,futureIETFstandardsmayaddadditionalpatternsforadditionalquerytypes.
AsimplepatternnamespacingschemeisdescribedinSection5toaccommodatecustomextensionsthatwillnotinterferewiththepatternsdefinedinthisdocumentorpatternsdefinedinfutureIETFstandards.
WHOISservices,ingeneral,areread-onlyservices.
Therefore,URL[RFC3986]patternsspecifiedinthisdocumentareonlyapplicabletotheHTTP[RFC7231]GETandHEADmethods.
ThisdocumentdoesnotdescribetheresultsorentitiesreturnedfromissuingthedescribedURLswithanHTTPGET.
Thespecificationoftheseentitiesisdescribedin[RFC7483].
Additionally,resourcemanagement,provisioning,andupdatefunctionsareoutofscopeforthisdocument.
Registrieshavevariousanddivergentmethodscoveringthesefunctions,anditisunlikelyauniformapproachisneededforinteroperability.
Newton&HollenbeckStandardsTrack[Page3]RFC7482RDAPQueryFormatMarch2015HTTPcontainsmechanismsforserverstoauthenticateclientsandforclientstoauthenticateservers(fromwhichauthorizationschemesmaybebuilt),sosuchmechanismsarenotdescribedinthisdocument.
Policy,provisioning,andprocessingofauthenticationandauthorizationareoutofscopeforthisdocumentasdeploymentswillhavetomakechoicesbasedonlocalcriteria.
Supportedauthenticationmechanismsaredescribedin[RFC7481].
2.
ConventionsUsedinThisDocumentThekeywords"MUST","MUSTNOT","REQUIRED","SHALL","SHALLNOT","SHOULD","SHOULDNOT","RECOMMENDED","MAY",and"OPTIONAL"inthisdocumentaretobeinterpretedasdescribedin[RFC2119].
2.
1.
AcronymsandAbbreviationsIDN:InternationalizedDomainNameIDNA:InternationalizedDomainNamesinApplications,aprotocolforthehandlingofIDNs.
DNR:DomainNameRegistryNFC:UnicodeNormalizationFormC[Unicode-UAX15]NFKC:UnicodeNormalizationFormKC[Unicode-UAX15]RDAP:RegistrationDataAccessProtocolREST:RepresentationalStateTransfer.
Thetermwasfirstdescribedinadoctoraldissertation[REST].
RESTful:AnadjectivethatdescribesaserviceusingHTTPandtheprinciplesofREST.
RIR:RegionalInternetRegistry3.
PathSegmentSpecificationThebaseURLsusedtoconstructRDAPqueriesaremaintainedinanIANAregistrydescribedin[RFC7484].
QueriesareformedbyretrievinganappropriatebaseURLfromtheregistryandappendingapathsegmentspecifiedineitherSections3.
1or3.
2.
Generally,aregistryorotherserviceproviderwillprovideabaseURLthatidentifiestheprotocol,host,andport,andthiswillbeusedasabaseURLthatthecompleteURLisresolvedagainst,asperSection5Newton&HollenbeckStandardsTrack[Page4]RFC7482RDAPQueryFormatMarch2015ofRFC3986[RFC3986].
Forexample,ifthebaseURLis"https://example.
com/rdap/",allRDAPqueryURLswillbeginwith"https://example.
com/rdap/".
Thebootstrapregistrydoesnotcontaininformationforqueryobjectsthatarenotpartofaglobalnamespace,includingentitiesandhelp.
AbaseURLforanassociatedobjectisrequiredtoconstructacompletequery.
Forentities,abaseURLisretrievedfortheservice(domain,address,etc.
)associatedwithagivenentity.
ThequeryURLisconstructedbyconcatenatingthebaseURLtotheentitypathsegmentspecifiedineitherSections3.
1.
5or3.
2.
3.
Forhelp,abaseURLisretrievedforanyservice(domain,address,etc.
)forwhichadditionalinformationisrequired.
ThequeryURLisconstructedbyconcatenatingthebaseURLtothehelppathsegmentspecifiedinSection3.
1.
6.
3.
1.
LookupPathSegmentSpecificationAsimplelookuptodetermineifanobjectexists(ornot)withoutreturningRDAP-encodedresultscanbeperformedusingtheHTTPHEADmethodasdescribedinSection4.
1of[RFC7480].
Theresourcetypepathsegmentsforexactmatchlookupare:o'ip':UsedtoidentifyIPnetworksandassociateddatareferencedusingeitheranIPv4orIPv6address.
o'autnum':UsedtoidentifyAutonomousSystemnumberregistrationsandassociateddatareferencedusinganasplainAutonomousSystemnumber.
o'domain':UsedtoidentifyreverseDNS(RIR)ordomainname(DNR)informationandassociateddatareferencedusingafullyqualifieddomainname.
o'nameserver':Usedtoidentifyanameserverinformationqueryusingahostname.
o'entity':Usedtoidentifyanentityinformationqueryusingastringidentifier.
Newton&HollenbeckStandardsTrack[Page5]RFC7482RDAPQueryFormatMarch20153.
1.
1.
IPNetworkPathSegmentSpecificationSyntax:ip/orip//QueriesforinformationaboutIPnetworksareoftheform/ip/XXX/.
.
.
or/ip/XXX/YY/.
.
.
wherethepathsegmentfollowing'ip'iseitheranIPv4dotteddecimalorIPv6[RFC5952]address(i.
e.
,XXX)oranIPv4orIPv6ClasslessInter-domainRouting(CIDR)[RFC4632]notationaddressblock(i.
e.
,XXX/YY).
Semantically,thesimplerformusingtheaddresscanbethoughtofasaCIDRblockwithabitmasklengthof32forIPv4andabitmasklengthof128forIPv6.
AgivenspecificaddressorCIDRmayfallwithinmultipleIPnetworksinahierarchyofnetworks;therefore,thisquerytargetsthe"most-specific"orsmallestIPnetworkthatcompletelyencompassesitinahierarchyofIPnetworks.
TheIPv4andIPv6addressformatssupportedinthisqueryaredescribedinSection3.
2.
2ofRFC3986[RFC3986]asIPv4addressandIPv6addressABNFdefinitions.
AnyvalidIPv6textaddressformat[RFC4291]canbeused.
ThisincludesIPv6addresseswrittenusingwithorwithoutcompressedzerosandIPv6addressescontainingembeddedIPv4addresses.
TherulestowriteatextrepresentationofanIPv6address[RFC5952]areRECOMMENDED.
However,thezone_id[RFC4007]isnotappropriateinthiscontext;therefore,thecorrespondingsyntaxextensioninRFC6874[RFC6874]MUSTNOTbeused,andserversaretoignoreitifpossible.
Forexample,thefollowingURLwouldbeusedtofindinformationforthemostspecificnetworkcontaining192.
0.
2.
0:https://example.
com/rdap/ip/192.
0.
2.
0ThefollowingURLwouldbeusedtofindinformationforthemostspecificnetworkcontaining192.
0.
2.
0/24:https://example.
com/rdap/ip/192.
0.
2.
0/24ThefollowingURLwouldbeusedtofindinformationforthemostspecificnetworkcontaining2001:db8::0:https://example.
com/rdap/ip/2001:db8::0Newton&HollenbeckStandardsTrack[Page6]RFC7482RDAPQueryFormatMarch20153.
1.
2.
AutonomousSystemPathSegmentSpecificationSyntax:autnum/QueriesforinformationregardingAutonomousSystemnumberregistrationsareoftheform/autnum/XXX/.
.
.
whereXXXisanasplainAutonomousSystemnumber[RFC5396].
Insomeregistries,registrationofAutonomousSystemnumbersisdoneonanindividualnumberbasis,whileotherregistriesmayregisterblocksofAutonomousSystemnumbers.
Thesemanticsofthisqueryaresuchthatifanumberfallswithinarangeofregisteredblocks,thetargetofthequeryistheblockregistrationandthatindividualnumberregistrationsareconsideredablockofnumberswithasizeof1.
Forexample,thefollowingURLwouldbeusedtofindinformationdescribingAutonomousSystemnumber12(anumberwithinarangeofregisteredblocks):https://example.
com/rdap/autnum/12ThefollowingURLwouldbeusedtofindinformationdescribing4-byteAutonomousSystemnumber65538:https://example.
com/rdap/autnum/655383.
1.
3.
DomainPathSegmentSpecificationSyntax:domain/Queriesfordomaininformationareoftheform/domain/XXXX/.
.
.
,whereXXXXisafullyqualified(relativetotheroot)domainname(asspecifiedin[RFC0952]and[RFC1123])ineitherthein-addr.
arpaorip6.
arpazones(forRIRs)orafullyqualifieddomainnameinazoneadministeredbytheserveroperator(forDNRs).
InternationalizedDomainNames(IDNs)representedineitherA-labelorU-labelformat[RFC5890]arealsovaliddomainnames.
SeeSection6.
1forinformationoncharacterencodingfortheU-labelformat.
IDNsSHOULDNOTberepresentedasamixtureofA-labelsandU-labels;thatis,internationalizedlabelsinanIDNSHOULDbeeitherallA-labelsorallU-labels.
ItispossibleforanRDAPclienttoassembleaquerystringfrommultipleindependentdatasources.
SuchaclientmightnotbeabletoperformconversionsbetweenA-labelsandU-labels.
AnRDAPserverthatreceivesaquerystringwithamixtureofA-labelsandU-labelsMAYconvertalltheU-labelstoA-labels,performIDNAprocessing,andproceedwithexact-matchNewton&HollenbeckStandardsTrack[Page7]RFC7482RDAPQueryFormatMarch2015lookup.
Insuchcases,theresponsetobereturnedtothequerysourcemaynotmatchtheinputfromthequerysource.
Alternatively,theserverMAYrefusetoprocessthequery.
TheserverMAYperformthematchusingeithertheA-labelorU-labelform.
Usingoneconsistentformformatchingeverylabelislikelytobemorereliable.
ThefollowingURLwouldbeusedtofindinformationdescribingthezoneservingthenetwork192.
0.
2/24:https://example.
com/rdap/domain/2.
0.
192.
in-addr.
arpaThefollowingURLwouldbeusedtofindinformationdescribingthezoneservingthenetwork2001:db8:1::/48:https://example.
com/rdap/domain/1.
0.
0.
0.
8.
b.
d.
0.
1.
0.
0.
2.
ip6.
arpaThefollowingURLwouldbeusedtofindinformationfortheblah.
example.
comdomainname:https://example.
com/rdap/domain/blah.
example.
comThefollowingURLwouldbeusedtofindinformationforthexn--fo-5ja.
exampleIDN:https://example.
com/rdap/domain/xn--fo-5ja.
example3.
1.
4.
NameserverPathSegmentSpecificationSyntax:nameserver/Theparameterrepresentsafullyqualifiedhostnameasspecifiedin[RFC0952]and[RFC1123].
InternationalizednamesrepresentedineitherA-labelorU-labelformat[RFC5890]arealsovalidnameservernames.
IDNprocessingfornameservernamesusesthedomainnameprocessinginstructionsspecifiedinSection3.
1.
3.
SeeSection6.
1forinformationoncharacterencodingfortheU-labelformat.
ThefollowingURLwouldbeusedtofindinformationforthens1.
example.
comnameserver:https://example.
com/rdap/nameserver/ns1.
example.
comNewton&HollenbeckStandardsTrack[Page8]RFC7482RDAPQueryFormatMarch2015ThefollowingURLwouldbeusedtofindinformationforthens1.
xn--fo-5ja.
examplenameserver:https://example.
com/rdap/nameserver/ns1.
xn--fo-5ja.
example3.
1.
5.
EntityPathSegmentSpecificationSyntax:entity/Theparameterrepresentsanentity(suchasacontact,registrant,orregistrar)identifierwhosesyntaxisspecifictotheregistrationprovider.
Forexample,forsomeDNRs,contactidentifiersarespecifiedin[RFC5730]and[RFC5733].
ThefollowingURLwouldbeusedtofindinformationfortheentityassociatedwithhandleXXXX:https://example.
com/rdap/entity/XXXX3.
1.
6.
HelpPathSegmentSpecificationSyntax:helpThehelppathsegmentcanbeusedtorequesthelpfulinformation(commandsyntax,termsofservice,privacypolicy,rate-limitingpolicy,supportedauthenticationmethods,supportedextensions,technicalsupportcontact,etc.
)fromanRDAPserver.
Theresponseto"help"shouldprovidebasicinformationthataclientneedstosuccessfullyusetheservice.
ThefollowingURLwouldbeusedtoreturn"help"information:https://example.
com/rdap/help3.
2.
SearchPathSegmentSpecificationPatternmatchingsemanticsaredescribedinSection4.
1.
Theresourcetypepathsegmentsforsearchare:o'domains':Usedtoidentifyadomainnameinformationsearchusingapatterntomatchafullyqualifieddomainname.
o'nameservers':Usedtoidentifyanameserverinformationsearchusingapatterntomatchahostname.
o'entities':Usedtoidentifyanentityinformationsearchusingapatterntomatchastringidentifier.
Newton&HollenbeckStandardsTrack[Page9]RFC7482RDAPQueryFormatMarch2015RDAPsearchpathsegmentsareformedusingaconcatenationofthepluralformoftheobjectbeingsearchedforandanHTTPquerystring.
TheHTTPquerystringisformedusingaconcatenationofthequestionmarkcharacter('',US-ASCIIvalue0x003F),theJSONobjectvalueassociatedwiththeobjectbeingsearchedfor,theequalsigncharacter('=',US-ASCIIvalue0x003D),andthesearchpattern.
SearchpatternqueryprocessingisdescribedmorefullyinSection4.
Forthedomain,nameserver,andentityobjectsdescribedinthisdocument,thepluralobjectformsare"domains","nameservers",and"entities".
DetailedresultscanberetrievedusingtheHTTPGETmethodandthepathsegmentsspecifiedhere.
3.
2.
1.
DomainSearchSyntax:domainsname=Syntax:domainsnsLdhName=Syntax:domainsnsIp=Searchesfordomaininformationbynamearespecifiedusingthisform:domainsname=XXXXXXXXisasearchpatternrepresentingadomainnamein"letters,digits,hyphen"(LDH)format[RFC5890]inazoneadministeredbytheserveroperatorofaDNR.
ThefollowingURLwouldbeusedtofindDNRinformationfordomainnamesmatchingthe"example*.
com"pattern:https://example.
com/rdap/domainsname=example*.
comIDNsinU-labelformat[RFC5890]canalsobeusedassearchpatterns(seeSection4).
Searchesforthesenamesareoftheform/domainsname=XXXX,whereXXXXisasearchpatternrepresentingadomainnameinU-labelformat[RFC5890].
SeeSection6.
1forinformationoncharacterencodingfortheU-labelformat.
Searchesfordomaininformationbynameservernamearespecifiedusingthisform:domainsnsLdhName=YYYYNewton&HollenbeckStandardsTrack[Page10]RFC7482RDAPQueryFormatMarch2015YYYYisasearchpatternrepresentingahostnamein"letters,digits,hyphen"format[RFC5890]inazoneadministeredbytheserveroperatorofaDNR.
ThefollowingURLwouldbeusedtosearchfordomainsdelegatedtonameserversmatchingthe"ns1.
example*.
com"pattern:https://example.
com/rdap/domainsnsLdhName=ns1.
example*.
comSearchesfordomaininformationbynameserverIPaddressarespecifiedusingthisform:domainsnsIp=ZZZZZZZZisasearchpatternrepresentinganIPv4[RFC1166]orIPv6[RFC5952]address.
ThefollowingURLwouldbeusedtosearchfordomainsthathavebeendelegatedtonameserversthatresolvetothe"192.
0.
2.
0"address:https://example.
com/rdap/domainsnsIp=192.
0.
2.
03.
2.
2.
NameserverSearchSyntax:nameserversname=Syntax:nameserversip=Searchesfornameserverinformationbynameservernamearespecifiedusingthisform:nameserversname=XXXXXXXXisasearchpatternrepresentingahostnamein"letters,digits,hyphen"format[RFC5890]inazoneadministeredbytheserveroperatorofaDNR.
ThefollowingURLwouldbeusedtofindDNRinformationfornameservernamesmatchingthe"ns1.
example*.
com"pattern:https://example.
com/rdap/nameserversname=ns1.
example*.
comInternationalizednameservernamesinU-labelformat[RFC5890]canalsobeusedassearchpatterns(seeSection4).
Searchesforthesenamesareoftheform/nameserversname=XXXX,whereXXXXisasearchpatternrepresentinganameservernameinU-labelformat[RFC5890].
SeeSection6.
1forinformationoncharacterencodingfortheU-labelformat.
Newton&HollenbeckStandardsTrack[Page11]RFC7482RDAPQueryFormatMarch2015SearchesfornameserverinformationbynameserverIPaddressarespecifiedusingthisform:nameserversip=YYYYYYYYisasearchpatternrepresentinganIPv4[RFC1166]orIPv6[RFC5952]address.
ThefollowingURLwouldbeusedtosearchfornameservernamesthatresolvetothe"192.
0.
2.
0"address:https://example.
com/rdap/nameserversip=192.
0.
2.
03.
2.
3.
EntitySearchSyntax:entitiesfn=Syntax:entitieshandle=Searchesforentityinformationbynamearespecifiedusingthisform:entitiesfn=XXXXXXXXisasearchpatternrepresentingthe"FN"propertyofanentity(suchasacontact,registrant,orregistrar)nameasspecifiedinSection5.
1of[RFC7483].
ThefollowingURLwouldbeusedtofindinformationforentitynamesmatchingthe"BobbyJoe*"pattern:https://example.
com/rdap/entitiesfn=Bobby%20Joe*Searchesforentityinformationbyhandlearespecifiedusingthisform:entitieshandle=XXXXXXXXisasearchpatternrepresentinganentity(suchasacontact,registrant,orregistrar)identifierwhosesyntaxisspecifictotheregistrationprovider.
ThefollowingURLwouldbeusedtofindinformationforentityhandlesmatchingthe"CID-40*"pattern:https://example.
com/rdap/entitieshandle=CID-40*URLsMUSTbeproperlyencodedaccordingtotherulesof[RFC3986].
Intheexampleabove,"BobbyJoe*"isencodedto"Bobby%20Joe*".
Newton&HollenbeckStandardsTrack[Page12]RFC7482RDAPQueryFormatMarch20154.
QueryProcessingServersindicatethesuccessorfailureofqueryprocessingbyreturninganappropriateHTTPresponsecodetotheclient.
Responsecodesnotspecificallyidentifiedinthisdocumentaredescribedin[RFC7480].
4.
1.
PartialStringSearchingPartialstringsearchingusestheasterisk('*',US-ASCIIvalue0x002A)charactertomatchzeroormoretrailingcharacters.
AcharacterstringrepresentingmultipledomainnamelabelsMAYbeconcatenatedtotheendofthesearchpatterntolimitthescopeofthesearch.
Forexample,thesearchpattern"exam*"willmatch"example.
com"and"example.
net".
Thesearchpattern"exam*.
com"willmatch"example.
com".
Ifanasteriskappearsinasearchstring,anylabelthatcontainsthenon-asteriskcharactersinsequencepluszeroormorecharactersinsequenceinplaceoftheasteriskwouldmatch.
Additionalpatternmatchingprocessingisbeyondthescopeofthisspecification.
Ifaserverreceivesasearchrequestbutcannotprocesstherequestbecauseitdoesnotsupportaparticularstyleofpartialmatchsearching,itSHOULDreturnanHTTP422(UnprocessableEntity)[RFC4918]response.
Whenreturninga422error,theserverMAYalsoreturnanerrorresponsebodyasspecifiedinSection6of[RFC7483]iftherequestedmediatypeisonethatisspecifiedin[RFC7480].
PartialmatchingisnotfeasibleacrosscombinationsofUnicodecharactersbecauseUnicodecharacterscanbecombinedwitheachother.
ServersSHOULDNOTpartiallymatchcombinationsofUnicodecharacterswherealegalcombinationispossible.
Itshouldbenoted,though,thatitmaynotalwaysbepossibletodetectcaseswhereacharactercouldhavebeencombinedwithanothercharacter,butwasnot,becausecharacterscanbecombinedinmanydifferentways.
ClientsshouldavoidsubmittingapartialmatchsearchofUnicodecharacterswhereaUnicodecharactermaybelegallycombinedwithanotherUnicodecharacterorcharacters.
Partialmatchsearcheswithincompletecombinationsofcharacterswhereacharactermustbecombinedwithanothercharacterorcharactersareinvalid.
Partialmatchsearcheswithcharactersthatmaybecombinedwithanothercharacterorcharactersaretobeconsiderednon-combinedcharacters(thatis,ifcharacterxmaybecombinedwithcharacterybutcharacteryisnotsubmittedinthesearchstring,thencharacterxisacompletecharacterandnocombinationsofcharacterxaretobesearched).
Newton&HollenbeckStandardsTrack[Page13]RFC7482RDAPQueryFormatMarch20154.
2.
AssociatedRecordsConceptually,anyquery-matchingrecordinaserver'sdatabasemightbeamemberofasetofrelatedrecords,relatedinsomefashionasdefinedbytheserver--forexample,variantsofanIDN.
Theentiresetoughttobeconsideredascandidatesforinclusionwhenconstructingtheresponse.
However,theconstructionofthefinalresponseneedstobemindfulofprivacyandotherdata-releasingpolicieswhenassemblingtheRDAPresponseset.
Notetoothatduetothenatureofsearching,theremaybealistofquery-matchingrecords.
Eachoneofthoseissubjecttobeingamemberofasetasdescribedinthepreviousparagraph.
Whatisultimatelyreturnedinaresponsewillbetheunionofallthesetsthathasbeenfilteredbywhateverpoliciesareinplace.
Notethatthismodelincludesarrangementsforassociatednames,includingthosethatarelinkedbypolicymechanismsandnamesboundtogetherforsomeotherpurposes.
Notealsothatreturninginformationthatwasnotexplicitlyselectedbyanexact-matchlookup,includingadditionalnamesthatmatcharelativelyfuzzysearchaswellaslistsofnamesthatarelinkedtogether,maycauseprivacyissues.
Notethattheremightnotbeasingle,staticinformationreturnpolicythatappliestoallclientsequally.
Clientidentityandassociatedauthorizationscanbearelevantfactorindetermininghowbroadtheresponsesetwillbeforanyparticularquery.
5.
ExtensibilityThisdocumentdescribespathsegmentspecificationsforalimitednumberofobjectscommonlyregisteredinbothRIRsandDNRs.
Itdoesnotattempttodescribepathsegmentsforalloftheobjectsregisteredinallregistries.
CustompathsegmentscanbecreatedforobjectsnotspecifiedhereusingtheprocessdescribedinSection6of"HTTPUsageintheRegistrationDataAccessProtocol(RDAP)"[RFC7480].
Custompathsegmentscanbecreatedbyprefixingthesegmentwithauniqueidentifierfollowedbyanunderscorecharacter(0x5F).
Forexample,acustomentitypathsegmentcouldbecreatedbyprefixing"entity"with"custom_",producing"custom_entity".
ServersMUSTreturnanappropriatefailurestatuscodeforarequestwithanunrecognizedpathsegment.
Newton&HollenbeckStandardsTrack[Page14]RFC7482RDAPQueryFormatMarch20156.
InternationalizationConsiderationsThereisvalueinsupportingtheabilitytosubmiteitheraU-label(UnicodeformofanIDNlabel)oranA-label(US-ASCIIformofanIDNlabel)asaqueryargumenttoanRDAPservice.
Clientscapableofprocessingnon-US-ASCIIcharactersmaypreferaU-labelsincethisismorevisuallyrecognizableandfamiliarthanA-labelstrings,butclientsusingprogrammaticinterfacesmightfinditeasiertosubmitanddisplayA-labelsiftheyareunabletoinputU-labelswiththeirkeyboardconfiguration.
Bothqueryformsareacceptable.
Internationalizeddomainandnameservernamescancontaincharactervariantsandvariantlabelsasdescribedin[RFC4290].
ClientsthatsupportqueriesforinternationalizeddomainandnameservernamesMUSTacceptserviceproviderresponsesthatdescribevariantsasspecifiedin"JSONResponsesfortheRegistrationDataAccessProtocol(RDAP)"[RFC7483].
6.
1.
CharacterEncodingConsiderationsServerscanexpecttoreceivesearchpatternsfromclientsthatcontaincharacterstringsencodedindifferentformssupportedbyHTTP.
Itisentirelypossibletoapplyfiltersandnormalizationrulestosearchpatternspriortomakingcharactercomparisons,butthistypeofprocessingismoretypicallyneededtodeterminethevalidityofregisteredstringsthantomatchpatterns.
AnRDAPclientsubmittingaquerystringcontainingnon-US-ASCIIcharactersconvertssuchstringsintoUnicodeinUTF-8encoding.
Itthenperformsanylocalcasemappingdeemednecessary.
StringsarenormalizedusingNormalizationFormC(NFC)[Unicode-UAX15];notethatclientsmightnotbeabletodothisreliably.
UTF-8encodedstringsarethenappropriatelypercent-encoded[RFC3986]inthequeryURL.
Afterparsinganypercent-encoding,anRDAPservertreatseachquerystringasUnicodeinUTF-8encoding.
IfastringisnotvalidUTF-8,theservercanimmediatelystopprocessingthequeryandreturnanHTTP400(BadRequest)response.
Whenprocessingqueries,thereisadifferenceinhandlingDNSnames,includingthosewithputativeU-labels,andeverythingelse.
DNSnamesaretreatedaccordingtotheDNSmatchingrulesasdescribedinSection3.
1ofRFC1035[RFC1035]forNon-ReservedLDH(NR-LDH)labelsandthematchingrulesdescribedinSection5.
4ofRFC5891[RFC5891]forU-labels.
MatchingofDNSnamesproceedsonelabelatatimebecauseitispossibleforacombinationofU-labelsandNR-LDHlabelstobefoundinasingledomainorhostname.
TheNewton&HollenbeckStandardsTrack[Page15]RFC7482RDAPQueryFormatMarch2015determinationofwhetheralabelisaU-labeloranNR-LDHlabelisbasedonwhetherthelabelcontainsanycharactersoutsideoftheUS-ASCIIletters,digits,orhyphen(theso-calledLDHrule).
Foreverythingelse,serversmapfullwidthandhalfwidthcharacterstotheirdecompositionequivalents.
Serversconvertstringstothesamecodedcharactersetofthetargetdatathatistobelookeduporsearched,andeachstringisnormalizedusingthesamenormalizationthatwasusedonthetargetdata.
Ingeneral,storageofstringsasUnicodeisRECOMMENDED.
Forthepurposesofcomparison,NormalizationFormKC(NFKC)[Unicode-UAX15]withcasefoldingisusedtomaximizepredictabilityandthenumberofmatches.
Notetheuseofcase-foldedNFKCasopposedtoNFCinthiscase.
7.
SecurityConsiderationsSecurityservicesfortheoperationsspecifiedinthisdocumentaredescribedin"SecurityServicesfortheRegistrationDataAccessProtocol(RDAP)"[RFC7481].
Searchfunctionalitytypicallyrequiresmoreserverresources(suchasmemory,CPUcycles,andnetworkbandwidth)whencomparedtobasiclookupfunctionality.
Thisincreasestheriskofserverresourceexhaustionandsubsequentdenialofserviceduetoabuse.
Thisriskcanbemitigatedbydevelopingandimplementingcontrolstorestrictsearchfunctionalitytoidentifiedandauthorizedclients.
Ifthoseclientsbehavebadly,theirsearchprivilegescanbesuspendedorrevoked.
RatelimitingasdescribedinSection5.
5of"HTTPUsageintheRegistrationDataAccessProtocol(RDAP)"[RFC7480]canalsobeusedtocontroltherateofreceivedsearchrequests.
Serveroperatorscanalsoreducetheirriskbyrestrictingtheamountofinformationreturnedinresponsetoasearchrequest.
Searchfunctionalityalsoincreasestheprivacyriskofdisclosingobjectrelationshipsthatmightnototherwisebeobvious.
Forexample,asearchthatreturnsIDNvariants[RFC6927]thatdonotexplicitlymatchaclient-providedsearchpatterncandiscloseinformationaboutregistereddomainnamesthatmightnotbeotherwiseavailable.
Implementersneedtoconsiderthepolicyandprivacyimplicationsofreturninginformationthatwasnotexplicitlyrequested.
Notethattheremightnotbeasingle,staticinformationreturnpolicythatappliestoallclientsequally.
Clientidentityandassociatedauthorizationscanbearelevantfactorindetermininghowbroadtheresponsesetwillbeforanyparticularquery.
Newton&HollenbeckStandardsTrack[Page16]RFC7482RDAPQueryFormatMarch20158.
References8.
1.
NormativeReferences[RFC0952]Harrenstien,K.
,Stahl,M.
,andE.
Feinler,"DoDInternethosttablespecification",RFC952,October1985,.
[RFC1035]Mockapetris,P.
,"Domainnames-implementationandspecification",STD13,RFC1035,November1987,.
[RFC1123]Braden,R.
,Ed.
,"RequirementsforInternetHosts-ApplicationandSupport",STD3,RFC1123,October1989,.
[RFC1166]Kirkpatrick,S.
,Stahl,M.
,andM.
Recker,"Internetnumbers",RFC1166,July1990,.
[RFC2119]Bradner,S.
,"KeywordsforuseinRFCstoIndicateRequirementLevels",BCP14,RFC2119,March1997,.
[RFC3986]Berners-Lee,T.
,Fielding,R.
,andL.
Masinter,"UniformResourceIdentifier(URI):GenericSyntax",STD66,RFC3986,January2005,.
[RFC4291]Hinden,R.
andS.
Deering,"IPVersion6AddressingArchitecture",RFC4291,February2006,.
[RFC4632]Fuller,V.
andT.
Li,"ClasslessInter-domainRouting(CIDR):TheInternetAddressAssignmentandAggregationPlan",BCP122,RFC4632,August2006,.
[RFC4918]Dusseault,L.
,Ed.
,"HTTPExtensionsforWebDistributedAuthoringandVersioning(WebDAV)",RFC4918,June2007,.
[RFC5396]Huston,G.
andG.
Michaelson,"TextualRepresentationofAutonomousSystem(AS)Numbers",RFC5396,December2008,.
Newton&HollenbeckStandardsTrack[Page17]RFC7482RDAPQueryFormatMarch2015[RFC5730]Hollenbeck,S.
,"ExtensibleProvisioningProtocol(EPP)",STD69,RFC5730,August2009,.
[RFC5733]Hollenbeck,S.
,"ExtensibleProvisioningProtocol(EPP)ContactMapping",STD69,RFC5733,August2009,.
[RFC5890]Klensin,J.
,"InternationalizedDomainNamesforApplications(IDNA):DefinitionsandDocumentFramework",RFC5890,August2010,.
[RFC5891]Klensin,J.
,"InternationalizedDomainNamesinApplications(IDNA):Protocol",RFC5891,August2010,.
[RFC5952]Kawamura,S.
andM.
Kawashima,"ARecommendationforIPv6AddressTextRepresentation",RFC5952,August2010,.
[RFC7230]Fielding,R.
,Ed.
andJ.
Reschke,Ed.
,"HypertextTransferProtocol(HTTP/1.
1):MessageSyntaxandRouting",RFC7230,June2014,.
[RFC7231]Fielding,R.
,Ed.
andJ.
Reschke,Ed.
,"HypertextTransferProtocol(HTTP/1.
1):SemanticsandContent",RFC7231,June2014,.
[RFC7480]Newton,A.
,Ellacott,B.
,andN.
Kong,"HTTPUsageintheRegistrationDataAccessProtocol(RDAP)",RFC7480,March2015,.
[RFC7481]Hollenbeck,S.
andN.
Kong,"SecurityServicesfortheRegistrationDataAccessProtocol(RDAP)",RFC7481,March2015,.
[RFC7483]Newton,A.
andS.
Hollenbeck,"JSONResponsesfortheRegistrationDataAccessProtocol(RDAP)",RFC7483,March2015,.
[RFC7484]Blanchet,M.
,"FindingtheAuthoritativeRegistrationData(RDAP)Service",RFC7484,March2015,.
Newton&HollenbeckStandardsTrack[Page18]RFC7482RDAPQueryFormatMarch2015[Unicode-UAX15]TheUnicodeConsortium,"UnicodeStandardAnnex#15:UnicodeNormalizationForms",September2013,.
8.
2.
InformativeReferences[REST]Fielding,R.
,"ArchitecturalStylesandtheDesignofNetwork-basedSoftwareArchitectures",Ph.
D.
Dissertation,UniversityofCalifornia,Irvine,2000,.
[RFC3912]Daigle,L.
,"WHOISProtocolSpecification",RFC3912,September2004,.
[RFC4007]Deering,S.
,Haberman,B.
,Jinmei,T.
,Nordmark,E.
,andB.
Zill,"IPv6ScopedAddressArchitecture",RFC4007,March2005,.
[RFC4290]Klensin,J.
,"SuggestedPracticesforRegistrationofInternationalizedDomainNames(IDN)",RFC4290,December2005,.
[RFC6874]Carpenter,B.
,Cheshire,S.
,andR.
Hinden,"RepresentingIPv6ZoneIdentifiersinAddressLiteralsandUniformResourceIdentifiers",RFC6874,February2013,.
[RFC6927]Levine,J.
andP.
Hoffman,"VariantsinSecond-LevelNamesRegisteredinTop-LevelDomains",RFC6927,May2013,.
AcknowledgementsThisdocumentisderivedfromoriginalworkonRIRqueryformatsdevelopedbyByronJ.
EllacottofAPNIC,ArturoL.
ServinofLACNIC,KavehRanjbaroftheRIPENCC,andAndrewL.
NewtonofARIN.
Additionally,thisdocumentincorporatesDNRqueryformatsoriginallydescribedbyFranciscoAriasandSteveShengofICANNandScottHollenbeckofVerisignLabs.
Theauthorswouldliketoacknowledgethefollowingindividualsfortheircontributionstothisdocument:FranciscoArias,MarcBlanchet,ErnieDainow,Jean-PhilippeDionne,ByronJ.
Ellacott,BehnamEsfahbod,JohnKlensin,JohnLevine,EdwardLewis,MarkNottingham,KavehRanjbar,ArturoL.
Servin,SteveSheng,andAndrewSullivan.
Newton&HollenbeckStandardsTrack[Page19]RFC7482RDAPQueryFormatMarch2015Authors'AddressesAndrewLeeNewtonAmericanRegistryforInternetNumbers3635ConcordeParkwayChantilly,VA20151UnitedStatesEMail:andy@arin.
netURI:http://www.
arin.
netScottHollenbeckVerisignLabs12061BluemontWayReston,VA20190UnitedStatesEMail:shollenbeck@verisign.
comURI:http://www.
verisignlabs.
com/Newton&HollenbeckStandardsTrack[Page20]