One document matched: draft-ietf-weirds-rdap-query-16.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM "http://xml.resource.org/authoring/rfc2629.dtd"
[
<!ENTITY RFC0952 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.0952.xml'>
<!ENTITY RFC1035 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.1035.xml'>
<!ENTITY RFC1123 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.1123.xml'>
<!ENTITY RFC1166 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.1166.xml'>
<!ENTITY RFC2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY RFC3912 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3912.xml'>
<!ENTITY RFC3986 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3986.xml'>
<!ENTITY RFC4007 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4007.xml'>
<!ENTITY RFC4290 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4290.xml'>
<!ENTITY RFC4291 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4291.xml'>
<!ENTITY RFC4632 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4632.xml'>
<!ENTITY RFC4918 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4918.xml'>
<!ENTITY RFC5396 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5396.xml'>
<!ENTITY RFC5730 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5730.xml'>
<!ENTITY RFC5733 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5733.xml'>
<!ENTITY RFC5890 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5890.xml'>
<!ENTITY RFC5891 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5891.xml'>
<!ENTITY RFC5952 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5952.xml'>
<!ENTITY RFC6874 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6874.xml'>
<!ENTITY RFC6927 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.6927.xml'>
<!ENTITY RFC7230 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7230.xml'>
<!ENTITY RFC7231 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.7231.xml'>
<!ENTITY I-D.ietf-weirds-bootstrap PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-weirds-bootstrap.xml'>
<!ENTITY I-D.ietf-weirds-json-response PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-weirds-json-response.xml'>
<!ENTITY I-D.ietf-weirds-rdap-sec PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-weirds-rdap-sec.xml'>
<!ENTITY I-D.ietf-weirds-using-http PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml3/reference.I-D.ietf-weirds-using-http.xml'>
]>
<?rfc toc="yes"?>
<?rfc tocompact="yes"?>
<?rfc tocdepth="4"?>
<?rfc compact="yes"?>
<?rfc subcompact="yes"?>
<?rfc sortrefs="yes"?>
<?rfc symrefs="yes"?>
<?rfc iprnotified="no"?>
<?rfc strict="yes" ?>
<rfc category="std" docName="draft-ietf-weirds-rdap-query-16" ipr="trust200902">
<front>
<title abbrev="RDAP Query Format">Registration Data Access Protocol Query Format</title>
<author fullname="Andrew Lee Newton" initials="A.L." surname="Newton">
<organization abbrev="ARIN">American Registry for Internet Numbers</organization>
<address>
<postal>
<street>3635 Concorde Parkway</street>
<city>Chantilly</city>
<region>VA</region>
<country>US</country>
<code>20151</code>
</postal>
<email>andy@arin.net</email>
<uri>http://www.arin.net</uri>
</address>
</author>
<author initials="S." surname="Hollenbeck" fullname="Scott Hollenbeck">
<organization>Verisign Labs</organization>
<address>
<postal>
<street>12061 Bluemont Way</street>
<city>Reston</city>
<region>VA</region>
<code>20190</code>
<country>US</country>
</postal>
<email>shollenbeck@verisign.com</email>
<uri>http://www.verisignlabs.com/</uri>
</address>
</author>
<date/>
<abstract>
<t>
This document describes uniform patterns to construct HTTP URLs that may be used to retrieve
registration information from registries (including both Regional Internet Registries (RIRs)
and Domain Name Registries (DNRs)) using "RESTful" web access patterns. These uniform patterns
define the query syntax for the Registration Data Access Protocol (RDAP).
</t>
</abstract>
</front>
<middle>
<section title="Conventions Used in This Document">
<t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 <xref target="RFC2119"/>.</t>
<section title="Acronyms and Abbreviations">
<t><list style="hanging">
<t>IDN: Internationalized Domain Name</t>
<t>IDNA: Internationalized Domain Names in Applications</t>
<t>DNR: Domain Name Registry</t>
<t>NFC: Unicode Normalization Form C</t>
<t>NFKC: Unicode Normalization Form KC</t>
<t>RDAP: Registration Data Access Protocol</t>
<t>REST: Representational State Transfer State Transfer. The term was first described in a doctoral dissertation <xref target="REST"/>.</t>
<t>RESTful: An adjective that describes a service using HTTP and the principles of REST.</t>
<t>RIR: Regional Internet Registry</t>
</list></t>
</section>
</section>
<section title="Introduction">
<t>
This document describes a specification for querying registration data using a RESTful web
service and uniform query patterns. The service is implemented using the Hypertext Transfer
Protocol (HTTP) <xref target="RFC7230"/> and the conventions described in
<xref target="I-D.ietf-weirds-using-http"/>. These uniform patterns define the query syntax for
the Registration Data Access Protocol (RDAP).
</t>
<t>
The protocol described in this specification is intended to address deficiencies with the
WHOIS protocol <xref target="RFC3912"/> that have been identified over time, including:</t>
<t><list style="symbols">
<t>Lack of standardized command structures,</t>
<t>lack of standardized output and error structures,</t>
<t>lack of support for internationalization and localization, and</t>
<t>lack of support for user identification, authentication, and access control.</t>
</list>
</t>
<t>
The patterns described in this document purposefully do not encompass all of the methods employed
in the WHOIS and other RESTful web services of all of the RIRs and DNRs. The intent of the patterns
described here are to enable queries of:
</t>
<t><list style="symbols">
<t>networks by IP address,</t>
<t>autonomous system numbers by number,</t>
<t>reverse DNS meta-data by domain,</t>
<t>name servers by name,</t>
<t>registrars by name, and</t>
<t>entities (such as contacts) by identifier.</t>
</list>
</t>
<t>
Server implementations are free to support only a subset of these features depending on local requirements.
Servers MUST return an HTTP 501 (Not Implemented) <xref target="RFC7231"/> response to inform clients of
unsupported queries. It is also envisioned that each registry will continue to maintain WHOIS
and/or other RESTful web services specific to their needs and those of their constituencies, and the information
retrieved through the patterns described here may reference such services.
</t>
<t>
Likewise, future IETF standards may add additional patterns for additional query types. A simple pattern
namespacing scheme is described in <xref target="extensibility"/> to accommodate custom extensions that will not
interfere with the patterns defined in this document or patterns defined in future IETF standards.
</t>
<t>
WHOIS services, in general, are read-only services. Therefore <xref target="RFC3986">URL</xref> patterns
specified in this document are only applicable to the <xref target="RFC7231">HTTP</xref> GET and HEAD methods.
</t>
<t>
This document does not describe the results or entities returned from issuing
the described URLs with an HTTP GET. The specification of these entities is described in
<xref target="I-D.ietf-weirds-json-response"/>.
</t>
<t>
Additionally, resource management, provisioning and update functions are out of
scope for this document. Registries have various and divergent methods covering these
functions, and it is unlikely a uniform approach is needed for interoperability.
</t>
<t>
HTTP contains mechanisms for servers to authenticate clients and for clients to authenticate servers (from which
authorization schemes may be built) so such mechanisms are not described in this document. Policy, provisioning,
and processing of authentication and authorization are out-of-scope for this document as deployments will have to
make choices based on local criteria. Supported authentication mechanisms are described in <xref target="I-D.ietf-weirds-rdap-sec"/>.
</t>
</section>
<section title="Path Segment Specification" anchor="path-seg-spec">
<t>The base URLs used to construct RDAP queries are maintained in an IANA registry described in
<xref target="I-D.ietf-weirds-bootstrap"/>. Queries are formed by retrieving the appropriate base URL from the
registry and appending a path segment specified in either <xref target="lookup"/> or <xref target="search"/>.
Generally, a registry or other service provider will provide a base URL that identifies the protocol, host
and port, and this will be used as a base URL that the complete URL is resolved against, as per Section 5
of RFC 3986 <xref target="RFC3986"/>. For example, if the base URL is "http://example.com/rdap/", all RDAP query
URLs will begin with "http://example.com/rdap/".</t>
<t>The bootstrap registry does not contain information for query objects that are not part of a global namespace,
including entities and help. A base URL for an associated object is required to construct a complete query.</t>
<t>For entities, a base URL is retrieved for the service (domain, address, etc.) associated with a given entity.
The query URL is constructed by concatenating the base URL to the entity path segment specified in either
<xref target="entity_lookup"/> or <xref target="entity_search"/>.</t>
<t>For help, a base URL is retrieved for any service (domain, address, etc.) for which additional information is
required. The query URL is constructed by concatenating the base URL to the help path segment specified in
either <xref target="help"/>.</t>
<section title="Lookup Path Segment Specification" anchor="lookup">
<t>A simple lookup to determine if an object exists (or not) without returning RDAP-encoded results
can be performed using the HTTP HEAD method as described in Section 4.1 of <xref target="I-D.ietf-weirds-using-http"/>.</t>
<t>
The resource type path segments for exact match lookup are:
<list style="symbols">
<t>'ip': Used to identify IP networks and associated data referenced using either an IPv4 or IPv6 address.</t>
<t>'autnum': Used to identify autonomous system registrations and associated data referenced using an AS Plain autonomous system number.</t>
<t>'domain': Used to identify reverse DNS (RIR) or domain name (DNR) information and associated data referenced using a fully-qualified domain name.</t>
<t>'nameserver': Used to identify a name server information query using a host name.</t>
<t>'entity': Used to identify an entity information query using a string identifier.</t>
</list>
</t>
<section title="IP Network Path Segment Specification" anchor="ip-network-paths">
<t>Syntax: ip/<IP address> or ip/<CIDR prefix>/<CIDR length></t>
<t>
Queries for information about IP networks are of the form /ip/XXX/... or /ip/XXX/YY/...
where the path segment following 'ip' is either an IPv4 dotted-decimal or
<xref target="RFC5952">IPv6</xref> address (i.e. XXX) or an IPv4 or IPv6
<xref target="RFC4632">CIDR</xref> notation address block (i.e. XXX/YY).
Semantically, the simpler form using the address can be thought of as a CIDR block with a bitmask length of 32 for IPv4
and a bitmask length of 128 for IPv6. A given specific address or CIDR may fall within multiple
IP networks in a hierarchy of networks, therefore this query targets the "most-specific"
or smallest IP network which completely encompasses it in a hierarchy of IP networks.
</t>
<t>The IPv4 and IPv6 address formats supported in this query are described in Section 3.2.2 of RFC 3986
<xref target="RFC3986"/>, as IPv4address and IPv6address ABNF definitions. Any valid IPv6 text address format
<xref target="RFC4291"/> can be used, compressed or not compressed. The rules to write a text representation
of an IPv6 address <xref target="RFC5952"/> are RECOMMENDED. However, the zone_id <xref target="RFC4007"/> is
not appropriate in this context and therefore the corresponding syntax extension in RFC 6874 <xref target="RFC6874"/>
MUST NOT be used.</t>
<t>For example, the following URL would be used to find information for the most specific network containing 192.0.2.0:</t>
<t>http://example.com/rdap/ip/192.0.2.0</t>
<t>The following URL would be used to find information for the most specific network containing 192.0.2.0/24:</t>
<t>http://example.com/rdap/ip/192.0.2.0/24</t>
<t>The following URL would be used to find information for the most specific network containing 2001:db8::0:</t>
<t>http://example.com/rdap/ip/2001:db8::0</t>
</section>
<section title="Autonomous System Path Segment Specification">
<t>Syntax: autnum/<autonomous system number></t>
<t>
Queries for information regarding autonomous system number registrations are of the form
/autnum/XXX/... where XXX is an AS Plain <xref target="RFC5396">autonomous system number</xref>. In some registries,
registration of autonomous system numbers is done on an individual number basis, while
other registries may register blocks of autonomous system numbers. The semantics of this
query are such that if a number falls within a range of registered blocks, the target of
the query is the block registration, and that individual number registrations are considered
a block of numbers with a size of 1.
</t>
<t>For example, the following URL would be used to find information describing autonomous system
number 12 (a number within a range of registered blocks):</t>
<t>http://example.com/rdap/autnum/12</t>
<t>The following URL would be used to find information describing 4-byte autonomous system number 65538:</t>
<t>http://example.com/rdap/autnum/65538</t>
</section>
<section title="Domain Path Segment Specification" anchor="domain_path">
<t>Syntax: domain/<domain name></t>
<t>Queries for domain information are of the form /domain/XXXX/..., where XXXX is a
fully-qualified (relative to the root) domain name (as specified in RFC 952
<xref target="RFC0952"/> and RFC 1123 <xref target="RFC1123"/>) in either the
in-addr.arpa or ip6.arpa zones (for RIRs) or a fully-qualified domain name in a
zone administered by the server operator (for DNRs). Internationalized domain names
represented in either A-label or U-label format <xref target="RFC5890"/> are also
valid domain names. See <xref target="char_encoding_cons"/> for information on character
encoding for the U-label format.</t>
<t>IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels; that is, all
internationalized labels in an IDN SHOULD be either A-labels or U-labels. It is possible
for an RDAP client to assemble a query string from multiple independent data sources.
Such a client might not be able to perform conversions between A-labels and U-labels.
An RDAP server that receives a query string with a mixture of A-labels and U-labels MAY
convert all the U-labels to A-labels, perform IDNA processing, and proceed with exact-match
lookup. In such cases, the response to be returned to the query source may not match the
input from the query source. Alternatively, the server MAY refuse to process the query.</t>
<t>The server MAY perform the match using either the A-label or U-label form. Using one consistent
form for matching every label is likely to be more reliable.</t>
<t>The following URL would be used to find information describing the zone serving the network 192.0.2/24: </t>
<t>http://example.com/rdap/domain/2.0.192.in-addr.arpa</t>
<t>The following URL would be used to find information describing the zone serving the network 2001:db8:1::/48:</t>
<t>http://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa</t>
<t>The following URL would be used to find information for the blah.example.com domain name:</t>
<t>http://example.com/rdap/domain/blah.example.com</t>
<t>The following URL would be used to find information for the<vspace/>xn--fo-5ja.example IDN:</t>
<t>http://example.com/rdap/domain/xn--fo-5ja.example</t>
</section>
<section title="Name Server Path Segment Specification">
<t>Syntax: nameserver/<name server name></t>
<t>The <name server name> parameter represents a fully qualified host name as specified in RFC 952
<xref target="RFC0952"/> and RFC 1123 <xref target="RFC1123"/>. Internationalized names represented
in either A-label or U-label format <xref target="RFC5890"/> are also valid name server names.
IDN processing for name server names uses the domain name processing instructions specified in
<xref target="domain_path"/>. See <xref target="char_encoding_cons"/> for information on character encoding
for the U-label format.</t>
<t>The following URL would be used to find information for the ns1.example.com name server:</t>
<t>http://example.com/rdap/nameserver/ns1.example.com</t>
<t>The following URL would be used to find information for the<vspace/>ns1.xn--fo-5ja.example name server:</t>
<t>http://example.com/rdap/nameserver/ns1.xn--fo-5ja.example</t>
</section>
<section title="Entity Path Segment Specification" anchor="entity_lookup">
<t>Syntax: entity/<handle></t>
<t>The <handle> parameter represents an entity (such as a contact, registrant, or registrar)
identifier whose syntax is specific to the registration provider. For example, for some DNRs contact
identifiers are specified in RFC 5730 <xref target="RFC5730"/> and RFC 5733 <xref target="RFC5733"/>.</t>
<t>The following URL would be used to find information for the entity associated with handle XXXX:</t>
<t>http://example.com/rdap/entity/XXXX</t>
</section>
<section title="Help Path Segment Specification" anchor="help">
<t>Syntax: help</t>
<t>The help path segment can be used to request helpful information (command syntax, terms of service,
privacy policy, rate limiting policy, supported authentication methods, supported extensions, technical
support contact, etc.) from an RDAP server. The response to "help" should provide basic information
that a client needs to successfully use the service. The following URL would be used to return "help"
information:</t>
<t>http://example.com/rdap/help</t>
</section>
</section>
<section title="Search Path Segment Specification" anchor="search">
<t>Pattern matching semantics are described in <xref target="partial_string"/>.
The resource type path segments for search are:
<list style="symbols">
<t>'domains': Used to identify a domain name information search using a pattern to match a fully-qualified domain name.</t>
<t>'nameservers': Used to identify a name server information search using a pattern to match a host name.</t>
<t>'entities': Used to identify an entity information search using a pattern to match a string identifier.</t>
</list>
</t>
<t>RDAP search path segments are formed using a concatenation of the plural form of the
object being searched for and an HTTP query string. The HTTP query string is formed using
a concatenation of the question mark character ('?', ASCII value 0x003F), the JSON object
value associated with the object being searched for, the equal sign character ('=', ASCII
value 0x003D), and the search pattern. Search pattern query processing is described more
fully in <xref target="query_proc"/>. For the domain, nameserver, and entity objects described in this
document the plural object forms are "domains", "nameservers", and "entities".</t>
<t>Detailed results can be retrieved using the HTTP GET method and the path segments specified here.</t>
<section title="Domain Search" anchor="domain_search">
<t>Syntax: domains?name=<domain search pattern></t>
<t>Syntax: domains?nsLdhName=<domain search pattern></t>
<t>Syntax: domains?nsIp=<domain search pattern></t>
<t>Searches for domain information by name are specified using this form:</t>
<t>/domains?name=XXXX</t>
<t>XXXX is a search pattern representing a <xref target="RFC5890">domain name in
"letters, digits, hyphen" format</xref> in a zone administered by the server operator
of a DNR. The following URL would be used to find DNR information for domain names
matching the "example*.com" pattern:</t>
<t>http://example.com/rdap/domains?name=example*.com</t>
<t>Internationalized Domain Names (IDNs) in U-label format <xref target="RFC5890"/> can
also be used as search patterns (see <xref target="query_proc"></xref>). Searches for these
names are of the form /domains?name=XXXX, where XXXX is a search pattern representing
a <xref target="RFC5890">domain name in U-label format</xref>. See <xref target="char_encoding_cons"/>
for information on character encoding for the U-label format.</t>
<t>Searches for domain information by name server name are specified using this form:</t>
<t>/domains?nsLdhName=YYYY</t>
<t>YYYY is a search pattern representing a <xref target="RFC5890">host name in
"letters, digits, hyphen" format</xref> in a zone administered by the server operator
of a DNR. The following URL would be used to search for domains delegated to name servers
matching the "ns1.example*.com" pattern:</t>
<t>http://example.com/rdap/domains?nsLdhName=ns1.example*.com</t>
<t>Searches for domain information by name server IP address are specified using this form:</t>
<t>/domains?nsIp=ZZZZ</t>
<t>ZZZZ is a search pattern representing an <xref target="RFC1166">IPv4</xref> or
<xref target="RFC5952">IPv6</xref> address. The following URL would be used to search
for domains that have been delegated to name servers that resolve to the "192.0.2.0"
address:</t>
<t>http://example.com/rdap/domains?nsIp=192.0.2.0</t>
</section>
<section title="Name Server Search" anchor="ns_search">
<t>Syntax: nameservers?name=<name server search pattern></t>
<t>Syntax: nameservers?ip=<name server search pattern></t>
<t>Searches for name server information by name server name are specified using this form:</t>
<t>/nameservers?name=XXXX</t>
<t>XXXX is a search pattern representing a <xref target="RFC5890">host name in
"letters, digits, hyphen" format</xref> in a zone administered by the server operator
of a DNR. The following URL would be used to find DNR information for name server
names matching the "ns1.example*.com" pattern:</t>
<t>http://example.com/rdap/nameservers?name=ns1.example*.com</t>
<t>Internationalized name server names in U-label format <xref target="RFC5890"/> can
also be used as search patterns (see <xref target="query_proc"></xref>). Searches for these
names are of the form /nameservers?name=XXXX, where XXXX is a search pattern representing
a <xref target="RFC5890">name server name in U-label format</xref>. See <xref target="char_encoding_cons"/>
for information on character encoding for the U-label format.</t>
<t>Searches for name server information by name server IP address are specified using this form:</t>
<t>/nameservers?ip=YYYY</t>
<t>YYYY is a search pattern representing an <xref target="RFC1166">IPv4</xref> or
<xref target="RFC5952">IPv6</xref> address. The following URL would be used to search
for name server names that resolve to the "192.0.2.0" address:</t>
<t>http://example.com/rdap/nameservers?ip=192.0.2.0</t>
</section>
<section title="Entity Search" anchor="entity_search">
<t>Syntax: entities?fn=<entity name search pattern></t>
<t>Syntax: entities?handle=<entity handle search pattern></t>
<t>Searches for entity information by name are specified using this form:</t>
<t>/entities?fn=XXXX</t>
<t>where XXXX is a search pattern representing an entity name as specified in Section 6.1
of <xref target="I-D.ietf-weirds-json-response"/>. The following URL would be used to find
information for entity names matching the "Bobby Joe*" pattern.</t>
<t>http://example.com/rdap/entities?fn=Bobby%20Joe*</t>
<t>Searches for entity information by handle are specified using this form:</t>
<t>/entities?handle=XXXX</t>
<t>where XXXX is a search pattern representing an entity handle as specified in Section 6.1
of <xref target="I-D.ietf-weirds-json-response"/>. The following URL would be used to find
information for entity names matching the "CID-40*" pattern.</t>
<t>http://example.com/rdap/entities?handle=CID-40*</t>
<t>URLs MUST be properly encoded according to the rules of <xref target="RFC3986"/>.
In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*".</t>
</section>
</section>
</section>
<section title="Query Processing" anchor="query_proc">
<t>Servers indicate the success or failure of query processing by returning an appropriate HTTP
response code to the client. Response codes not specifically identified in this document are described
in <xref target="I-D.ietf-weirds-using-http"/>.</t>
<section title="Partial String Searching" anchor="partial_string">
<t>Partial string searching uses the asterisk ('*', ASCII value 0x002A) character to match
zero or more trailing characters. A character string representing multiple domain name labels
MAY be concatenated to the end of the search pattern to limit the scope of the search. For example,
the search pattern "exam*" will match "example.com" and "example.net". The search pattern
"exam*.com" will match "example.com". Note that these search patterns include implied beginning
and end of string regular expression markers, and the "example*.com" search would be translated
into a POSIX regular expression as "^example.*\.com$". Additional pattern matching processing is
beyond the scope of this specification.</t>
<t>If a server receives a search request but cannot process the request because it does not
support a particular style of partial match searching, it SHOULD return an HTTP 422 (Unprocessable Entity) <xref target="RFC4918"/> response.
When returning a 422 error, the server MAY also return an error response body as specified
in Section 7 of <xref target="I-D.ietf-weirds-json-response"/> if the requested media type
is one that is specified in <xref target="I-D.ietf-weirds-using-http"/>.</t>
<t>Partial matching is not feasible across combinations of Unicode characters because
Unicode characters can be combined with another Unicode character or characters.
Servers SHOULD NOT partially match combinations of Unicode characters where a Unicode
character may be legally combined with another Unicode character or characters. It
should be noted, though, that it may not always be possible to detect possible cases where a
character could have been combined with another character, but was not, because of
the way combining characters can be combined with many other characters.</t>
<t>Clients should avoid submitting a partial match search of Unicode characters where a Unicode
character may be legally combined with another Unicode character or characters.
Partial match searches with incomplete combinations of characters where a character
must be combined with another character or characters are invalid. Partial match
searches with characters that may be combined with another character or characters
are to be considered non-combined characters (that is, if character x may be combined
with character y but character y is not submitted in the search string then
character x is a complete character and no combinations of character x are to be
searched).</t>
</section>
<section title="Associated Records" anchor="assoc_records">
<t>Conceptually, any query-matching record in a server's database might be a member of a set of
related records, related in some fashion as defined by the server - for example, variants of an IDN.
The entire set ought to be considered as candidates for inclusion when constructing the response.
However, the construction of the final response needs to be mindful of privacy and other
data-releasing policies when assembling the RDAP response set.</t>
<t>Note too that due to the nature of searching, there may be a list of query-matching records.
Each one of those is subject to being a member of a set as described in the previous paragraph.
What is ultimately returned in a response will be the union of all the sets that has been filtered
by whatever policies are in place.</t>
<t>Note that this model includes arrangements for associated names, including those that
are linked by policy mechanisms and names bound together for some other purposes. Note also that
returning information that was not explicitly selected by an exact-match lookup, including
additional names that match a relatively fuzzy search as well as lists of names that are linked
together, may cause privacy issues.</t>
</section>
</section>
<section title="Extensibility" anchor="extensibility">
<t>This document describes path segment specifications for a limited number of objects
commonly registered in both RIRs and DNRs. It does not attempt to describe path
segments for all of the objects registered in all registries. Custom path segments
can be created for objects not specified here using the process described in Section
6 of "HTTP usage in the Registration Data Access Protocol (RDAP)"
<xref target="I-D.ietf-weirds-using-http"/>.</t>
<t>Custom path segments can be created by prefixing the segment with a unique identifier
followed by an underscore character (0x5F). For example, a custom entity path
segment could be created by prefixing "entity" with "custom_", producing
"custom_entity". Servers MUST return an appropriate failure status code for a
request with an unrecognized path segment.</t>
</section>
<section anchor="i18n" title="Internationalization Considerations">
<t>There is value in supporting the ability to submit either a U-label (Unicode form of
an IDN label) or an A-label (ASCII form of an IDN label) as a query argument to an
RDAP service. Clients capable of processing non-ASCII characters may prefer a U-label since this
is more visually recognizable and familiar than A-label strings, but clients using programmatic
interfaces might find it easier to submit and display A-labels if they are unable to input U-labels with
their keyboard configuration. Both query forms are acceptable.</t>
<t>Internationalized domain and name server names can contain character variants and
variant labels as described in RFC 4290 <xref target="RFC4290"/>. Clients that
support queries for internationalized domain and name server names MUST accept
service provider responses that describe variants as specified in "JSON Responses
for the Registration Data Access Protocol" <xref target="I-D.ietf-weirds-json-response"/>.</t>
<section title="Character Encoding Considerations" anchor="char_encoding_cons">
<t>Servers can expect to receive search patterns from clients that contain character strings
encoded in different forms supported by HTTP. It is entirely possible to apply filters and
normalization rules to search patterns prior to making character comparisons, but this type
of processing is more typically needed to determine the validity of registered strings than
to match patterns.</t>
<t>An RDAP client submitting a query string containing non-US-ASCII characters converts
such strings into Unicode in UTF-8 encoding. It then performs any local case mapping deemed
necessary. Strings are normalized using Normalization Form C (NFC, <xref target="Unicode-UAX15"/>);
note that clients might not be able to do this reliably. UTF-8 encoded strings are then
appropriately percent-encoded <xref target="RFC3986"/> in the query URL.</t>
<t>After parsing any percent-encoding, an RDAP server treats each query string as Unicode in
UTF-8 encoding. If a string is not valid UTF-8, the server can immediately stop processing the
query and return an HTTP 400 (Bad Request) response.</t>
<t>When processing queries, there is a difference in handling DNS names, including those including
putative U-labels, and everything else. DNS names are treated according to the DNS matching rules
as described in Section 3.1 of RFC 1035 <xref target="RFC1035"/> for NR-LDH labels and the matching
rules described in Section 5.4 of RFC 5891 <xref target="RFC5891"/> for U-labels. Matching of DNS
names proceeds one label at a time, because it is possible for a combination of U-labels and NR-LDH
labels to be found in a single domain or host name. The determination of whether a label is a U-label
or an NR-LDH label is based on whether the label contains any characters outside of the US-ASCII
letters, digits, or hyphen (the so-called LDH rule).</t>
<t>For everything else, servers map fullwidth and halfwidth characters to their decomposition equivalents.
Servers convert strings to the same coded character set of the target data that is to be looked up or
searched and each string is normalized using the same normalization that was used on the target data.
In general, storage of strings as Unicode is RECOMMENDED. For the purposes of comparison, Normalization
Form KC (NFKC, <xref target="Unicode-UAX15"/>) with case folding is used to maximize predictability and
the number of matches. Note the use of case-folded NFKC as opposed to NFC in this case.</t>
</section>
</section>
<section anchor="IANA" title="IANA Considerations">
<t>This document does not specify any IANA actions.</t>
</section>
<section anchor="Security" title="Security Considerations">
<t>Security services for the operations specified in this document are described in "Security Services for the
Registration Data Access Protocol" <xref target="I-D.ietf-weirds-rdap-sec"/>.</t>
<t>Search functionality typically requires more server resources (such as memory, CPU cycles, and
network bandwidth) when compared to basic lookup functionality. This increases the risk of server
resource exhaustion and subsequent denial of service due to abuse. This risk can be mitigated by
developing and implementing controls to restrict search functionality to identified and authorized
clients. If those clients behave badly, their search privileges can be suspended or revoked. Rate
limiting as described in Section 5.5 of "HTTP usage in the Registration Data Access Protocol (RDAP)"
<xref target="I-D.ietf-weirds-using-http"/> can also be used to control the rate of received search
requests. Server operators can also reduce their risk by restricting the amount of information returned
in response to a search request.</t>
<t>Search functionality also increases the privacy risk of disclosing object relationships that might
not otherwise be obvious. For example, a search that returns IDN variants <xref target="RFC6927"/> that do not
explicitly match a client-provided search pattern can disclose information about registered domain
names that might not be otherwise available. Implementers need to consider the policy and privacy implications of
returning information that was not explicitly requested.</t>
</section>
<section title="Acknowledgements">
<t>This document is derived from original work on RIR query formats developed by Byron J. Ellacott of APNIC,
Arturo L. Servin of LACNIC, Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN. Additionally, this
document incorporates DNR query formats originally described by Francisco Arias and Steve Sheng of ICANN
and Scott Hollenbeck of Verisign Labs.</t>
<t>The authors would like to acknowledge the following individuals for their contributions to this document:
Francisco Arias, Marc Blanchet, Ernie Dainow, Jean-Philippe Dionne, Behnam Esfahbod, John Klensin, Edward Lewis,
John Levine, Mark Nottingham, and Andrew Sullivan.</t>
</section>
</middle>
<back>
<references title="Normative References">
&RFC0952;
&RFC1035;
&RFC1123;
&RFC1166;
&RFC2119;
&RFC3986;
&RFC4291;
&RFC4632;
&RFC4918;
&RFC5396;
&RFC5730;
&RFC5733;
&RFC5890;
&RFC5891;
&RFC5952;
&RFC7230;
&RFC7231;
&I-D.ietf-weirds-bootstrap;
&I-D.ietf-weirds-json-response;
&I-D.ietf-weirds-rdap-sec;
&I-D.ietf-weirds-using-http;
<reference anchor="Unicode-UAX15" target="http://www.unicode.org/reports/tr15/">
<front>
<title>Unicode Standard Annex #15: Unicode Normalization Forms</title>
<author>
<organization>The Unicode Consortium</organization>
</author>
<date month="September" day="20" year="2013"/>
</front>
<format type="HTML" target="http://www.unicode.org/reports/tr15/"/>
</reference>
</references>
<references title="Informative References">
&RFC3912;
&RFC4007;
&RFC4290;
&RFC6874;
&RFC6927;
<reference anchor="REST" target="http://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf">
<front>
<title>Architectural Styles and the Design of Network-based Software Architectures</title>
<author initials="R." surname="Fielding" fullname="Roy Fielding">
<organization>University of California, Irvine</organization>
</author>
<date year="2000" />
</front>
<seriesInfo name="Ph.D. Dissertation," value="University of California, Irvine"/>
</reference>
</references>
<section title="Change Log">
<t>
<list style="hanging">
<t hangText="Initial -00:">Adopted as working group document.</t>
<t hangText="-01:">Added "Conventions Used in This Document" section. Added
normative reference to draft-ietf-weirds-rdap-sec and some wrapping text in
the Security Considerations section.</t>
<t hangText="-02:">Removed "unified" from the title. Rewrote the last paragraph
of section 2. Edited the first paragraph of section 3 to more clearly note
that only one path segment is provided. Added "bitmask" to "length" in
section 3.1. Changed "lowest IP network" to "smallest IP network" in section
3.1. Added "asplain" to the description of autonomous system numbers in
section 3.2. Minor change from "semantics is" to "semantics are" in section
3.2. Changed the last sentence in section 4 to more clearly specify error
response behavior. Added acknowledgements. Added a paragraph in the
introduction regarding future IETF standards and extensibility.
</t>
<t hangText="-03:">Changed 'query' to 'lookup' in document title to better describe
the 'exact match lookup' purpose of this document. Included a multitude of minor additions
and clarifications provided by Marc Blanchet and Jean-Philippe Dionne. Modified the domain
and name server sections to include support for IDN U-labels.</t>
<t hangText="-04:">Updated the domain and name server sections to use .example IDN U-labels.
Added text to note that mixed IDN labels SHOULD NOT be used. Fixed broken sentences in <xref target="i18n"/>.</t>
<t hangText="-05:">Added "help" path segment.</t>
<t hangText="-06:">Added search text and removed or edited old search text.</t>
<t hangText="-07:">Fixed query parameter typo by replacing "/?" with "?". Changed "asplain" to
"AS Plain". Added entity search by handle. Corrected section references. Updated IDN search text.</t>
<t hangText="-08:">Revised URI formats and added IANA instructions to create a registry entry for the
"rdap" well-known prefix. Revised search processing text and added search privacy consideration.
Synchronized examples with response draft.</t>
<t hangText="-09:">More search processing and URI prefix updates. Updated fully-qualified domain name reference.</t>
<t hangText="-10:">Added name server search by IP address.</t>
<t hangText="-11:">Replaced reference to RFC 4627 with reference to RFC 7159. Replaced .well-known with bootstrap-defined prefix.
Replaced references to RFC 2616 with references to RFC 7231 and draft-ietf-httpbis-http2, adding a note to make it clear that
2616 is an acceptable reference if http2 isn't ready when needed.</t>
<t hangText="-12:">IDN label processing clarification. Added domain search by name server name and name server IP address.
Minor text editing for consistency in the search sections. Replaced reference to draft-ietf-httpbis-http2 with a reference
to RFC 7230 and removed reference note.</t>
<t hangText="-13:">Added HTTP HEAD reference in <xref target="search"/>.</t>
<t hangText="-14:">Address WG last call comments.</t>
<t hangText="-15:">Address AD review comments.</t>
<t hangText="-16:">Address IETF last call comments.</t>
</list>
</t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 01:08:12 |