Network Working Group | M. Blanchet |
Internet-Draft | Viagenie |
Intended status: Standards Track | January 13, 2014 |
Expires: July 17, 2014 |
Finding the Authoritative Registration Data (RDAP) Service
draft-ietf-weirds-bootstrap-00.txt
This document specifies a method to find which Registration Data Access Protocol (RDAP) server is authoritative to answer queries for a requested scope, such as domain names, IP addresses or Autonomous System numbers, using data available in IANA registries.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 17, 2014.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Querying and retrieving registration data from registries are defined in the Registration Data Access Protocol(RDAP)[I-D.ietf-weirds-rdap-query][I-D.ietf-weirds-using-http][I-D.ietf-weirds-json-response]. These documents do not specify where to send the queries. This document specifies a method to find which server is authoritative to answer queries for the requested scope.
The proposed mechanism is based on that allocation data for domain names and IP addresses are maintained by IANA, are publicly available and are in a structured format. The mechanism assumes some data structure within these registries and request IANA to modify or create these registries for the specific purpose of RDAP use. An RDAP client fetches the registries, extract the data and then do a match with the query data to find the authoritative registration data server and appropriate query base URL.
The domain names authoritative registration data service is found by doing the longest match of the target domain name with the values of the Domain column in the IANA Domain Name RDAP registry as defined in section Section 9. The value of the "RDAP URL" column is the base RDAP url as described in [I-D.ietf-weirds-rdap-query].
For example, a RDAP query for example.com matches the .com entry in the Domain column of the registry. The RDAP server URL for this address is located in the corresponding "RDAP URL" column for that entry, which could be http://rdap.example.org/rdap. Therefore the query URL would be: http://rdap.example.org/rdap/domain/example.com. This example is not normative.
The IPv4 address space authoritative registration data service is found by doing a longest match of the target address with the values of the Prefix column in the IANA IPv4 address space RDAP registry as defined in section Section 9. The value of the "RDAP URL" column is the base RDAP url as described in [I-D.ietf-weirds-rdap-query].
For example, a query for "192.0.2.0/24" matches the "192/8" entry in the Prefix column of the registry. The RDAP server URL for this address is located in the corresponding "RDAP URL" column for that entry, which could be http://rdap.example.org/rdap. Therefore the query URL would be: http://rdap.example.org/rdap/ip/192.0.2.0/24. This example is not normative.
The IPv6 address space authoritative registration data service is found by doing a longest match of the target address with the values of the Prefix column in the IANA IPv6 address space RDAP registry as defined in section Section 9. The value of the "RDAP URL" column is the base RDAP url as described in [I-D.ietf-weirds-rdap-query].
For example, a query for "2001:db8::/32" matches the "2001/16" entry in the Prefix column of the registry. The RDAP server URL for this address is located in the corresponding "RDAP URL" column for that entry, which could be http://rdap.example.org/rdap. Therefore the query URL would be: http://rdap.example.org/rdap/ip/2001:db8::/32. This example is not normative.
The Autonomous Systems (AS) authoritative registration data service is found by identifying the range in which the target Autonomous System is, with the values of the Number column in the IANA Autonomous Systems (AS) Numbers RDAP registry as defined in section Section 9. The value of the "RDAP URL" column is the base RDAP url as described in [I-D.ietf-weirds-rdap-query].
For example, a query for AS 65411 matches the "64512-65534" entry in the Number column of the registry. The RDAP server URL for this address is located in the corresponding "RDAP URL" column for that entry, which could be http://rdap.example.org/rdap. Therefore the query URL would be: http://rdap.example.org/rdap/autnum/65411. This example is not normative.
TBD
Since there is no global namespace for entities, this document does not describe how to find the authoritative RDAP server for entities. It is possible however that, if the entity identifier was received from a previous query, the same RDAP server could be queried for that entity.
The registries may not contain the requested value or the RDAP URL value may be empty. In these cases, there is no known RDAP server for that requested value and the client should provide an appropriate error message to the user.
This method relies on the fact that RDAP clients are fetching the IANA XML registries. Clients SHOULD not fetch every time the XML files. If the query data does not match any entry in the already fetched registry in the client, then the client shall first query the DNS to see if the respective entry has been recently delegated or if it is a mistyped information by the user. The DNS query could be to fetch the NS records for a domain TLD. If the DNS answer is negative, then there is no need to fetch the new version of the XML registry. However, if the DNS answer is positive, this means that the currently cached XML registry is no more current. The client should fetch the registry, parse and then do the normal matching as specified above. Clients can also rely on HTTP headers to verify if the registry has changed since last time it was fetched, without the need to fetch the whole registry.
IANA should make sure that the service of those registries is able to cope with a larger demand and should take appropriate measures such as caching and load balancing.
This specification makes no assumption on how the authorities of registration data may work together on sharing their information for a common service.
By providing a bootstrap method to find RDAP servers, this document helps making sure that the end-users will get the RDAP data from authoritative source, instead of from rogue sources. The method itself has the same security properties as the RDAP protocols themselves.
IANA is requested to do the following:
The weirds working group had multiple discussions on this topic, including a session during IETF 84. The idea of using IANA registries was discovered by the editor during discussions with his colleagues as well as by a comment from Andy Newton. All the people involved in these discussions are herein acknowledged. Linlin Zhou, Jean-Philippe Dionne, John Levine, Kim Davies have provided input and suggestions to this document.