Network Working Group | M. Blanchet |
Internet-Draft | G. Leclanche |
Intended status: Standards Track | Viagenie |
Expires: January 5, 2015 | July 4, 2014 |
Finding the Authoritative Registration Data (RDAP) Service
draft-ietf-weirds-bootstrap-04.txt
This document specifies a method to find which Registration Data Access Protocol (RDAP) server is authoritative to answer queries for a requested scope, such as domain names, IP addresses or Autonomous System numbers.
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 5, 2015.
Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Querying and retrieving registration data from registries are defined in the Registration Data Access Protocol(RDAP)[I-D.ietf-weirds-rdap-query][I-D.ietf-weirds-using-http][I-D.ietf-weirds-json-response]. These documents do not specify where to send the queries. This document specifies a method to find which server is authoritative to answer queries for the requested scope.
The proposed mechanism is based on the fact that allocation data for domain names and IP addresses are maintained by IANA, are publicly available and are in a structured format. The mechanism assumes some data structure within these registries and request IANA to create these registries for the specific purpose of RDAP use, herein named RDAP Bootstrap registries. An RDAP client fetches the RDAP bootstrap registries, extract the data and then do a match with the query data to find the authoritative registration data server and appropriate query base URL.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].
{ "rdap.bootstrap": { "version": "1.0", "publication": "YYYY-MM-DDTHH:MM:SSZ", "services": [ [ ["entry1", "entry2", "entry3"], [ "https://registry.example.com/myrdap/", "http://registry.example.com/myrdap/" ] ], [ ["entry4"], [ "http://example.org/" ] ] ] } }
The RDAP Bootstrap Registries are implemented as JSON [RFC7159] objects. A registry starts with metadata such as a version id identified as a timestamp of the publication date of the registry and some defaults values. Then the "services" element is an array of arrays. Each second level array contains two elements, each of them being an array (third-level arrays). The first third-level array contains all entries that have the same set of base RDAP URLs, as strings, arrays, or integers. The second third-level array contains the list of base RDAP URLs usable for the entries found in the first third-level array. There is no assumption of sorting at the first-level arrays. The two arrays found in each second-level array MUST appear in the correct order: array of entries first, then array of base RDAP URLs. An example structure of a JSON RDAP Bootstrap Registry is illustrated:
The version corresponds to the format version of the registry. This specification defines "1.0". The syntax of "publication" value conforms to the Internet date/time format [RFC3339]. Per [RFC7258], in each array of base RDAP URLs, the secure version of the transport protocol SHOULD be first.
Any unknown or unspecified JSON object properties or values should be ignored by implementers.
{ "rdap.bootstrap": { "version": "1.0", "publication": "YYYY-MM-DDTHH:MM:SSZ", "services": [ [ ["net", "com"], [ "https://registry.example.com/myrdap/" ] ], [ ["org", "mytld"], [ "http://example.org/" ] ], [ ["mytld2"], [ "https://example.net/rdapmytld2/", "http://example.net/rdapmytld2/" ] ] ] } }
This registry contains domain labels entries attached to the root, grouped by base RDAP URLs, as shown in this example.
The domain names authoritative registration data service is found by doing the longest match of the target domain name with the domain values in the arrays in the IANA Domain Name RDAP Bootstrap Registry. This is a string search of the longest match starting from the end of the target name and the end of each value in the arrays. The values contained in the second element of the array are the valid base RDAP URLs as described in [I-D.ietf-weirds-rdap-query].
For example, a domain RDAP query for a.b.example.com matches the com entry in one of the arrays of the registry. The base RDAP URL for this query is then taken from the second element of the array, which is an array of base RDAP URLs valid for this entry. The client chooses one of the base URLs from this array; in this example it chooses the only one available, "https://registry.example.com/myrdap/". The segment specified in [I-D.ietf-weirds-rdap-query] is then appended to the base URL to complete the query. The complete query is then "https://registry.example.com/myrdap/domain/a.b.example.com". This example is not normative.
This section discusses IPv4 and IPv6 address space and autonomous system numbers.
For IP address space, the authoritative registration data service is found by doing a longest match of the target address with the values of the arrays in the corresponding Address Space RDAP Bootstrap registry. The longest match is done the same way as for routing: the addresses are converted in binary form and then the binary strings are compared to find the longest match. The values contained in the second element of the array are the base RDAP URLs as described in [I-D.ietf-weirds-rdap-query]. The longest match method enables covering prefixes of a larger address space pointing to one base RDAP URL while more specific prefixes within the covering prefix being served by another base RDAP URL.
{ "rdap.bootstrap": { "version": "1.0", "publication": "YYYY-MM-DDTHH:MM:SSZ", "services": [ [ ["1.0.0.0/8", "192.0.0.0/8"], [ "https://rir1.example.com/myrdap/" ] ], [ ["28.2.0.0/16", "192.0.2.0/24"], [ "http://example.org/" ] ], [ ["28.3.0.0/16"], [ "https://example.net/rdaprir2/", "http://example.net/rdaprir2/" ] ] ] } }
This registry contains IPv4 prefix entries, specified in CIDR format and grouped by RDAP URLs, as shown in this example.
For example, a query for "192.0.2.0/24" matches the "192.0.0.0/8" entry and the "192.0.2.0/24" entry in the example registry above. The latter is chosen by the client given the longest match. The base RDAP URL for this query is then taken from the second element of the array, which is an array of base RDAP URLs valid for this entry. The client chooses one of the base URLs from this array; in this example it chooses the only one available, "http://example.org/". The {resource} specified in [I-D.ietf-weirds-rdap-query] is then appended to the base URL to complete the query. The complete query is then "https://example.org/ip/192.0.2.0/24". This example is not normative.
{ "rdap.bootstrap": { "version": "1.0", "publication": "YYYY-MM-DDTHH:MM:SSZ", "services": [ [ ["2001:0200::/23", "2001:db8::/32"], [ "https://rir2.example.com/myrdap/" ] ], [ ["2600::/16", "2100:ffff::/32"], [ "http://example.org/" ] ], [ ["2001:0200:1000::/28"], [ "https://example.net/rdaprir2/", "http://example.net/rdaprir2/" ] ] ] } }
This registry contains IPv6 prefix entries, using [RFC4291] text representation of address prefixes format, grouped by base RDAP URLs, as shown in this example.
For example, a query for "2001:0200:1000::/48" matches the "2001:0200::/23" entry and the "2001:0200:1000::/28" entry in the example registry above. The latter is chosen by the client given the longest match. The base RDAP URL for this query is then taken from the second element of the array, which is an array of base RDAP URLs valid for this entry. The client chooses one of the base URLs from this array; in this example it chooses "https://example.net/rdaprir2/" because it's the secure version of the protocol. The segment specified in [I-D.ietf-weirds-rdap-query] is then appended to the base URL to complete the query. The complete query is therefore "https://example.net/rdaprir2/ip/2001:0200:1000::/48". If the server does not answer, the client can then use another URL prefix from the array. This example is not normative.
{ "rdap.bootstrap": { "version": "1.0", "publication": "YYYY-MM-DDTHH:MM:SSZ", "services": [ [ [2045], [ "https://rir3.example.com/myrdap/" ] ], [ [[10000, 12000], [300000, 400000]], [ "http://example.org/" ] ], [ [[64512, 65534]], [ "http://example.net/rdaprir2/", "https://example.net/rdaprir2/" ] ] ] } }
This registry contains Autonomous Systems Number Ranges entries, grouped by base RDAP URLs, as shown in this example. The first element of each second-level array is an array containing the list of AS numbers served by the base RDAP URLs found in the second element. When an element of the AS Numbers array is an array with two AS numbers, then it represents the range of AS Numbers between the two elements of this array.
For example, a query for AS 65411 matches the [64512, 65534] entry in the example registry above. The base RDAP URL for this query is then taken from the second element of the array, which is an array of base RDAP URLs valid for this entry. The client chooses one of the base URLs from this array; in this example it chooses "https://example.net/rdaprir2/". The segment specified in [I-D.ietf-weirds-rdap-query] is then appended to the base URL to complete the query. The complete query is therefore "https://example.net/rdaprir2/autnum/65411". If the server does not answer, the client can then use another URL prefix from the array. This example is not normative.
Since there is no global namespace for entities, this document does not describe how to find the authoritative RDAP server for entities. It is possible however that, if the entity identifier was received from a previous query, the same RDAP server could be queried for that entity or the entity identifier itself is a fully referenced URL that can be queried.
The registries may not contain the requested value or the RDAP URL value may be empty. In these cases, there is no known RDAP server for that requested value and the client SHOULD provide an appropriate error message to the user.
This method relies on the fact that RDAP clients are fetching the IANA registries to then find the servers locally. Clients SHOULD NOT fetch every time the registry. Clients SHOULD cache the registry, but use underlying protocol signalling, such as HTTP Expires header field [RFC7234], to identify when it is time to refresh the cached registry.
If the query data does not match any entry in the client cached registry, then the client may implement various methods, such as the following:
IANA should make sure that the service of those registries is able to cope with a larger demand and should take appropriate measures such as caching and load balancing.
This specification does not assume while not prohibiting how some authorities of registration data may work together on sharing their information for a common service, including mutual redirection[I-D.ietf-weirds-redirects].
This method does not provide a direct way to find authoritative RDAP servers:
By providing a bootstrap method to find RDAP servers, this document helps making sure that the end-users will get the RDAP data from authoritative source, instead of from rogue sources. The method itself has the same security properties as the RDAP protocols themselves. The transport used to access the registries could be more secure by using TLS [RFC5246] if IANA supports it.
IANA is requested to do the following:
It is envisioned that these new registries will have similar entries than the corresponding IANA allocation registries, such as [ipv4reg],[ipv6reg],[asreg], [domainreg], and possibly similar registration policies. However, the registration policies for the new registries of this document are left to IANA.
The registries may be maintained in IANA own format, such as XML. However, the registry should be available in the JSON format, and optionally in other formats such as XML.
The weirds working group had multiple discussions on this topic, including a session during IETF 84, where various methods such as in-DNS and others were debated. The idea of using IANA registries was discovered by the editor during discussions with his colleagues as well as by a comment from Andy Newton. All the people involved in these discussions are herein acknowledged. Linlin Zhou, Jean-Philippe Dionne, John Levine, Kim Davies, Ernie Dainow, Scott Hollenbeck, Arturo Servin, Andy Newton, Murray Kucherawy, Tom Harrison, Naoki Kambe have provided input and suggestions to this document.
[RFC2119] | Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. |
[RFC3339] | Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, July 2002. |
[RFC4291] | Hinden, R. and S. Deering, "IP Version 6 Addressing Architecture", RFC 4291, February 2006. |
[RFC7159] | Bray, T., "The JavaScript Object Notation (JSON) Data Interchange Format", RFC 7159, March 2014. |