Internet DRAFT - draft-brown-whoami
draft-brown-whoami
Internet Engineering Task Force G. Brown
Internet-Draft CentralNic Group plc
Intended status: Experimental June 1, 2018
Expires: December 3, 2018
WHOAMI: A Method For Identifying a Domain Operator's Contact Information
draft-brown-whoami-02
Abstract
This document proposes a method by which the operator of a domain may
publish their contact information in a discoverable and machine-
readable format.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 3, 2018.
Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Brown Expires December 3, 2018 [Page 1]
�
Internet-Draft WHOAMI June 2018
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions Used in This Document . . . . . . . . . . . . 2
2. WHOAMI Protocol . . . . . . . . . . . . . . . . . . . . . . . 2
2.1. URI Record . . . . . . . . . . . . . . . . . . . . . . . 3
2.1.1. URI Record with a data: scheme . . . . . . . . . . . 3
2.2. Well-Known URL . . . . . . . . . . . . . . . . . . . . . 3
3. Security Considerations . . . . . . . . . . . . . . . . . . . 4
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 4
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 4
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 4
6.1. Normative References . . . . . . . . . . . . . . . . . . 4
6.2. Informative References . . . . . . . . . . . . . . . . . 5
Appendix A. Change History . . . . . . . . . . . . . . . . . . . 5
A.1. Change from 01 to 02 . . . . . . . . . . . . . . . . . . 5
A.2. Change from 00 to 01 . . . . . . . . . . . . . . . . . . 5
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6
1. Introduction
This document specifies a protocol which provides a way for the
operator of a domain name to publish their contact information in a
discoverable and machine-readable format.
It serves as a complementary service to WHOIS ([RFC3912]) and RDAP
([RFC7480]), and differs in that it relies on self-publication by the
domain operator, rather than a centralised third party service.
1.1. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
2. WHOAMI Protocol
Domain Operators MAY publish a WHOAMI Record in conformance with this
specification. It may be published (a) at a URL indicated by a URI
record [RFC7553] published in the DNS (as described in Section 2.1),
or (b) at a well-known URL (as described in Section 2.2).
Software which consumes WHOAMI records SHOULD first perform a DNS
query for the URI record for a domain, falling back to the well-known
URL if the query does not return a positive result.
Brown Expires December 3, 2018 [Page 2]
�
Internet-Draft WHOAMI June 2018
2.1. URI Record
Domain Operators MAY publish the URL of their WHOAMI record as a URI
record in the DNS. An example of such a record is below:
$ORIGIN example.com.
_nicname._tcp IN URI 10 1 https://example.com/whoami/whoami.vcf
Note: the Owner Name, Priority, Weight, Target and URI in the above
record are illustrative only.
The Service Tag of the URI record is constructed as per Section 4.1
of [RFC7553], with the "_nicname" tag being derived from the "Who Is
Protocol" entry in the "Service Name and Transport Protocol Port
Number Registry (see [RFC6335]).
2.1.1. URI Record with a data: scheme
Domain Operators MAY publish a record with a "data:" scheme
([RFC2397]). This allows the WHOAMI record to be embedded in the URI
record itself. An example of such a URI is below:
data:text/vcard;charset=utf-8;base64,QkVHSU46VkNBUkQNClZFUlNJT046NC4w
DQpVSUQ6dXJuOnV1aWQ6NGZiZTg5NzEtMGJjMy00MjRjLTljMjYtMzZjM2UxZWZmNmIxD
QpGTjtQSUQ9MS4xOkouIERvZQ0KTjpEb2U7Si47OzsNCkVNQUlMO1BJRD0xLjE6amRvZU
BleGFtcGxlLmNvbQ0KQ0xJRU5UUElETUFQOjE7dXJuOnV1aWQ6NTNlMzc0ZDktMzM3ZS0
0NzI3LTg4MDMtYTFlOWMxNGUwNTU2DQpFTkQ6VkNBUkQ=
If a "data:" scheme is used, the MIME type of the data MUST be "text/
vcard".
2.2. Well-Known URL
Domain Operators MAY publish their WHOAMI record at the following
URL:
http://example.com/.well-known/whoami/whoami.vcf
The "whoami" path segment has been registered in the "Well-Known URI
Registry" (see [RFC5785]).
It is RECOMMENDED that web servers which support HTTP over Transport
Layer Security (TLS, [RFC2818]) provide a 3xx redirect to the HTTPS
version of this URL.
Software which consumes WHOAMI records MUST follow 3xx redirections
return in server responses.
Brown Expires December 3, 2018 [Page 3]
�
Internet-Draft WHOAMI June 2018
The Content-Type header of the server response MUST be "text/vcard".
3. Security Considerations
WHOAMI provides no security capabilities above and beyond those
provided by the underlying protocols it uses, namely DNS and HTTP.
WHOAMI records in general will not be confidential: while HTTPS
provides transport-layer security, unless some form of authentication
is used, WHOAMI records will be freely available to anyone who
requests them. Authentication of client requests is not covered by
this document.
The integrity of WHOAMI records served over DNS may be verified using
DNSSEC validation. The use of TLS ensures that records served over
HTTPS have not been modified in-transit.
4. Privacy Considerations
Since WHOAMI records are not private, the information included in a
WHOAMI record is exposed to the public. Domain owners should
therefore exercise caution when entering information into their
WHOAMI record. For example, rather than publishing the contact
informations of people, role-based contact information SHOULD be used
instead.
5. IANA Considerations
This specification registers the "whoami" well-known URI in the
"Well-Known URIs" registry as defined by [RFC5785].
URI suffix: whoami
Change controller: IETF
Specification document(s): (this document)
Related information: no remarks
6. References
6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>.
Brown Expires December 3, 2018 [Page 4]
�
Internet-Draft WHOAMI June 2018
[RFC2397] Masinter, L., "The "data" URL scheme", RFC 2397,
DOI 10.17487/RFC2397, August 1998,
<https://www.rfc-editor.org/info/rfc2397>.
[RFC2818] Rescorla, E., "HTTP Over TLS", RFC 2818,
DOI 10.17487/RFC2818, May 2000,
<https://www.rfc-editor.org/info/rfc2818>.
[RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known
Uniform Resource Identifiers (URIs)", RFC 5785,
DOI 10.17487/RFC5785, April 2010,
<https://www.rfc-editor.org/info/rfc5785>.
[RFC6335] Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
Cheshire, "Internet Assigned Numbers Authority (IANA)
Procedures for the Management of the Service Name and
Transport Protocol Port Number Registry", BCP 165,
RFC 6335, DOI 10.17487/RFC6335, August 2011,
<https://www.rfc-editor.org/info/rfc6335>.
[RFC7553] Faltstrom, P. and O. Kolkman, "The Uniform Resource
Identifier (URI) DNS Resource Record", RFC 7553,
DOI 10.17487/RFC7553, June 2015,
<https://www.rfc-editor.org/info/rfc7553>.
6.2. Informative References
[RFC3912] Daigle, L., "WHOIS Protocol Specification", RFC 3912,
DOI 10.17487/RFC3912, September 2004,
<https://www.rfc-editor.org/info/rfc3912>.
[RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the
Registration Data Access Protocol (RDAP)", RFC 7480,
DOI 10.17487/RFC7480, March 2015,
<https://www.rfc-editor.org/info/rfc7480>.
Appendix A. Change History
A.1. Change from 01 to 02
1. Removed all the layer-9 stuff.
A.2. Change from 00 to 01
1. Fixed well-known URI registration, various typos. Improved
consistency of terminology.
Brown Expires December 3, 2018 [Page 5]
�
Internet-Draft WHOAMI June 2018
Author's Address
Gavin Brown
CentralNic Group plc
35-39 Moorgate
London, England EC2R 6AR
GB
Phone: +44 20 33 88 0600
Email: gavin.brown@centralnic.com
URI: https://www.centralnic.com
Brown Expires December 3, 2018 [Page 6]
