1 Internet Engineering Task Force (IETF)                     S. Hollenbeck   
    2 Request for Comments: 9082                                 Verisign Labs   
    3 STD: 95                                                        A. Newton   
    4 Obsoletes: 7482                                                      AWS   
    5 Category: Standards Track                                      June 2021   
    6 ISSN: 2070-1721                                                            
    7                                                                            
    8                                                                            
    9          Registration Data Access Protocol (RDAP) Query Format             
   10                                                                            
   11 Abstract                                                                   
   12                                                                            
   13    This document describes uniform patterns to construct HTTP URLs that    
   14    may be used to retrieve registration information from registries        
   15    (including both Regional Internet Registries (RIRs) and Domain Name     
   16    Registries (DNRs)) using "RESTful" web access patterns.  These          
   17    uniform patterns define the query syntax for the Registration Data      
   18    Access Protocol (RDAP).  This document obsoletes RFC 7482.              
   19                                                                            
   20 Status of This Memo                                                        
   21                                                                            
   22    This is an Internet Standards Track document.                           
   23                                                                            
   24    This document is a product of the Internet Engineering Task Force       
   25    (IETF).  It represents the consensus of the IETF community.  It has     
   26    received public review and has been approved for publication by the     
   27    Internet Engineering Steering Group (IESG).  Further information on     
   28    Internet Standards is available in Section 2 of RFC 7841.               
   29                                                                            
   30    Information about the current status of this document, any errata,      
   31    and how to provide feedback on it may be obtained at                    
   32    https://www.rfc-editor.org/info/rfc9082.                                
   33                                                                            
   34 Copyright Notice                                                           
   35                                                                            
   36    Copyright (c) 2021 IETF Trust and the persons identified as the         
   37    document authors.  All rights reserved.                                 
   38                                                                            
   39    This document is subject to BCP 78 and the IETF Trust's Legal           
   40    Provisions Relating to IETF Documents                                   
   41    (https://trustee.ietf.org/license-info) in effect on the date of        
   42    publication of this document.  Please review these documents            
   43    carefully, as they describe your rights and restrictions with respect   
   44    to this document.  Code Components extracted from this document must    
   45    include Simplified BSD License text as described in Section 4.e of      
   46    the Trust Legal Provisions and are provided without warranty as         
   47    described in the Simplified BSD License.                                
   48                                                                            
   49 Table of Contents                                                          
   50                                                                            
   51    1.  Introduction                                                        
   52    2.  Conventions Used in This Document                                   
   53      2.1.  Acronyms and Abbreviations                                      
   54    3.  Path Segment Specification                                          
   55      3.1.  Lookup Path Segment Specification                               
   56        3.1.1.  IP Network Path Segment Specification                       
   57        3.1.2.  Autonomous System Path Segment Specification                
   58        3.1.3.  Domain Path Segment Specification                           
   59        3.1.4.  Nameserver Path Segment Specification                       
   60        3.1.5.  Entity Path Segment Specification                           
   61        3.1.6.  Help Path Segment Specification                             
   62      3.2.  Search Path Segment Specification                               
   63        3.2.1.  Domain Search                                               
   64        3.2.2.  Nameserver Search                                           
   65        3.2.3.  Entity Search                                               
   66    4.  Query Processing                                                    
   67      4.1.  Partial String Searching                                        
   68      4.2.  Associated Records                                              
   69    5.  Extensibility                                                       
   70    6.  Internationalization Considerations                                 
   71      6.1.  Character Encoding Considerations                               
   72    7.  IANA Considerations                                                 
   73    8.  Security Considerations                                             
   74    9.  References                                                          
   75      9.1.  Normative References                                            
   76      9.2.  Informative References                                          
   77    Appendix A.  Changes from RFC 7482                                      
   78    Acknowledgments                                                         
   79    Authors' Addresses                                                      
   80                                                                            
   81 1.  Introduction                                                           
   82                                                                            
   83    This document describes a specification for querying registration       
   84    data using a RESTful web service and uniform query patterns.  The       
   85    service is implemented using the Hypertext Transfer Protocol (HTTP)     
   86    [RFC7230] and the conventions described in [RFC7480].  These uniform    
   87    patterns define the query syntax for the Registration Data Access       
   88    Protocol (RDAP).  This document obsoletes RFC 7482.                     
   89                                                                            
   90    The protocol described in this specification is intended to address     
   91    deficiencies with the WHOIS protocol [RFC3912] that have been           
   92    identified over time, including:                                        
   93                                                                            
   94    *  lack of standardized command structures;                             
   95                                                                            
   96    *  lack of standardized output and error structures;                    
   97                                                                            
   98    *  lack of support for internationalization and localization; and       
   99                                                                            
  100    *  lack of support for user identification, authentication, and         
  101       access control.                                                      
  102                                                                            
  103    The patterns described in this document purposefully do not encompass   
  104    all of the methods employed in the WHOIS and other RESTful web          
  105    services used by the RIRs and DNRs.  The intent of the patterns         
  106    described here is to enable queries of:                                 
  107                                                                            
  108    *  networks by IP address;                                              
  109                                                                            
  110    *  Autonomous System (AS) numbers by number;                            
  111                                                                            
  112    *  reverse DNS metadata by domain;                                      
  113                                                                            
  114    *  nameservers by name; and                                             
  115                                                                            
  116    *  entities (such as registrars and contacts) by identifier.            
  117                                                                            
  118    Server implementations are free to support only a subset of these       
  119    features depending on local requirements.  Servers MUST return an       
  120    HTTP 501 (Not Implemented) [RFC7231] response to inform clients of      
  121    unsupported query types.  It is also envisioned that each registry      
  122    will continue to maintain WHOIS and/or other RESTful web services       
  123    specific to their needs and those of their constituencies, and the      
  124    information retrieved through the patterns described here may           
  125    reference such services.                                                
  126                                                                            
  127    Likewise, future IETF specifications may add additional patterns for    
  128    additional query types.  A simple pattern namespacing scheme is         
  129    described in Section 5 to accommodate custom extensions that will not   
  130    interfere with the patterns defined in this document or patterns        
  131    defined in future IETF specifications.                                  
  132                                                                            
  133    WHOIS services, in general, are read-only services.  Accordingly, URL   
  134    [RFC3986] patterns specified in this document are only applicable to    
  135    the HTTP [RFC7231] GET and HEAD methods.                                
  136                                                                            
  137    This document does not describe the results or entities returned from   
  138    issuing the described URLs with an HTTP GET.  The specification of      
  139    these entities is described in [RFC9083].                               
  140                                                                            
  141    Additionally, resource management, provisioning, and update functions   
  142    are out of scope for this document.  Registries have various and        
  143    divergent methods covering these functions, and it is unlikely a        
  144    uniform approach is needed for interoperability.                        
  145                                                                            
  146    HTTP contains mechanisms for servers to authenticate clients and for    
  147    clients to authenticate servers (from which authorization schemes may   
  148    be built), so such mechanisms are not described in this document.       
  149    Policy, provisioning, and processing of authentication and              
  150    authorization are out of scope for this document as deployments will    
  151    have to make choices based on local criteria.  Supported                
  152    authentication mechanisms are described in [RFC7481].                   
  153                                                                            
  154 2.  Conventions Used in This Document                                      
  155                                                                            
  156    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",     
  157    "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and    
  158    "OPTIONAL" in this document are to be interpreted as described in       
  159    BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all      
  160    capitals, as shown here.                                                
  161                                                                            
  162 2.1.  Acronyms and Abbreviations                                           
  163                                                                            
  164    IDN:  Internationalized Domain Name, a fully-qualified domain name      
  165       containing one or more labels that are intended to include one or    
  166       more Unicode code points outside the ASCII range (cf. "domain        
  167       name", "fully-qualified domain name", and "internationalized         
  168       domain name" in RFC 8499 [RFC8499]).                                 
  169                                                                            
  170    IDNA:  Internationalized Domain Names in Applications, a protocol for   
  171       the handling of IDNs.  In this document, "IDNA" refers               
  172       specifically to the version of those specifications known as         
  173       "IDNA2008" [RFC5890].                                                
  174                                                                            
  175    DNR:  Domain Name Registry or Domain Name Registrar                     
  176                                                                            
  177    NFC:  Unicode Normalization Form C [Unicode-UAX15]                      
  178                                                                            
  179    NFKC:  Unicode Normalization Form KC [Unicode-UAX15]                    
  180                                                                            
  181    RDAP:  Registration Data Access Protocol                                
  182                                                                            
  183    REST:  Representational State Transfer.  The term was first described   
  184       in a doctoral dissertation [REST].                                   
  185                                                                            
  186    RESTful:  An adjective that describes a service using HTTP and the      
  187       principles of REST.                                                  
  188                                                                            
  189    RIR:  Regional Internet Registry                                        
  190                                                                            
  191 3.  Path Segment Specification                                             
  192                                                                            
  193    The base URLs used to construct RDAP queries are maintained in an       
  194    IANA registry (the "bootstrap registry") described in [RFC7484].        
  195    Queries are formed by retrieving an appropriate base URL from the       
  196    registry and appending a path segment specified in either Sections      
  197    3.1 or 3.2.  Generally, a registry or other service provider will       
  198    provide a base URL that identifies the protocol, host, and port, and    
  199    this will be used as a base URL that the complete URL is resolved       
  200    against, as per Section 5 of RFC 3986 [RFC3986].  For example, if the   
  201    base URL is "https://example.com/rdap/", all RDAP query URLs will       
  202    begin with "https://example.com/rdap/".                                 
  203                                                                            
  204    The bootstrap registry does not contain information for query objects   
  205    that are not part of a global namespace, including entities and help.   
  206    A base URL for an associated object is required to construct a          
  207    complete query.  This limitation can be overcome for entities by        
  208    using the practice described in RFC 8521 [RFC8521].                     
  209                                                                            
  210    For entities, a base URL is retrieved for the service (domain,          
  211    address, etc.) associated with a given entity.  The query URL is        
  212    constructed by concatenating the base URL with the entity path          
  213    segment specified in either Sections 3.1.5 or 3.2.3.                    
  214                                                                            
  215    For help, a base URL is retrieved for any service (domain, address,     
  216    etc.) for which additional information is required.  The query URL is   
  217    constructed by concatenating the base URL with the help path segment    
  218    specified in Section 3.1.6.                                             
  219                                                                            
  220 3.1.  Lookup Path Segment Specification                                    
  221                                                                            
  222    A simple lookup to determine if an object exists (or not) without       
  223    returning RDAP-encoded results can be performed using the HTTP HEAD     
  224    method as described in Section 4.1 of [RFC7480].                        
  225                                                                            
  226    The resource type path segments for exact match lookup are:             
  227                                                                            
  228    'ip':  Used to identify IP networks and associated data referenced      
  229       using either an IPv4 or IPv6 address.                                
  230                                                                            
  231    'autnum':  Used to identify Autonomous System number registrations      
  232       and associated data referenced using an asplain Autonomous System    
  233       number.                                                              
  234                                                                            
  235    'domain':  Used to identify reverse DNS (RIR) or domain name (DNR)      
  236       information and associated data referenced using a fully qualified   
  237       domain name.                                                         
  238                                                                            
  239    'nameserver':  Used to identify a nameserver information query using    
  240       a host name.                                                         
  241                                                                            
  242    'entity':  Used to identify an entity information query using a         
  243       string identifier.                                                   
  244                                                                            
  245 3.1.1.  IP Network Path Segment Specification                              
  246                                                                            
  247    Syntax:  ip/<IP address> or ip/<CIDR prefix>/<CIDR length>              
  248                                                                            
  249    Queries for information about IP networks are of the form /ip/XXX or    
  250    /ip/XXX/YY where the path segment following 'ip' is either an IPv4      
  251    dotted decimal or IPv6 [RFC5952] address (i.e., XXX) or an IPv4 or      
  252    IPv6 Classless Inter-domain Routing (CIDR) [RFC4632] notation address   
  253    block (i.e., XXX/YY).  Semantically, the simpler form using the         
  254    address can be thought of as a CIDR block with a prefix length of 32    
  255    for IPv4 and a prefix length of 128 for IPv6.  A given specific         
  256    address or CIDR may fall within multiple IP networks in a hierarchy     
  257    of networks; therefore, this query targets the "most-specific" or       
  258    smallest IP network that completely encompasses it in a hierarchy of    
  259    IP networks.                                                            
  260                                                                            
  261    The IPv4 and IPv6 address formats supported in this query are           
  262    described in Section 3.2.2 of RFC 3986 [RFC3986] as IPv4address and     
  263    IPv6address ABNF definitions.  Any valid IPv6 text address format       
  264    [RFC4291] can be used.  This includes IPv6 addresses written using      
  265    with or without compressed zeros and IPv6 addresses containing          
  266    embedded IPv4 addresses.  The rules to write a text representation of   
  267    an IPv6 address [RFC5952] are RECOMMENDED.  However, the zone_id        
  268    [RFC4007] is not appropriate in this context; therefore, the            
  269    corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT be        
  270    used, and servers SHOULD ignore it.                                     
  271                                                                            
  272    For example, the following URL would be used to find information for    
  273    the most specific network containing 192.0.2.0:                         
  274                                                                            
  275    https://example.com/rdap/ip/192.0.2.0                                   
  276                                                                            
  277    The following URL would be used to find information for the most        
  278    specific network containing 192.0.2.0/24:                               
  279                                                                            
  280    https://example.com/rdap/ip/192.0.2.0/24                                
  281                                                                            
  282    The following URL would be used to find information for the most        
  283    specific network containing 2001:db8::                                  
  284                                                                            
  285    https://example.com/rdap/ip/2001:db8::                                  
  286                                                                            
  287 3.1.2.  Autonomous System Path Segment Specification                       
  288                                                                            
  289    Syntax:  autnum/<autonomous system number>                              
  290                                                                            
  291    Queries for information regarding Autonomous System number              
  292    registrations are of the form /autnum/XXX where XXX is an asplain       
  293    Autonomous System number [RFC5396].  In some registries, registration   
  294    of Autonomous System numbers is done on an individual number basis,     
  295    while other registries may register blocks of Autonomous System         
  296    numbers.  The semantics of this query are such that if a number falls   
  297    within a range of registered blocks, the target of the query is the     
  298    block registration and that individual number registrations are         
  299    considered a block of numbers with a size of 1.                         
  300                                                                            
  301    For example, the following URL would be used to find information        
  302    describing Autonomous System number 12 (a number within a range of      
  303    registered blocks):                                                     
  304                                                                            
  305    https://example.com/rdap/autnum/12                                      
  306                                                                            
  307    The following URL would be used to find information describing 4-byte   
  308    Autonomous System number 65538:                                         
  309                                                                            
  310    https://example.com/rdap/autnum/65538                                   
  311                                                                            
  312 3.1.3.  Domain Path Segment Specification                                  
  313                                                                            
  314    Syntax:  domain/<domain name>                                           
  315                                                                            
  316    Queries for domain information are of the form /domain/XXXX, where      
  317    XXXX is a fully qualified (relative to the root) domain name (as        
  318    specified in [RFC0952] and [RFC1123]) in either the in-addr.arpa or     
  319    ip6.arpa zones (for RIRs) or a fully qualified domain name in a zone    
  320    administered by the server operator (for DNRs).  Internationalized      
  321    Domain Names (IDNs) represented in either A-label or U-label format     
  322    [RFC5890] are also valid domain names.  See Section 6.1 for             
  323    information on character encoding for the U-label format.               
  324                                                                            
  325    IDNs SHOULD NOT be represented as a mixture of A-labels and U-labels;   
  326    that is, internationalized labels in an IDN SHOULD be either all        
  327    A-labels or all U-labels.  It is possible for an RDAP client to         
  328    assemble a query string from multiple independent data sources.  Such   
  329    a client might not be able to perform conversions between A-labels      
  330    and U-labels.  An RDAP server that receives a query string with a       
  331    mixture of A-labels and U-labels MAY convert all the U-labels to        
  332    A-labels, perform IDNA processing, and proceed with exact-match         
  333    lookup.  In such cases, the response to be returned to the query        
  334    source may not match the input from the query source.  Alternatively,   
  335    the server MAY refuse to process the query.                             
  336                                                                            
  337    The server MAY perform the match using either the A-label or U-label    
  338    form.  Using one consistent form for matching every label is likely     
  339    to be more reliable.                                                    
  340                                                                            
  341    The following URL would be used to find information describing the      
  342    zone serving the network 192.0.2/24:                                    
  343                                                                            
  344    https://example.com/rdap/domain/2.0.192.in-addr.arpa                    
  345                                                                            
  346    The following URL would be used to find information describing the      
  347    zone serving the network 2001:db8:1::/48:                               
  348                                                                            
  349    https://example.com/rdap/domain/1.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa        
  350                                                                            
  351    The following URL would be used to find information for the             
  352    blah.example.com domain name:                                           
  353                                                                            
  354    https://example.com/rdap/domain/blah.example.com                        
  355                                                                            
  356    The following URL would be used to find information for the             
  357    xn--fo-5ja.example IDN:                                                 
  358                                                                            
  359    https://example.com/rdap/domain/xn--fo-5ja.example                      
  360                                                                            
  361 3.1.4.  Nameserver Path Segment Specification                              
  362                                                                            
  363    Syntax:  nameserver/<nameserver name>                                   
  364                                                                            
  365    The <nameserver name> parameter represents a fully qualified host       
  366    name as specified in [RFC0952] and [RFC1123].  Internationalized        
  367    names represented in either A-label or U-label format [RFC5890] are     
  368    also valid nameserver names.  IDN processing for nameserver names       
  369    uses the domain name processing instructions specified in               
  370    Section 3.1.3.  See Section 6.1 for information on character encoding   
  371    for the U-label format.                                                 
  372                                                                            
  373    The following URL would be used to find information for the             
  374    ns1.example.com nameserver:                                             
  375                                                                            
  376    https://example.com/rdap/nameserver/ns1.example.com                     
  377                                                                            
  378    The following URL would be used to find information for the             
  379    ns1.xn--fo-5ja.example nameserver:                                      
  380                                                                            
  381    https://example.com/rdap/nameserver/ns1.xn--fo-5ja.example              
  382                                                                            
  383 3.1.5.  Entity Path Segment Specification                                  
  384                                                                            
  385    Syntax:  entity/<handle>                                                
  386                                                                            
  387    The <handle> parameter represents an entity (such as a contact,         
  388    registrant, or registrar) identifier whose syntax is specific to the    
  389    registration provider.  For example, for some DNRs, contact             
  390    identifiers are specified in [RFC5730] and [RFC5733].                   
  391                                                                            
  392    The following URL would be used to find information for the entity      
  393    associated with handle XXXX:                                            
  394                                                                            
  395    https://example.com/rdap/entity/XXXX                                    
  396                                                                            
  397 3.1.6.  Help Path Segment Specification                                    
  398                                                                            
  399    Syntax:  help                                                           
  400                                                                            
  401    The help path segment can be used to request helpful information        
  402    (command syntax, terms of service, privacy policy, rate-limiting        
  403    policy, supported authentication methods, supported extensions,         
  404    technical support contact, etc.) from an RDAP server.  The response     
  405    to "help" should provide basic information that a client needs to       
  406    successfully use the service.  The following URL would be used to       
  407    return "help" information:                                              
  408                                                                            
  409    https://example.com/rdap/help                                           
  410                                                                            
  411 3.2.  Search Path Segment Specification                                    
  412                                                                            
  413    Pattern matching semantics are described in Section 4.1.  The           
  414    resource type path segments for search are:                             
  415                                                                            
  416    'domains':  Used to identify a domain name information search using a   
  417       pattern to match a fully qualified domain name.                      
  418                                                                            
  419    'nameservers':  Used to identify a nameserver information search        
  420       using a pattern to match a host name.                                
  421                                                                            
  422    'entities':  Used to identify an entity information search using a      
  423       pattern to match a string identifier.                                
  424                                                                            
  425    RDAP search path segments are formed using a concatenation of the       
  426    plural form of the object being searched for and an HTTP query          
  427    string.  The HTTP query string is formed using a concatenation of the   
  428    question mark character ('?', US-ASCII value 0x003F), a noun            
  429    representing the JSON object property associated with the object        
  430    being searched for, the equal sign character ('=', US-ASCII value       
  431    0x003D), and the search pattern (this is in contrast to the more        
  432    generic HTTP query string that allows multiple simultaneous             
  433    parameters).  Search pattern query processing is described more fully   
  434    in Section 4.  For the domain, nameserver, and entity objects           
  435    described in this document, the plural object forms are "domains",      
  436    "nameservers", and "entities".                                          
  437                                                                            
  438    Detailed results can be retrieved using the HTTP GET method and the     
  439    path segments specified here.                                           
  440                                                                            
  441 3.2.1.  Domain Search                                                      
  442                                                                            
  443    Syntax:  domains?name=<domain search pattern>                           
  444                                                                            
  445    Syntax:  domains?nsLdhName=<nameserver search pattern>                  
  446                                                                            
  447    Syntax:  domains?nsIp=<nameserver IP address>                           
  448                                                                            
  449    Searches for domain information by name are specified using this        
  450    form:                                                                   
  451                                                                            
  452    domains?name=XXXX                                                       
  453                                                                            
  454    XXXX is a search pattern representing a domain name in "letters,        
  455    digits, hyphen" (LDH) format [RFC5890].  The following URL would be     
  456    used to find DNR information for domain names matching the              
  457    "example*.com" pattern:                                                 
  458                                                                            
  459    https://example.com/rdap/domains?name=example*.com                      
  460                                                                            
  461    IDNs in U-label format [RFC5890] can also be used as search patterns    
  462    (see Section 4).  Searches for these names are of the form              
  463    /domains?name=XXXX, where XXXX is a search pattern representing a       
  464    domain name in U-label format [RFC5890].  See Section 6.1 for           
  465    information on character encoding for the U-label format.               
  466                                                                            
  467    Searches for domain information by nameserver name are specified        
  468    using this form:                                                        
  469                                                                            
  470    domains?nsLdhName=YYYY                                                  
  471                                                                            
  472    YYYY is a search pattern representing a host name in "letters,          
  473    digits, hyphen" format [RFC5890].  The following URL would be used to   
  474    search for domains delegated to nameservers matching the                
  475    "ns1.example*.com" pattern:                                             
  476                                                                            
  477    https://example.com/rdap/domains?nsLdhName=ns1.example*.com             
  478                                                                            
  479    Searches for domain information by nameserver IP address are            
  480    specified using this form:                                              
  481                                                                            
  482    domains?nsIp=ZZZZ                                                       
  483                                                                            
  484    ZZZZ is an IPv4 [RFC1166] or IPv6 [RFC5952] address.  The following     
  485    URL would be used to search for domains that have been delegated to     
  486    nameservers that resolve to the "192.0.2.0" address:                    
  487                                                                            
  488    https://example.com/rdap/domains?nsIp=192.0.2.0                         
  489                                                                            
  490 3.2.2.  Nameserver Search                                                  
  491                                                                            
  492    Syntax:  nameservers?name=<nameserver search pattern>                   
  493                                                                            
  494    Syntax:  nameservers?ip=<nameserver IP address>                         
  495                                                                            
  496    Searches for nameserver information by nameserver name are specified    
  497    using this form:                                                        
  498                                                                            
  499    nameservers?name=XXXX                                                   
  500                                                                            
  501    XXXX is a search pattern representing a host name in "letters,          
  502    digits, hyphen" format [RFC5890].  The following URL would be used to   
  503    find information for nameserver names matching the "ns1.example*.com"   
  504    pattern:                                                                
  505                                                                            
  506    https://example.com/rdap/nameservers?name=ns1.example*.com              
  507                                                                            
  508    Internationalized nameserver names in U-label format [RFC5890] can      
  509    also be used as search patterns (see Section 4).  Searches for these    
  510    names are of the form /nameservers?name=XXXX, where XXXX is a search    
  511    pattern representing a nameserver name in U-label format [RFC5890].     
  512    See Section 6.1 for information on character encoding for the U-label   
  513    format.                                                                 
  514                                                                            
  515    Searches for nameserver information by nameserver IP address are        
  516    specified using this form:                                              
  517                                                                            
  518    nameservers?ip=YYYY                                                     
  519                                                                            
  520    YYYY is an IPv4 [RFC1166] or IPv6 [RFC5952] address.  The following     
  521    URL would be used to search for nameserver names that resolve to the    
  522    "192.0.2.0" address:                                                    
  523                                                                            
  524    https://example.com/rdap/nameservers?ip=192.0.2.0                       
  525                                                                            
  526 3.2.3.  Entity Search                                                      
  527                                                                            
  528    Syntax:  entities?fn=<entity name search pattern>                       
  529                                                                            
  530    Syntax:  entities?handle=<entity handle search pattern>                 
  531                                                                            
  532    Searches for entity information by name are specified using this        
  533    form:                                                                   
  534                                                                            
  535    entities?fn=XXXX                                                        
  536                                                                            
  537    XXXX is a search pattern representing the "fn" property of an entity    
  538    (such as a contact, registrant, or registrar) name as described in      
  539    Section 5.1 of [RFC9083].  The following URL would be used to find      
  540    information for entity names matching the "Bobby Joe*" pattern:         
  541                                                                            
  542    https://example.com/rdap/entities?fn=Bobby%20Joe*                       
  543                                                                            
  544    Searches for entity information by handle are specified using this      
  545    form:                                                                   
  546                                                                            
  547    entities?handle=XXXX                                                    
  548                                                                            
  549    XXXX is a search pattern representing an entity (such as a contact,     
  550    registrant, or registrar) identifier whose syntax is specific to the    
  551    registration provider.  The following URL would be used to find         
  552    information for entity handles matching the "CID-40*" pattern:          
  553                                                                            
  554    https://example.com/rdap/entities?handle=CID-40*                        
  555                                                                            
  556    URLs MUST be properly encoded according to the rules of [RFC3986].      
  557    In the example above, "Bobby Joe*" is encoded to "Bobby%20Joe*".        
  558                                                                            
  559 4.  Query Processing                                                       
  560                                                                            
  561    Servers indicate the success or failure of query processing by          
  562    returning an appropriate HTTP response code to the client.  Response    
  563    codes not specifically identified in this document are described in     
  564    [RFC7480].                                                              
  565                                                                            
  566 4.1.  Partial String Searching                                             
  567                                                                            
  568    Partial string searching uses the asterisk ('*', US-ASCII value 0x2A)   
  569    character to match zero or more trailing characters.  A character       
  570    string representing a domain label suffix MAY be concatenated to the    
  571    end of the search pattern to limit the scope of the search.  For        
  572    example, the search pattern "exam*" will match "example.com" and        
  573    "example.net".  The search pattern "exam*.com" will match               
  574    "example.com".  If an asterisk appears in a search string, any label    
  575    that contains the non-asterisk characters in sequence plus zero or      
  576    more characters in sequence in place of the asterisk would match.  A    
  577    partial string search MUST NOT include more than one asterisk.          
  578    Additional pattern matching processing is beyond the scope of this      
  579    specification.                                                          
  580                                                                            
  581    If a server receives a search request but cannot process the request    
  582    because it does not support a particular style of partial match         
  583    searching, it SHOULD return an HTTP 422 (Unprocessable Entity)          
  584    [RFC4918] response (unless another response code is more appropriate    
  585    based on a server's policy settings) to note that search                
  586    functionality is supported, but this particular query cannot be         
  587    processed.  When returning a 422 error, the server MAY also return an   
  588    error response body as specified in Section 6 of [RFC9083] if the       
  589    requested media type is one that is specified in [RFC7480].             
  590                                                                            
  591    Partial matching is not feasible across combinations of Unicode         
  592    characters because Unicode characters can be combined with each         
  593    other.  Servers SHOULD NOT partially match combinations of Unicode      
  594    characters where a legal combination is possible.  It should be         
  595    noted, though, that it may not always be possible to detect cases       
  596    where a character could have been combined with another character,      
  597    but was not, because characters can be combined in many different       
  598    ways.                                                                   
  599                                                                            
  600    Clients SHOULD NOT submit a partial match search of Unicode             
  601    characters where a Unicode character may be legally combined with       
  602    another Unicode character or characters.  Partial match searches with   
  603    incomplete combinations of characters where a character must be         
  604    combined with another character or characters are invalid.  Partial     
  605    match searches with characters that may be combined with another        
  606    character or characters are to be considered non-combined characters    
  607    (that is, if character x may be combined with character y but           
  608    character y is not submitted in the search string, then character x     
  609    is a complete character and no combinations of character x are to be    
  610    searched).                                                              
  611                                                                            
  612 4.2.  Associated Records                                                   
  613                                                                            
  614    Conceptually, any query-matching record in a server's database might    
  615    be a member of a set of related records, related in some fashion as     
  616    defined by the server -- for example, variants of an IDN.  The entire   
  617    set ought to be considered as candidates for inclusion when             
  618    constructing the response.  However, the construction of the final      
  619    response needs to be mindful of privacy and other data-releasing        
  620    policies when assembling the RDAP response set.                         
  621                                                                            
  622    Note too that due to the nature of searching, there may be a list of    
  623    query-matching records.  Each one of those is subject to being a        
  624    member of a set as described in the previous paragraph.  What is        
  625    ultimately returned in a response will be the union of all the sets     
  626    that has been filtered by whatever policies are in place.               
  627                                                                            
  628    Note that this model includes arrangements for associated names,        
  629    including those that are linked by policy mechanisms and names bound    
  630    together for some other purposes.  Note also that returning             
  631    information that was not explicitly selected by an exact-match          
  632    lookup, including additional names that match a relatively fuzzy        
  633    search as well as lists of names that are linked together, may cause    
  634    privacy issues.                                                         
  635                                                                            
  636    Note that there might not be a single, static information return        
  637    policy that applies to all clients equally.  Client identity and        
  638    associated authorizations can be a relevant factor in determining how   
  639    broad the response set will be for any particular query.                
  640                                                                            
  641 5.  Extensibility                                                          
  642                                                                            
  643    This document describes path segment specifications for a limited       
  644    number of objects commonly registered in both RIRs and DNRs.  It does   
  645    not attempt to describe path segments for all of the objects            
  646    registered in all registries.  Custom path segments can be created      
  647    for objects not specified here using the process described in           
  648    Section 6 of "HTTP Usage in the Registration Data Access Protocol       
  649    (RDAP)" [RFC7480].                                                      
  650                                                                            
  651    Custom path segments can be created by prefixing the segment with a     
  652    unique identifier followed by an underscore character (0x5F).  For      
  653    example, a custom entity path segment could be created by prefixing     
  654    "entity" with "custom_", producing "custom_entity".  Servers MUST       
  655    return an appropriate failure status code for a request with an         
  656    unrecognized path segment.                                              
  657                                                                            
  658 6.  Internationalization Considerations                                    
  659                                                                            
  660    There is value in supporting the ability to submit either a U-label     
  661    (Unicode form of an IDN label) or an A-label (US-ASCII form of an IDN   
  662    label) as a query argument to an RDAP service.  Clients capable of      
  663    processing non-US-ASCII characters may prefer a U-label since this is   
  664    more visually recognizable and familiar than A-label strings, but       
  665    clients using programmatic interfaces might find it easier to submit    
  666    and display A-labels if they are unable to input U-labels with their    
  667    keyboard configuration.  Both query forms are acceptable.               
  668                                                                            
  669    Internationalized domain and nameserver names can contain character     
  670    variants and variant labels as described in [RFC4290].  Clients that    
  671    support queries for internationalized domain and nameserver names       
  672    MUST accept service provider responses that describe variants as        
  673    specified in "JSON Responses for the Registration Data Access           
  674    Protocol (RDAP)" [RFC9083].                                             
  675                                                                            
  676 6.1.  Character Encoding Considerations                                    
  677                                                                            
  678    Servers can expect to receive search patterns from clients that         
  679    contain character strings encoded in different forms supported by       
  680    HTTP.  It is entirely possible to apply filters and normalization       
  681    rules to search patterns prior to making character comparisons, but     
  682    this type of processing is more typically needed to determine the       
  683    validity of registered strings than to match patterns.                  
  684                                                                            
  685    An RDAP client submitting a query string containing non-US-ASCII        
  686    characters converts such strings into Unicode in UTF-8 encoding.  It    
  687    then performs any local case mapping deemed necessary.  Strings are     
  688    normalized using Normalization Form C (NFC) [Unicode-UAX15]; note       
  689    that clients might not be able to do this reliably.  UTF-8 encoded      
  690    strings are then appropriately percent-encoded [RFC3986] in the query   
  691    URL.                                                                    
  692                                                                            
  693    After parsing any percent-encoding, an RDAP server treats each query    
  694    string as Unicode in UTF-8 encoding.  If a string is not valid UTF-8,   
  695    the server can immediately stop processing the query and return an      
  696    HTTP 400 (Bad Request) response.                                        
  697                                                                            
  698    When processing queries, there is a difference in handling DNS names,   
  699    including those with putative U-labels, and everything else.  DNS       
  700    names are treated according to the DNS matching rules as described in   
  701    Section 3.1 of RFC 1035 [RFC1035] for Non-Reserved LDH (NR-LDH)         
  702    labels and the matching rules described in Section 5.4 of RFC 5891      
  703    [RFC5891] for U-labels.  Matching of DNS names proceeds one label at    
  704    a time because it is possible for a combination of U-labels and NR-     
  705    LDH labels to be found in a single domain or host name.  The            
  706    determination of whether a label is a U-label or an NR-LDH label is     
  707    based on whether the label contains any characters outside of the US-   
  708    ASCII letters, digits, or hyphen (the so-called LDH rule).              
  709                                                                            
  710    For everything else, servers map fullwidth and halfwidth characters     
  711    to their decomposition equivalents.  Servers convert strings to the     
  712    same coded character set of the target data that is to be looked up     
  713    or searched, and each string is normalized using the same               
  714    normalization that was used on the target data.  In general, storage    
  715    of strings as Unicode is RECOMMENDED.  For the purposes of              
  716    comparison, Normalization Form KC (NFKC) [Unicode-UAX15] with case      
  717    folding is used to maximize predictability and the number of matches.   
  718    Note the use of case-folded NFKC as opposed to NFC in this case.        
  719                                                                            
  720 7.  IANA Considerations                                                    
  721                                                                            
  722    This document has no IANA actions.                                      
  723                                                                            
  724 8.  Security Considerations                                                
  725                                                                            
  726    Security services for the operations specified in this document are     
  727    described in "Security Services for the Registration Data Access        
  728    Protocol (RDAP)" [RFC7481].                                             
  729                                                                            
  730    Search functionality typically requires more server resources (such     
  731    as memory, CPU cycles, and network bandwidth) when compared to basic    
  732    lookup functionality.  This increases the risk of server resource       
  733    exhaustion and subsequent denial of service due to abuse.  This risk    
  734    can be mitigated by developing and implementing controls to restrict    
  735    search functionality to identified and authorized clients.  If those    
  736    clients behave badly, their search privileges can be suspended or       
  737    revoked.  Rate limiting as described in Section 5.5 of "HTTP Usage in   
  738    the Registration Data Access Protocol (RDAP)" [RFC7480] can also be     
  739    used to control the rate of received search requests.  Server           
  740    operators can also reduce their risk by restricting the amount of       
  741    information returned in response to a search request.                   
  742                                                                            
  743    Search functionality also increases the privacy risk of disclosing      
  744    object relationships that might not otherwise be obvious.  For          
  745    example, a search that returns IDN variants [RFC6927] that do not       
  746    explicitly match a client-provided search pattern can disclose          
  747    information about registered domain names that might not be otherwise   
  748    available.  Implementers need to consider the policy and privacy        
  749    implications of returning information that was not explicitly           
  750    requested.                                                              
  751                                                                            
  752    Note that there might not be a single, static information return        
  753    policy that applies to all clients equally.  Client identity and        
  754    associated authorizations can be a relevant factor in determining how   
  755    broad the response set will be for any particular query.                
  756                                                                            
  757 9.  References                                                             
  758                                                                            
  759 9.1.  Normative References                                                 
  760                                                                            
  761    [RFC0952]  Harrenstien, K., Stahl, M., and E. Feinler, "DoD Internet    
  762               host table specification", RFC 952, DOI 10.17487/RFC0952,    
  763               October 1985, <https://www.rfc-editor.org/info/rfc952>.      
  764                                                                            
  765    [RFC1035]  Mockapetris, P., "Domain names - implementation and          
  766               specification", STD 13, RFC 1035, DOI 10.17487/RFC1035,      
  767               November 1987, <https://www.rfc-editor.org/info/rfc1035>.    
  768                                                                            
  769    [RFC1123]  Braden, R., Ed., "Requirements for Internet Hosts -          
  770               Application and Support", STD 3, RFC 1123,                   
  771               DOI 10.17487/RFC1123, October 1989,                          
  772               <https://www.rfc-editor.org/info/rfc1123>.                   
  773                                                                            
  774    [RFC1166]  Kirkpatrick, S., Stahl, M., and M. Recker, "Internet         
  775               numbers", RFC 1166, DOI 10.17487/RFC1166, July 1990,         
  776               <https://www.rfc-editor.org/info/rfc1166>.                   
  777                                                                            
  778    [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate          
  779               Requirement Levels", BCP 14, RFC 2119,                       
  780               DOI 10.17487/RFC2119, March 1997,                            
  781               <https://www.rfc-editor.org/info/rfc2119>.                   
  782                                                                            
  783    [RFC3986]  Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform     
  784               Resource Identifier (URI): Generic Syntax", STD 66,          
  785               RFC 3986, DOI 10.17487/RFC3986, January 2005,                
  786               <https://www.rfc-editor.org/info/rfc3986>.                   
  787                                                                            
  788    [RFC4291]  Hinden, R. and S. Deering, "IP Version 6 Addressing          
  789               Architecture", RFC 4291, DOI 10.17487/RFC4291, February      
  790               2006, <https://www.rfc-editor.org/info/rfc4291>.             
  791                                                                            
  792    [RFC4632]  Fuller, V. and T. Li, "Classless Inter-domain Routing        
  793               (CIDR): The Internet Address Assignment and Aggregation      
  794               Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August       
  795               2006, <https://www.rfc-editor.org/info/rfc4632>.             
  796                                                                            
  797    [RFC4918]  Dusseault, L., Ed., "HTTP Extensions for Web Distributed     
  798               Authoring and Versioning (WebDAV)", RFC 4918,                
  799               DOI 10.17487/RFC4918, June 2007,                             
  800               <https://www.rfc-editor.org/info/rfc4918>.                   
  801                                                                            
  802    [RFC5396]  Huston, G. and G. Michaelson, "Textual Representation of     
  803               Autonomous System (AS) Numbers", RFC 5396,                   
  804               DOI 10.17487/RFC5396, December 2008,                         
  805               <https://www.rfc-editor.org/info/rfc5396>.                   
  806                                                                            
  807    [RFC5730]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)",    
  808               STD 69, RFC 5730, DOI 10.17487/RFC5730, August 2009,         
  809               <https://www.rfc-editor.org/info/rfc5730>.                   
  810                                                                            
  811    [RFC5733]  Hollenbeck, S., "Extensible Provisioning Protocol (EPP)      
  812               Contact Mapping", STD 69, RFC 5733, DOI 10.17487/RFC5733,    
  813               August 2009, <https://www.rfc-editor.org/info/rfc5733>.      
  814                                                                            
  815    [RFC5890]  Klensin, J., "Internationalized Domain Names for             
  816               Applications (IDNA): Definitions and Document Framework",    
  817               RFC 5890, DOI 10.17487/RFC5890, August 2010,                 
  818               <https://www.rfc-editor.org/info/rfc5890>.                   
  819                                                                            
  820    [RFC5891]  Klensin, J., "Internationalized Domain Names in              
  821               Applications (IDNA): Protocol", RFC 5891,                    
  822               DOI 10.17487/RFC5891, August 2010,                           
  823               <https://www.rfc-editor.org/info/rfc5891>.                   
  824                                                                            
  825    [RFC5952]  Kawamura, S. and M. Kawashima, "A Recommendation for IPv6    
  826               Address Text Representation", RFC 5952,                      
  827               DOI 10.17487/RFC5952, August 2010,                           
  828               <https://www.rfc-editor.org/info/rfc5952>.                   
  829                                                                            
  830    [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer   
  831               Protocol (HTTP/1.1): Message Syntax and Routing",            
  832               RFC 7230, DOI 10.17487/RFC7230, June 2014,                   
  833               <https://www.rfc-editor.org/info/rfc7230>.                   
  834                                                                            
  835    [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer   
  836               Protocol (HTTP/1.1): Semantics and Content", RFC 7231,       
  837               DOI 10.17487/RFC7231, June 2014,                             
  838               <https://www.rfc-editor.org/info/rfc7231>.                   
  839                                                                            
  840    [RFC7480]  Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the    
  841               Registration Data Access Protocol (RDAP)", STD 95,           
  842               RFC 7480, DOI 10.17487/RFC7480, March 2015,                  
  843               <https://www.rfc-editor.org/info/rfc7480>.                   
  844                                                                            
  845    [RFC7481]  Hollenbeck, S. and N. Kong, "Security Services for the       
  846               Registration Data Access Protocol (RDAP)", STD 95,           
  847               RFC 7481, DOI 10.17487/RFC7481, March 2015,                  
  848               <https://www.rfc-editor.org/info/rfc7481>.                   
  849                                                                            
  850    [RFC7484]  Blanchet, M., "Finding the Authoritative Registration Data   
  851               (RDAP) Service", RFC 7484, DOI 10.17487/RFC7484, March       
  852               2015, <https://www.rfc-editor.org/info/rfc7484>.             
  853                                                                            
  854    [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC       
  855               2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,     
  856               May 2017, <https://www.rfc-editor.org/info/rfc8174>.         
  857                                                                            
  858    [RFC8499]  Hoffman, P., Sullivan, A., and K. Fujiwara, "DNS             
  859               Terminology", BCP 219, RFC 8499, DOI 10.17487/RFC8499,       
  860               January 2019, <https://www.rfc-editor.org/info/rfc8499>.     
  861                                                                            
  862    [RFC9083]  Hollenbeck, S. and A. Newton, "JSON Responses for the        
  863               Registration Data Access Protocol (RDAP)", STD 95,           
  864               RFC 9083, DOI 10.17487/RFC9083, June 2021,                   
  865               <https://www.rfc-editor.org/info/rfc9083>.                   
  866                                                                            
  867    [Unicode-UAX15]                                                         
  868               The Unicode Consortium, "Unicode Standard Annex #15:         
  869               Unicode Normalization Forms", September 2013,                
  870               <https://www.unicode.org/reports/tr15/>.                     
  871                                                                            
  872 9.2.  Informative References                                               
  873                                                                            
  874    [REST]     Fielding, R., "Architectural Styles and the Design of        
  875               Network-based Software Architectures", Ph.D.                 
  876               Dissertation, University of California, Irvine, 2000,        
  877               <https://www.ics.uci.edu/~fielding/pubs/dissertation/        
  878               fielding_dissertation.pdf>.                                  
  879                                                                            
  880    [RFC3912]  Daigle, L., "WHOIS Protocol Specification", RFC 3912,        
  881               DOI 10.17487/RFC3912, September 2004,                        
  882               <https://www.rfc-editor.org/info/rfc3912>.                   
  883                                                                            
  884    [RFC4007]  Deering, S., Haberman, B., Jinmei, T., Nordmark, E., and     
  885               B. Zill, "IPv6 Scoped Address Architecture", RFC 4007,       
  886               DOI 10.17487/RFC4007, March 2005,                            
  887               <https://www.rfc-editor.org/info/rfc4007>.                   
  888                                                                            
  889    [RFC4290]  Klensin, J., "Suggested Practices for Registration of        
  890               Internationalized Domain Names (IDN)", RFC 4290,             
  891               DOI 10.17487/RFC4290, December 2005,                         
  892               <https://www.rfc-editor.org/info/rfc4290>.                   
  893                                                                            
  894    [RFC6874]  Carpenter, B., Cheshire, S., and R. Hinden, "Representing    
  895               IPv6 Zone Identifiers in Address Literals and Uniform        
  896               Resource Identifiers", RFC 6874, DOI 10.17487/RFC6874,       
  897               February 2013, <https://www.rfc-editor.org/info/rfc6874>.    
  898                                                                            
  899    [RFC6927]  Levine, J. and P. Hoffman, "Variants in Second-Level Names   
  900               Registered in Top-Level Domains", RFC 6927,                  
  901               DOI 10.17487/RFC6927, May 2013,                              
  902               <https://www.rfc-editor.org/info/rfc6927>.                   
  903                                                                            
  904    [RFC8521]  Hollenbeck, S. and A. Newton, "Registration Data Access      
  905               Protocol (RDAP) Object Tagging", BCP 221, RFC 8521,          
  906               DOI 10.17487/RFC8521, November 2018,                         
  907               <https://www.rfc-editor.org/info/rfc8521>.                   
  908                                                                            
  909 Appendix A.  Changes from RFC 7482                                         
  910                                                                            
  911    *  Addressed known errata.                                              
  912                                                                            
  913    *  Addressed other reported clarifications and corrections: IDN,        
  914       IDNA, and DNR definitions.  Noted that registrars are entities.      
  915       Added a reference to RFC 8521 to address the bootstrap registry      
  916       limitation.  Removed extraneous "...".  Clarified HTTP query         
  917       string, search pattern, name server search, domain label suffix,     
  918       and asterisk search.                                                 
  919                                                                            
  920    *  Addressed "The HTTP query string" clarification.                     
  921                                                                            
  922    *  Modified coauthor address.                                           
  923                                                                            
  924    *  Updated references to RFC 7483 to RFC 9083.                          
  925                                                                            
  926    *  Added an IANA Considerations section.  Changed references to use     
  927       HTTPS for targets.                                                   
  928                                                                            
  929    *  Changed "XXXX is a search pattern representing the "FN" property     
  930       of an entity (such as a contact, registrant, or registrar) name as   
  931       specified in Section 5.1" to "Changed "XXXX is a search pattern      
  932       representing the "fn" property of an entity (such as a contact,      
  933       registrant, or registrar) name as described in Section 5.1".         
  934                                                                            
  935    *  Added acknowledgments.                                               
  936                                                                            
  937    *  Changed "The intent of the patterns described here are to enable     
  938       queries" to "The intent of the patterns described here is to         
  939       enable queries".                                                     
  940                                                                            
  941    *  Changed "the corresponding syntax extension in RFC 6874 [RFC6874]    
  942       MUST NOT be used, and servers are to ignore it if possible" to       
  943       "the corresponding syntax extension in RFC 6874 [RFC6874] MUST NOT   
  944       be used, and servers SHOULD ignore it".                              
  945                                                                            
  946    *  Changed "Only a single asterisk is allowed for a partial string      
  947       search" to "A partial string search MUST NOT include more than one   
  948       asterisk".                                                           
  949                                                                            
  950    *  Changed "Clients should avoid submitting a partial match search of   
  951       Unicode characters where a Unicode character may be legally          
  952       combined with another Unicode character or characters" to "Clients   
  953       SHOULD NOT submit a partial match search of Unicode characters       
  954       where a Unicode character may be legally combined with another       
  955       Unicode character or characters".                                    
  956                                                                            
  957    *  Changed description of nameserver IP address "search pattern" in     
  958       Sections 3.2.1 and 3.2.2.                                            
  959                                                                            
  960    *  IESG review feedback: Added "obsoletes 7482" to the headers,         
  961       Abstract, and Introduction.  Changed "IETF standards" to "IETF       
  962       specifications" and "Therefore" to "Accordingly" in Section 1.       
  963       Updated the BCP 14 boilerplate.  Added definition of "bootstrap      
  964       registry" and changed "concatenating ... to" to "concatenating ...   
  965       with" in Section 3.  Changed "bitmask length" to "prefix length"     
  966       and "2001:db8::0" to "2001:db8::" in Section 3.1.1.  Added "in       
  967       contrast to the more generic HTTP query string that admits           
  968       multiple simultaneous parameters" in Section 3.2.  Changed           
  969       "0x002A" to "0x2A" in Section 4.1.  Clarified use of HTTP 422        
  970       SHOULD in Section 4.1.                                               
  971                                                                            
  972 Acknowledgments                                                            
  973                                                                            
  974    This document is derived from original work on RIR query formats        
  975    developed by Byron J. Ellacott of APNIC, Arturo L. Servin of LACNIC,    
  976    Kaveh Ranjbar of the RIPE NCC, and Andrew L. Newton of ARIN.            
  977    Additionally, this document incorporates DNR query formats originally   
  978    described by Francisco Arias and Steve Sheng of ICANN and Scott         
  979    Hollenbeck of Verisign Labs.                                            
  980                                                                            
  981    The authors would like to acknowledge the following individuals for     
  982    their contributions to this document: Francisco Arias, Marc Blanchet,   
  983    Ernie Dainow, Jean-Philippe Dionne, Byron J. Ellacott, Behnam           
  984    Esfahbod, John Klensin, John Levine, Edward Lewis, Mario Loffredo,      
  985    Patrick Mevzek, Mark Nottingham, Kaveh Ranjbar, Arturo L. Servin,       
  986    Steve Sheng, Jasdip Singh, and Andrew Sullivan.                         
  987                                                                            
  988 Authors' Addresses                                                         
  989                                                                            
  990    Scott Hollenbeck                                                        
  991    Verisign Labs                                                           
  992    12061 Bluemont Way                                                      
  993    Reston, VA 20190                                                        
  994    United States of America                                                
  995                                                                            
  996    Email: shollenbeck@verisign.com                                         
  997    URI:   https://www.verisignlabs.com/                                    
  998                                                                            
  999                                                                            
 1000    Andy Newton                                                             
 1001    Amazon Web Services, Inc.                                               
 1002    13200 Woodland Park Road                                                
 1003    Herndon, VA 20171                                                       
 1004    United States of America                                                
 1005                                                                            
 1006    Email: andy@hxr.us                                                      
 1007                                                                            

The IETF is responsible for the creation and maintenance of the DNS RFCs. The ICANN DNS RFC annotation project provides a forum for collecting community annotations on these RFCs as an aid to understanding for implementers and any interested parties. The annotations displayed here are not the result of the IETF consensus process.

This RFC is included in the DNS RFCs annotation project whose home page is here.