Network Working Group P Faltstrom Internet-Draft Tele2 Expires: October 30, 2000 M Kosters Network Solutions May 1, 2000 Referal extension to the Whois protocol draft-faltstrom-whois-04 Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on October 30, 2000. Copyright Notice Copyright (C) The Internet Society (2000). All Rights Reserved. Abstract This document presents extensions to the Whois protocol output format which enables a possibility for the server to send referal information to the Whois client. This referal mechanism can be used for example in a situation with a registrar/registry model, where the registrars all have their own Whois databases, and together they serve a whole TLD. It can also be used when implementing a root-whois service on top of all whois servers in the world, and this way enable the possibility of creating advanced proxy services. For the latter, a registration procedure is also suggested, where Whois services can be registered. Faltstrom & Kosters Expires October 30, 2000 [Page 1] Internet-Draft Referal extension to the Whois protocol May 2000 Discussion on this Internet-Draft is to be held on the mailing list ietf-whois-ext@imc.org, which is hosted by the Internet Mail Consortium. To subscribe, send an email to ietf-whois-ext-request@imc.org, with the text "subscribe" as the only word in the body of the mail. There is an archive of the mailing list at . Faltstrom & Kosters Expires October 30, 2000 [Page 2] Internet-Draft Referal extension to the Whois protocol May 2000 1. Introduction The whois service[1] as it used today is a pure client-server protocol. There is no means for a client to know what server to query, and no way a server can give back information to a client about other matches at other Whois servers. I.e. there is no way one can with the Whois protocol build distributed Whois services. Several attempts have been made, like Whois++ and RWhois, but the most successful ones have been Whois services which in turn act as proxies, so the client uses the same old Whois protocol, and the server hide the fact that the query from the client is fan out to more than one server in turn. This document is a try to define extensions to the Whois protocol which makes it easier to develop such proxy services. Faltstrom & Kosters Expires October 30, 2000 [Page 3] Internet-Draft Referal extension to the Whois protocol May 2000 2. Background There is an operational need on the Internet to get to know the technical contact for a certain domainname or IP-address. Today, this information is stored in Whois servers, and the clients used are using the Whois protocol to get the data. The whois servers are run by entities responsible for a domain, a block of IP addresses or such. To be able to get information, the client need to know which Whois service do have information about the record queried for. Faltstrom & Kosters Expires October 30, 2000 [Page 4] Internet-Draft Referal extension to the Whois protocol May 2000 3. IANA IANA is responsible for handling out IP-addresses and domainnames in the world. This responsibility is delegated to, regarding domainnames, registries for TLDs, and for IP-addresses the regional registres that exists in the world. Each one of these registries can in turn have delegated the responsibility for delegation, and in some cases this has also implied delegation of responsibility of running a Whois service for that delegated part of the address space, and in some cases not. Especially when a registry in turn have registrars doing registrations and delegations on behalf of the registry, the issue with Whois service for the information becomes complicated. Because of these increased complicated structures of the Whois services in the world, this document suggests some structure to the Whois protocol which makes it possible for IANA and others to implement proxy services on top of all the Whois servers that exist, and will exist in the future. It is extremely important that backward compatibility is kept for whois clients, i.e. we talk in this paper about the protocol between the server holding the information and the proxy, not between the proxy and the Whois client. Faltstrom & Kosters Expires October 30, 2000 [Page 5] Internet-Draft Referal extension to the Whois protocol May 2000 4. Format 4.1 Version Any server using any of these extensions MUST have a line which is the first in the Whois output which reads: % VERSION RFCXXXX RIPE-181 (The string RIPE-181 above is just an example) The version command specifies what format is used for control (first token) and what for data (second token). The format for controls is to be RFCXXXX according to specifications in this paper, while RIPE-181 is in this example used for the format of the data. Note to RFC-editor: The text RFCXXXX is supposed to be replaced with the correct RFC number of this document. 4.2 Character set The basic protocol is US-ASCII only. We suggest that a whois service can announce the character set used by using the specific line in the Whois output: % CHARSET UTF-8 (UTF-8 in the example above is just an example) The character set specified MUST be a superset of US-ASCII so further directives still will be recognized. The character set MUST be registered by IANA can be used which is a superset of US-ASCII. Software which is compliant with this extension MUST be able to handle the character set UTF-8. It should be noted that this is an extension to the Whois protocol, which is 7-bit only. The CHARSET statement MUST be present in the whois output before any use of the charset itself. A CHARSET statement MUST NOT be used more than once in each whois response. Faltstrom & Kosters Expires October 30, 2000 [Page 6] Internet-Draft Referal extension to the Whois protocol May 2000 4.3 Referral The semantics behind the referral directive is that a client which gets a response which includes this directive in a response from a server SHOULD parse the whois URI and reissue a whois query according to the specification in the URI given back to the client. The information in the referral should be treated as "more information about the record can be found here". It doesn't explicitely say "disregard information I have", because some of the information given in the whois output (i.e. not in the directives) from the server which gives the referral directive back, might be interesting for the client. For example, in the case of a shared registry system when the whois server of the registry gives a referral back, it probably also gives whois data back which includes information about the registrar, together with actual information about the state of the domain in the zone the registry runs. A Whois service can announce a referral by using the specific line in the Whois output: % REFERRAL WHOIS://WHOIS.EXAMPLE.NET/FOO The string after "REFERRAL" is an example of a WHOIS URI. A Whois URI is defined by: whoisurl = "whois://" hostport [ "/" whoissrch ] where whoissrch = *uchar 4.4 Copyright A Whois service can provide copyright information regarding the data provided with the Whois service itself through the following message: % COPYRIGHT HTTP://WHOIS.EXAMPLE.NET/COPYRIGHT/ It is recommended that the text in the copyright string should include a URL, and not the copyright statement itself, as in the example above. Faltstrom & Kosters Expires October 30, 2000 [Page 7] Internet-Draft Referal extension to the Whois protocol May 2000 5. Usage of these extensions 5.1 Proxy deployment It is expected that any organization can produce a Whois proxy which understands these extensions. The proxy can using this information both convert character sets and act as a proxy (query more than one server) without the Whois client knowing that the service didn't have the data locally. The proxy service is expected to get initial referral information (i.e. a list of Whois servers to query) from a central repository, IANA. 5.2 Initial feed of referral information IANA is presumed to in the contract with TLD and IP-address registries include enough information so that the registry inform IANA on where the Whois service is located (hostname/portnumber). IANA should specific whois server which holds a list of available Whois servers so any whois proxy service can fetch the latest information at it's will. The information is to be retrieved using the whois protocol, using the special search token "%WHATDOYOUKNOW". Any whois server MAY support this specific search token, and give back information about other whois servers he has knowledge about. Conclusion, a proxy service which has interest in getting a fresh list of existing whois servers in the world opens a whois connection to the whois server of IANA, whois.iana.org, and sends the query: %WHATDOYOUKNOW The output is a formatted list of specifications, one per whois URL construction available. Each one of the specifications create a block. The name of the block is a Whois URI (see below) where constructions "backslash" + "integer" is replaced by parenthesis expressions in the regular expressions existing inside the options of the block, like replacements possible in the Unix command "sed". The options describes the server, or the data residing on it. Examples: whois "whois://whois.example.se/\1" { domain {"(.*\.se)";}; charset "iso-8859-1"; }; whois "whois://whois.example.jp/\1%20charset=us-ascii" { Faltstrom & Kosters Expires October 30, 2000 [Page 8] Internet-Draft Referal extension to the Whois protocol May 2000 domain {"(.*\.jp)";}; charset "iso-8859-1"; }; whois "whois://whois.example.jp/\1%20charset=iso-3166-jp" { domain {"(.*\.jp)";}; charset "iso-3166-jp"; }; whois "whois://whois.ripe.net/\1" { domain {"(.*ripe.net)";}; ip4net {(192.71.0.0/16); (192.72.0.0/16);}; handle {"(RIPE-.*)";}; charset "US-ASCII"; }; More attributes can be added in the future by adding new options. A client MUST accept any options, while only parsing the ones which it is interested in. More than one block might match a query, and other options (such as character set) inside the block might give hints on what server might be interesting to query. 5.3 domain - Domain name information A list of domainnames which this whois server is authoritative for. 5.4 ip4net - IPv4 information A list of IP-address version 4 blocks in CIDR format (IP-address + netmask) which this whois server is authoritative for. 5.5 handle - Whois handles A list of handles which this whois server is authoritative for. 5.6 charset - Character set Specification on what character set this whois server will give output in, also specified via the "% CHARSET" statement in the Whois output. 5.7 Output from proxy service to whois client A proxy service SHOULD give information on the hostname (for example via a URI to the original object) to the Whois service where the record originated from. This so a human parsing the output from the Whois client can reissue the query to this originating Whois service to get more information if he so wishes. Faltstrom & Kosters Expires October 30, 2000 [Page 9] Internet-Draft Referal extension to the Whois protocol May 2000 5.8 Registry A Registry Whois service holds from the proxy perspective information about names which is delegated from IANA. The Whois server can be implemented either as a Whois Proxy service, a Whois server or a Whois referral server as described in this paper. Changes on the whois server, for example move of the service from one IP-address to another, have to be reported by the registry to IANA, which updates the list of Whois servers. 5.9 Registrar, second level Whois service The second level service can in turn either be a Whois service, a referral server too, or a whois proxy service. It can also be the case that the Registry run the whois service for the whole from IANA delegated block of addresses, and the Registrar reporting changes to the Registry. Faltstrom & Kosters Expires October 30, 2000 [Page 10] Internet-Draft Referal extension to the Whois protocol May 2000 6. IANA Considerations IANA is to keep track of all registered Whois servers, in the format described above. The complete list of registered servers should be possible to access routinely via the whois protocol so an automatic update of whois proxies can be done on a regular basis. Registrations of these whois servers is assumed to be taken care of at the same time as a registry for a TLD is allocated, so the procedures for registering and update information about Whois servers should be migrated into the process of registering and updating registries for TLDs. Faltstrom & Kosters Expires October 30, 2000 [Page 11] Internet-Draft Referal extension to the Whois protocol May 2000 7. Security Considerations The Whois protocol doesn't include any security functions at all, and this paper doesn't add any such security features. Because of this, information given back with these extensions, such as the referal information, is not to be treated as accurate by any means. The referal information can be, aswell as the rest of the output in a Whois query, easilly forged by a third party. Because the output is in pure text, it is possible to wrap some signing operation around the output, such as via PGP. Specification of how this is done is not discussed in this memo, but left for future studies. One question might be whether the Whois server or the originating authoritative source should be the one signing the data. It is recommended that the transfer of information from the Whois server operator to IANA (as stated in the IANA considerations section) should be secured for example by the use of signed email, to minimize the risk of IANA publishing information that is not from an authoritative source. This is though a general issue for IANA, so securing this listing service should be done in parallell with securing all other listing services at IANA. Faltstrom & Kosters Expires October 30, 2000 [Page 12] Internet-Draft Referal extension to the Whois protocol May 2000 References [1] Harrenstien, K, Stahl, M and E Feinler, "NICNAME/WHOIS", RFC 954, October 1998. Authors' Addresses Patrik Faltstrom Tele2 Borgarfjordsgatan 16 127 61 Kista Sweden EMail: paf@swip.net URI: http://www.tele2.se Mark Kosters Network Solutions Herndon USA EMail: markk@internic.net URI: http://www.networksolutions.com Faltstrom & Kosters Expires October 30, 2000 [Page 13] Internet-Draft Referal extension to the Whois protocol May 2000 Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC editor function is currently provided by the Internet Society. Faltstrom & Kosters Expires October 30, 2000 [Page 14]