Internet DRAFT - draft-brown-whoami

draft-brown-whoami







Internet Engineering Task Force                                 G. Brown
Internet-Draft                                      CentralNic Group plc
Intended status: Experimental                               June 1, 2018
Expires: December 3, 2018


WHOAMI: A Method For Identifying a Domain Operator's Contact Information
                         draft-brown-whoami-02

Abstract

   This document proposes a method by which the operator of a domain may
   publish their contact information in a discoverable and machine-
   readable format.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on December 3, 2018.

Copyright Notice

   Copyright (c) 2018 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.








Brown                   Expires December 3, 2018                [Page 1]

Internet-Draft                   WHOAMI                        June 2018


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Conventions Used in This Document . . . . . . . . . . . .   2
   2.  WHOAMI Protocol . . . . . . . . . . . . . . . . . . . . . . .   2
     2.1.  URI Record  . . . . . . . . . . . . . . . . . . . . . . .   3
       2.1.1.  URI Record with a data: scheme  . . . . . . . . . . .   3
     2.2.  Well-Known URL  . . . . . . . . . . . . . . . . . . . . .   3
   3.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   4.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   4
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   5
   Appendix A.  Change History . . . . . . . . . . . . . . . . . . .   5
     A.1.  Change from 01 to 02  . . . . . . . . . . . . . . . . . .   5
     A.2.  Change from 00 to 01  . . . . . . . . . . . . . . . . . .   5
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   This document specifies a protocol which provides a way for the
   operator of a domain name to publish their contact information in a
   discoverable and machine-readable format.

   It serves as a complementary service to WHOIS ([RFC3912]) and RDAP
   ([RFC7480]), and differs in that it relies on self-publication by the
   domain operator, rather than a centralised third party service.

1.1.  Conventions Used in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2.  WHOAMI Protocol

   Domain Operators MAY publish a WHOAMI Record in conformance with this
   specification.  It may be published (a) at a URL indicated by a URI
   record [RFC7553] published in the DNS (as described in Section 2.1),
   or (b) at a well-known URL (as described in Section 2.2).

   Software which consumes WHOAMI records SHOULD first perform a DNS
   query for the URI record for a domain, falling back to the well-known
   URL if the query does not return a positive result.






Brown                   Expires December 3, 2018                [Page 2]

Internet-Draft                   WHOAMI                        June 2018


2.1.  URI Record

   Domain Operators MAY publish the URL of their WHOAMI record as a URI
   record in the DNS.  An example of such a record is below:

   $ORIGIN example.com.
   _nicname._tcp IN URI 10 1 https://example.com/whoami/whoami.vcf

   Note: the Owner Name, Priority, Weight, Target and URI in the above
   record are illustrative only.

   The Service Tag of the URI record is constructed as per Section 4.1
   of [RFC7553], with the "_nicname" tag being derived from the "Who Is
   Protocol" entry in the "Service Name and Transport Protocol Port
   Number Registry (see [RFC6335]).

2.1.1.  URI Record with a data: scheme

   Domain Operators MAY publish a record with a "data:" scheme
   ([RFC2397]).  This allows the WHOAMI record to be embedded in the URI
   record itself.  An example of such a URI is below:

   data:text/vcard;charset=utf-8;base64,QkVHSU46VkNBUkQNClZFUlNJT046NC4w
   DQpVSUQ6dXJuOnV1aWQ6NGZiZTg5NzEtMGJjMy00MjRjLTljMjYtMzZjM2UxZWZmNmIxD
   QpGTjtQSUQ9MS4xOkouIERvZQ0KTjpEb2U7Si47OzsNCkVNQUlMO1BJRD0xLjE6amRvZU
   BleGFtcGxlLmNvbQ0KQ0xJRU5UUElETUFQOjE7dXJuOnV1aWQ6NTNlMzc0ZDktMzM3ZS0
   0NzI3LTg4MDMtYTFlOWMxNGUwNTU2DQpFTkQ6VkNBUkQ=

   If a "data:" scheme is used, the MIME type of the data MUST be "text/
   vcard".

2.2.  Well-Known URL

   Domain Operators MAY publish their WHOAMI record at the following
   URL:

   http://example.com/.well-known/whoami/whoami.vcf

   The "whoami" path segment has been registered in the "Well-Known URI
   Registry" (see [RFC5785]).

   It is RECOMMENDED that web servers which support HTTP over Transport
   Layer Security (TLS, [RFC2818]) provide a 3xx redirect to the HTTPS
   version of this URL.

   Software which consumes WHOAMI records MUST follow 3xx redirections
   return in server responses.




Brown                   Expires December 3, 2018                [Page 3]

Internet-Draft                   WHOAMI                        June 2018


   The Content-Type header of the server response MUST be "text/vcard".

3.  Security Considerations

   WHOAMI provides no security capabilities above and beyond those
   provided by the underlying protocols it uses, namely DNS and HTTP.

   WHOAMI records in general will not be confidential: while HTTPS
   provides transport-layer security, unless some form of authentication
   is used, WHOAMI records will be freely available to anyone who
   requests them.  Authentication of client requests is not covered by
   this document.

   The integrity of WHOAMI records served over DNS may be verified using
   DNSSEC validation.  The use of TLS ensures that records served over
   HTTPS have not been modified in-transit.

4.  Privacy Considerations

   Since WHOAMI records are not private, the information included in a
   WHOAMI record is exposed to the public.  Domain owners should
   therefore exercise caution when entering information into their
   WHOAMI record.  For example, rather than publishing the contact
   informations of people, role-based contact information SHOULD be used
   instead.

5.  IANA Considerations

   This specification registers the "whoami" well-known URI in the
   "Well-Known URIs" registry as defined by [RFC5785].

   URI suffix: whoami

   Change controller: IETF

   Specification document(s): (this document)

   Related information: no remarks

6.  References

6.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.




Brown                   Expires December 3, 2018                [Page 4]

Internet-Draft                   WHOAMI                        June 2018


   [RFC2397]  Masinter, L., "The "data" URL scheme", RFC 2397,
              DOI 10.17487/RFC2397, August 1998,
              <https://www.rfc-editor.org/info/rfc2397>.

   [RFC2818]  Rescorla, E., "HTTP Over TLS", RFC 2818,
              DOI 10.17487/RFC2818, May 2000,
              <https://www.rfc-editor.org/info/rfc2818>.

   [RFC5785]  Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known
              Uniform Resource Identifiers (URIs)", RFC 5785,
              DOI 10.17487/RFC5785, April 2010,
              <https://www.rfc-editor.org/info/rfc5785>.

   [RFC6335]  Cotton, M., Eggert, L., Touch, J., Westerlund, M., and S.
              Cheshire, "Internet Assigned Numbers Authority (IANA)
              Procedures for the Management of the Service Name and
              Transport Protocol Port Number Registry", BCP 165,
              RFC 6335, DOI 10.17487/RFC6335, August 2011,
              <https://www.rfc-editor.org/info/rfc6335>.

   [RFC7553]  Faltstrom, P. and O. Kolkman, "The Uniform Resource
              Identifier (URI) DNS Resource Record", RFC 7553,
              DOI 10.17487/RFC7553, June 2015,
              <https://www.rfc-editor.org/info/rfc7553>.

6.2.  Informative References

   [RFC3912]  Daigle, L., "WHOIS Protocol Specification", RFC 3912,
              DOI 10.17487/RFC3912, September 2004,
              <https://www.rfc-editor.org/info/rfc3912>.

   [RFC7480]  Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the
              Registration Data Access Protocol (RDAP)", RFC 7480,
              DOI 10.17487/RFC7480, March 2015,
              <https://www.rfc-editor.org/info/rfc7480>.

Appendix A.  Change History

A.1.  Change from 01 to 02

   1.  Removed all the layer-9 stuff.

A.2.  Change from 00 to 01

   1.  Fixed well-known URI registration, various typos.  Improved
       consistency of terminology.





Brown                   Expires December 3, 2018                [Page 5]

Internet-Draft                   WHOAMI                        June 2018


Author's Address

   Gavin Brown
   CentralNic Group plc
   35-39 Moorgate
   London, England  EC2R 6AR
   GB

   Phone: +44 20 33 88 0600
   Email: gavin.brown@centralnic.com
   URI:   https://www.centralnic.com








































Brown                   Expires December 3, 2018                [Page 6]