Network Working Group J. Lulla Internet-Draft Intended status: Standards Track Updates: RFC3912 (if approved) April 7, 2015 Expires: September 12, 2015 WHOIS service extension draft-jlulla-whois-ip-validation-00.txt Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on September 12, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Abstract This document describes a service of providing a hint score of name-ip validation by whois servers. The whois servers will receive requests to provide a hint on degree of associativity between given name and IP pairs. This service may be used to acertain that the host a client intends to communicate with is indeed the host the client expects it to be. While establishing secure sessions, this service may also be used on top of certificate validation to detect any possibility of a trusted CA's issuing a fake certificate for the server in question. Jlulla Expires September 12, 2015 [Page 1] Internet-Draft draft-jlulla-whois-ip-validation-00 April 2015 1. Introduction WHOIS is a service used to obtain information about the hosts on the internet. A query made on a hostname or an IP results in a detailed set of infomration including the ASN, Organization name, range of IP addresses allocated etc. This set of information is adequate to find how a given IP is associated with a given name. The new serivce being described here involves a client and the whois server. The client is in need of validating the DNS response for the hostname it is intending to communicate with. The client sends a request containing a host name and an IP which it has got from its DNS. The whois server uses the given name and IP to find if the ASNs match or if the given IP falls in the range of allocated IP ranges for the registered name. The server may also do a forward or reverse DNS query to find how the given name and IP may be related. Depending upon such checks, the server prepares a response for the client. This response reflects how probable the association of given name and IP is. The response may also optionally include codes reflecting the findings of the whois server. 2. Protocol extension Specification The WHOIS server may listen on a TCP port other then 43 for IP validation requests from clients. The above arrangement is for separating the normal whois queries from the new queries being described here. To implement fast responses, the server may optionally change various database schema, SQL etc to suit to the new type of queries. The WHOIS server closes its connection as soon as it has sent the response. 3. Protocol Example If one places an IP validation request of the WHOIS server located at whois.nic.mil for a hint on association between "abc.xyz.com" and n.n.n.n (where n is an IP address octat), the packets on the wire will look like: client server at whois.nic.mil open TCP ---- (SYN) ----------------------------------------------> <---- (SYN+ACK) ------------------------------------------ send query ---- "abc.xyz.com;n.n.n.n" ----------------------> get answer <---- ";;;...;;"-- close <---- (FIN) ---------------------------------------------- ----- (FIN) ---------------------------------------------> Here the number will be an integer between 0 and 100 with a meaning of 100 being the strongest probability of association between the given name and IP. The codes can represent the meanings as ASN_MATCHED, ASN_NOT_MATCHED, IP_IN_RANGE, IP_NOT_IN_RANGE etc. They are listed below: Jlulla Expires September 12, 2015 [Page 2] Internet-Draft draft-jlulla-whois-ip-validation-00 April 2015 Code Meaning ASN_MATCHED The ASN of the given IP and name matches. ASN_NOT_MATCHED The ASN of the given IP and name doesnt match. IP_IN_RANGE The given IP is in the range of allocated IPs for given name IP_NOT_IN_RANGE The given IP is not in the range of allocated IPs FWD_DNS_MATCHED Name to IP lookup resulted in given IP. RVS_DNS_MATCHED IP to name lookup resulted in given name FWD_DNS_NOT_MATCHED Name to IP lookup does not give the given IP RVS_DNS_NOT_MATCHED IP to name lookup does not give the given name. 4. Internationalisation No actions expected for internationalization. 5. Security Considerations The new queries to WHOIS servers can be plaintext. However, the clients may be in need of accessing the whois servers using whois servers' IPs. This restriction for the clients ensures a DNS independent communication with the whois servers. The information provided by the whois server is not sensitive so no special security measure is required for this new request and response pair. 6. IANA Considerations IANA is requested to register the response codes described in this document. Also, IANA is requested to allocate a TCP server port number for the new query. Comments are solicited and should be addressed to the working group's mailing list and to the author. Normative References [1] L Daigle, "Whois Protocol Specification", RFC 3912, September 2004. Author's Address Jitendra Lulla 606, Phase 1, G R Shreenivas Apartments, Near Manipal County Club, Singasandra, Bangalore, 560068, India EMail: lullajd2@acm.org; lullajd@yahoo.com Jlulla Expires September 12, 2015 [Page 3] Internet-Draft draft-jlulla-whois-ip-validation-00 April 2015 Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Jlulla Expires September 12, 2015 [Page 5]