Internet DRAFT - draft-jlulla-whois-ip-validation

draft-jlulla-whois-ip-validation





Network Working Group                                   J. Lulla
Internet-Draft                                            
Intended status: Standards Track
Updates: RFC3912 (if approved)                         	April 7, 2015
Expires: September 12, 2015


                      WHOIS service extension
                     draft-jlulla-whois-ip-validation-00.txt

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."
   
   This Internet-Draft will expire on September 12, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.
   
   
Abstract

   This document describes a service of providing a hint score of 
   name-ip validation by whois servers. The whois servers will receive
   requests to provide a hint on degree of associativity between 
   given name and IP pairs. This service may be used to acertain that
   the host a client intends to communicate with is indeed the host 
   the client expects it to be. While establishing secure sessions, 
   this service may also be used on top of certificate validation to
   detect any possibility of a trusted CA's issuing a fake 
   certificate for the server in question. 

Jlulla                 Expires September 12, 2015               [Page 1]


Internet-Draft         draft-jlulla-whois-ip-validation-00     April 2015

1. Introduction

   WHOIS is a service used to obtain information about the hosts on
   the internet. A query made on a hostname or an IP results in a detailed
   set of infomration including the ASN, Organization name, range of IP 
   addresses allocated etc. This set of information is adequate to find 
   how a given IP is associated with a given name.

   The new serivce being described here involves a client and the whois
   server. The client is in need of validating the DNS response for the 
   hostname it is intending to communicate with. The client sends a 
   request containing a host name and an IP which it has got from its 
   DNS. The whois server uses the given name and IP to find if the ASNs
   match or if the given IP falls in the range of allocated IP ranges for
   the registered name. The server may also do a forward or reverse DNS 
   query to find how the given name and IP may be related. Depending upon
   such checks, the server prepares a response for the client. This 
   response reflects how probable the association of given name and IP is.
   The response may also optionally include codes reflecting the findings 
   of the whois server. 
   
2. Protocol extension Specification

   The WHOIS server may listen on a TCP port other then 43 for IP validation
   requests from clients.  The above arrangement is for separating the 
   normal whois queries from the new queries being described here. To 
   implement fast responses, the server may optionally change various
   database schema, SQL etc to suit to the new type of queries. 
   The WHOIS server   closes its connection as soon as it has sent the 
   response.

3. Protocol Example

   If one places an IP validation request of the WHOIS server located at 
   whois.nic.mil for a hint on association between "abc.xyz.com" and 
   n.n.n.n (where n is an IP address octat), the packets on the wire 
   will look like:

      client                           server at whois.nic.mil

      open TCP   ---- (SYN) ---------------------------------------------->
                 <---- (SYN+ACK) ------------------------------------------
      send query ---- "abc.xyz.com;n.n.n.n<CR><LF>" ---------------------->
      get answer <---- "<a number>;<code1>;<code2>;...;<code n>;<CR><LF>"-- 
      close      <---- (FIN) ----------------------------------------------
                 ----- (FIN) --------------------------------------------->

   Here the number will be an integer between 0 and 100 with a meaning of 
   100 being the strongest probability of association between the given 
   name and IP. The codes can represent the meanings as
   ASN_MATCHED, ASN_NOT_MATCHED, IP_IN_RANGE, IP_NOT_IN_RANGE etc. They are
   listed below:

Jlulla                 Expires September 12, 2015               [Page 2]



Internet-Draft         draft-jlulla-whois-ip-validation-00     April 2015


   Code			Meaning
   ASN_MATCHED		The ASN of the given IP and name matches.
   ASN_NOT_MATCHED	The ASN of the given IP and name doesnt match.
   IP_IN_RANGE		The given IP is in the range of allocated IPs
			for given name
   IP_NOT_IN_RANGE	The given IP is not in the range of allocated IPs
   FWD_DNS_MATCHED	Name to IP lookup resulted in given IP.
   RVS_DNS_MATCHED	IP to name lookup resulted in given name
   FWD_DNS_NOT_MATCHED	Name to IP lookup does not give the given IP
   RVS_DNS_NOT_MATCHED	IP to name lookup does not give the given name.	



4. Internationalisation

   No actions expected for internationalization.

5. Security Considerations

   The new queries to WHOIS servers can be plaintext. However, the clients
   may be in need of accessing the whois servers using whois servers' IPs. 
   This restriction for the clients ensures a DNS independent communication 
   with the whois servers. The information provided by the whois server 
   is not sensitive so no special security measure is required for this 
   new request and response pair.

6. IANA Considerations

   IANA is requested to register the response codes described in this document.
   Also, IANA is requested to allocate a TCP server port number for the new 
   query.

   Comments are solicited and should be addressed to the working group's mailing   list and to the author.

Normative References

   [1]  L Daigle, "Whois Protocol Specification", RFC
        3912, September 2004.

Author's Address
   Jitendra Lulla
   606, Phase 1, 
   G R Shreenivas Apartments,
   Near Manipal County Club,
   Singasandra, Bangalore,
   560068,
   India

   EMail: lullajd2@acm.org; lullajd@yahoo.com


Jlulla                 Expires September 12, 2015               [Page 3]



Internet-Draft         draft-jlulla-whois-ip-validation-00     April 2015




Acknowledgment

   Funding for the RFC Editor function is currently provided by the
   Internet Society.











































Jlulla                 Expires September 12, 2015               [Page 5]