Internet Engineering Task Force T. Harrison Internet-Draft APNIC Intended status: Standards Track J. Singh Expires: 10 April 2025 ARIN 7 October 2024 RDAP RIR Search draft-ietf-regext-rdap-rir-search-10 Abstract The Registration Data Access Protocol (RDAP) is used by Regional Internet Registries (RIRs) and Domain Name Registries (DNRs) to provide access to their resource registration information. The core specifications for RDAP define basic search functionality, but there are various IP and ASN-related search options provided by RIRs via their Whois services for which there is no corresponding RDAP functionality. This document extends RDAP to support those search options. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 10 April 2025. Copyright Notice Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components Harrison & Singh Expires 10 April 2025 [Page 1] Internet-Draft RDAP RIR Search October 2024 extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 2. Basic Searches . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Path Segments . . . . . . . . . . . . . . . . . . . . . . 3 2.2. IP Network Search . . . . . . . . . . . . . . . . . . . . 4 2.3. Autonomous System Number Search . . . . . . . . . . . . . 4 3. Relation Searches . . . . . . . . . . . . . . . . . . . . . . 5 3.1. Path Segments . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Relation Search . . . . . . . . . . . . . . . . . . . . . 6 3.2.1. Definitions . . . . . . . . . . . . . . . . . . . . . 7 3.2.2. Relations . . . . . . . . . . . . . . . . . . . . . . 10 3.2.2.1. Single-Result Searches . . . . . . . . . . . . . 11 3.2.2.2. Multiple-Result Searches . . . . . . . . . . . . 11 3.3. Status . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.4. Link Relations . . . . . . . . . . . . . . . . . . . . . 12 4. Responding To Searches . . . . . . . . . . . . . . . . . . . 15 4.1. Single-Result Searches . . . . . . . . . . . . . . . . . 15 4.2. Multiple-Result Searches . . . . . . . . . . . . . . . . 15 5. Reverse Search . . . . . . . . . . . . . . . . . . . . . . . 17 6. RDAP Conformance . . . . . . . . . . . . . . . . . . . . . . 17 7. Operational Considerations . . . . . . . . . . . . . . . . . 18 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 19 9. Security Considerations . . . . . . . . . . . . . . . . . . . 19 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 10.1. RDAP Extensions Registry . . . . . . . . . . . . . . . . 19 10.2. Link Relations Registry . . . . . . . . . . . . . . . . 20 10.3. RDAP Reverse Search Registry . . . . . . . . . . . . . . 21 10.4. RDAP Reverse Search Mapping Registry . . . . . . . . . . 22 11. Implementation Status . . . . . . . . . . . . . . . . . . . . 22 11.1. APNIC RDAP Implementation . . . . . . . . . . . . . . . 23 11.2. RIPE NCC RDAP Implementation . . . . . . . . . . . . . . 23 12. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 23 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 23 13.1. Normative References . . . . . . . . . . . . . . . . . . 23 13.2. Informative References . . . . . . . . . . . . . . . . . 24 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 Harrison & Singh Expires 10 April 2025 [Page 2] Internet-Draft RDAP RIR Search October 2024 1. Introduction The Registration Data Access Protocol (RDAP) [RFC7480] is used by Regional Internet Registries (RIRs) and Domain Name Registries (DNRs) to provide access to their resource registration information. The core specifications for RDAP define basic search functionality, but this is limited to domains, nameservers, and entities. No searches were defined for IP networks or autonomous system numbers. In an effort to have RDAP reach feature parity with the existing RIR Whois services in this respect, this document defines additional search options for IP networks and autonomous system numbers. While this document is in terms of RIRs and DNRs for the sake of consistency with earlier RDAP documents such as [RFC9082] and [RFC9083], the functionality described here may be used by any RDAP server operator that hosts Internet Number Resource (INR) objects. 1.1. Conventions Used in This Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Indentation and whitespace in examples are provided only to illustrate element relationships, and are not a REQUIRED feature of this protocol. "..." in examples is used as shorthand for elements defined outside of this document. 2. Basic Searches 2.1. Path Segments The new resource type path segments for basic search (similar to the searches defined in [RFC9082] and [RFC9083]) are: 'ips': Used to identify an IP network search using a pattern to match one of a set of IP network attributes. 'autnums': Used to identify an autonomous system number search using a pattern to match one of a set of autonomous system number attributes. Harrison & Singh Expires 10 April 2025 [Page 3] Internet-Draft RDAP RIR Search October 2024 A search pattern matches a value where it equals the string representation of the value, or where it is a match for the value in accordance with the use of the asterisk ('*', US-ASCII value 0x2A) character for partial string matching as defined in section 4.1 of [RFC9082]. For most searches, '*' may be used to match trailing characters only, and may appear in a search only once: please see the previously-mentioned section for a complete definition of the relevant behaviour. 2.2. IP Network Search Syntax: ips?handle= Syntax: ips?name= Searches for IP network information by handle are specified using the form: ips?handle=XXXX XXXX is a search pattern representing an IP network identifier whose syntax is specific to the registration provider (see section 5.4 of [RFC9083]). The following URL would be used to find information for IP networks with handles matching the "NET-199*" pattern: https://example.com/rdap/ips?handle=NET-199* Searches for IP network information by name are specified using the form: ips?name=XXXX XXXX is a search pattern representing an IP network identifier that is assigned to the network registration by the registration holder (see section 5.4 of [RFC9083]). The following URL would be used to find information for IP networks with names matching the "NET- EXAMPLE-*" pattern: https://example.com/rdap/ips?name=NET-EXAMPLE-* 2.3. Autonomous System Number Search Syntax: autnums?handle= Syntax: autnums?name= Searches for autonomous system number information by handle are specified using the form: Harrison & Singh Expires 10 April 2025 [Page 4] Internet-Draft RDAP RIR Search October 2024 autnums?handle=XXXX XXXX is a search pattern representing an autonomous system number identifier whose syntax is specific to the registration provider (see section 5.5 of [RFC9083]). The following URL would be used to find information for autonomous system numbers with handles matching the "AS1*" pattern: https://example.com/rdap/autnums?handle=AS1* Searches for autonomous system number information by name are specified using the form: autnums?name=XXXX XXXX is a search pattern representing an autonomous system number identifier that is assigned to the autonomous system number registration by the registration holder (see section 5.5 of [RFC9083]). The following URL would be used to find information for autonomous system numbers with names matching the "ASN-EXAMPLE-*" pattern: https://example.com/rdap/autnums?name=ASN-EXAMPLE-* 3. Relation Searches [RFC9083] contains example objects that make use of the "up" link relation in order to simplify the process of finding the parent object for a given object. This section defines searches for finding objects and sets of objects with respect to their position within a hierarchy. 3.1. Path Segments The variables used in the path segments include: : A relation type, as defined in Section 3.2.2 of this document. : An IP address, as defined in Section 3.1.1 of [RFC9082]. : The first address of a CIDR block, as defined in Section 3.1.1 of [RFC9082]. : The prefix length for a CIDR block, as defined in Section 3.1.1 of [RFC9082]. Harrison & Singh Expires 10 April 2025 [Page 5] Internet-Draft RDAP RIR Search October 2024 : A fully-qualified domain name, as defined in Section 3.1.3 of [RFC9082]. : An autonomous system number, as defined in Section 3.1.2 of [RFC9082], or two such numbers separated by a single hyphen ('-', US-ASCII value 0x2D), where the second number is greater than the first. : A search path segment corresponding to an Internet Number Resource (INR) object class (i.e. an IP network address or range, autonomous system number or number range, or reverse domain name). : a value used to identify an object for the purposes of a relation search relative to that object. One of , and pair, , or , depending on the type of search that is being performed. : an object status value, as defined in Section 4.6 of [RFC9083]. The new resource type path segments for relation search (similar to the searches defined in [RFC9082] and [RFC9083]) are: 'ips/rirSearch1//': Used to identify an IP network search using a relation and an address to match a set of IP networks. 'ips/rirSearch1///': Used to identify an IP network search using a relation and a range to match a set of IP networks. 'autnums/rirSearch1//': Used to identify an autonomous system number search using a relation and a single ASN or an ASN range to match a set of ASN objects. 'domains/rirSearch1//': Used to identify a reverse domain search using a relation and a reverse domain name to match a set of reverse domains. 3.2. Relation Search Syntax: /rirSearch1//[?status=] Harrison & Singh Expires 10 April 2025 [Page 6] Internet-Draft RDAP RIR Search October 2024 The relation searches defined in this document rely on the syntax described above. Each search works in the same way for each object class. 3.2.1. Definitions An INR object value may have a "parent" object and one or more "child" objects. The "parent" object is the next-least-specific object that exists in the relevant registry, while the "child" objects are the next-most-specific objects that exist in the relevant registry. For example, for a registry with the following seven IP network objects: +--------------+ | 192.0.2.0/24 | +--------------+ / \ +--------------+ +----------------+ | 192.0.2.0/25 | | 192.0.2.128/25 | +--------------+ +----------------+ / / \ +--------------+ +----------------+ +----------------+ | 192.0.2.0/28 | | 192.0.2.128/26 | | 192.0.2.192/26 | +--------------+ +----------------+ +----------------+ / +--------------+ | 192.0.2.0/32 | +--------------+ Figure 1: Example registry objects the INR object value to parent/child object relationships are: Harrison & Singh Expires 10 April 2025 [Page 7] Internet-Draft RDAP RIR Search October 2024 +==================+================+ | INR object value | Parent object | +==================+================+ | 192.0.2.0/32 | 192.0.2.0/28 | +------------------+----------------+ | 192.0.2.0/28 | 192.0.2.0/25 | +------------------+----------------+ | 192.0.2.64/26 | 192.0.2.0/25 | +------------------+----------------+ | 192.0.2.128/26 | 192.0.2.128/25 | +------------------+----------------+ | 192.0.2.192/26 | 192.0.2.128/25 | +------------------+----------------+ | 192.0.2.0/25 | 192.0.2.0/24 | +------------------+----------------+ | 192.0.2.128/25 | 192.0.2.0/24 | +------------------+----------------+ | 192.0.2.0/24 | N/A | +------------------+----------------+ Table 1: Parent objects +==================+================================+ | INR object value | Child objects | +==================+================================+ | 192.0.2.0/24 | 192.0.2.0/25, 192.0.2.128/25 | +------------------+--------------------------------+ | 192.0.2.0/25 | 192.0.2.0/28 | +------------------+--------------------------------+ | 192.0.2.128/25 | 192.0.2.128/26, 192.0.2.192/26 | +------------------+--------------------------------+ | 192.0.2.64/26 | N/A | +------------------+--------------------------------+ | 192.0.2.128/26 | N/A | +------------------+--------------------------------+ | 192.0.2.192/26 | N/A | +------------------+--------------------------------+ | 192.0.2.0/28 | 192.0.2.0/32 | +------------------+--------------------------------+ | 192.0.2.0/32 | N/A | +------------------+--------------------------------+ Table 2: Child objects (INR object values do not necessarily correspond to registry objects, because users can provide arbitrary object values as input to the searches defined in this document.) Harrison & Singh Expires 10 April 2025 [Page 8] Internet-Draft RDAP RIR Search October 2024 Similarly to the parent/child object relationships, each INR object value may have a "top" object, being the least-specific covering object that exists in the registry, and one or more "bottom" objects, being the most-specific objects that entirely cover the INR object value when taken together. Given the registry defined in the previous paragraph, the top and bottom object relationships are: +==================+==============+ | INR object value | Top object | +==================+==============+ | 192.0.2.0/32 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.0/28 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.64/26 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.128/26 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.192/26 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.0/25 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.128/25 | 192.0.2.0/24 | +------------------+--------------+ | 192.0.2.0/24 | N/A | +------------------+--------------+ Table 3: Top objects Harrison & Singh Expires 10 April 2025 [Page 9] Internet-Draft RDAP RIR Search October 2024 +==================+===========================================+ | INR object value | Bottom objects | +==================+===========================================+ | 192.0.2.0/24 | 192.0.2.0/25, 192.0.2.0/28, 192.0.2.0/32, | | | 192.0.2.128/26, 192.0.2.192/26 | +------------------+-------------------------------------------+ | 192.0.2.0/25 | 192.0.2.0/25, 192.0.2.0/28, 192.0.2.0/32 | +------------------+-------------------------------------------+ | 192.0.2.128/25 | 192.0.2.128/26, 192.0.2.192/26 | +------------------+-------------------------------------------+ | 192.0.2.64/26 | N/A | +------------------+-------------------------------------------+ | 192.0.2.128/26 | N/A | +------------------+-------------------------------------------+ | 192.0.2.192/26 | N/A | +------------------+-------------------------------------------+ | 192.0.2.0/28 | 192.0.2.0/28, 192.0.2.0/32 | +------------------+-------------------------------------------+ | 192.0.2.0/31 | 192.0.2.0/28, 192.0.2.0/32 | +------------------+-------------------------------------------+ | 192.0.2.0/32 | N/A | +------------------+-------------------------------------------+ Table 4: Bottom objects If there are no more-specific objects for a given INR object value, then the set of bottom objects for that INR object value will be empty. 192.0.2.0/32 is an example of such an INR object value. It is not necessarily the case that the bottom objects for a given INR object value will be disjoint. For example, 192.0.2.0/28's bottom objects are 192.0.2.0/28 and 192.0.2.0/32. 192.0.2.0/32 is included because it is one of the most-specific objects (i.e. an object at the bottom of the object hierarchy) for 192.0.2.0/28, while 192.0.2.0/28 itself is included because it is the most-specific object for the other addresses within the range (i.e. those aside from 192.0.2.0/32). The bottom objects for a given INR object value may include an object that is less-specific than that INR object value. For example, 192.0.2.0/31 is an INR object value that has a more-specific object, being 192.0.2.0/32, so the set of bottom objects must include at least that object. The most-specific object that covers the residual (i.e. 192.0.2.1/32) is 192.0.2.0/28, so it is included in the results as well. 3.2.2. Relations Harrison & Singh Expires 10 April 2025 [Page 10] Internet-Draft RDAP RIR Search October 2024 3.2.2.1. Single-Result Searches 3.2.2.1.1. "up" If the server receives a search containing the relation value "up", it will return the parent object for the specified INR object value as though that object had been requested directly. If no such object exists, it will respond with a HTTP 404 (Not Found) [RFC9110] search response. 3.2.2.1.2. "top" If the server receives a search containing the relation value "top", it will return the top object for the specified INR object value as though that object had been requested directly. If no such object exists, it will respond with an HTTP 404 (Not Found) [RFC9110] search response. 3.2.2.2. Multiple-Result Searches 3.2.2.2.1. "down" If the server receives a search containing the relation value "down", it will return the child objects for the specified INR object value. If no such objects exist, it will return an empty search response. Per the definitions section, this includes only immediate child objects. 3.2.2.2.2. "bottom" If the server receives a search containing the relation value "bottom", it will return the bottom objects for the specified INR object value. If no such objects exist, it will return an empty search response. 3.3. Status If the "status" argument is provided, then response processing will proceed as though all objects without the specified status had first been removed from the database. For example, if the registry objects from section 3.2.1 had the following statuses: Harrison & Singh Expires 10 April 2025 [Page 11] Internet-Draft RDAP RIR Search October 2024 +================+==========+ | Object | Status | +================+==========+ | 192.0.2.0/25 | active | +----------------+----------+ | 192.0.2.128/25 | inactive | +----------------+----------+ | 192.0.2.128/26 | active | +----------------+----------+ | 192.0.2.192/26 | active | +----------------+----------+ Table 5: Statuses then a server receiving a "down" search request with the INR object value 192.0.2.0/24 and a "status" argument of "active" would return the objects 192.0.2.0/25, 192.0.2.128/26, and 192.0.2.192/26. Status filtering is useful, for example, where the client is trying to find the delegation from an RIR to an RIR account holder: by using the "top" relation with a "status" of "active", the delegation from IANA to the RIR will be ignored, and the client will receive the delegation from the RIR to the account holder in the response instead. By default, any valid status value may be used for status filtering. Server operators MAY opt not to support "status" filtering for the "down" and "bottom" link relations, in which case the server should respond with an HTTP 501 (Not Implemented) [RFC9110] response code if it receives such a request. Server operators MAY also opt not to support "status" filtering for values other than "active" for the "up" and "top" link relations, in which case the server should respond with an HTTP 501 (Not Implemented) [RFC9110] response code if it receives such a request. 3.4. Link Relations Each of the relations defined in section 3.2.2 has a corresponding link relation that can be used for a link object contained within another RDAP object. When constructing these link objects, the server MUST use the corresponding search URL for the link target, or a URL that yields the same response as for the corresponding search as at the time of the request. The following is an elided example of a response that makes use of those link relations: Harrison & Singh Expires 10 April 2025 [Page 12] Internet-Draft RDAP RIR Search October 2024 { "startAddress": "192.0.2.0", "endAddress": "192.0.2.127", ... "links": [ ..., { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "up", "href": "https://example.com/rdap/ips/rirSearch1/up/192.0.2.0/25", "type": "application/rdap+json" }, { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "down", "href": "https://example.com/rdap/ips/rirSearch1/down/192.0.2.0/25", "type": "application/rdap+json" }, { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "top", "href": "https://example.com/rdap/ips/rirSearch1/top/192.0.2.0/25", "type": "application/rdap+json" }, { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "bottom", "href": "https://example.com/rdap/ips/rirSearch1/bottom/192.0.2.0/25", "type": "application/rdap+json" } ] } Figure 2: Example links Two additional link relations are defined that correspond to relation searches with a "status" of "active": "up-active" and "top-active". No other status-specific link relations are defined, because the only known use cases for status filtering involve the "up" and "top" relations and the "active" status. The following is an elided example of a response that makes use of those link relations: Harrison & Singh Expires 10 April 2025 [Page 13] Internet-Draft RDAP RIR Search October 2024 { "startAddress": "192.0.2.0", "endAddress": "192.0.2.127", ... "links": [ ..., { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "up-active", "href": "https://example.com/rdap/ips/rirSearch1/up/192.0.2.0/25?status=active", "type": "application/rdap+json" }, { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "top-active", "href": "https://example.com/rdap/ips/rirSearch1/top/192.0.2.0/25?status=active", "type": "application/rdap+json" } ] } Figure 3: Example status links Since the "top" and "up" link relations resolve either to a single object or to an HTTP 404 (Not Found) [RFC9110] response, it is possible for a server to use a lookup URL (see section 3.1 of [RFC9082]) in the "href" attribute in the link object. The following is an elided example of a response that uses this approach: { "startAddress": "192.0.2.0", "endAddress": "192.0.2.127", ... "links": [ ..., { "value": "https://example.com/rdap/ip/192.0.2.0/25", "rel": "up", "href": "https://example.com/rdap/ip/192.0.2.0/24", "type": "application/rdap+json" } ] } Figure 4: Example single-result links Harrison & Singh Expires 10 April 2025 [Page 14] Internet-Draft RDAP RIR Search October 2024 This section mandates specific behaviour for the "up" link relation, but does not define that link relation (see [RFC8288]). This is acceptable, because this behaviour: does not conflict with the current description of the link relation; and is not generally applicable, but instead limited to the context of RDAP INR objects only. Use of these link relations in responses is OPTIONAL. The absence in a response of a link for a specific relation does not necessarily mean that the corresponding search will return no results. 4. Responding To Searches 4.1. Single-Result Searches The "up" and "top" relations are single-result searches. When processing these searches, if there is a result for the search, the server returns that object as though it were requested directly via a lookup URL (see section 3.1 of [RFC9082]). If there is no result for the search, the server returns an HTTP 404 (Not Found) [RFC9110] response code. 4.2. Multiple-Result Searches The "down" and "bottom" relations are multiple-result searches. As with [RFC9083], responses for these searches take the form of an array of object instances, where each instance is an appropriate object class for the search (i.e., a search beginning with /ips yields an array of IP network object instances, and a search beginning with /autnums yields an array of autonomous system number object instances). The IP network object and autonomous system number object classes are defined in sections 5.4 and 5.5 of [RFC9083]. The object instance arrays are contained within the response object. The names of the arrays are as follows: for /ips searches, the array is "ipSearchResults"; and for /autnums searches, the array is "autnumSearchResults". The following is an elided example of a response to an IP network search: Harrison & Singh Expires 10 April 2025 [Page 15] Internet-Draft RDAP RIR Search October 2024 { "rdapConformance": [ "rdap_level_0", "rirSearch1", "ips", "ipSearchResults", ... ], ... "ipSearchResults": [ { "objectClassName": "ip network", "handle": "XXXX-RIR", "startAddress": "192.0.2.0", "endAddress": "192.0.2.127", ... }, { "objectClassName": "ip network", "handle": "YYYY-RIR", "startAddress": "192.0.2.0", "endAddress": "192.0.2.255", ... } ] } Figure 5: IP network search response The following is an elided example of a response to an autonomous system number search: { "rdapConformance": [ "rdap_level_0", "rirSearch1", "autnums", "autnumSearchResults", ... ], ... "autnumSearchResults": [ { "objectClassName": "autnum", "handle": "XXXX-RIR", "startAutnum": 64496, "endAutnum": 64496, ... }, { "objectClassName": "autnum", "handle": "YYYY-RIR", "startAutnum": "64497", "endAutnum": "64497", ... } ] } Harrison & Singh Expires 10 April 2025 [Page 16] Internet-Draft RDAP RIR Search October 2024 Figure 6: ASN search response Responses for relation searches for reverse domain objects have the same form as for a standard domain search response, per [RFC9083]. If the search can be processed by the server, but there are no results for the search, then the server returns an HTTP 200 (OK) [RFC9110] response code, with the body of the response containing an empty results array. 5. Reverse Search RDAP reverse search is defined by [RFC9536]. That document limits reverse search to domains, nameservers, and entities. This document extends reverse search to cover IP networks and autonomous system numbers as well. If a server receives a reverse search query with a searchable resource type (per the definition of that term in [RFC9536]) of "ips", then the reverse search will be performed on the IP network objects from its data store. Similarly, if a server receives a reverse search query with a searchable resource type of "autnums", then the reverse search will be performed on the autonomous system number objects from its data store. Additionally, Section 10 includes requests to register new entries for IP network and autonomous system number searches in the RDAP Reverse Search and RDAP Reverse Search Mapping IANA registries. 6. RDAP Conformance A server that supports the functionality specified in this document MUST include additional string literals in the rdapConformance array of its responses, in accordance with the following: any response that includes an IP network basic search link, an IP network relation search link, or an IP network reverse search link, includes the "rirSearch1" and "ips" literals; any response for an IP network basic search request, an IP network relation search request, or an IP network reverse search request includes the "rirSearch1", "ips", and "ipSearchResults" literals; any response that includes an ASN basic search link, an ASN relation search link, or an ASN reverse search link includes the "rirSearch1" and "autnums" literals; Harrison & Singh Expires 10 April 2025 [Page 17] Internet-Draft RDAP RIR Search October 2024 any response for an ASN basic search request, an ASN relation search request, or an ASN reverse search request includes the "rirSearch1", "autnums", and "autnumSearchResults" literals; any response that includes a domain relation search link includes the "rirSearch1" literal; any response for a domain relation search request includes the "rirSearch1" literal; and a response to a "/help" request includes the "rirSearch1", "ips", "ipSearchResults", "autnums", and "autnumSearchResults" literals. Although responses will generally not include all of the rdapConformance string literals defined in this document, that is not meant to imply that a server can support only a portion of the functionality defined in this document. The "ips", "autnums", "ipSearchResults", and "autnumSearchResults" extension identifiers are included here due to the requirements set out in [RFC7480], [RFC9082], and [RFC9083]. These requirements are that an RDAP extension identifier be used as a prefix in new path segments and JSON members introduced by the extension, and those strings are used as such as part of the basic searches defined in this document. Furthermore, using these strings as path segments helps to increase consistency among the basic searches for the core RDAP object classes. As with the other core object classes (entity, domain, and nameserver), other documents may define additional reverse searches with IP networks and ASNs as the searchable resource type by registering those in the IANA RDAP reverse search registries. Because a given extension identifier must correspond to a single extension, though, any document making use of IP networks or ASNs as the searchable resource type must also implement the functionality described in this document. 7. Operational Considerations When using a link object for a single-result search, a server may replace a search URL with a lookup URL, because the behaviour of the lookup URL is the same as for the search URL as at the time when the response is generated. One difference between these approaches is that when using the lookup URL, the server is effectively performing the search on behalf of the client as at the time of response generation. If there is no change to the relevant database state between the time when the original response is generated and the time when the client resolves the link relation target, then the search Harrison & Singh Expires 10 April 2025 [Page 18] Internet-Draft RDAP RIR Search October 2024 URL and the lookup URL will lead to the same result. However, if there is a change to the relevant database state, then the lookup URL may lead to a different result from that of the search URL. Server operators should consider which type of URL will be more effective for their clients when implementing this specification. 8. Privacy Considerations The search functionality defined in this document may affect the privacy of entities in the registry (and elsewhere) in various ways: see [RFC6973] for a general treatment of privacy in protocol specifications. Server operators should be aware of the tradeoffs that result from implementation of this functionality. Many jurisdictions have laws or regulations that restrict the use of "Personal Data", per the definition in [RFC6973]. Given that, server operators should ascertain whether the regulatory environment in which they operate permits implementation of the functionality defined in this document. 9. Security Considerations [RFC7481] describes security requirements and considerations for RDAP generally. [RFC9082] includes security considerations relating to object retrieval in RDAP. Those considerations are relevant here as well. 10. IANA Considerations 10.1. RDAP Extensions Registry IANA is requested to register the following values in the RDAP Extensions Registry: * Extension identifier: rirSearch1 * Registry operator: Any * Published specification: [this document] * Contact: IETF * Intended usage: This extension identifier is used for INR-specific search operations. * Extension identifier: ips * Registry operator: Any * Published specification: [this document] * Contact: IETF * Intended usage: This extension identifier is used for INR-specific search operations. Harrison & Singh Expires 10 April 2025 [Page 19] Internet-Draft RDAP RIR Search October 2024 * Extension identifier: autnums * Registry operator: Any * Published specification: [this document] * Contact: IETF * Intended usage: This extension identifier is used for INR-specific search operations. * Extension identifier: ipSearchResults * Registry operator: Any * Published specification: [this document] * Contact: IETF * Intended usage: This extension identifier is used for INR-specific search operations. * Extension identifier: autnumSearchResults * Registry operator: Any * Published specification: [this document] * Contact: IETF * Intended usage: This extension identifier is used for INR-specific search operations. 10.2. Link Relations Registry IANA is requested to register the following values in the Link Relations Registry: * Relation Name: up-active * Description: Refers to an RDAP parent document that has a status of "active" in a hierarchy of documents. * Reference: [this document] * Relation Name: down * Description: Refers to a set of child documents in a hierarchy of documents. * Reference: [this document] * Relation Name: top * Description: Refers to the topmost parent document in a hierarchy of documents. * Reference: [this document] * Relation Name: top-active * Description: Refers to the topmost RDAP parent document that has a status of "active" in a hierarchy of documents. * Reference: [this document] * Relation Name: bottom Harrison & Singh Expires 10 April 2025 [Page 20] Internet-Draft RDAP RIR Search October 2024 * Description: Refers to the set of child documents that do not themselves have child documents, in a hierarchy of documents. * Reference: [this document] 10.3. RDAP Reverse Search Registry IANA is requested to register the following entries in the "RDAP Reverse Search" registry: Searchable Resource Type: ips, autnums Related Resource Type: entity Property: fn Description: The server supports the IP/autnum search based on the full name (a.k.a formatted name) of an associated entity. Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Searchable Resource Type: ips, autnums Related Resource Type: entity Property: handle Description: The server supports the IP/autnum search based on the handle of an associated entity. Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Searchable Resource Type: ips, autnums Related Resource Type: entity Property: email Description: The server supports the IP/autnum search based on the email address of an associated entity. Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Searchable Resource Type: ips, autnums Related Resource Type: entity Property: role Description: The server supports the IP/autnum search based on the role of an associated entity. Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Harrison & Singh Expires 10 April 2025 [Page 21] Internet-Draft RDAP RIR Search October 2024 10.4. RDAP Reverse Search Mapping Registry IANA is requested to register the following entries in the "RDAP Reverse Search Mapping" registry: Searchable Resource Type: ips, autnums Related Resource Type: entity Property: fn Property Path: $..entities[*].vcardArray[1][?(@[0]=='fn')][3] Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Searchable Resource Type: ips, autnums Related Resource Type: entity Property: handle Property Path: $..entities[*].handle Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Searchable Resource Type: ips, autnums Related Resource Type: entity Property: email Property Path: $..entities[*].vcardArray[1][?(@[0]=='email')][3] Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. Searchable Resource Type: ips, autnums Related Resource Type: entity Property: role Property Path: $..entities[*].roles Registrant Name: IETF Registrant Contact Information: iesg@ietf.org Reference: This document. 11. Implementation Status | Note to the RFC Editor - remove this section before | publication, as well as the reference to RFC 7942. This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation Harrison & Singh Expires 10 April 2025 [Page 22] Internet-Draft RDAP RIR Search October 2024 here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalogue of available implementations or their features. Readers are advised to note that other implementations may exist. According to [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit". 11.1. APNIC RDAP Implementation * Responsible Organization: Asia-Pacific Network Information Centre (APNIC) * Location: https://github.com/APNIC-net/rdap-rmp-demo/tree/rir- search * Description: This implementation includes support for the various searches and responses described in this document. * Level of Maturity: This is a proof-of-concept implementation. * Coverage: This implementation includes all of the features described in this specification. * Contact Information: Tom Harrison, tomh@apnic.net 11.2. RIPE NCC RDAP Implementation * Responsible Organization: RIPE NCC * Location: https://github.com/RIPE-NCC/whois * Description: This implementation includes support for basic searches for IP networks and ASNs. * Level of Maturity: This is a production implementation. * Coverage: This implementation includes the new basic searches only. * Contact Information: Ed Shryane, eshryane@ripe.net 12. Acknowledgements The authors wish to thank Mario Loffredo, Andy Newton, Antoin Verschuren, James Gould, and Scott Hollenbeck for document review and associated comments. 13. References 13.1. Normative References Harrison & Singh Expires 10 April 2025 [Page 23] Internet-Draft RDAP RIR Search October 2024 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC7481] Hollenbeck, S. and N. Kong, "Security Services for the Registration Data Access Protocol (RDAP)", STD 95, RFC 7481, DOI 10.17487/RFC7481, March 2015, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC9082] Hollenbeck, S. and A. Newton, "Registration Data Access Protocol (RDAP) Query Format", STD 95, RFC 9082, DOI 10.17487/RFC9082, June 2021, . [RFC9083] Hollenbeck, S. and A. Newton, "JSON Responses for the Registration Data Access Protocol (RDAP)", STD 95, RFC 9083, DOI 10.17487/RFC9083, June 2021, . [RFC9110] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, Ed., "HTTP Semantics", STD 97, RFC 9110, DOI 10.17487/RFC9110, June 2022, . [RFC9536] Loffredo, M. and M. Martinelli, "Registration Data Access Protocol (RDAP) Reverse Search", RFC 9536, DOI 10.17487/RFC9536, April 2024, . 13.2. Informative References [RFC6973] Cooper, A., Tschofenig, H., Aboba, B., Peterson, J., Morris, J., Hansen, M., and R. Smith, "Privacy Considerations for Internet Protocols", RFC 6973, DOI 10.17487/RFC6973, July 2013, . [RFC7480] Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the Registration Data Access Protocol (RDAP)", STD 95, RFC 7480, DOI 10.17487/RFC7480, March 2015, . Harrison & Singh Expires 10 April 2025 [Page 24] Internet-Draft RDAP RIR Search October 2024 [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016, . [RFC8288] Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, October 2017, . Authors' Addresses Tom Harrison Asia Pacific Network Information Centre 6 Cordelia St South Brisbane QLD 4101 Australia Email: tomh@apnic.net Jasdip Singh American Registry for Internet Numbers PO Box 232290 Centreville, VA 20120 United States of America Email: jasdips@arin.net Harrison & Singh Expires 10 April 2025 [Page 25]