From 4bfd864f10b68b71482b35c818559068ef8d5797 Mon Sep 17 00:00:00 2001 From: Thomas Voss Date: Wed, 27 Nov 2024 20:54:24 +0100 Subject: doc: Add RFC documents --- doc/rfc/rfc3404.txt | 1011 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1011 insertions(+) create mode 100644 doc/rfc/rfc3404.txt (limited to 'doc/rfc/rfc3404.txt') diff --git a/doc/rfc/rfc3404.txt b/doc/rfc/rfc3404.txt new file mode 100644 index 0000000..19b6dc1 --- /dev/null +++ b/doc/rfc/rfc3404.txt @@ -0,0 +1,1011 @@ + + + + + + +Network Working Group M. Mealling +Request for Comments: 3404 VeriSign +Obsoletes: 2915, 2168 October 2002 +Category: Standards Track + + + Dynamic Delegation Discovery System (DDDS) + Part Four: The Uniform Resource Identifiers (URI) + Resolution Application + +Status of this Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Copyright Notice + + Copyright (C) The Internet Society (2002). All Rights Reserved. + +Abstract + + This document describes a specification for taking Uniform Resource + Identifiers (URI) and locating an authoritative server for + information about that URI. The method used to locate that + authoritative server is the Dynamic Delegation Discovery System. + + This document is part of a series that is specified in "Dynamic + Delegation Discovery System (DDDS) Part One: The Comprehensive DDDS" + (RFC 3401). It is very important to note that it is impossible to + read and understand any document in this series without reading the + others. + +Table of Contents + + 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 + 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . 3 + 3. The Distinction between URNs and URIs . . . . . . . . . . . 3 + 4. The URI and URN Resolution Application Specifications . . . 4 + 4.1 Application Unique String . . . . . . . . . . . . . . . . . 4 + 4.2 First Well Known Rule . . . . . . . . . . . . . . . . . . . 4 + 4.3 Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 + 4.4 Services Parameters . . . . . . . . . . . . . . . . . . . . 5 + 4.4.1 Services . . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 4.4.2 protocols . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 4.4.3 Applicability of Services . . . . . . . . . . . . . . . . . 7 + + + +Mealling Standards Track [Page 1] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + 4.5 Valid Databases . . . . . . . . . . . . . . . . . . . . . . 7 + 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 8 + 5.1 An example using a URN . . . . . . . . . . . . . . . . . . . 8 + 5.2 CID URI Scheme Example . . . . . . . . . . . . . . . . . . . 9 + 5.3 Resolving an HTTP URI Scheme . . . . . . . . . . . . . . . . 11 + 6. Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . 12 + 8. Security Considerations . . . . . . . . . . . . . . . . . . 12 + 9. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . 13 + References . . . . . . . . . . . . . . . . . . . . . . . . . 13 + Appendix A: Pseudo Code . . . . . . . . . . . . . . . . . . 15 + Author's Address . . . . . . . . . . . . . . . . . . . . . . 17 + Full Copyright Statement . . . . . . . . . . . . . . . . . . 18 + +1. Introduction + + The Dynamic Delegation Discovery System (DDDS) is used to implement + lazy binding of strings to data, in order to support dynamically + configured delegation systems. The DDDS functions by mapping some + unique string to data stored within a DDDS Database by iteratively + applying string transformation rules until a terminal condition is + reached. + + This document describes a DDDS Application for resolving Uniform + Resource Identifiers (URI). It does not define the DDDS Algorithm or + a Database. The entire series of documents that do so are specified + in "Dynamic Delegation Discovery System (DDDS) Part One: The + Comprehensive DDDS" (RFC 3401) [1]. It is very important to note + that it is impossible to read and understand any document in that + series without reading the related documents. + + Uniform Resource Identifiers (URI) have been a significant advance in + retrieving Internet-accessible resources. However, their brittle + nature over time has been recognized for several years. The Uniform + Resource Identifier working group proposed the development of Uniform + Resource Names (URN) [8] to serve as persistent, location-independent + identifiers for Internet resources in order to overcome most of the + problems with URIs. RFC 1737 [6] sets forth requirements on URNs. + + During the lifetime of the URI-WG, a number of URN proposals were + generated. The developers of several of those proposals met in a + series of meetings, resulting in a compromise known as the Knoxville + framework. The major principle behind the Knoxville framework is + that the resolution system must be separate from the way names are + assigned. This is in marked contrast to most URIs, which identify + the host to contact and the protocol to use. Readers are referred to + [7] for background on the Knoxville framework and for additional + information on the context and purpose of this proposal. + + + +Mealling Standards Track [Page 2] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + Separating the way names are resolved from the way they are + constructed provides several benefits. It allows multiple naming + approaches and resolution approaches to compete, as it allows + different protocols and resolvers to be used. There is just one + problem with such a separation - how do we resolve a name when it + can't give us directions to its resolver? + + For the short term, the Domain Name System (DNS) is the obvious + candidate for the resolution framework, since it is widely deployed + and understood. However, it is not appropriate to use DNS to + maintain information on a per-resource basis. First of all, DNS was + never intended to handle that many records. Second, the limited + record size is inappropriate for catalog information. Third, domain + names are not appropriate as URNs. + + Therefore our approach is to use the DDDS to locate "resolvers" that + can provide information on individual resources, potentially + including the resource itself. To accomplish this, we "rewrite" the + URI into a Key following the rules found in the DDDS. This document + describes URI Resolution as an application of the DDDS and specifies + the use of at least one Database based on DNS. + +2. Terminology + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119. + + All capitalized terms are taken from the vocabulary found in the DDDS + algorithm specification found in RFC 3403 [3]. + +3. The Distinction Between URNs and URIs + + From the point of view of this system, there is no theoretical + difference between resolving URIs in the general case and URNs in the + specific case. Operationally however, there is a difference that + stems from URI resolution possibly not becoming of widespread use. + If URN resolution is collapsed into generic URI resolution, URNs may + suffer by the lack of adoption of URI resolution. + + The solution is to allow for shortcutting for URN resolution. In the + following specification generic URI resolution starts by inserting + rules for known URI schemes into the 'uri.arpa.' registry. For the + 'URN:' URI scheme, one of the rules found in 'uri.arpa.' would be for + the 'urn' URI scheme. This rule would simply delegate to the + 'urn.arpa.' zone for additional NAPTRs based on the URN namespace. + Essentially, the URI Resolution Rewrite Rule for 'URN:' is the URN + Resolution Application's First Well Known Rule. + + + +Mealling Standards Track [Page 3] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + Therefore, this document specifies two DDDS Applications. One is for + URI Resolution and the other is for URN Resolution. Both are + technically identical but by separating the two URN Resolution can + still proceed without the dependency. + +4. The URI and URN Resolution Application Specifications + + This template defines the URI and URN Resolution DDDS Application + according to the rules and requirements found in [3]. The DDDS + database used by this Application is found in [4] which is the + document that defines the Naming Authority Pointer (NAPTR) DNS + Resource Record (RR) type. + +4.1 Application Unique String + + The Application Unique String is the URI or URN for which an + authoritative server is being located. This URI or URN MUST be + canonicalized and hex encoded according to the "absolute-uri" + production found in the Collected ABNF from RFC 2396 [15]. + +4.2 First Well Known Rule + + In the URI case, the first known key is created by taking the URI + scheme. In the URN case, the first known key is the Namespace + Identifier. For example, the URI 'http://www.example.com/' would + have a 'http' as its Key. The URN 'urn:foo:foospace' would have + 'foo' as its first Key. + +4.3 Flags + + At this time only four flags, "S", "A", "U", and "P", are defined. + The "S", "A" and "U" flags are for a terminal lookup. This means + that the Rule is the last one and that the flag determines what the + next stage should be. The "S" flag means that the output of this + Rule is a domain-name for which one or more SRV [9] records exist. + See Section 5 for additional information on how URI and URN + Resolution use the SRV record type. "A" means that the output of the + Rule is a domain-name and should be used to lookup either A, AAAA, or + A6 records for that domain. The "U" flag means that the output of + the Rule is a URI [15]. + + The "P" flag says that the remainder of the DDDS Algorithm is ignored + and that the rest of the process is application specific and outside + the scope of this document. An application can use the Protocol part + found in the Services field to identify which Application specific + set of rules that should be followed next. The record that contains + the 'P' flag is the last record that is interpreted by the rules in + this document. One might think that this would also make the "P" + + + +Mealling Standards Track [Page 4] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + flag an indicator of a terminal lookup but this would be incorrect + since a "terminal" Rule is a DDDS concept and this flag indicates + that anything after this rule does not adhere to DDDS concepts at + all. + + The remaining alphabetic flags are reserved for future versions of + this specification. The numeric flags may be used for local + experimentation. The S, A, U and P flags are all mutually exclusive, + and resolution libraries MAY signal an error if more than one is + given. (Experimental code and code for assisting in the creation of + Rewrite Rules would be more likely to signal such an error than a + client such as a browser.) It is anticipated that multiple flags + will be allowed in the future, so implementers MUST NOT assume that + the flags field can only contain 0 or 1 characters. Finally, if a + client encounters a record with an unknown flag, it MUST ignore it + and move to the next Rule. This test takes precedence over any + ordering since flags can control the interpretation placed on fields. + A novel flag might change the interpretation of the regexp and/or + replacement fields such that it is impossible to determine if a + record matched a given target. + + The "S", "A", and "U" flags are called 'terminal' flags since they + halt the looping DDDS algorithm. If those flags are not present, + clients may assume that another Rule exists at the Key produced by + the current Rewrite Rule. + +4.4 Services Parameters + + Service Parameters for this Application take the form of a string of + characters that follow this ABNF: + + service_field = [ [protocol] *("+" rs)] + protocol = ALPHA *31ALPHANUM + rs = ALPHA *31ALPHANUM + ; The protocol and rs fields are limited to 32 + ; characters and must start with an alphabetic. + + In other words, an optional protocol specification followed by 0 or + more resolution services. Each resolution service is indicated by an + initial '+' character. + + + + + + + + + + + +Mealling Standards Track [Page 5] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + The empty string is also valid. This will typically be seen at the + beginning of a series of Rules, when it is impossible to know what + services and protocols will be offered at the end of a particular + delegation path. + +4.4.1 Services + + The service identifiers that make up the 'rs' production are generic + for both URI and URN resolution since the input value types itself + based on the URI scheme. The list of valid services are defined in + [11]. + + Examples of some of these services are: + + I2L: given a URI return one URI that identifies a location where the + original URI can be found. + + I2Ls: given a URI return one or more URIs that identify multiple + locations where the original URI can be found. + + I2R: given a URI return one instance of the resource identified by + that URI. + + I2Rs: given a URI return one or more instances of the resources + identified by that URI. + + I2C: given a URI return one instance of a description of that + resource. + + I2N: given a URI return one URN that names the resource (Caution: + equality with respect to URNs is non-trivial. See [6] for + examples of why.) + +4.4.2 Protocols + + The protocol identifiers that are valid for the 'protocol' production + MUST be defined by documents that are specific to URI resolution. At + present the THTTP [10] protocol is the only such specification. + + It is extremely important to realize that simply specifying any + protocol in the services field is insufficient since there are + additional semantics surrounding URI resolution that are not defined + within the protocols. For example, if Z39.50 were to be specified as + a valid protocol it would have to additionally define how it would + encode requests for specific services, how the URI is encoded, and + what information is returned. + + + + + +Mealling Standards Track [Page 6] + +RFC 3404 DDDS Based URI Resolution October 2002 + + +4.4.3 Applicability of Services + + Since it is possible for there to be a complex set of possible + protocols and services a client application may often need to apply a + more complex decision making process to a set of records than simply + matching on an ordered list of protocols. For example, if there are + 4 rules that are applicable the last one may have a more desirable + Service field than the first. But since the client may be satisfied + by the first it will never know about the 4th one which may be + 'better'. + + To mitigate this the client may want to slightly modify the DDDS + algorithm (for this application only!) in order to determine if more + applicable protocols/services exist. This can safely be done for + this application by using a more complex interaction between steps 3 + and 4 of the DDDS algorithm in order to find the optimal path to + follow. For example, once a client has found a rule who's + Substitution Expression produces a result and who's Service + description is acceptable, it may make note of this but continue to + look at further rules that apply (all the while adhering to the + Order!) in order to find a better one. If none are found it can use + the one it made note of. + + Keep in mind that in order for this to remain safe, the input to step + 3 and the output of step 4 MUST be identical to the basic algorithm. + The client software MUST NOT attempt to do this optimization outside + a specific set of Rewrite Rules (i.e., across delegation paths). + +4.5 Valid Databases + + At present only one DDDS Database is specified for this Application. + "Dynamic Delegation Discovery System (DDDS) Part Three: The Domain + Name System (DNS) Database" (RFC 3403) [4] specifies a DDDS Database + that uses the NAPTR DNS resource record to contain the rewrite rules. + The Keys for this database are encoded as domain-names. + + The output of the First Well Known Rule for the URI Resolution + Application is the URI's scheme. In order to convert this to a + unique key in this Database the string '.uri.arpa.' is appended to + the end. This domain-name is used to request NAPTR records which + produces new keys in the form of domain-names. + + The output of the First Well Known Rule of the URN Resolution + Application is the URN's namespace id. In order to convert this to a + unique key in this Database the string '.urn.arpa.' is appended to + the end. This domain-name is used to request NAPTR records which + produces new keys in the form of domain-names. + + + + +Mealling Standards Track [Page 7] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + DNS servers MAY interpret Flag values and use that information to + include appropriate SRV and A records in the Additional Information + portion of the DNS packet. Clients are encouraged to check for + additional information but are not required to do so. See the + Additional Information Processing section of RFC 3404 for more + information on NAPTR records and the Additional Information section + of a DNS response packet. + + The character set used to encode the substitution expression is + UTF-8. The allowed input characters are all those characters that + are allowed anywhere in a URI. The characters allowed to be in a Key + are those that are currently defined for DNS domain-names. The "i" + flag to the substitution expression is used to denote that, where + appropriate for the code points in question, any matches should be + done in a case-insensitive way. + +5. Examples + +5.1 An Example Using a URN + + Consider a URN that uses the hypothetical FOO namespace. FOO numbers + are identifiers for approximately 30 million registered businesses + around the world, assigned and maintained by Fred, Otto and Orvil, + Inc. The URN might look like: + + urn:foo:002372413:annual-report-1997 + + The first step in the resolution process is to find out about the FOO + namespace. The namespace identifier [8], "foo", is extracted from + the URN and prepended to '.urn.arpa.', producing 'foo.urn.arpa.'. + The DNS is queried for NAPTR records for this domain which produces + the following results: + +foo.urn.arpa. +;; order pref flags service regexp replacement +IN NAPTR 100 10 "s" "foolink+I2L+I2C" "" foolink.udp.example.com. +IN NAPTR 100 20 "s" "rcds+I2C" "" rcds.udp.example.com. +IN NAPTR 100 30 "s" "thttp+I2L+I2C+I2R" "" thttp.tcp.example.com. + + The order field contains equal values, indicating that no order has + to be followed. The preference field indicates that the provider + would like clients to use the special 'foolink' protocol, followed by + the RCDS protocol, and that THTTP is offered as a last resort. All + the records specify the "s" flag which means that the record is + terminal and that the next step is to retrieve an SRV record from DNS + for the given domain-name. + + + + + +Mealling Standards Track [Page 8] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + The service fields say that if we speak of foolink, we will be able + to issue either the I2L, I2C or I2R requests to obtain a URI or ask + some complicated questions about the resource. The Resource + Cataloging and Distribution Service (RCDS) [12] could be used to get + some metadata for the resource, while THTTP could be used to get a + URI for the current location of the resource. + + Assuming our client does not know the foolink protocol but does know + the RCDS protocol, our next action is to lookup SRV RRs for + rcds.udp.example.com, which will tell us hosts that can provide the + necessary resolution service. That lookup might return: + + ;; Pref Weight Port Target + rcds.udp.example.com IN SRV 0 0 1000 deffoo.example.com. + IN SRV 0 0 1000 dbexample.com.au. + IN SRV 0 0 1000 ukexample.com.uk. + + telling us three hosts that could actually do the resolution, and + giving us the port we should use to talk to their RCDS server. (The + reader is referred to the SRV specification [9] for the + interpretation of the fields above.) + + There is opportunity for significant optimization here. RFC 3404 + defines that Additional Information section may be available. In + this case the the SRV records may be returned as additional + information for terminal NAPTRs lookups (as well as the A records for + those SRVs). This is a significant optimization. In conjunction + with a long TTL for *.urn.arpa. records, the average number of probes + to DNS for resolving most URIs would approach one. + + Note that the example NAPTR records above are intended to represent + the result of a NAPTR lookup using some client software like + nslookup; zone administrators should consult the documentation + accompanying their domain name servers to verify the precise syntax + they should use for zone files. + + Also note that there could have been an additional first step where + the URN was resolved as a generic URI by looking up urn.uri.arpa. + The resulting rule would have specified that the NID be extracted + from the URN and '.urn.arpa.' appended to it resulting in the new key + 'foo.urn.arpa.' which is the first step from above. + +5.2 CID URI Scheme Example + + Consider a URI scheme based on MIME Content-Ids. The URI might look + like this: + + cid:199606121851.1@bar.example.com + + + +Mealling Standards Track [Page 9] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + (Note that this example is chosen for pedagogical purposes, and does + not conform to the CID URI scheme.) + + The first step in the resolution process is to find out about the CID + scheme. The scheme is extracted from the URI, prepended to + '.uri.arpa.', and the NAPTR for 'cid.uri.arpa.' looked up in the DNS. + It might return records of the form: + +cid.uri.arpa. +;; order pref flags service regexp replacement +IN NAPTR 100 10 "" "" "!^cid:.+@([^\.]+\.)(.*)$!\2!i" . + + Since there is only one record, ordering the responses is not a + problem. The replacement field is empty, so the pattern provided in + the regexp field is used. We apply that regexp to the entire URI to + see if it matches, which it does. The \2 part of the substitution + expression returns the string "example.com". Since the flags field + is empty, the lookup is not terminal and our next probe to DNS is for + more NAPTR records where the new domain is 'example.com'. + + Note that the rule does not extract the full domain name from the + CID, instead it assumes the CID comes from a host and extracts its + domain. While all hosts, such as 'bar', could have their very own + NAPTR, maintaining those records for all the machines at a site could + be an intolerable burden. Wildcards are not appropriate here since + they only return results when there is no exactly matching names + already in the system. + + The record returned from the query on "example.com" might look like: + +example.com. +;; order pref flags service regexp replacement +IN NAPTR 100 50 "s" "z3950+I2L+I2C" "" z3950.tcp.example.com. +IN NAPTR 100 50 "s" "rescap+I2C" "" rescap.udp.example.com. +IN NAPTR 100 50 "s" "thttp+I2L+I2C+I2R" "" thttp.tcp.example.com. + + Continuing with the example, note that the values of the order fields + are equal for all records, so the client is free to pick any record. + The Application defines the flag 's' to mean a terminal lookup and + that the output of the rewrite will be a domain-name for which an SRV + record should be queried. Once the client has done that, it has the + following information: the host, port, the protocol, and the services + available via that protocol. Given these bits of information the + client has enough to be able to contact that server and ask it + questions about the cid URI. + + + + + + +Mealling Standards Track [Page 10] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + Recall that the regular expression used \2 to extract a domain name + from the CID, and \. for matching the literal '.' characters + separating the domain name components. Since '\' is the escape + character, literal occurrences of a backslash must be escaped by + another backslash. For the case of the cid.uri.arpa record above, + the regular expression entered into the master file should be + "!^cid:.+@([^\\.]+\\.)(.*)$!\\2!i". When the client code actually + receives the record, the pattern will have been converted to + "!^cid:.+@([^\.]+\.)(.*)$!\2!i". + +5.3 Resolving an HTTP URI Scheme + + Even if URN systems were in place now, there would still be a + tremendous number of host based URIs. It should be possible to + develop a URI resolution system that can also provide location + independence for those URIs. + + Assume we have the URI for a very popular piece of software that the + publisher wishes to mirror at multiple sites around the world: + + http://www.example.com/software/latest-beta.exe + + We extract the prefix, "http", and lookup NAPTR records for + 'http.uri.arpa.'. This might return a record of the form: + + http.uri.arpa. IN NAPTR + ;; order pref flags service regexp replacement + 100 90 "" "" "!^http://([^/:]+)!1!i" . + + This expression returns everything after the first double slash and + before the next slash or colon. (We use the '!' character to delimit + the parts of the substitution expression. Otherwise we would have to + use backslashes to escape the forward slashes, and would have a + regexp in the zone file that looked like this: + "/^http:\\/\\/([^\\/:]+)/\\1/i"). + + Applying this pattern to the URI extracts "www.example.com". Looking + up NAPTR records for that might return: + + www.example.com. + ;; order pref flags service regexp replacement + IN NAPTR 100 100 "s" "thttp+L2R" "" thttp.example.com. + IN NAPTR 100 100 "s" "ftp+L2R" "" ftp.example.com. + + Looking up SRV records for thttp.example.com would return information + on the hosts that example.com has designated to be its mirror sites. + The client can then pick one for the user. + + + + +Mealling Standards Track [Page 11] + +RFC 3404 DDDS Based URI Resolution October 2002 + + +6. Notes + + o Registration procedures for the 'urn.arpa.' and 'uri.arpa.' DNS + zones are specified in "Dynamic Delegation Discovery System (DDDS) + Part Five: URI.ARPA Assignment Procedures" (RFC 3405 [5]. + + o If a record at a particular order matches the URI, but the client + doesn't know the specified protocol and service, the client SHOULD + continue to examine records that have the same order. The client + MUST NOT consider records with a higher value of order. This is + necessary to make delegation of portions of the namespace work. + The order field is what lets site administrators say "all requests + for URIs matching pattern x go to server 1, all others go to + server 2". + + o Note that SRV RRs impose additional requirements on clients. + +7. IANA Considerations + + The use of the "urn.arpa." and "uri.arpa." zones requires + registration policies and procedures to be followed and for the + operation of those DNS zones to be maintained. These policies and + procedures are spelled out in a "Dynamic Delegation Discovery System + (DDDS) Part Five: URI.ARPA Assignment Procedures (RFC 3405)" [5]. + The operation of those zones imposes operational and administrative + responsibilities on the IANA. + + The registration method used for values in the Services and Flags + fields is for a specification to be approved by the IESG and + published as either an Informational or standards track RFC. + + The registration policies for URIs is found in RFC 2717 [17]. URN + NID registration policies are found in RFC 2611 [16]. + +8. Security Considerations + + The use of "urn.arpa." and "uri.arpa." as the registry for namespaces + is subject to denial of service attacks, as well as other DNS + spoofing attacks. The interactions with DNSSEC are currently being + studied. It is expected that NAPTR records will be signed with SIG + records once the DNSSEC work is deployed. + + The rewrite rules make identifiers from other namespaces subject to + the same attacks as normal domain names. Since they have not been + easily resolvable before, this may or may not be considered a + problem. + + + + + +Mealling Standards Track [Page 12] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + Regular expressions should be checked for sanity, not blindly passed + to something like PERL. + + This document has discussed a way of locating a resolver, but has not + discussed any detail of how the communication with the resolver takes + place. There are significant security considerations attached to the + communication with a resolver. Those considerations are outside the + scope of this document, and must be addressed by the specifications + for particular resolver communication protocols. + +9. Acknowledgments + + The editors would like to thank Keith Moore for all his consultations + during the development of this document. We would also like to thank + Paul Vixie for his assistance in debugging our implementation, and + his answers on our questions. Finally, we would like to acknowledge + our enormous intellectual debt to the participants in the Knoxville + series of meetings, as well as to the participants in the URI and URN + working groups. + + Specific recognition is given to Ron Daniel who was co-author on the + original versions of these documents. His early implementations and + clarity of thinking was invaluable in clearing up many of the + potential boundary cases. + +References + + [1] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part + One: The Comprehensive DDDS", RFC 3401, October 2002. + + [2] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part + Two: The Algorithm", RFC 3402, October 2002. + + [3] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part + Three: The Domain Name System (DNS) Database", RFC 3403, October + 2002. + + [4] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part + Four: The Uniform Resource Identifiers (URI) Resolution + Application", RFC 3404, October 2002. + + [5] Mealling, M., "Dynamic Delegation Discovery System (DDDS) Part + Five: URI.ARPA Assignment Procedures", RFC 3405y, October 2002. + + [6] Sollins, K. and L. Masinter, "Functional Requirements for + Uniform Resource Names", RFC 1737, December 1994. + + + + + +Mealling Standards Track [Page 13] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + [7] Arms, B., "The URN Implementors, Uniform Resource Names: A + Progress Report", D-Lib Magazine, February 1996. + + [8] Moats, R., "URN Syntax", RFC 2141, May 1997. + + [9] Gulbrandsen, A., Vixie, P. and L. Esibov, "A DNS RR for + specifying the location of services (DNS SRV)", RFC 2782, + February 2000. + + [10] Daniel, R., "A Trivial Convention for using HTTP in URN + Resolution", RFC 2169, June 1997. + + [11] Mealling, M., "URI Resolution Services Necessary for URN + Resolution", RFC 2483, January 1999. + + [12] Moore, K., Browne, S., Cox, J. and J. Gettler, "Resource + Cataloging and Distribution System", Technical Report CS-97-346, + December 1996. + + [13] Sollins, K., "Architectural Principles of Uniform Resource Name + Resolution", RFC 2276, January 1998. + + [14] Daniel, R. and M. Mealling, "Resolution of Uniform Resource + Identifiers using the Domain Name System", RFC 2168, June 1997. + + [15] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource + Identifiers (URI): Generic Syntax", RFC 2396, August 1998. + + [16] Daigle, L., van Gulik, D., Iannella, R. and P. Falstrom, "URN + Namespace Definition Mechanisms", RFC 2611, BCP 33, June 1999. + + [17] Petke, R. and I. King, "Registration Procedures for URL Scheme + Names", RFC 2717, BCP 35, November 1999. + + [18] Mealling, M. and R. Daniel, "The Naming Authority Pointer + (NAPTR) DNS Resource Record", RFC 2915, August 2000. + + + + + + + + + + + + + + + +Mealling Standards Track [Page 14] + +RFC 3404 DDDS Based URI Resolution October 2002 + + +Appendix A. Pseudo Code + + For the edification of implementers, pseudocode for a client routine + using NAPTRs is given below. This code is provided merely as a + convenience, it does not have any weight as a standard way to process + NAPTR records. Also, as is the case with pseudocode, it has never + been executed and may contain logical errors. You have been warned. + + // + // findResolver(URN) + // Given a URN, find a host that can resolve it. + // + findResolver(string URN) { + // prepend prefix to ".urn.arpa." + sprintf(key, "%s.urn.arpa.", extractNS(URN)); + do { + rewrite_flag = false; + terminal = false; + if (key has been seen) { + quit with a loop detected error + } + add key to list of "seens" + records = lookup(type=NAPTR, key); // get all NAPTR RRs for 'key' + + discard any records with an unknown value in the "flags" field. + sort NAPTR records by "order" field and "preference" field + (with "order" being more significant than "preference"). + n_naptrs = number of NAPTR records in response. + curr_order = records[0].order; + max_order = records[n_naptrs-1].order; + + // Process current batch of NAPTRs according to "order" field. + for (j=0; j < n_naptrs && records[j].order <= max_order; j++) { + if (unknown_flag) // skip this record and go to next one + continue; + newkey = rewrite(URN, naptr[j].replacement, naptr[j].regexp); + if (!newkey) // Skip to next record if the rewrite didn't + match continue; + // We did do a rewrite, shrink max_order to current value + // so that delegation works properly + max_order = naptr[j].order; + // Will we know what to do with the protocol and services + // specified in the NAPTR? If not, try next record. + if(!isKnownProto(naptr[j].services)) { + continue; + } + if(!isKnownService(naptr[j].services)) { + continue; + + + +Mealling Standards Track [Page 15] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + } + + // At this point we have a successful rewrite and we will + // know how to speak the protocol and request a known + // resolution service. Before we do the next lookup, check + // the flags to see if we're done. + // Note: it is possible to rewrite this so that this valid + // record could be noted as such but continue on in order + // to find a 'better' record. But that code would be to + // voluminous and application specific to be illustrative. + if (strcasecmp(flags, "S") + || strcasecmp(flags, "P")) + || strcasecmp(flags, "A")) { + terminal = true; + services = naptr[j].services; + addnl = any SRV and/or A records returned as additional + info for naptr[j]. + } + key = newkey; + rewriteflag = true; + break; + } + } while (rewriteflag && !terminal); + + // Did we not find our way to a resolver? + if (!rewrite_flag) { + report an error + return NULL; + } + + // Leave rest to another protocol? + if (strcasecmp(flags, "P")) { + return key as host to talk to; + } + + // If not, keep plugging + if (!addnl) { // No SRVs came in as additional info, look them up + srvs = lookup(type=SRV, key); + } + + sort SRV records by preference, weight, ... + for each (SRV record) { // in order of preference + try contacting srv[j].target using the protocol and one of the + resolution service requests from the "services" field of the + last NAPTR record. + if (successful) + return (target, protocol, service); + // Actually we would probably return a result, but this + + + +Mealling Standards Track [Page 16] + +RFC 3404 DDDS Based URI Resolution October 2002 + + + // code was supposed to just tell us a good host to talk to. + } + die with an "unable to find a host" error; + } + +Author's Address + + Michael Mealling + VeriSign + 21345 Ridgetop Circle + Sterling, VA 20166 + US + + EMail: michael@neonym.net + URI: http://www.verisignlabs.com + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Mealling Standards Track [Page 17] + +RFC 3404 DDDS Based URI Resolution October 2002 + + +Full Copyright Statement + + Copyright (C) The Internet Society (2002). All Rights Reserved. + + This document and translations of it may be copied and furnished to + others, and derivative works that comment on or otherwise explain it + or assist in its implementation may be prepared, copied, published + and distributed, in whole or in part, without restriction of any + kind, provided that the above copyright notice and this paragraph are + included on all such copies and derivative works. However, this + document itself may not be modified in any way, such as by removing + the copyright notice or references to the Internet Society or other + Internet organizations, except as needed for the purpose of + developing Internet standards in which case the procedures for + copyrights defined in the Internet Standards process must be + followed, or as required to translate it into languages other than + English. + + The limited permissions granted above are perpetual and will not be + revoked by the Internet Society or its successors or assigns. + + This document and the information contained herein is provided on an + "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING + TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING + BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION + HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF + MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Acknowledgement + + Funding for the RFC Editor function is currently provided by the + Internet Society. + + + + + + + + + + + + + + + + + + + +Mealling Standards Track [Page 18] + -- cgit v1.2.3