1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
|
Network Working Group A. Newton
Request for Comments: 3707 VeriSign, Inc.
Category: Informational February 2004
Cross Registry Internet Service Protocol (CRISP) Requirements
Status of this Memo
This memo provides information for the Internet community. It does
not specify an Internet standard of any kind. Distribution of this
memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract
Internet registries expose administrative and operational data via
varying directory services. This document defines functional
requirements for the directory services of domain registries and the
common base requirements for extending the use of these services for
other types of Internet registries.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Background . . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Requirements Scope . . . . . . . . . . . . . . . . . . . 3
1.3. Requirements Specification . . . . . . . . . . . . . . . 3
2. Internet Registry Communities . . . . . . . . . . . . . . . . 4
2.1. Domain Name System Registries . . . . . . . . . . . . . 4
2.1.1. Domain Registries . . . . . . . . . . . . . . . 4
2.1.2. Domain Registrars . . . . . . . . . . . . . . . 5
2.2. Other Registries . . . . . . . . . . . . . . . . . . . . 5
2.2.1. Regional Internet Registries . . . . . . . . . . 5
2.2.2. Local Internet Registries . . . . . . . . . . . 5
2.2.3. Internet Routing Registries . . . . . . . . . . 5
2.2.4. Incident Coordination Contact Registries . . . . 6
2.3. Implementers . . . . . . . . . . . . . . . . . . . . . . 6
2.4. End Users . . . . . . . . . . . . . . . . . . . . . . . 6
2.4.1. Internet Resource Registrants . . . . . . . . . 6
2.4.2. Service Providers and Network Operators . . . . 6
2.4.3. Intellectual Property Holders . . . . . . . . . 7
2.4.4. Law Enforcement . . . . . . . . . . . . . . . . 7
2.4.5. Certificate Authorities . . . . . . . . . . . . 7
2.4.6. DNS Users . . . . . . . . . . . . . . . . . . . 7
Newton Informational [Page 1]
^L
RFC 3707 CRISP Requirements February 2004
2.4.7. Abusive Users . . . . . . . . . . . . . . . . . 7
2.5. Other Actors . . . . . . . . . . . . . . . . . . . . . . 8
3. Functional Requirements . . . . . . . . . . . . . . . . . . . 8
3.1. Base Functions . . . . . . . . . . . . . . . . . . . . . 8
3.1.1. Mining Prevention . . . . . . . . . . . . . . . 8
3.1.2. Minimal Technical Reinvention . . . . . . . . . 8
3.1.3. Standard and Extensible Schemas . . . . . . . . 9
3.1.4. Level of Access . . . . . . . . . . . . . . . . 9
3.1.5. Client Processing . . . . . . . . . . . . . . . 10
3.1.6. Entity Referencing . . . . . . . . . . . . . . . 10
3.1.7. Decentralization . . . . . . . . . . . . . . . . 10
3.1.8. Query of Access Permission . . . . . . . . . . . 11
3.1.9. Authentication Distribution . . . . . . . . . . 11
3.1.10. Base Error Responses . . . . . . . . . . . . . . 11
3.1.11. Query Distribution . . . . . . . . . . . . . . . 12
3.1.12. Protocol and Schema Versioning . . . . . . . . . 12
3.1.13. Relay Bag . . . . . . . . . . . . . . . . . . . 13
3.1.14. Privacy Labels . . . . . . . . . . . . . . . . . 14
3.2. Domain Specific Functions . . . . . . . . . . . . . . . 14
3.2.1. Lookups . . . . . . . . . . . . . . . . . . . . 14
3.2.2. Searches . . . . . . . . . . . . . . . . . . . . 15
3.2.3. Information Sets . . . . . . . . . . . . . . . . 16
3.2.4. Serialization Support . . . . . . . . . . . . . 17
3.2.5. Result Set Limits . . . . . . . . . . . . . . . 17
3.2.6. DNS Delegation Referencing . . . . . . . . . . . 17
3.2.7. Distribution for Domain Registry Types . . . . . 18
3.2.8. Data Omission . . . . . . . . . . . . . . . . . 18
3.2.9. Internationalization . . . . . . . . . . . . . . 19
4. Feature Requirements . . . . . . . . . . . . . . . . . . . . . 19
4.1. Client Authentication . . . . . . . . . . . . . . . . . 19
4.2. Referrals . . . . . . . . . . . . . . . . . . . . . . . 20
4.3. Common Referral Mechanism . . . . . . . . . . . . . . . 20
4.4. Structured Queries and Responses . . . . . . . . . . . . 20
4.5. Existing Schema Language . . . . . . . . . . . . . . . . 20
4.6. Defined Schemas . . . . . . . . . . . . . . . . . . . . 20
5. Internationalization Considerations . . . . . . . . . . . . . 20
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 20
7. Security Considerations . . . . . . . . . . . . . . . . . . . 20
Normative References . . . . . . . . . . . . . . . . . . . . . 21
Informative References . . . . . . . . . . . . . . . . . . . . 21
URIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
A. Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
B. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
B.1. Forums. . . . . . . . . . . . . . . . . . . . . . . . . . 24
B.2. Working Group . . . . . . . . . . . . . . . . . . . . . . 24
B.3. Contributions . . . . . . . . . . . . . . . . . . . . . . 25
Newton Informational [Page 2]
^L
RFC 3707 CRISP Requirements February 2004
Intellectual Property Statement. . . . . . . . . . . . . . . . . . 25
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 25
Full Copyright Statement . . . . . . . . . . . . . . . . . . . . . 26
1. Introduction
1.1. Background
The expansion and growth of the Internet has seen the registry
function of a traditionally centralized and managed Network
Information Center become the responsibility of various autonomous,
functionally disparate, and globally distributed Internet registries.
With the broadening number of Internet registries, the uses of their
administrative directory services have expanded from the original and
traditional use of the whois [6] protocol to include the use of whois
outside the scope of its specification, formal and informal
definitions of syntax, undocumented security mechanisms, the use of
other protocols, such as rwhois [5], to fulfill other needs, and
proposals for the use of other technologies such as LDAP [4] and XML.
1.2. Requirements Scope
The scope of the requirements captured in this document relate to the
directory services of Internet registries and their related
communities (Section 2.3, Section 2.4, and Section 2.5). This
scoping specifically targets the requirements of domain name
registries (Section 2.1). The requirements for other registry types
will be made available in other memos. The requirements are of both
the current use of these directory services and the desired
functionality based on input from relevant forums (Appendix B.1).
These requirements are not specific to any protocol. Terms used in
the definition of requirements in this document may be found in the
glossary (Appendix A).
The scope of the requirements in this document are also restricted to
access of data from Internet registries. Requirements for
modification, addition, or provisioning of data in Internet
registries are out of the scope of this document.
1.3. Requirements Specification
The requirements captured in this document are for the purpose of
designing technical specifications. The words used in this document
for compliance with RFC 2119 [3] do not reference or specify policy
and speak only to the capabilities in the derived technology. For
instance, this document may say that the protocol "MUST" support
certain features. An actual service operator is always free to
disable it (and then to return an error such as "permission denied".)
Newton Informational [Page 3]
^L
RFC 3707 CRISP Requirements February 2004
Requirements in this document specifying the capabilities of the
protocol required for proper interaction between a client and a
server will be specified with the "MUST/SHOULD" language of RFC 2119
[3]. This document also contains language relating to the
interaction of a client with multiple servers to form a coherent,
cross-network service. Such service requirements will not be
described using RFC 2119 language.
While individual servers/service operators may not support all
features that the protocol can support, they must respect the
semantics of the protocol queries and responses. For example, a
server should not return referrals if it does not have referent data.
2. Internet Registry Communities
The Internet registries are composed of various communities which
provide scope for the requirements in this document. These
communities can be generalized into the following categories:
registries, registrars, implementers, end-users, and other actors.
2.1. Domain Name System Registries
2.1.1. Domain Registries
Domain registries are responsible for the registration of domains for
use with DNS [1] and forward lookups (i.e., does not include the
.ARPA domain). These registries have typically served two main
domain functions: as the registry for a gTLD or as a registry for a
ccTLD. In some instances, one entity will operate multiple TLD's,
both of the gTLD and ccTLD type. A gTLD or ccTLD domain registry
operator may be a governmental entity, non-governmental,
non-commercial entity, or a commercial entity.
Some ccTLD's have second-level domain registrations similar in nature
to gTLD's or have distinctly separate entities operating second-level
domain registries similar in nature to gTLD's within the ccTLD.
Domain registries usually follow one of two models for conducting
registrations of domains. The "thick" model is the more traditional
model. In a "thick" domain registry, the registry contains both the
operational data for the domain and the contact data (Appendix A) for
the domain. In this model, the registry is typically the interface
to the domain registrant but may also interface with the domain
registrant through domain registrars. The "thin" model domain
registry contains only operational data for domains. In the "thin"
model, contact data for the domain are maintained by a domain
registrar.
Newton Informational [Page 4]
^L
RFC 3707 CRISP Requirements February 2004
Domain registries not described in this section (Section 2.1.1) are
not the subject of this document and may have requirements that are
out of scope for this subject matter.
2.1.2. Domain Registrars
Domain registrars accept domain registrations from registrants on
behalf of domain registries, both "thick" and "thin". In a "thin"
model registry/registrar system, a domain registrar maintains the
contact data of a domain while the registry maintains the operational
data of a domain. In a "thick" model registry/registrar system, a
domain registrar passes both the operational data and contact data to
the registry. Domain registrars may register a domain on behalf of a
registrant in more than one domain registry.
2.2. Other Registries
This section describes Internet registries other than those listed in
Section 2.1. These descriptions are not definitive and this list is
not absolute. They are provided in this document for informational
purposes only.
2.2.1. Regional Internet Registries
Regional Internet Registries (RIR's) administer the allocation of IP
address space and autonomous system numbers. Each RIR serves a
specific geographic region, and collectively they service the entire
Internet. Each RIR is a membership-based, non-profit organization
that facilitates and implements global addressing policy based on the
direction of their regional community.
2.2.2. Local Internet Registries
Local Internet Registries (LIR's) and National Internet Registries
(NIR's) are sub-registries of RIR's and coordinate the same functions
of the RIR's for smaller, more specific geographic regions, sovereign
nations, and localities.
2.2.3. Internet Routing Registries
Internet Routing Registries are routing policy databases. Their
purpose is to provide information helpful in administering Internet
routers. Frequently, the syntax and contents are defined by RPSL
[7].
IRR's are operated by academic, commercial, governmental, and other
types of organizations, including several of the RIR's. The contents
of the databases vary and reflect the needs of the users directly
Newton Informational [Page 5]
^L
RFC 3707 CRISP Requirements February 2004
served (e.g., an ISP may look up route entries, added by their
customers, to decide whether to accept specific route advertisements
they receive).
Unlike RIR and domain registry data, IRR data is often duplicated
between separate organizations. The IRR data has the unique
characteristics of being largely available through other sources
(i.e., it is advertised by the Internet routing protocols) and most
often having a common data format, RPSL.
2.2.4. Incident Coordination Contact Registries
Incident coordination contact registries allow operators of network
resources such as network infrastructure, network names, or network
services to register contact information for the purpose of providing
a means of incident notification. Using this type of registry, an
operator of network resources are provided information for contacting
the operator of another network resource from which an incident may
be occurring.
2.3. Implementers
Implementers of client software are often either affiliated with
large network operators, registry operators, or commercial entities
offering value-added services, or are general citizens of the
Internet. Much of the client software for use with the directory
services of Internet registries is either freely available, open
source, or both, or available as a service. Implementers of server
software are often affiliated with operators or commercial entities
specializing in the out-sourcing of development for Internet
registries.
2.4. End Users
This section describes the many types of end-users. Individuals and
organizations may have multiple roles and may concurrently occupy
many of the categories.
2.4.1. Internet Resource Registrants
Entities given authority over an Internet resource via purchase,
lease, or grant from an Internet registry, either directly or via the
services of a registrar.
2.4.2. Service Providers and Network Operators
Service providers and network operators provide connectivity,
routing, and naming services to many other entities, some commercial
Newton Informational [Page 6]
^L
RFC 3707 CRISP Requirements February 2004
and some non-commercial, both large and small. Their operational and
administrative staff often interact with Internet registries on
behalf of other end-users. Service providers and network operators
interact with all of the Internet registry operators outlined in this
document on a frequent and consistent basis. For example, network
operators use the directory services of Internet registries to
determine contact information for network resources that have
technical problems.
2.4.3. Intellectual Property Holders
A number of parties, such as trademark, service mark and intellectual
property holders, individuals, governments and other geopolitical
entities, have some legal rights on certain alphanumeric strings.
They use the directory services of Internet registries, mostly domain
registries and registrars, for purposes of maintaining and defending
claims to domain names consistent with applicable laws and
regulations.
2.4.4. Law Enforcement
Law enforcement agencies use the directory services of Internet
registries to find information used to carry out the enforcement of
laws within their jurisdictions.
2.4.5. Certificate Authorities
Certificate authorities use the directory services of Internet
registries as part of their verification process when issuing
certificates for Internet named hosts.
2.4.6. DNS Users
Users of the Internet have client software that resolves domain names
to IP addresses and IP addresses to domain names. Often when trouble
occurs in the resolution process of DNS, these users trouble shoot
system problems with the aid of information from the directory
services of Internet registries.
2.4.7. Abusive Users
The administrative directory services of Internet registries are
often the target of practices by abusive users. Using information
obtained from Internet registries, abusive users undertake certain
activities that are counter to the acceptable use of the information
as intended by a registry, registrar, or registrant. Many times,
these practices violate law in the jurisdiction of the user,
Newton Informational [Page 7]
^L
RFC 3707 CRISP Requirements February 2004
registry, registrar, or registrant. One example is the use of
Internet registry information for the use of sending unsolicited bulk
or commercial email.
2.5. Other Actors
Requirements must also consider the positions and policies of other
actors on the use of Internet registry directory services. These
actors include governments, non-governmental policy-setting bodies,
and other non-governmental organizations.
3. Functional Requirements
Functional requirements describe an overall need or process for which
the directory service is used by an Internet registry to fulfill its
obligations to provide access to its respective customers, members,
or other constituents. This section describes requirements in the
manner specified in Section 1.3.
3.1. Base Functions
This section describes basic directory service protocol requirements
for Internet registries. Additional requirements, specific to domain
registries, are described in Domain Specific Functions (Section 3.2).
3.1.1. Mining Prevention
In order to prevent the inappropriate acquisition of data from an
Internet registry's directory service, many servers will limit the
amount of data that may be returned in a fixed time period from a
server to a client. This will most likely be especially true for
anonymous access uses (see Section 3.1.4).
The limits placed on differing types of data or applied depending
upon access status will most likely differ from server to server
based on policy and need. Support for varying service models in the
effort to limit data and prevent data mining may or may not have a
direct impact on the client-to-server protocol.
3.1.2. Minimal Technical Reinvention
The protocol MUST NOT employ unique technology solutions for all
aspects and layers above the network and transport layers. The
protocol SHOULD make use of existing technology standards where
applicable. The protocol MUST employ the use of network and
transport layer standards as defined by the Internet Engineering Task
Force. The protocol MUST define one or more congestion-aware
transport mechanisms for mandatory implementation.
Newton Informational [Page 8]
^L
RFC 3707 CRISP Requirements February 2004
3.1.3. Standard and Extensible Schemas
3.1.3.1. Protocol Requirement
The protocol MUST contain standard schemas for the exchange of data
needed to implement the functionality in this document. In addition,
there MUST be a means to allow the use of schemas not defined by the
needs of this document. Both types of schemas MUST use the same
schema language. The schemas MUST be able to express data elements
with identifying tags for the purpose of localization of the meaning
of the identifying tags.
3.1.3.2. Service Description
The client-to-server protocol must define a standard set of data
structures or schemas to be used when exchanging information. It
must also poses the ability to allow for the use of newer data
structures that are currently not foreseen by this specification. In
both cases, the description and specification of both types of data
structures or schemas must be done in the same way (i.e., the same
schema language).
The schemas must also be capable of "tagging" data with a unique
identifier. This identifier can then be used to localize the name of
that type of data. For instance, a piece of data may have the value
"Bob" and its type identified with the number "5.1". Client software
could use this to display "Name: Bob" in an English locale or
"Nombre: Bob" in a Spanish locale.
3.1.4. Level of Access
3.1.4.1. Protocol Requirement
The protocol MUST NOT prohibit an operator from granularly assigning
multiple types of access to data according to the policies of the
operator. The protocol MUST provide an authentication mechanism and
MUST NOT prohibit an operator from granting types of access based on
authentication.
The protocol MUST provide an anonymous access mechanism that may be
turned on or off based on the policy of an operator.
Newton Informational [Page 9]
^L
RFC 3707 CRISP Requirements February 2004
3.1.4.2. Service Description
Server operators will offer varying degrees of access depending on
policy and need. The following are some examples:
o users will be allowed access only to data for which they have a
relationship
o unauthenticated or anonymous access status may not yield any
contact information
o full access may be granted to a special group of authenticated
users
The types of access allowed by a server will most likely vary from
one operator to the next.
3.1.5. Client Processing
The protocol MUST be capable of allowing machine parsable requests
and responses.
3.1.6. Entity Referencing
There MUST be a mechanism for an entity contained within a server to
be referenced uniquely by an entry in another server.
3.1.7. Decentralization
3.1.7.1. Protocol Requirement
The protocol MUST NOT require the aggregation of data to a central
repository, server, or entity. The protocol MUST NOT require
aggregation of data indexes or hints to a central repository, server,
or entity.
3.1.7.2. Service Description
Some server operators may have a need to coordinate service in a mesh
or some other framework with other server operators. However, the
ability to operate a CRISP compliant server must not require this.
Newton Informational [Page 10]
^L
RFC 3707 CRISP Requirements February 2004
3.1.8. Query of Access Permission
3.1.8.1. Protocol Requirement
The protocol MUST provide a mechanism allowing a client to determine
if a query will be denied before the query is submitted according to
the appropriate policies of the operator.
3.1.8.2. Service Description
Because usage scenarios will differ depending on both policy and type
of service, some server operators may want to provide the ability for
a client to predetermine its ability to retrieve data from a query.
However, some operators will not allow this for security reasons,
policy restrictions, or other matters.
3.1.9. Authentication Distribution
3.1.9.1. Protocol Requirement
The protocol MUST NOT require any Internet registry to participate in
any authentication system. The protocol MUST NOT prohibit the
participation by an Internet registry in federated, distributed
authentication systems.
3.1.9.2. Service Description
Some server operators may have a need to delegate authentication to
another party or participate in a system where authentication
information is distributed. However, the ability to operate a CRISP
compliant server must not require this.
3.1.10. Base Error Responses
The protocol MUST be capable of returning the following types of
non-result or error responses to all lookups and searches:
o permission denied - a response indicating that the search or
lookup has failed due to insufficient authorization.
o not found - the desired results do not exist.
o insufficient resources - the search or lookup requires resources
that cannot be allocated.
Newton Informational [Page 11]
^L
RFC 3707 CRISP Requirements February 2004
3.1.11. Query Distribution
3.1.11.1. Protocol Requirement
The protocol MUST NOT prohibit a server from participating in a query
distribution system.
3.1.11.2. Service Description
For lookups and searches requiring distribution of queries, the
client must be allowed to distribute these queries among the
participants in an established mesh of server operators. It is not a
requirement that the protocol enable the discovery of servers, but
cooperating servers should be able to intelligently handle
distribution with its established mesh. Individual server operators
will respond to all queries received according to their policies for
authentication, privacy, and performance.
However, the ability to operate a CRISP compliant server must not
require the participation in any query distribution system.
3.1.12. Protocol and Schema Versioning
3.1.12.1. Protocol Requirements
The protocol MUST provide a means by which the end-systems can either
identify or negotiate over the protocol version to be used for any
query or set of queries.
All resource-specific schema MUST provide a version identifier
attribute which uniquely and unambiguously identifies the version of
the schema being returned in the answer set to a query.
3.1.12.2. Service Description
The service should allow end-systems using different protocol
versions to fallback to a mutually supported protocol version. If
this is not possible, the service must provide a meaningful error
which indicates that this is the specific case.
The service must suggest negotiation and/or recovery mechanisms for
clients to use when an unknown schema version is received.
Newton Informational [Page 12]
^L
RFC 3707 CRISP Requirements February 2004
3.1.13. Relay Bag
The term "bag" in this section describes a flexible container which
may contain unspecified data.
3.1.13.1. Protocol Requirement
When issuing a referral, the protocol MUST be capable of supplying a
relay bag from the server to the client, and the protocol MUST be
capable of allowing the client to submit this relay bag with a query
to the referred server. The use of the relay bag MUST be OPTIONAL.
The protocol MUST NOT make any assumptions regarding the contents of
the relay bag, but the relay bag MUST be described using the schema
language of the protocol.
The protocol MUST provide different error messages to indicate
whether the bag is of unrecognized format (permanent failure), if it
contains unacceptable data (permanent failure), or if it contains
data that means processing is refused at this time (transient
failure).
There MUST be no more than one bag per referral. The protocol MUST
NOT make an association or linkage between successive bags in a
referral chain.
The client MUST pass the bag as part of any query made to a referrant
server as a result of a referral.
3.1.13.2. Service Description
In some models where service coordination among participating server
operators is utilized, there might be needs to allow a referring
server to pass operator-to-operator coordination data along with the
referral to the referent server. Such needs might be auditing or
tracking. This feature requirement allows a server to pass to the
client a flexible container of unspecified data ("bag") that the
client should pass to the referent server. The bag has no meaning to
the client.
Newton Informational [Page 13]
^L
RFC 3707 CRISP Requirements February 2004
3.1.14. Privacy Labels
3.1.14.1. Protocol Requirement
When a value in an answer to a query is given, the protocol MUST be
capable of tagging the value with the following labels:
1. do not redistribute
2. special access granted
The protocol MAY define other values for this purpose, but MUST
define values defined above at a minimum. The protocol MUST be
capable of attaching these labels concurrently.
3.1.14.2. Service Description
Internet registries will have varying policies regarding the access
to their data. Some registries may grant certain classes of users
with access to data that would not normally be given to most users.
In these cases, registries may want to tag the values in these
entries with labels specifying the responsibilities accompanying
these special user rights.
3.2. Domain Specific Functions
These functions describe requirements specifically needed by domain
registries (Section 2.1.1) and domain registrars (Section 2.1.2).
Requirements specific to other registries (Section 2.2) MUST be
specified separately. No compliant server operator is required to
support the functions required by every registry type.
3.2.1. Lookups
3.2.1.1. Protocol Requirement
The protocol MUST contain the following lookup functions:
1. Contact lookup given a unique reference to a contact of a
resource.
2. Nameserver lookup given a fully-qualified host name or IP address
of a nameserver.
3. Domain lookup given a fully-qualified domain name.
See Section 3.2.3 for the requirements regarding the expected return
values.
Newton Informational [Page 14]
^L
RFC 3707 CRISP Requirements February 2004
3.2.1.2. Service Description
These lookups are all single index queries and should produce zero or
only one entity.
Depending on the policy and need of an Internet registry, a server
operator may not allow all or any of these lookups to return part or
all of the information. See Section 3.2.3.
3.2.2. Searches
3.2.2.1. Protocol Requirement
The protocol MUST contain the following search functions:
1. Domain name search given an exact match or reasonable subset of a
name. This search SHOULD allow for parameters and qualifiers
designed to allow better matching of internationalized domain
names and SHOULD allow for both exact and partial matching within
the limits of internationalized domain names. This search SHOULD
NOT require special transformations of internationalized domain
names to accommodate this search. This search MUST provide a
means to narrow the search by names delegated under a particular
TLD.
2. Domain registrant search by either exact name or partial name
match with the ability to narrow the search to registrants of a
particular TLD.
3. Domains hosted by a nameserver given the fully-qualified host name
or IP address of a nameserver.
See Section 3.2.3 for the requirements regarding the expected return
values.
3.2.2.2. Service Description
Depending on the policy and need of an Internet registry, a server
operator may not allow all or any of these searches to return part or
all of the information. See Section 3.1.4. Access to information
resulting from these searches may also be limited, depending on
policy, by quantity. Section 3.2.5 describes these types of
restrictions.
Some Internet registries may also be participating in a query
distribution system. See Section 3.1.11.
Newton Informational [Page 15]
^L
RFC 3707 CRISP Requirements February 2004
3.2.3. Information Sets
3.2.3.1. Protocol Requirements
The data sets for contacts, nameservers, and domains MUST be able to
express and represent the attributes and allowable values of
registration requests in domain registration and provisioning
protocols.
The schema MUST be capable of expressing the following information
for domains:
o activation status
o registrant
o nameservers
o technical, billing or other contacts
o registry delegating the domain
o registrar for the domain
The data set for domains MUST be able to express arbitrary textual
information for extensions on an individual operator basis. Examples
of such information are license agreements, authorized use policies,
extended status notifications, marketing/for sale notices, and URI
references to other sources.
3.2.3.2. Service Description
It is not expected that every Internet registry supply all of the
information spelled out above, however the schemas employed by the
protocol must be capable of expressing this information should a
registry need to provide it.
The following sections describe requirements relative to the use of
schemas with respect to individual registry need and policy:
o Section 3.2.8
o Section 3.2.5
o Section 3.1.4
o Section 3.1.1
Newton Informational [Page 16]
^L
RFC 3707 CRISP Requirements February 2004
3.2.4. Serialization Support
The schemas used by the protocol SHOULD be capable of off-line
serialization
Off-line serialization allows for implementation independent
operations such as backup and recovery, load-balancing, etc. This
MAY also make possible, in whole or in part, data escrow capabilities
and other usages, however such usages are out of the scope of this
document.
3.2.5. Result Set Limits
3.2.5.1. Protocol Requirement
The protocol MUST contain a feature, used at the discretion of a
server operator, to allow a server to express to a client a limit on
the number of results from searches and lookups. When returning
result sets, the protocol MUST be able to make the following
distinctions:
1. an empty result set.
2. a result set truncated for the purpose of improving performance
bottlenecks.
3. a result set truncated to comply with Section 3.1.1
3.2.5.2. Service Description
Client software will operate more usefully if it can understand
reasons for the truncation of result sets. Of course, some Internet
registries may not be able to expose their policies for the limiting
of result sets, but, when it is possible, clients will have a better
operational view. This may eliminate re-queries and other repeated
actions that are not desirable.
3.2.6. DNS Delegation Referencing
3.2.6.1. Protocol Requirement
The protocol MUST use the delegation authority model available in DNS
[1] as the primary means for determining the authoritative source for
information regarding domains or any other objects when applicable.
Newton Informational [Page 17]
^L
RFC 3707 CRISP Requirements February 2004
3.2.6.2. Service Description
The intent of this requirement is to have clients use the DNS
delegation model to find servers authoritative for resources instead
of using a master or central server containing pointer information.
In other words, when a resource is naturally mapped by DNS, the
desired behavior is to consult the DNS to find an authoritative
server containing information about that resource. Using
'example.com', the authoritative server for information about
example.com according to the registrant of that domain may be found
by querying the DNS zone for example.com. To find the registry
information for example.com, the DNS zone for .com should be queried.
There are cases where resources will not naturally map into the DNS
delegation hierarchy. This requirement is not meant to force such a
mapping.
3.2.7. Distribution for Domain Registry Types
3.2.7.1. Protocol Requirement
The protocol MUST NOT prohibit the distribution of data to exclude
any of the registry/registrar models stated in Section 2.1.1. The
protocol MUST be capable of expressing referrals and entity
references between the various models described in Section 2.1.1.
3.2.7.2. Service Description
Depending on the domain registry/registrar model in use, technical
data for a domain may only reside in one server while contact data
for the same domain may only reside in a server operated by a
separate entity. However, in many uses, this is not the situation.
Therefore, the service must accommodate for the various registration
distribution models of domain registry types described in Section
2.1.1 while complying with Section 3.1.7.
3.2.8. Data Omission
3.2.8.1. Protocol Requirement
When a value in an answer to a query cannot be given due to policy
constraints, the protocol MUST be capable of expressing the value in
one of three ways:
1. complete omission of the value without explanation
2. an indication that the value cannot be given due to insufficient
authorization
Newton Informational [Page 18]
^L
RFC 3707 CRISP Requirements February 2004
3. an indication that the value cannot be given due to privacy
constraints regardless of authorization status
The protocol MAY define other values for this purpose, but MUST
define values defined above at a minimum.
3.2.8.2. Service Description
Internet registries will have varying constraints regarding their
ability to expose certain types of data, usually social information.
Server operators must have the ability to accommodate this need while
client software will be more useful when provided with proper
explanations. Therefore, depending on policy, a server operator has
a choice between not returning the data at all, signaling a
permission error, or indicating a privacy constraint.
3.2.9. Internationalization
The schema defining domain related resources MUST conform to RFC 2277
[2] regarding textual data. In particular, the schema MUST be able
to indicate the charset and language in use with unstructured textual
data.
The protocol MUST be able to support multiple representations of
contact data, with these representations complying with the
requirements in Section 3.2.3. The protocol MUST be able to provide
contact data in UTF-8 and SHOULD be able to provide contact data in
US-ASCII, other character sets, and capable of specifying the
language of the data.
4. Feature Requirements
Feature requirements describe the perceived need derived from the
functional requirements for specific technical criteria of the
directory service. This section describes requirements in the manner
specified in Section 1.3.
4.1. Client Authentication
Entities accessing the service (users) MUST be provided a mechanism
for passing credentials to a server for the purpose of
authentication. The protocol MUST provide a mechanism capable of
employing many authentication types and capable of extension for
future authentication types.
Newton Informational [Page 19]
^L
RFC 3707 CRISP Requirements February 2004
4.2. Referrals
To distribute queries for search continuations and to issue entity
references, the protocol MUST provide a referral mechanism.
4.3. Common Referral Mechanism
To distribute queries for search continuations and to issue entity
references, the protocol MUST define a common referral scheme and
syntax.
4.4. Structured Queries and Responses
To provide for machine consumption as well as human consumption, the
protocol MUST employ structured queries and responses.
4.5. Existing Schema Language
To provide structured queries and responses and allow for minimal
technological reinvention, the protocol MUST employ a pre-existing
schema language.
4.6. Defined Schemas
To provide for machine consumption as well as human consumption, the
protocol MUST define schemas for use by the structured queries and
responses.
5. Internationalization Considerations
Requirements defined in this document MUST consider the best
practices spelled out in [2].
6. IANA Considerations
IANA consideration for any service meeting these requirements will
depend upon the technologies chosen and MUST be specified by any
document describing such a service.
7. Security Considerations
This document contains requirements for the validation of
authenticated entities and the access of authenticated entities
compared with the access of non-authenticated entities. This
document does not define the mechanism for validation of
authenticated entities. Requirements defined in this document MUST
allow for the implementation of this mechanism according best common
practices.
Newton Informational [Page 20]
^L
RFC 3707 CRISP Requirements February 2004
The requirement in Section 3.1.4 must be weighed against other
requirements specifying search or lookup capabilities.
This document contains requirements for referrals and entity
references. Client implementations based on these requirements
SHOULD take proper care in the safe-guarding of credential
information when resolving referrals or entity references according
to best common practices.
This document contains requirements for the distribution of queries
among a mesh of participating service providers. Protocols proposed
to meet these requirements must be able to protect against the use of
that distribution system as a vector of distributed denial of service
attacks or unauthorized data mining.
Normative References
[1] Mockapetris, P., "Domain names - implementation and
specification", STD 13, RFC 1035, November 1987.
[2] Alvestrand, H., "IETF Policy on Character Sets and Languages",
BCP 18, RFC 2277, January 1998.
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
Informative References
[4] Wahl, M., Howes, T. and S. Kille, "Lightweight Directory Access
Protocol (v3)", RFC 2251, December 1997.
[5] Williamson, S., Kosters, M., Blacka, D., Singh, J. and K.
Zeilstra, "Referral Whois (RWhois) Protocol V1.5", RFC 2167,
June 1997.
[6] Harrenstien, K., Stahl, M. and E. Feinler, "NICNAME/WHOIS", RFC
954, October 1985.
[7] Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D.,
Meyer, D., Bates, T., Karrenberg, D. and M. Terpstra, "Routing
Policy Specification Language (RPSL)", RFC 2622, June 1999.
URIs
[8] <http://www.ietf.org/proceedings/00dec/00dec-41.htm>
[9] <http://www.ietf.org/proceedings/01aug/51-40.htm>
Newton Informational [Page 21]
^L
RFC 3707 CRISP Requirements February 2004
[10] <http://www.uwho.verisignlabs.com/
Final-WhoIsPanel-Aug15-Resume.pdf>
[11] <http://www.ripe.net/ripe/meetings/archive/ripe-40/minutes/
min_database.html>
[12] <http://www.nanog.org/mtg-0110/lookup.html>
Newton Informational [Page 22]
^L
RFC 3707 CRISP Requirements February 2004
Appendix A. Glossary
o TLD: Initials for "top level domain." Referes to domains in DNS
[1] that are hierarchically at the level just beneath the root.
o ccTLD: Initials for "country code top level domain." TLD's which
use one of the two character country codes defined by ISO.
o gTLD: Initials for "generic top level domain." TLD's that do not
use one of the two character country codes defined by ISO.
o contact data: Data containing names and contact information (i.e.,
postal addresses, phone numbers, e-mail addresses) of humans or
legal entities.
o operational data: Data necessary to the operation of networks and
network related services and items.
o RIR: Initials for "regional Internet registry."
o IRR: Initials for "Internet routing registry."
o forward lookup: a DNS lookup where a domain name is resolved to an
IP address.
o reverse lookup: a DNS lookup where an IP address is resolved to a
domain name.
o mining: In the context of this document, this term is specific to
data mining. This is a methodical process to obtain the contents
of directory service, usually as much as possible, not relevant to
any immediate need. Data mining is often not a practice welcomed
by registry operators.
Newton Informational [Page 23]
^L
RFC 3707 CRISP Requirements February 2004
Appendix B. Acknowledgements
B.1. Forums
The proceedings of the following public forums were used as input to
the scope and requirements for this document:
o whois BOF of the 49th IETF [8]; December 10-15, 2000; San Diego,
CA, USA
o whoisfix BOF of the 51st IETF [9]; August 5-10, 2001; London,
England
o First UWho Consultation [10]; August 15, 2001; Washington, DC, USA
o Second UWho Consultation; November 15, 2001; Marina del Rey, CA,
USA
o Third UWho Consultation; November 19, 2001; Washington, DC, USA
o DNR WG of RIPE 40, October 1-5, 2001; Praque, Czech Republic
o Database WG of RIPE 40 [11]; October 1-5, 2001; Praque, Czech
Republic
o General Session of NANOG 23 [12]; October 21-23; Oakland, CA, USA
o DNR WG of RIPE 41, January 14-18, 2002; Amsterdam, The Netherlands
o Database WG of RIPE 41, January 14-18, 2002; Amsterdam, The
Netherlands
o NANOG 24 Universal Whois BOF, February 10-12, 2002; Miami, Florida
o CENTR General Assembly, February 21-22, 2002; Rambouillet, France
o CRISP BOF of the 53rd IETF, March 17-22, 2002, Minneapolis,
Minnesota, USA
B.2. Working Group
This document is a work item of the Cross-Registry Internet Service
Protocol (CRISP) Working Group in the Applications Area of the IETF.
Discussions for this working group are held on the email list ietf-
not43@lists.verisignlabs.com. To subscribe to this email list, send
email to ietf-not43-request@lists.verisignlabs.com with a subject
line of "subscribe". Archives of this list may be found out
http://lists.verisignlabs.com/pipermail/ietf-not43/.
Newton Informational [Page 24]
^L
RFC 3707 CRISP Requirements February 2004
B.3. Contributions
Comments, suggestions, and feedback of significant substance have
been provided by Leslie Daigle, Mark Kosters, Ted Hardie, Shane Kerr,
Cathy Murphy, Stephane Bortzmeyer, Rick Wesson, Jaap Akkerhuis, Eric
Hall, Patrick Mevzek, Marcos Sanz, Vittorio Bertola, George
Michaelson, and Tim Christensen.
Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementors or users of this specification can
be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
Author's Address
Andrew L. Newton
VeriSign, Inc.
21355 Ridgetop Circle
Sterling, VA 20166
USA
Phone: +1 703 948 3382
EMail: anewton@verisignlabs.com; anewton@ecotroph.net
Newton Informational [Page 25]
^L
RFC 3707 CRISP Requirements February 2004
Full Copyright Statement
Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of
developing Internet standards in which case the procedures for
copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assignees.
This document and the information contained herein is provided on an
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the
Internet Society.
Newton Informational [Page 26]
^L
|
