Subversion Repositories oidplus

Compare Revisions

Regard whitespace Rev 340 → Rev 341

/trunk/plugins/publicPages/100_whois/whois/rfc/draft-viathinksoft-oidwhois-00.nroff
125,11 → 125,11
 
Three of many possible use-case scenarios are:
 
(1) Many web-browsers and Operating Systems are able to handle ITU-T X.509 certificates [X509] and usually contain a viewer application that shows the contents of these certificates. Attributes which are unknown by the application are either only displayed by their OID, or hidden to avoid confusion to the user. With OID-WHOIS, the application could query the name of these unknown OIDs or even retrieve instructions on how the data described by this OID can be parsed and displayed.
(1) Many web-browsers and Operating Systems can handle ITU-T X.509 certificates [X509] and usually contain a viewer application that shows the contents of these certificates. Attributes which are unknown by the application are either only displayed by their OID, or hidden to avoid confusion to the user. With OID-WHOIS, the application could query the name of these unknown OIDs or even retrieve instructions on how the data described by this OID can be parsed and displayed.
 
(2) Applications that handle SNMP (Simple Network Management Protocol) [RFC1157] might need information about additional MIB files or their OIDs. OID-WHOIS could aid these applications gathering the required information.
(2) Applications that handle SNMP (Simple Network Management Protocol) [RFC1157] might need information about additional MIB files or their OIDs. OID-WHOIS could aid these applications in gathering the required information.
 
(3) In directory services like LDAP (Lightweight Directory Access Protocol) [RFC4511], applications could query the name of attributes which are described by an OID the application doesn't know.
(3) In directory services like LDAP (Lightweight Directory Access Protocol) [RFC4511], applications could query the name of attributes that are described by an OID the application doesn't know.
 
 
.ti 0
144,7 → 144,7
 
OID-WHOIS is based on the WHOIS protocol specified in RFC\03912 [RFC3912].
 
During the request, the client sends a query beginning with "oid:", followed by an OID in dot-notation, as defined in RFC\03061, section 2 [RFC3061], but with following differences:
During the request, the client sends a query beginning with "oid:", followed by an OID in dot-notation, as defined in RFC\03061, section 2 [RFC3061], but with the following differences:
 
(1) The OID MAY contain a leading dot at the beginning.
 
184,12 → 184,12
.fi
.in 3
 
Please note that authentication tokens are only a weak protection. For more information, see section 8 "Security Considerations".
Please note that authentication tokens are only weak protection. For more information, see section 8 "Security Considerations".
 
.ti 0
2.2 Request ABNF Notation
 
For the purposes of defining the query string, the following Augmented BNF definitions will be used. They are based on the ABNF styles of RFC 5234 [RFC5234].
To define the query string, the following Augmented BNF definitions will be used. They are based on the ABNF styles of RFC 5234 [RFC5234].
 
.nf
query = namespace ":" optional-oid *( "$" authtoken )
225,13 → 225,13
 
The response contains multiple lines with field names and values, which MUST be separated by a double colon (":"). Whitespace characters after the double colon are allowed.
 
Each line SHOULD be limited to 80 characters, including field name, double colon, value and whitespaces.
Each line SHOULD be limited to 80 characters, including the field name, double colon, value, and whitespaces.
 
Field names and values MUST be treated case-sensitive.
 
If a value needs to be split into multiple lines, e.g. if the line would exceed the length limit, the same field name including double colon MUST be repeated at the beginning of the next line.
 
If an attribute has multiple values (e.g. multiple Unicode labels, alternative email-addresses etc.), each value MUST be written in a new line with the same field name.
If an attribute has multiple values (e.g. multiple Unicode labels, alternative email-addresses, etc.), each value MUST be written in a new line with the same field name.
 
Lines with the same field name SHALL be kept together.
 
297,7 → 297,7
 
"Information partially available" means that part of the information about the OID is not available. Possible reasons could be that part of the information was redacted due to confidentiality, or the WHOIS service does only know basic information, while the full information can be found somewhere else (e.g. at a referred WHOIS service). The field "attribute" MAY be used with the value "confidential".
 
"Information unavailable" means that the information about the OID is missing, redacted due to confidentiality or otherwise unavailable. The field "attribute" MAY be used with the value "confidential".
"Information unavailable" means that the information about the OID is missing, redacted due to confidentiality, or otherwise unavailable. The field "attribute" MAY be used with the value "confidential".
.in 3
 
(3) "name" (OPTIONAL) contains the name of the OID. It SHOULD be as short as possible.
314,13 → 314,13
 
(9) "identifier" (OPTIONAL, multiple values allowed) contains the alphanumeric identifier ("NameForm") as defined in Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 12.3 [X680].
 
(10) "standardized-id" (OPTIONAL, multiple values allowed) contains an alphanumeric identifier that has a standardized "NameForm", i.e. in an ASN.1 notation, it can be written without its associated number. See more information in Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 32.7 [X680].
(10) "standardized-id" (OPTIONAL, multiple values allowed) contains an alphanumeric identifier that has a standardized "NameForm", i.e. in ASN.1 notation, it can be written without its associated number. See more information in Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 32.7 [X680].
 
(11) "unicode-label" (OPTIONAL, multiple values allowed) contains a Non-integer Unicode label, as defined in Recommendation ITU-T X.680 (2015) | ISO/IEC 8824-1:2015, clause 12.27 [X680].
 
(12) "long-arc" (OPTIONAL, multiple values allowed) contains a Non-integer Unicode label that can be used as first identifier in an OID Internationalized Resource Identifier (OID-IRI), shortening it. More information can be found in Recommendation ITU-T X.660 (2011) | ISO/IEC 9834-1:2012, clause 3.5.8 [X660].
(12) "long-arc" (OPTIONAL, multiple values allowed) contains a Non-integer Unicode label that can be used as the first identifier in an OID Internationalized Resource Identifier (OID-IRI), shortening it. More information can be found in Recommendation ITU-T X.660 (2011) | ISO/IEC 9834-1:2012, clause 3.5.8 [X660].
 
(13) "whois-service" (OPTIONAL) contains an IP-address or host name of a system that offers a WHOIS service which can supply information about the OID and/or its subordinate OIDs. If the result is "Found" (i.e. the OID is existing in the local database), then the information "whois-service" is only informational; its existence is most likely a hint that subordinate OIDs will be found at that WHOIS server. If the result is "Not found; superior object found", then the client SHOULD query the referred WHOIS server in order to receive more information about the OID. See more information in section 4 "Referral".
(13) "whois-service" (OPTIONAL) contains an IP-address or hostname of a system that offers a WHOIS service that can supply information about the OID and/or its subordinate OIDs. If the result is "Found" (i.e. the OID is existing in the local database), then the information "whois-service" is only informational; its existence is most likely a hint that subordinate OIDs will be found at that WHOIS server. If the result is "Not found; superior object found", then the client SHOULD query the referred WHOIS server to receive more information about the OID. See more information in section 4 "Referral".
 
(14) "attribute" (OPTIONAL, multiple values allowed) contains attributes of the OID. An attribute MUST be one of the following values:
 
340,20 → 340,20
"retired" means that the OID is invalidated, revoked, retired, expired, etc. Please consult Recommendation ITU-T X.660 (2011) | ISO/IEC 9834-1:2012 [X660] for more information about such cases.
.in 3
 
(15) "parent" (OPTIONAL) contains the OID of the nearest known parent OID, prepended by namespace identifier and double colon, i.e. "oid:". It MAY be followed by additional human-readable information, e.g. a description or a list of ASN.1 identifiers. There SHALLL be at least 1 whitespace in between.
(15) "parent" (OPTIONAL) contains the OID of the nearest known parent OID, prepended by namespace identifier and double colon, i.e. "oid:". It MAY be followed by additional human-readable information, e.g. a description or a list of ASN.1 identifiers. There SHALL be at least 1 whitespace in between.
 
(16) "subordinate" (OPTIONAL, multiple values allowed) contains a list of subordinate OIDs, prepended by namespace identifier and double colon, i.e. "oid:". It MAY be followed by additional human-readable information, e.g. a description or a list of ASN.1 identifiers. There SHALLL be at least 1 whitespace in between.
(16) "subordinate" (OPTIONAL, multiple values allowed) contains a list of subordinate OIDs, prepended by namespace identifier and double colon, i.e. "oid:". It MAY be followed by additional human-readable information, e.g. a description or a list of ASN.1 identifiers. There SHALL be at least 1 whitespace in between.
 
(17) "created" (OPTIONAL) contains the date and time (as specified in section 3.4 "Date/Time Format") when the OID was first allocated by the RA of the superior OID.
 
(18) "updated" (OPTIONAL) contains the date and time (as specified in section 3.4 "Date/Time Format") when the OID information was last updated.
 
Additional fields can be defined by the WHOIS service. The field names SHALL only consist of the lower-case letters "a..z", hyphens ("-") and numbers, and SHOULD be written in English language. The field name MUST NOT begin or end with a hyphen and a hyphen MUST NOT be followed by another hyphen.
Additional fields can be defined by the WHOIS service. The field names SHALL only consist of the lower-case letters "a..z", hyphens ("-") and numbers, and SHOULD be written in the English language. The field name MUST NOT begin or end with a hyphen and a hyphen MUST NOT be followed by another hyphen.
.bp
.ti 0
3.2.3 RA-Section (Information about the Current RA)
 
This section MUST NOT be present if result is "Not found" or "Service error", otherwise it MAY be present. If it is present, it MUST start with the field "ra".
This section MUST NOT be present if the result is "Not found" or "Service error", otherwise it MAY be present. If it is present, it MUST start with the field "ra".
 
Possible fields are:
 
371,7 → 371,7
 
(3) "ra-contact-name" (OPTIONAL, multiple values allowed) contains the name of a person responsible for the allocation and administration of subordinate OIDs, in case "ra" is a group or organization.
 
(4) "ra-address" (OPTIONAL) contains the physical location of the RA. While a fully qualified postal address is recommended, the field can also just contain a rough location like city and country name, state and country name or just the country name. The name of the country SHOULD always be present.
(4) "ra-address" (OPTIONAL) contains the physical location of the RA. While a fully qualified postal address is recommended, the field can also just contain a rough location like city and country name, state and country name, or just the country name. The name of the country SHOULD always be present.
 
(5) "ra-phone" (OPTIONAL, multiple values allowed) contains a landline phone number of the Registration Authority. It SHOULD be written in the international number format specified in Recommendation ITU-T E.164 (2010) [E164], e.g. +1 206 555 0100.
 
395,7 → 395,7
 
(12) "ra-updated" (OPTIONAL) contains the date and time (as specified in section 3.4 "Date/Time Format") when the RA information was last modified.
 
Additional fields can be defined by the WHOIS service, but they MUST begin with "ra-". The field names SHALL only consist of the lower-case letters "a..z", hyphens ("-") and numbers, and SHOULD be written in English language. The field name MUST NOT begin or end with a hyphen and a hyphen MUST NOT be followed by another hyphen.
Additional fields can be defined by the WHOIS service, but they MUST begin with "ra-". The field names SHALL only consist of the lower-case letters "a..z", hyphens ("-") and numbers, and SHOULD be written in the English language. The field name MUST NOT begin or end with a hyphen and a hyphen MUST NOT be followed by another hyphen.
.bp
.ti 0
3.2.4 Sections for Previous Registration Authorities
417,7 → 417,7
.ti 0
3.3 Digital Signature
 
If integrity/authenticity is required, the whole response can be signed, e.g. by using S/MIME, RSA or PGP. This document does not describe a mechanism for detecting which signature method was used. The creation and verification of the signature is therefore implementation specific and no interoperability regarding signature creation and validation is given at this time.
If integrity/authenticity is required, the whole response can be signed, e.g. by using S/MIME, RSA, or PGP. This document does not describe a mechanism for detecting which signature method was used. The creation and verification of the signature are therefore implementation-specific and no interoperability regarding signature creation and validation is given at this time.
 
Depending on the signature method being used, various things need to be appended and/or prepended to the response. These additional lines MUST be prepended by a percent sign ("%") to avoid that an application confuses these additional lines (e.g. lines belonging to a PGP header) with part of the actual WHOIS response.
 
428,12 → 428,12
 
If parts of the date/time reference are uncertain, then they SHOULD be omitted until the date/time reference has the highest correctness.
 
Examples of valid date/time references can be found at section 3.4.2.
Examples of valid date/time references can be found in section 3.4.2.
 
.ti 0
3.4.1 Date/Time Format ABNF Notation
 
For the purposes of defining the format of a Date/Time reference, the following Augmented BNF definitions will be used. They are based on the ABNF styles of RFC 5234 [RFC5234].
To define the format of a Date/Time reference, the following Augmented BNF definitions will be used. They are based on the ABNF styles of RFC 5234 [RFC5234].
 
.nf
date-time = year [ "-" month [ "-" day [ " " time ] ] ]
596,7 → 596,7
 
(5) Although the term "Registration Authority" might not be appropriate for every namespace, the RA-section as described in section 3.2.3 SHOULD still be used. The term "Registration Authority" should then be treated like "Owner", "Creator", "Manager", etc.
 
(6) The namespace specific identifier MUST NOT contain dollar signs ("$"), because section 2.1 "Authentication Tokens" defines them as separator for authentication tokens.
(6) The namespace specific identifier MUST NOT contain dollar signs ("$"), because section 2.1 "Authentication Tokens" defines them as a separator for authentication tokens.
 
(7) The namespace specific identifier MUST be treated case-sensitive if the namespace distinguishes between lower-case and upper-case.
 
644,7 → 644,7
 
To enhance interoperability, this document specifies that the request and response MUST be UTF-8 encoded (as defined in RFC\03629 [RFC3629]), without Byte-Order-Mark (BOM).
 
The WHOIS service can define additional field names, but they SHOULD be written in English language so that there is consistency with the other field names defined in this document.
The WHOIS service can define additional field names, but they SHOULD be written in the English language so that there is consistency with the other field names defined in this document.
.bp
.ti 0
8 Security Considerations
651,7 → 651,7
 
(1) The knowledge of existence or information about some OIDs could be considered confidential. In this case, the WHOIS service can either deny the existence of the requested OID (by setting the result to "Not found") or redact information in the Object-Section, as defined in section 3.2.2 "Object-Section".
 
(2) Registration Authorities might demand that their personal data is kept confidential, or at least be partially redacted to increase privacy or as a measurement against spam. In this case, the WHOIS service can redact information in the RA-Section, as defined in section 3.2.3 "RA-Section".
(2) Registration Authorities might demand that their data is kept confidential, or at least be partially redacted to increase privacy or as measurement against spam. In this case, the WHOIS service can redact information in the RA-Section, as defined in section 3.2.3 "RA-Section".
 
(3) The WHOIS service can decide if confidential material is omitted or shown, based on authentication mechanisms like white-listing client IP addresses or by using authentication tokens supplied by the client, as defined in section 2.1 "Authentication Tokens".
.\" REMOVED BECAUSE PAGE WOULD BE TOO LONG: "during the request"
658,16 → 658,16
 
(4) The usage of authentication tokens is not recommended if the traffic between client and server is transmitted through an untrusted network, because the WHOIS protocol is not encrypted.
 
(5) Authentication tokens must have a sufficient length and complexity in order to avoid successful brute force attacks, or the WHOIS service must limit the number of requests per time period.
(5) Authentication tokens must have a sufficient length and complexity to avoid successful brute force attacks, or the WHOIS service must limit the number of requests per time.
 
(6) The WHOIS protocol itself has no mechanism for verifying the integrity of data received. Due to this fact, information should not be trusted if it is transmitted through an untrusted network. If integrity/authenticity is required, the WHOIS response can be signed, as described in section 3.3 "Digital Signature". However, this document does not describe a mechanism for detecting which signature method was used. Therefore, no interoperability of signature creation/validation is given at this time.
(6) The WHOIS protocol itself has no mechanism for verifying the integrity of data received. Due to this fact, the information should not be trusted if it is transmitted through an untrusted network. If integrity/authenticity is required, the WHOIS response can be signed, as described in section 3.3 "Digital Signature". However, this document does not describe a mechanism for detecting which signature method was used. Therefore, no interoperability of signature creation/validation is given at this time.
 
.ti 0
9 IANA Considerations
 
(1) IANA is operating a WHOIS service at whois.iana.org. This WHOIS service could be extended by allowing requests starting with "oid:", in order to serve information about OIDs owned or delegated by IANA, for example it could output information about Private Enterprise Numbers (PEN) located at OID 1.3.6.1.4.1.
(1) IANA is operating a WHOIS service at whois.iana.org. This WHOIS service could be extended by allowing requests starting with "oid:", to serve information about OIDs owned or delegated by IANA, for example, it could output information about Private Enterprise Numbers (PEN) located at OID 1.3.6.1.4.1.
 
(2) Owners of Private Enterprise Numbers could store the addresses of their own WHOIS servers in the IANA PEN database, so that these addresses can be included in the WHOIS output of IANA. This would enable the referral functionality described in section 4 "Referral".
(2) Owners of Private Enterprise Numbers could store the addresses of their WHOIS servers in the IANA PEN database so that these addresses can be included in the WHOIS output of IANA. This would enable the referral functionality described in section 4 "Referral".
.bp
.ti 0
10 References
/trunk/plugins/publicPages/100_whois/whois/rfc/draft-viathinksoft-oidwhois-00.txt
145,9 → 145,9
 
Three of many possible use-case scenarios are:
 
(1) Many web-browsers and Operating Systems are able to handle ITU-T
X.509 certificates [X509] and usually contain a viewer application
that shows the contents of these certificates. Attributes which are
(1) Many web-browsers and Operating Systems can handle ITU-T X.509
certificates [X509] and usually contain a viewer application that
shows the contents of these certificates. Attributes which are
unknown by the application are either only displayed by their OID, or
hidden to avoid confusion to the user. With OID-WHOIS, the
application could query the name of these unknown OIDs or even
156,12 → 156,12
 
(2) Applications that handle SNMP (Simple Network Management
Protocol) [RFC1157] might need information about additional MIB files
or their OIDs. OID-WHOIS could aid these applications gathering the
required information.
or their OIDs. OID-WHOIS could aid these applications in gathering
the required information.
 
(3) In directory services like LDAP (Lightweight Directory Access
Protocol) [RFC4511], applications could query the name of attributes
which are described by an OID the application doesn't know.
that are described by an OID the application doesn't know.
 
 
186,7 → 186,7
 
During the request, the client sends a query beginning with "oid:",
followed by an OID in dot-notation, as defined in RFC 3061, section 2
[RFC3061], but with following differences:
[RFC3061], but with the following differences:
 
(1) The OID MAY contain a leading dot at the beginning.
 
233,14 → 233,14
oid:2.999$firstToken
oid:2.999$firstToken$secondToken
 
Please note that authentication tokens are only a weak protection.
For more information, see section 8 "Security Considerations".
Please note that authentication tokens are only weak protection. For
more information, see section 8 "Security Considerations".
 
2.2 Request ABNF Notation
 
For the purposes of defining the query string, the following
Augmented BNF definitions will be used. They are based on the ABNF
styles of RFC 5234 [RFC5234].
To define the query string, the following Augmented BNF definitions
will be used. They are based on the ABNF styles of RFC 5234
[RFC5234].
 
query = namespace ":" optional-oid *( "$" authtoken )
 
282,8 → 282,8
INTERNET DRAFT OID-WHOIS <Issue Date>
 
 
Each line SHOULD be limited to 80 characters, including field name,
double colon, value and whitespaces.
Each line SHOULD be limited to 80 characters, including the field
name, double colon, value, and whitespaces.
 
Field names and values MUST be treated case-sensitive.
 
292,7 → 292,7
colon MUST be repeated at the beginning of the next line.
 
If an attribute has multiple values (e.g. multiple Unicode labels,
alternative email-addresses etc.), each value MUST be written in a
alternative email-addresses, etc.), each value MUST be written in a
new line with the same field name.
 
Lines with the same field name SHALL be kept together.
421,7 → 421,7
MAY be used with the value "confidential".
 
"Information unavailable" means that the information about the
OID is missing, redacted due to confidentiality or otherwise
OID is missing, redacted due to confidentiality, or otherwise
unavailable. The field "attribute" MAY be used with the value
"confidential".
 
461,9 → 461,9
 
(10) "standardized-id" (OPTIONAL, multiple values allowed) contains
an alphanumeric identifier that has a standardized "NameForm", i.e.
in an ASN.1 notation, it can be written without its associated
number. See more information in Recommendation ITU-T X.680 (2015) |
ISO/IEC 8824-1:2015, clause 32.7 [X680].
in ASN.1 notation, it can be written without its associated number.
See more information in Recommendation ITU-T X.680 (2015) | ISO/IEC
8824-1:2015, clause 32.7 [X680].
 
(11) "unicode-label" (OPTIONAL, multiple values allowed) contains a
Non-integer Unicode label, as defined in Recommendation ITU-T X.680
470,20 → 470,20
(2015) | ISO/IEC 8824-1:2015, clause 12.27 [X680].
 
(12) "long-arc" (OPTIONAL, multiple values allowed) contains a Non-
integer Unicode label that can be used as first identifier in an OID
Internationalized Resource Identifier (OID-IRI), shortening it. More
information can be found in Recommendation ITU-T X.660 (2011) |
integer Unicode label that can be used as the first identifier in an
OID Internationalized Resource Identifier (OID-IRI), shortening it.
More information can be found in Recommendation ITU-T X.660 (2011) |
ISO/IEC 9834-1:2012, clause 3.5.8 [X660].
 
(13) "whois-service" (OPTIONAL) contains an IP-address or host name
of a system that offers a WHOIS service which can supply information
(13) "whois-service" (OPTIONAL) contains an IP-address or hostname of
a system that offers a WHOIS service that can supply information
about the OID and/or its subordinate OIDs. If the result is "Found"
(i.e. the OID is existing in the local database), then the
information "whois-service" is only informational; its existence is
most likely a hint that subordinate OIDs will be found at that WHOIS
server. If the result is "Not found; superior object found", then
the client SHOULD query the referred WHOIS server in order to receive
more information about the OID. See more information in section 4
the client SHOULD query the referred WHOIS server to receive more
information about the OID. See more information in section 4
"Referral".
 
(14) "attribute" (OPTIONAL, multiple values allowed) contains
526,7 → 526,7
(15) "parent" (OPTIONAL) contains the OID of the nearest known parent
OID, prepended by namespace identifier and double colon, i.e. "oid:".
It MAY be followed by additional human-readable information, e.g. a
description or a list of ASN.1 identifiers. There SHALLL be at least
description or a list of ASN.1 identifiers. There SHALL be at least
1 whitespace in between.
 
(16) "subordinate" (OPTIONAL, multiple values allowed) contains a
533,7 → 533,7
list of subordinate OIDs, prepended by namespace identifier and
double colon, i.e. "oid:". It MAY be followed by additional human-
readable information, e.g. a description or a list of ASN.1
identifiers. There SHALLL be at least 1 whitespace in between.
identifiers. There SHALL be at least 1 whitespace in between.
 
(17) "created" (OPTIONAL) contains the date and time (as specified in
section 3.4 "Date/Time Format") when the OID was first allocated by
545,9 → 545,9
 
Additional fields can be defined by the WHOIS service. The field
names SHALL only consist of the lower-case letters "a..z", hyphens
("-") and numbers, and SHOULD be written in English language. The
field name MUST NOT begin or end with a hyphen and a hyphen MUST NOT
be followed by another hyphen.
("-") and numbers, and SHOULD be written in the English language.
The field name MUST NOT begin or end with a hyphen and a hyphen MUST
NOT be followed by another hyphen.
 
 
 
564,9 → 564,9
 
3.2.3 RA-Section (Information about the Current RA)
 
This section MUST NOT be present if result is "Not found" or "Service
error", otherwise it MAY be present. If it is present, it MUST start
with the field "ra".
This section MUST NOT be present if the result is "Not found" or
"Service error", otherwise it MAY be present. If it is present, it
MUST start with the field "ra".
 
Possible fields are:
 
598,7 → 598,7
(4) "ra-address" (OPTIONAL) contains the physical location of the RA.
While a fully qualified postal address is recommended, the field can
also just contain a rough location like city and country name, state
and country name or just the country name. The name of the country
and country name, or just the country name. The name of the country
SHOULD always be present.
 
(5) "ra-phone" (OPTIONAL, multiple values allowed) contains a
653,7 → 653,7
Additional fields can be defined by the WHOIS service, but they MUST
begin with "ra-". The field names SHALL only consist of the lower-
case letters "a..z", hyphens ("-") and numbers, and SHOULD be written
in English language. The field name MUST NOT begin or end with a
in the English language. The field name MUST NOT begin or end with a
hyphen and a hyphen MUST NOT be followed by another hyphen.
 
 
701,10 → 701,10
3.3 Digital Signature
 
If integrity/authenticity is required, the whole response can be
signed, e.g. by using S/MIME, RSA or PGP. This document does not
signed, e.g. by using S/MIME, RSA, or PGP. This document does not
describe a mechanism for detecting which signature method was used.
The creation and verification of the signature is therefore
implementation specific and no interoperability regarding signature
The creation and verification of the signature are therefore
implementation-specific and no interoperability regarding signature
creation and validation is given at this time.
 
Depending on the signature method being used, various things need to
721,7 → 721,7
If parts of the date/time reference are uncertain, then they SHOULD
be omitted until the date/time reference has the highest correctness.
 
Examples of valid date/time references can be found at section 3.4.2.
Examples of valid date/time references can be found in section 3.4.2.
 
 
732,9 → 732,9
 
3.4.1 Date/Time Format ABNF Notation
 
For the purposes of defining the format of a Date/Time reference, the
following Augmented BNF definitions will be used. They are based on
the ABNF styles of RFC 5234 [RFC5234].
To define the format of a Date/Time reference, the following
Augmented BNF definitions will be used. They are based on the ABNF
styles of RFC 5234 [RFC5234].
 
date-time = year [ "-" month [ "-" day [ " " time ] ] ]
 
928,7 → 928,7
etc.
 
(6) The namespace specific identifier MUST NOT contain dollar signs
("$"), because section 2.1 "Authentication Tokens" defines them as
("$"), because section 2.1 "Authentication Tokens" defines them as a
separator for authentication tokens.
 
(7) The namespace specific identifier MUST be treated case-sensitive
998,8 → 998,8
[RFC3629]), without Byte-Order-Mark (BOM).
 
The WHOIS service can define additional field names, but they SHOULD
be written in English language so that there is consistency with the
other field names defined in this document.
be written in the English language so that there is consistency with
the other field names defined in this document.
 
 
1018,11 → 1018,11
to "Not found") or redact information in the Object-Section, as
defined in section 3.2.2 "Object-Section".
 
(2) Registration Authorities might demand that their personal data is
kept confidential, or at least be partially redacted to increase
privacy or as a measurement against spam. In this case, the WHOIS
service can redact information in the RA-Section, as defined in
section 3.2.3 "RA-Section".
(2) Registration Authorities might demand that their data is kept
confidential, or at least be partially redacted to increase privacy
or as measurement against spam. In this case, the WHOIS service can
redact information in the RA-Section, as defined in section 3.2.3
"RA-Section".
 
(3) The WHOIS service can decide if confidential material is omitted
or shown, based on authentication mechanisms like white-listing
1034,12 → 1034,12
network, because the WHOIS protocol is not encrypted.
 
(5) Authentication tokens must have a sufficient length and
complexity in order to avoid successful brute force attacks, or the
WHOIS service must limit the number of requests per time period.
complexity to avoid successful brute force attacks, or the WHOIS
service must limit the number of requests per time.
 
(6) The WHOIS protocol itself has no mechanism for verifying the
integrity of data received. Due to this fact, information should not
be trusted if it is transmitted through an untrusted network. If
integrity of data received. Due to this fact, the information should
not be trusted if it is transmitted through an untrusted network. If
integrity/authenticity is required, the WHOIS response can be signed,
as described in section 3.3 "Digital Signature". However, this
document does not describe a mechanism for detecting which signature
1050,14 → 1050,14
 
(1) IANA is operating a WHOIS service at whois.iana.org. This WHOIS
service could be extended by allowing requests starting with "oid:",
in order to serve information about OIDs owned or delegated by IANA,
for example it could output information about Private Enterprise
Numbers (PEN) located at OID 1.3.6.1.4.1.
to serve information about OIDs owned or delegated by IANA, for
example, it could output information about Private Enterprise Numbers
(PEN) located at OID 1.3.6.1.4.1.
 
(2) Owners of Private Enterprise Numbers could store the addresses of
their own WHOIS servers in the IANA PEN database, so that these
addresses can be included in the WHOIS output of IANA. This would
enable the referral functionality described in section 4 "Referral".
their WHOIS servers in the IANA PEN database so that these addresses
can be included in the WHOIS output of IANA. This would enable the
referral functionality described in section 4 "Referral".