| Internet-Draft | rdap-extensions | October 2025 | 
| Newton, et al. | Expires 17 April 2026 | [Page] | 
This document describes and clarifies the usage of extensions in RDAP.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 17 April 2026.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
The Registration Data Access Protocol (RDAP) defines a uniform protocol for accessing data from Internet operations registries, specifically Domain Name Registries (DNRs), Regional Internet Registries (RIRs), and other registries in the Internet Number Registry System (INRS). RDAP queries are defined in [RFC9082] and RDAP responses are defined in [RFC9083].¶
RDAP contains a means to define extensions for queries not found in [RFC9082] and responses not found in [RFC9083]. RDAP extensions are also described in [RFC7480]. This document describes the requirements for RDAP extension definition and use, clarifying ambiguities and defining additional semantics and options that were previously implicit or under-specified, and places some constraints on the definition of RDAP extensions to prevent collisions with various extension mechanisms.¶
This document updates [RFC7480], [RFC9082], and [RFC9083] for the purposes of constraining how extensions are defined. This document does not update any core RDAP requests or responses nor does it update or obsolete any existing RDAP extensions. The updates in this document should require no changes to either client or server implementations.¶
This document describes the following methods for extending RDAP by registered extensions:¶
Additionally, this document updates the IANA registry practices for RDAP. See Section 7.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
Section 6 of [RFC7480] describes the identifier used to signify RDAP extensions and the IANA registry into which RDAP extensions are to be registered.¶
When in use in RDAP, extension identifiers are prepended to URL path segments, URL query parameters, and JSON object member names. They are also included in the "rdapConformance" array member of each response that relies on the extension, so that clients can determine the extensions being used by the server for that response. The "/help" query returns a response with an "rdapConformance" member containing the identifiers for all extensions used by the server.¶
The main purpose of the extension identifier is to act as a namespace, preventing collisions between elements from different extensions. Additionally, implementers and operators can use the extension identifiers to find extension definitions via an IANA registry.¶
While the RDAP extension mechanism was created to extend RDAP queries and/or responses, extensions can also be used to signal server policy (for example, specifying the conditions of use for existing response structures). Extensions that are primarily about signaling server policy are called "profiles". Profile extensions are often used by a class of RDAP server operators, such as the [icann-profile] used by gTLD registries and registrars and the [nro-profile] used by RIRs.¶
Profile extensions may do the following:¶
Some profile extensions exist to denote the usage of values placed into an IANA registry, such as the IANA RDAP registries, or the usage of extensions for specifications used in RDAP responses, such as extended vCard/jCard properties.¶
For example, an extension may be used to signal desired processing of a "rel" attribute in a "links" array, where the "rel" value is registered in the [link-relations]:¶
{
  "rdapConformance": [
    "rdap_level_0",
    "lunarNIC"
  ],
  "objectClassName": "domain",
  "ldhName": "example.com",
  "links": [
    {
      "value": "https://example.com/domain/example.com",
      "href": "https://example.com/sideways_href",
      "rel": "sideways",
      "type": "application/rdap+json"
    }
  ]
}
¶
When defining the usage of link relations, extensions MUST specify the media types expected to be used with those link relations.¶
Profile extensions may also leverage the appearance of their identifier in the "rdapConformance" array (i.e., clients are signaled that a profile is in use). Profile extensions that mandate the implementation of another extension MUST require that the implementer include the extension identifier for that other extension in the "rdapConformance" array.¶
[RFC7480] mandates the implementation of HTTPS but does not mandate its use. Some profile extensions, especially those used by classes of server operators, specify the required use of HTTPS and disallow the use of unencrypted HTTP. Similarly, some profile extensions specify the availability of service over IPv6.¶
As described above, these characteristics are not exclusive to profile extensions and may be found in extensions defining new queries, JSON, and other RDAP extension points (see Section 1.1).¶
Extension specifications MAY define more than one extension identifier. The servers MUST list all extension identifiers used to generate a response in the "rdapConformance" array. The server MUST list all supported extension identifiers in the "rdapConformance" array of a response to a "/help" request.¶
In brief, RDAP extension identifiers start with an alphabetic character and may contain alphanumeric characters and "_" (underscore) characters. This formulation was explicitly chosen to allow compatibility with variable names in programming languages and transliteration with XML. See Section 6 and Section 2.1.¶
RDAP extension identifiers have no explicit structure, and are opaque insofar as no inner-meaning can be "seen" in them.¶
RDAP extensions MUST NOT define an extension identifier that may collide with an existing extension identifier. For example, if there were a pre-existing identifier of "foo_bar", another extension could not define the identifier "foo". Likewise, if there were a pre-existing identifier of "foo_bar", another extension could not define the identifier "foo_bar_buzz". However, an extension could define "foo" if there were a pre-existing definition of "foobar", and vice versa.¶
For this reason, this document updates the guidance of [RFC7480] regarding underscore characters: RDAP extensions MUST NOT use an underscore character in their RDAP extension identifier. Implementers should be aware that many existing extension identifiers do contain underscore characters.¶
[RFC7480] does not explicitly state that extension identifiers are case-sensitive. This document clarifies the formulation in [RFC7480] to explicitly note that extension identifiers are case-sensitive, and extension identifiers MUST NOT be registered where a new identifier is a mixed-case version of an existing identifier (see Section 7.1). For example, given "lunarNIC" is already registered as an identifier, then a new registration with "lunarNic" (note the lowercase "ic" in "Nic") would not be allowed.¶
Section 2.1 of [RFC9083] states the following when using the names of JSON members:¶
Clients of these JSON responses SHOULD ignore unrecognized JSON members in responses. Servers can insert members into the JSON responses, which are not specified in this document, but that does not constitute an error in the response. Servers that insert such unspecified members into JSON responses SHOULD have member names prefixed with a short identifier followed by an underscore followed by a meaningful name. It has been observed that these short identifiers aid software implementers with identifying the specification of the JSON member, and failure to use one could cause an implementer to assume the server is erroneously using a name from this specification. This allowance does not apply to jCard [RFC7095] objects. The full JSON name (the prefix plus the underscore plus the meaningful name) SHOULD adhere to the character and name limitations of the prefix registry described in [RFC7480]. Failure to use these limitations could result in slower adoption as these limitations have been observed to aid some client programming models.¶
Despite this, some RDAP extensions define only one JSON value and do not prefix it with their RDAP extension identifier, instead using the extension identifier as the JSON name for that JSON value. That is, the extension identifier is used "bare" and not appended with an underscore character and subsequent names.¶
Consider the example in Section 2.5.2. Using the bare extension identifier pattern, that example could be written as:¶
{
  "rdapConformance": [
    "rdap_level_0",
    "lunarNIC"
  ],
  "objectClassName": "domain",
  "ldhName": "example.com",
  "remarks":
  [
    {
      "description":
      [
        "She sells sea shells down by the sea shore.",
        "Originally written by Terry Sullivan."
      ]
    }
  ],
  "lunarNIC":
  {
    "firstInitial": "R",
    "lastName": "Heinlein"
  }
}
¶
While [RFC9083] is specific to JSON, the use of a bare extension identifier also applies to other identifiers of RDAP extensions, such as query parameters and object class names. Identifiers of an RDAP extension which need a prefix to avoid name collision with identifiers of other RDAP extensions or RDAP as specified in [RFC7480], [RFC9082], and [RFC9083] are referred to as namespaced identifiers.¶
Usage of a bare extension identifier conflicts with the guidance in Section 2.1 of [RFC9083]. Previously, extension authors have used this pattern when only one query path, JSON name, and/or object class is being defined by the extension.¶
Implementation experience has shown that an extension using a bare identifier can be interoperable, though more difficult to process and parse in some instances. Furthermore, prefixed identifiers are clearly syntactically distinguishable from identifiers defined by the core RDAP specifications, which provides more flexibility to implementers and helps with debugging and similar. Due to these considerations, the bare extension identifier pattern MUST NOT be used for any namespaced identifier.¶
Section 5 of [RFC9082] describes the use of extension identifiers in formulating URLs for RDAP queries. The extension identifiers are to be prepended to the path segments they use. For example, if an extension uses the identifier "foobar", then the path segments used in that extension are prepended with "foobar_". If the "foobar" extension defines paths "fizz" and "fazz", the URLs for this extension would be like so:¶
https://base.example/foobar_fizz https://base.example/foobar_fazz¶
While [RFC9082] describes the extension identifier as a prepended string to a path segment, it does not describe the usage of the extension identifier as a path segment.¶
Note that "bare" identifiers are now explicitly forbidden (see Section 2.3).¶
Extensions defining new URL paths MUST explicitly define the expected responses for each new URL path. New URL paths may return existing object classes or search results as defined in [RFC9083], object classes or search results defined by the extension (see Section 2.5.3 and Section 2.5.4 below), or object classes or search results from other extensions.¶
Additionally, RDAP extensions MUST NOT append a path segment to an existing path segment as this increases the likelihood of collisions with the queries defined by an extension.¶
Although [RFC9082] describes the use of URL query strings, it does not define their use with extensions. [RFC7480] instructs servers to ignore unknown query parameters, where a query parameter is defined as an explicitly named value in a query string. Therefore, the use of query parameters, whether prefixed with an extension identifier or not, is not supported by [RFC9082] and [RFC7480].¶
Despite this, there are several extensions that do specify query parameters. This document updates [RFC9082] with regard to the use of RDAP extension identifiers in URL query parameters.¶
When an RDAP extension defines query parameters to be used with a URL path that is not defined by that RDAP extension, those query parameter names MUST be constructed in the same manner as URL path segments (that is, extension identifier + '_' + parameter name).¶
Note that "bare" identifiers are now explicitly forbidden (see Section 2.3).¶
See Section 5.1 and Section 5.2 for other guidance on the use of query parameters, and see Section 8 and Section 9 regarding constraints on the usage of query parameters.¶
[RFC3986] does not exclusively define a query string as being a list of name=value pairs, however that is the convention used in RDAP. RDAP extensions MUST NOT define query strings in other forms.¶
Section 2 of [RFC9083] describes the use of extension identifiers in the JSON returned by RDAP servers. Just as in URLs, the extension identifier is prepended to JSON names to create a namespace so that the JSON name from one extension will not collide with the JSON name from another extension. Just as with unknown query parameters in URLs, clients are to ignore unknown JSON names.¶
The example given in [RFC9083] is as follows:¶
{
  "handle": "ABC123",
  "lunarNIC_beforeOneSmallStep": "TRUE THAT!",
  "remarks":
  [
    {
      "description":
      [
        "She sells sea shells down by the sea shore.",
        "Originally written by Terry Sullivan."
      ]
    }
  ],
  "lunarNIC_harshMistressNotes":
  [
    "In space,",
    "nobody can hear you scream."
  ]
}
¶
In this example, the extension identified by "lunarNIC" is prepended to the member names of both a JSON string and a JSON array.¶
Note that "bare" identifiers are now explicitly forbidden (see Section 2.3).¶
As Section 4.1 of [RFC9083] requires the use of the "rdapConformance" data structure, and the "objectClassName" string is required of all object class instances, the complete example from above would be:¶
{
  "rdapConformance": [
    "rdap_level_0",
    "lunarNIC"
  ],
  "objectClassName": "domain",
  "handle": "ABC123",
  "ldhName": "example.com",
  "lunarNIC_beforeOneSmallStep": "TRUE THAT!",
  "remarks":
  [
    {
      "description":
      [
        "She sells sea shells down by the sea shore.",
        "Originally written by Terry Sullivan."
      ]
    }
  ],
  "lunarNIC_harshMistressNotes":
  [
    "In space,",
    "nobody can hear you scream."
  ]
}
¶
Prefixing with the extension identifier is not required for children of a prefixed JSON object defined by an RDAP extension.¶
The following example shows this use with a JSON object:¶
{
  "rdapConformance": [
    "rdap_level_0",
    "lunarNIC"
  ],
  "objectClassName": "domain",
  "ldhName": "example.com",
  "remarks":
  [
    {
      "description":
      [
        "She sells sea shells down by the sea shore.",
        "Originally written by Terry Sullivan."
      ]
    }
  ],
  "lunarNIC_author":
  {
    "firstInitial": "R",
    "lastName": "Heinlein"
  }
}
¶
Here the JSON name "lunarNIC_author" will separate the JSON from other extensions that may have an "author" structure. But the JSON contained within "lunarNIC_author" need not be prepended, as collision is avoided by the use of "lunarNIC_author".¶
As described in [RFC9082] and Section 2.4, an extension may define new paths in URLs. If the extension describes the behavior of an RDAP query using that path to return an instance of a new class of RDAP object, the JSON names are not required to be prepended with the extension identifier as described in Section 2.5.2. However, the extension MUST define the value for the "objectClassName" string which is used by clients to evaluate the type of the response. To avoid collisions with object classes defined in other extensions, the value for the "objectClassName" MUST be prepended with the extension identifier, in the same way as for URL paths, query parameters, and JSON names:¶
{
  "rdapConformance": [
    "rdap_level_0",
    "lunarNIC"
  ],
  "objectClassName": "lunarNIC_author",
  "author":
  {
    "firstInitial": "R",
    "lastName": "Heinlein"
  }
}
¶
Note that "bare" identifiers are now explicitly forbidden (see Section 2.3).¶
Extension authors are encouraged to use the "camel case" style described in Section 2.5.6.¶
Though "objectClassName" is a string and [RFC9083] does define one object class name with a space separator (i.e., "ip network"), this document disallows further use of a space character in object class names. Extensions MUST NOT define object class names using the space character or any other character that requires URL-encoding.¶
As described in [RFC9082] and Section 2.4, an extension may define new paths in URLs. If the extension describes the behavior of an RDAP query using the path to return an RDAP search result for a new object class, the JSON name of the search result MUST be prepended with the extension identifier to avoid collision with search results defined in other extensions.¶
If the search result contains object class instances defined by the extension, each instance MUST have an "objectClassName" string as defined in Section 2.5.3. For example:¶
{
  "rdapConformance": [
    "rdap_level_0",
    "lunarNIC"
  ],
  "lunarNIC_authorSearchResult": [
    {
      "objectClassName": "lunarNIC_author",
      "author":
      {
        "firstInitial": "R",
        "lastName": "Heinlein"
      }
    },
    {
      "objectClassName": "lunarNIC_author",
      "author":
      {
        "firstInitial": "J",
        "lastName": "Pournelle"
      }
    },
  ]
}
¶
Section 4.1 of [RFC9083] offers the following guidance on including extension identifiers in the "rdapConformance" member of an RDAP response:¶
A response to a "help" request will include identifiers for all of the specifications supported by the server. A response to any other request will include only identifiers for the specifications used in the construction of the response.¶
A strict interpretation of this wording where "construction of the response" refers only to the JSON structure would rule out the use of Section 2.1.1 extension identifiers, which are in common use in RDAP. This document clarifies the guidance. For responses to queries other than "/help", a response MUST include in the "rdapConformance" array only those extension identifiers necessary for a client to deserialize the JSON and understand the semantic meaning of the content within the JSON, and each extension identifier MUST be free from conflict with the other identifiers with respect to their syntax and semantics.¶
Note that this document does not update the guidance from Section 4.1 of [RFC9083] regarding "/help" responses and the "rdapConformance" array.¶
The styling convention used in [RFC9083] for JSON names is often called "camel casing", in reference to the hump of a camel. In this style, the first letter of every word, except the first word, composing a name is capitalized. This convention was adopted to visually separate the namespace from the name, with an underscore between them. Extension authors are encouraged to use camel casing for JSON names defined in extensions.¶
Extensions MUST NOT redefine the meaning of HTTP status codes or other HTTP semantics. Extensions MAY require the use of specific HTTP headers but MUST NOT redefine their meanings. Extensions defining new HTTP headers MUST have IETF consensus.¶
[RFC7480] describes the use of redirects in RDAP. Redirects are prominent in the discovery of authoritative RIR servers, as the process outlined in [RFC9224], which uses IANA allocations, does not account for transfers of resources between RIRs. Section 4.3 of [RFC7480] instructs servers to ignore unknown query parameters (where "unknown" generally means no defined implementation behavior). As it relates to issuing URLs for redirects, servers MUST NOT blindly copy query parameters from a request to a redirect URL as query parameters may contain sensitive information, such as security credentials, not relevant to the target server of the URL. Following the advice in [RFC7480], servers MUST only place query parameters in redirect URLs when it is known by the origin server (the server issuing the redirect) that the target server (the server referenced by the redirect) can process the query parameter and is a proper target for the contents of the query parameter.¶
The following extensions have been registered with IANA, but do not comply with the requirements set out in the base specifications, as clarified by this document:¶
Extension identifier: fred¶
Extension identifier: artRecord¶
Extension identifier: platformNS¶
Extension identifier: regType¶
Client authors should be aware that responses that make use of these extensions may require special handling on the part of the client. Also, while these extensions will be retained in the registry, future extensions that are similarly non-compliant will not be registered.¶
[RFC7480] defines the [rdap-extensions] registry. This document does not change the purpose of this registry but does update the structure and procedures to be used by its expert reviewers.¶
IANA is instructed to add a new "Deprecation Date" field to each registration in the registry. This field is to remain empty unless IANA is given a date to place in the field. A registrant, as denoted by the contact field of the registry, may request of IANA to deprecate an RDAP extension. The IETF may request of the IANA to deprecate any RDAP extension in the registry. When deprecating an entry in this registry, IANA is to record the date of the request in the "Deprecation Date" field. The "Deprecation Date" field should use the date format specified in [RFC3339].¶
Extension authors are encouraged but not required to seek an informal review of their extension by sending a request for review to regext@ietf.org or its successor.¶
The registration template of this registry is found in [RFC7480] and is unchanged. It is requested of the IANA that all registrations be forwarded to regext@ietf.org or its successor.¶
Extensions MUST be documented in a stable, non-changing, and readily available reference, in sufficient detail that interoperability between independent implementations is possible, and MUST NOT be denoted as a "work in progress" or similar description.¶
The RDAP Extensions Registry should have as a minimum three expert reviewers and ideally four or five. An expert reviewer assigned to the review of an RDAP extension registration must have another expert reviewer double-check any submitted registration.¶
Expert reviewers are to use the following criteria for extensions defined in this document, [RFC7480], [RFC9082], and [RFC9083]. The following is a non-exhaustive checklist:¶
As noted in Section 2.2, any new registration that is a case-variant of an existing registration MUST be rejected.¶
RDAP clients SHOULD match values in this registry using case-insensitive matching to handle server implementations incorrectly using the wrong case.¶
Section 10.2 of [RFC9083] defines the [rdap-json-values]. This registry contains values to be used in the JSON values of RDAP responses. Registrations into this registry may occur in IETF-defined RDAP extensions or via requests to the IANA. Authors of RDAP extensions not defined by the IETF MAY register values in this registry via requests to the IANA. IANA is requested to send a copy of any request not originating from the IETF to regext@ietf.org or its successor.¶
This document does not change the [rdap-json-values] nor its purpose. However, this document does update the procedures for registrations and the processes to be used by its expert reviewers.¶
In addition to the registration of values, RDAP extensions defined by the IETF and other IETF specifications MAY define additional value types (the "type" field). These specifications MUST describe the specific JSON field to be used for each new value type.¶
Section 10.2 of [RFC9083] defines the criteria for the values. Of these, criteria two states:¶
Values must be strings. They should be multiple words separated by single space characters. Every character should be lowercased. If possible, every word should be given in English and each character should be US-ASCII.¶
All registrations SHOULD meet these requirements. However, there may be scenarios in which it is more appropriate for the values to follow other requirements, such as for values also used in other specifications or documents. In all cases, it should be understood that additional registrations of RDAP JSON values occurring after the specification of the value's type in the registry may not be recognized by clients, and therefore either ignored or passed on to users without processing.¶
Designated experts MUST reject any registration that is a duplicate of an existing registration, and all registrations are to be considered case-insensitive. That is, any new registration that is a case-variant of an existing registration should be rejected.¶
RDAP clients SHOULD match values in this registry using case-insensitive matching to handle scenarios in which servers incorrectly use the wrong case.¶
Definitions of new types (see above) MAY additionally constrain the format of values for those new types beyond the specification of this document and [RFC9083]. Designated experts MUST evaluate registrations with those criteria.¶
The [rdap-json-values] registry should have as a minimum three expert reviewers and ideally four or five. An expert reviewer assigned to the review of an RDAP JSON values registration must have another expert reviewer double-check any submitted registration.¶
Expert reviewers are to use the criteria defined in Section 10.2 of [RFC9083].¶
Section 2.4.2 describes the usage of query parameters and Section 5.1 describes the restrictions extensions must follow to use them. Section 4.3 of [RFC7480] instructs servers to ignore unknown query parameters. As it relates to issuing URLs for redirects, servers MUST NOT blindly copy query parameters from a request to a redirect URL as query parameters may contain sensitive information, such as security credentials or tracking information, not relevant to the target server of the URL. Following the advice in [RFC7480], servers MUST only place query parameters in redirect URLs when it is known by the origin server (the server issuing the redirect) that the target server (the server referenced by the redirect) can process the query parameter and the contents of the query parameter are appropriate to be received by the target.¶
Section 2.4.2 describes the usage of query parameters and Section 5.1 describes the restrictions extensions must follow to use them. As query parameters have been known to be used to subvert the privacy preferences of users in HTTP-based protocols, server MUST NOT blindly copy query parameters from a request to a redirect URL as described in Section 8 and extensions MUST follow the constraints of query parameter usage as defined in Section 5.1.¶
The following individuals have provided feedback and contributions to the content and direction of this document: James Gould, Scott Hollenbeck, Ties de Kock, Pawel Kowalik, Daniel Keathley, and Mario Loffredo.¶