<?xml version="1.0" encoding="utf-8"?>
<rfc xmlns:xi="http://www.w3.org/2001/XInclude"
     category="std"
     docName="draft-ranjbar-regext-rdap-subordinate-referrals-00"
     ipr="trust200902"
     submissionType="IETF"
     version="3">

  <front>
    <title abbrev="RDAP Subordinate Referrals">Redirecting RDAP Queries to Holder-Designated Servers for Subordinate Resources</title>
    <seriesInfo name="Internet-Draft" value="draft-ranjbar-regext-rdap-subordinate-referrals-00"/>
    <author fullname="Kaveh Ranjbar" initials="K." surname="Ranjbar">
      <organization>Whisper Security</organization>
      <address>
        <email>kaveh@whisper.security</email>
      </address>
    </author>
    <date year="2026" month="July" day="6"/>
    <abstract>
      <t>Registration Data Access Protocol (RDAP) queries can be resolved
      from the IANA bootstrap registries down to the most specific object
      held by a registry operator's RDAP service. Where the holder of a
      registered resource maintains registration data for resources
      subordinate to it, such as DNS names below a registered domain or
      more-specific networks below an address allocation, and operates a
      conformant RDAP service for that data, there is currently no
      discoverable referral from the registry's response to the holder's
      service. This document describes an optional, holder-designated
      referral for subordinate resources, building on the explicit
      redirect mechanism defined for RDAP. It is written as input to
      draft-ietf-regext-rdap-referrals and its content may be merged into
      that document.</t>
    </abstract>
  </front>

  <middle>
    <section anchor="intro">
      <name>Introduction</name>
      <t>RDAP <xref target="RFC7480"/> <xref target="RFC9082"/>
      <xref target="RFC9083"/> allows a client to discover the
      authoritative server for a resource using the IANA bootstrap
      registries <xref target="RFC9224"/> and to navigate object
      hierarchies, including with the search and link relations defined
      in <xref target="RFC9910"/>. In current deployments this walk
      terminates at the most specific object the registry operator's
      database holds: the registered domain object at a domain registry
      or registrar, or the covering allocation or aggregated assignment
      object at a Regional Internet Registry (RIR).</t>
      <t>Resource holders increasingly maintain large, dynamic sets of
      subordinate resources with meaningful registration data of their
      own. Examples include DNS names below a registered domain that are
      provisioned and retired programmatically, and more-specific
      networks or individual addresses below an allocation that are
      assigned at machine speed. Registry databases deliberately do not
      hold this per-subordinate detail; aggregation conventions exist at
      RIRs precisely to keep it out of the central database. A holder
      may instead operate a conformant RDAP service that serves this
      data directly from the system where it is maintained.</t>
      <t>Today such a holder-operated service is undiscoverable: a client
      walking from the bootstrap has no indication that a more specific
      answer exists or where to find it. This document describes an
      optional referral from the registry operator's RDAP response to a
      holder-designated RDAP server, scoped strictly to resources
      subordinate to the referring object. Nothing is mandatory on
      either side: a holder that designates no server, and a client that
      follows no referral, observe exactly today's behaviour.</t>
      <t>This document is written as input to
      <xref target="I-D.ietf-regext-rdap-referrals"/>, which defines the
      underlying explicit redirect mechanism, and the author's preference
      is for the substance of this document to be merged into that work
      rather than progressing independently.</t>
    </section>

    <section anchor="terminology">
      <name>Terminology</name>
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL
      NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED",
      "MAY", and "OPTIONAL" in this document are to be interpreted as
      described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/>
      when, and only when, they appear in all capitals, as shown here.</t>
      <dl>
        <dt>Subordinate resource:</dt>
        <dd>A resource wholly contained within a registered resource: a
        DNS name below a registered domain name, or a network or address
        contained within a registered or allocated network.</dd>
        <dt>Holder-designated server:</dt>
        <dd>An RDAP server operated by or for the holder of a registered
        resource, designated by the holder to answer queries for
        subordinate resources of that registered resource.</dd>
      </dl>
    </section>

    <section anchor="mechanism">
      <name>Referral to a Holder-Designated Server</name>
      <t>A registry operator's RDAP server that knows a holder-designated
      server for a registered resource MAY include, in responses for that
      resource, a link whose context is the object itself and whose
      target is the base URL of the holder-designated server. The link
      SHOULD use the relations and behaviour defined in
      <xref target="I-D.ietf-regext-rdap-referrals"/> so that a client
      can either follow the link opportunistically or request an
      explicit redirect for a subordinate resource.</t>
      <t>For example, a lookup at a domain registry for
      example.com may carry a referral to
      https://rdap.example.com/ designated by the registrant, and a
      lookup for a name subordinate to example.com may, where the server
      implements explicit redirects, be redirected to the corresponding
      object on that server. A lookup at an RIR for an allocation may
      likewise carry a referral for its more-specifics.</t>
      <t>The referral target MUST be an HTTPS URL. A holder-designated
      server is a candidate source of registration data only for
      resources subordinate to the referring object, and clients
      MUST NOT treat it as authoritative for any other resource.</t>
      <t>A dedicated link relation registered with IANA, for example
      "rdap-resource-holder", may be the cleanest carrier for this
      referral, mirroring the approach taken for the relations in
      <xref target="RFC9910"/>. This document defers the choice
      between a dedicated relation and reuse of existing relations to
      working group discussion.</t>
    </section>

    <section anchor="consistency">
      <name>Hierarchy Consistency and Loop Avoidance</name>
      <t>A holder-designated server SHOULD include, in each response for
      a subordinate resource, a link with relation "up" (for domain
      objects) or "rdap-up" <xref target="RFC9910"/> (for number
      resources) whose target is the corresponding registered object at
      the registry operator's service, so that the hierarchy remains
      navigable in both directions.</t>
      <t>Clients MUST bound the number of holder-level referrals they
      follow for a single query resolution. A single hop from the
      registry operator's service to a holder-designated server is
      sufficient for the use cases described here.</t>
    </section>

    <section anchor="operational">
      <name>Operational Considerations</name>
      <t>How a holder communicates its designated server to the registry
      operator is a matter for that operator (for example a registry or
      registrar portal, or a future EPP extension for domain
      registrations) and is out of scope for this document. Registry
      operators SHOULD validate that a designated server responds with
      conformant RDAP for the holder's resources before emitting
      referrals to it.</t>
      <t>Referrals shift availability for subordinate data to the
      holder. A holder-designated server that is unreachable affects
      only the additional, subordinate data it would have served; the
      registry operator's own responses are unaffected.</t>
    </section>

    <section anchor="security">
      <name>Security Considerations</name>
      <t>Data served by a holder-designated server is asserted by the
      holder, not by the registry operator. Clients presenting such data
      SHOULD distinguish its provenance from registry-held data. The
      strict subordination rule in <xref target="mechanism"/> prevents a
      holder from asserting data about resources it does not hold.</t>
      <t>Because queries for subordinate resources reach the holder's
      infrastructure, the holder can observe interest in its own
      resources. This is comparable to the visibility a DNS operator
      already has for its own zones, but clients with confidentiality
      requirements can decline to follow referrals.</t>
      <t>The security considerations of <xref target="RFC7480"/> and
      <xref target="I-D.ietf-regext-rdap-referrals"/> apply.</t>
    </section>

    <section anchor="iana">
      <name>IANA Considerations</name>
      <t>If the working group prefers a dedicated link relation for
      holder referrals (for example "rdap-resource-holder"), that
      relation would be registered in the IANA Link Relations registry,
      which requires a specification; the registration could live in
      this document or in
      <xref target="I-D.ietf-regext-rdap-referrals"/>. If existing
      relations and the extension machinery of that document are reused
      instead, this document makes no new requests of IANA.</t>
    </section>

    <section anchor="implstatus">
      <name>Implementation Status</name>
      <t>[RFC Editor: please remove this section before publication.]</t>
      <t>A holder-side implementation is in production operation. The
      registrant of whisper.online and holder of an IPv6 allocation
      operates a conformant RDAP service (rdap.whisper.online) serving
      per-name and per-address objects for programmatically provisioned
      subordinate names and IPv6 /128 assignments, each response
      carrying an up link to the corresponding parent object at the
      registry. The registry-side referral described in this document is
      the missing hop; a proposal for the number-resource side was
      posted to the RIPE Database Working Group in July 2026.</t>
    </section>
  </middle>

  <back>
    <references>
      <name>References</name>
      <references>
        <name>Normative References</name>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.7480.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9082.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9083.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9910.xml"/>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-regext-rdap-referrals.xml"/>
      </references>
      <references>
        <name>Informative References</name>
        <xi:include href="https://bib.ietf.org/public/rfc/bibxml/reference.RFC.9224.xml"/>
      </references>
    </references>
    <section anchor="ack" numbered="false">
      <name>Acknowledgements</name>
      <t>The number-resource half of this idea was first discussed on
      the RIPE Database Working Group mailing list, and the author
      thanks the participants in that thread. The referral mechanics
      here deliberately build on the work of Gavin Brown and Andy
      Newton in <xref target="I-D.ietf-regext-rdap-referrals"/>.</t>
    </section>
  </back>
</rfc>
