Independent Submission A. Durand
Internet-Draft ICANN
Intended status: Experimental R. Bellis
Expires: January 26, 2018 ISC
July 25, 2017

DOA over DNS



This document defines a DOA RR type to implement the Digital Object Architecture over DNS.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on January 26, 2018.

Copyright Notice

Copyright (c) 2017 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents ( in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Introduction

This document defines an RR type to implement an architecture similar to the Digital Object Architecture [ITU-X.1255] within the DNS. Each DOA RR contains an object type that might be opaque and private to the producer and the consumer of the data and either the data (if small enough to fit in the RR) or a pointer on how to retrieve the actual data.

2. Terminology

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “NOT RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. The DOA Resource Record

3.1. Description

The Type value for the DOA RR is TBD. The DOA RR is class independent. No special processing is required within DNS servers or libraries.

The RDATA of the resource record comprises of five fields: DOA-ENTERPRISE, DOA-TYPE, DOA-MEDIA-TYPE, DOA-LOCATION and DOA-DATA.

3.1.1. Enterprise and Type fields

The DOA-ENTERPRISE and DOA-TYPE fields are combined to indicate the semantic type of the DOA record being represented by the RR. That semantic is private to the producer of data hosted on an authoritative DNS server and the application software using a DNS stub resolver to retrieve it.

The DOA-ENTERPRISE field uses values as specified in the IANA SMI Network Management Private Enterprise Codes Registry [IANA-ENTERPRISE]. An exception to that is that the reserved value of zero (0) is used to indicate that the the DOA-ENTERPRISE is not set.

Some commonly used values of DOA-TYPE are registered in the IANA DOA Type Registry Section 7.1, others are privately defined. As those private types might be used in cross-organization systems, use of the DOA-ENTERPRISE field is RECOMMENDED to disambiguate types.

3.1.2. Location field

The DOA-LOCATION signals how the DOA-DATA field should be interpreted using the values specified in the DOA Location Type Registry Section 7.2.

The value 0 is reserved.

For the value 1 (“Local”), the DOA-DATA contains the actual DOA object.

For the value 2 (“URI”) the DOA-DATA contains a UTF-8 encoded string representing the URI from which the DOA object can be obtained.

For the value 3 (“HDL”) the DOA-DATA contains a UTF-8 encoded string representing the handle from the Handle System [RFC3650] from which the DOA object can be obtained.

Other values might be defined in the future, for example for NFS, LDAP, etc…

DNS software implementing the DOA RR type MUST NOT drop or otherwise refuse to handle the DOA RRs containing an unknown or unsupported DOA-location and MUST treat the DOA-DATA portion of the RR as an abstract opaque field.

3.1.3. Media Type

The DOA-MEDIA-TYPE field contains the Internet media type [RFC6838] for the DOA object represented by this record.

If a non-Local object is retrieved over a protocol that supports inclusion of a media type value (e.g. an HTTP Content-Type header) then the client MUST use that value (if supplied) in preference to any value specified inside this resource record. In such case, the DOA-MEDIA-TYPE MAY be set to NULL, length 0.

3.1.4. Data

The DOA-DATA field contains either the object’s data, or some form of reference specifying from where the data can be obtained, per the DOA-LOCATION field above.

3.2. DOA RDATA Wire Format

 0: |                                                               |
    |                        DOA-ENTERPRISE                         |
    |                                                               |
 4: |                                                               |
    |                           DOA-TYPE                            |
    |                                                               |
 8: |         DOA-LOCATION          |         DOA-MEDIA-TYPE        /
10: /                                                               /
    /                  DOA-MEDIA-TYPE (continued)                   /
    /                                                               /
    /                                                               /
    /                           DOA-DATA                            /
    /                                                               /

DOA-ENTERPRISE: a 32-bit unsigned integer in network order.

DOA-TYPE: a 32-bit unsigned integer in network order.

DOA-LOCATION: an 8-bit unsigned integer.

DOA-MEDIA-TYPE: A <character-string> (see [RFC1035]). The first octet of the <character-string> contains the number of characters to follow.

DOA-DATA: A variable length blob of binary data. The length of the DOA-DATA is not contained within the wire format of the RR and has to be computed from the RDLENGTH of the entire RR once other fields have been taken into account.

3.3. DOA RDATA Presentation Format

The DOA-ENTERPRISE field is presented as an unsigned 32-bit decimal integer with range 0 - 4,294,967,295.

The DOA-TYPE field is presented as an unsigned 32-bit decimal integer with range 0 - 4,294,967,295.

The DOA-LOCATION field is presented as an unsigned 8-bit decimal integer with range 0 - 255.

The DOA-MEDIA-TYPE field is presented as a single <character-string>.

The DOA-DATA is presented as Base64 encoded data [RFC3548]. White space is permitted within the Base64 data.

4. Security Considerations

The use of DNSSEC is encouraged to protect the integrity of the data contained in the DOA RR type.

5. Privacy Considerations

Personally identifiable information (PII) data appearing in the DOA-DATA field SHOULD be encrypted.

6. Operational consideration

Some DOA records might contain large data that is only of interest to a single party, as such, caching those records does not provide much benefits and could be considered a denial of service attack on the caching resolver infrastructure. It is thus RECOMMENDED that the TTL associated with large DOA RRs be set as small as possible to avoid caching.

7. IANA Considerations

7.1. DOA Type Registry

IANA are requested to create the DOA Type Registry with initial contents as follows:

Value Name Specification
0 Reserved - cannot be assigned RFC-TBD1
1 contact email RFC-TBD1
2 contact website RFC-TBD1
3 contact telephone RFC-TBD1
4 - 99 Unassigned
100 public key RFC-TBD1
101 - 99,999 Unassigned
100000 - Reserved for Private Use RFC-TBD1

Assignments in the 1-99,999 range in this registry require Expert Review.

7.2. DOA Location Type Registry

IANA are requested to create the DOA Location Type Registry with initial contents as follows:

Value Location Specification
0 Reserved - cannot be assigned RFC-TBD1
1 Local RFC-TBD1
4 - 199 Unassigned
200 - 254 Reserved for Private Use RFC-TBD1
255 Reserved - cannot be assigned RFC-TBD1

Assignments in the 4-199 range in this registry require Expert Review.

8. Acknowledgments

9. References

9.1. Normative References

[IANA-ENTERPRISE] IANA, "SMI Network Management Private Enterprise Codes Registry", n.d..
[RFC1035] Mockapetris, P., "Domain names - implementation and specification", STD 13, RFC 1035, DOI 10.17487/RFC1035, November 1987.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3548] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 3548, DOI 10.17487/RFC3548, July 2003.
[RFC6838] Freed, N., Klensin, J. and T. Hansen, "Media Type Specifications and Registration Procedures", BCP 13, RFC 6838, DOI 10.17487/RFC6838, January 2013.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017.

9.2. Informative References

[ITU-X.1255] ITU, "Framework for discovery of identity management information", n.d..
[RFC3650] Sun, S., Lannom, L. and B. Boesch, "Handle System Overview", RFC 3650, DOI 10.17487/RFC3650, November 2003.

Authors' Addresses

Alain Durand Internet Corporation for Assigned Names and Numbers 801 17th St NW Suite 400 Washington, DC 20006 USA EMail:
Ray Bellis Internet Systems Consortium, Inc. 950 Charter Street Redwood City, CA 94063 USA Phone: +1 650 423 1200 EMail: