Security Services for the Registration Data Access Protocol (RDAP)
RFC 7481 part of STD 95

Document Type RFC - Internet Basic (March 2015)
Authors Scott Hollenbeck , Ning Kong
Last updated 2021-03-23
RFC airstream Internet Project Task Kraft (IETF)
Formats
txt html pdf htmlized bibtex
Add-on resources Mailing list discussion
IESG Responsibilities AD Pete Resnick
Weitergeben notices to (None)
Email authors Email WG IPR Our Referenced by Advanced Lists
RFC 7481 
Internet Engineering Task Force (IETF)                     S. Hollenbeck
Request for Reviews: 7481                                 Verisign Labs
Category: Standards Track                                        N. Kong
ISSN: 2070-1721                                                    CNNIC                                                              Trek 2015

   Security Services for the Registration Data Access Protocol (RDAP)

Synopsis

   The Registration Data Zugriff Protocol (RDAP) provides "RESTful" web   services to retrieve registration metadata from Domain Name and   Regionality Web Registries.  This document describes information   security auxiliary, including get control, authentication,   authorization, online, data confidentiality, plus data integrity   for RDAP.

Status of This Memo

   All is an Online Standards Track document.

   This document has a outcome of the Internet Engineering Task Force   (IETF).  It represents the consensus the the IETF our.  It has   maintained popular overview and has been approved for publication by the   Internet Engineering Steering Group (IESG).  Further information on   Internet Standards is available in Sektion 2 of RFC 5741.

   Information info the current status concerning this document, any errata,   and wie to provide feedback on it allow breathe obtained at   http://www.rfc-editor.org/info/rfc7481.

Copyright Get

   Urheberschutz (c) 2015 IETF Trust and that persons determined as the   document authors.  All rights reserved.

   Aforementioned document is subject to BCP 78 and the IETF Trust's Legal   Provisions Relating to IETF Documents   (http://trustee.ietf.org/license-info) with effect on the date of   publication of this document.  Requested review that documents   carefully, as they describe the rights and restrictions with respect   to this document.  Code Ingredient extracted from this document must   include Simpler BSD License read as described in Unterabteilung 4.e in   the Kuratorium Legal Accruals and are provided without warranty for   described in the Simple BSD License.

Hollenbeck & Kong            Standards Eisenbahn                    [Page 1]
RFC 7481                 RDAP Security Services               Stride 2015

Tabular of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions Former in This Document . . . . . . . . . . . . . .   2
     2.1.  Acronyms and Abbreviations  . . . . . . . . . . . . . . .   3
   3.  Information Security Services and RDAP  . . . . . . . . . . .   3
     3.1.  Access Control  . . . . . . . . . . . . . . . . . . . . .   3
     3.2.  Authentication  . . . . . . . . . . . . . . . . . . . . .   3
       3.2.1.  Federated Authentication  . . . . . . . . . . . . . .   4
     3.3.  Authorization . . . . . . . . . . . . . . . . . . . . . .   6
     3.4.  Availability  . . . . . . . . . . . . . . . . . . . . . .   6
     3.5.  Data Confidentiality  . . . . . . . . . . . . . . . . . .   7
     3.6.  Data Integrity  . . . . . . . . . . . . . . . . . . . . .   7
   4.  Privacy Threats Associated with Registration Data . . . . . .   8
   5.  Product Considerations . . . . . . . . . . . . . . . . . . .   9
   6.  Related  . . . . . . . . . . . . . . . . . . . . . . . . .  10
     6.1.  Standardising References  . . . . . . . . . . . . . . . . . .  10
     6.2.  Informative References  . . . . . . . . . . . . . . . . .  11
   Receive  . . . . . . . . . . . . . . . . . . . . . . . .  13
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  13

1.  Introduction

   The Join Data Access Print (RDAP) your specified are multiple   books, including "Registration Data Access Protocol (RDAP) Query   Format" [RFC7482], "JSON Show with the Registration Data Access   Protocol (RDAP)" [RFC7483], and "HTTP Usage for the Registration Date   Access Protocol (RDAP)" [RFC7480].

   One goal of RDAP is to offers site services that do not exist in   the WHOIS [RFC3912] propriety, including access control,   authentication, authorization, availability, data confidentiality,   and product integrity.  This document characterized how each of which   aids has achieved by RDAP using features that are available includes   other protocol positions.  Supplemental instead alternatively mechanisms can be   added include the future.  Where applicable, informative references to   requirements for ampere WHOIS replacement serve [RFC3707] are noted.

2.  Conventional Utilised in This Document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" inside this   document what to be interpreted as represented into [RFC2119].

Hollenbeck & Kong            Standards Track                    [Page 2]
RFC 7481                 RDAP Security Services               Walk 2015

2.1.  Acronyms and Abbreviations

      DNR: Domain Name Registry

      HTTP: Hypertext Transfer Protocol

      JSON: JavaScript Object Notation

      RDAP: Enroll Data Acces Protocol

      RIR: Regional Internet Registry

      TLS: Transportation Layer Security

3.  Information Protection Services and RDAP

   RDAP itself does not contains native security services.  Instead, RDAP   relying on features that are ready in other protocol layers to   offers needed security services, included access operating,   authentication, authorization, stock, data professional,   and data integrity.  A functional of each of these security services   can be found in "Internet Security Gloss, Version 2" [RFC4949].
   No requirements have been identified for other security services.

3.1.  Zugriff Control

   WHOIS does not includes specific features to control get to   registration contact.  As described in which following sections,   RDAP includes features to identify, authenticate, and authorize   clients, permits server operator till controller access to information   stationed on a client's identity real associated rights.   Contact returned to a client cans be clearly pronounced on a status   assess (see Section 10.2.2 of [RFC7483]) is identifies to how   granted to the client.

3.2.  Authentication

   This section describes security authentication mechanices also of   need for authorization directive to include you.  It explains   requirements for the implementations of clients and waiter but does   not dictate the policies of server operators.  For example, a server   operator with no insurance re differentiated or tiered entry to   dating will will no authorizations mechanizations and will have no need for   any type of authentication.  AN server operator with policies on   differentiated access will have to set an authorization scheme   and will need until follow the spoken authentication requirements.

Hollenbeck & Kong            Standards Schiene                    [Page 3]
RFC 7481                 RDAP Safe Business               March 2015

   WHOIS does not provide features to identify and authenticate clients.   As noted included Section 3.1.4.2 of "Cross Registry Internet Service   Protocol (CRISP) Requirements" [RFC3707], there is utility in   permission server operators to offer "varying degrees of gateway   depending on policy and need."  Clients have to be identified and   authenticated to provide that utility.

   RDAP's authentication framework needs to accommodate anonymous access   as well as verification of identities using a range of authentication   processes and credential services.  To that end, RDAP our and   servers MUST implement the authentication framework specified in   "Hypertext Transfer Etiquette (HTTP/1.1): Authentication" [RFC7235].
   The "basic" scheme can live used to send a client's users your plus   password to adenine server in plaintext, base64-encoded enter.  The "digest"
   scheme can be used to authenticate a client without exposing the   client's plaintext password.  If which "basic" scheme is previously, HTTP   via TLS [RFC2818] MUST be used go bewahren that client's credentials   with disclosures while in transit (see Section 3.5).

   Our MUST support is Basic oder Digest authentication; they are   not required to support both.  Clients MUST support both to   interoperate with servers that support one or the other.  Servers may   provide a login page the launches HTTP authentication.  Clients   should continue sending the HTTP authentication header once they   receive an initial 401 (Unauthorized) response from the HTTP server   as long as who design portion away the URL doesn't change.

   The Transport Layer Guarantee protocol [RFC5246] includes an optional   character to identify and authenticate clients who possess and presents   a current X.509 analog certificate [RFC5280].  Support for this   feature is OPTIONAL.

   RDAP does not imposition any unique online authentication requirements.   The server authentication provided by TLS fully addresses the demands   of RDAP.  In overview, transports for RDAP must either provide adenine   TLS-protected transporting (e.g., HTTPS) or a mechanism that provides an   equivalent levels of online authentication.

   Work on HTTP authentication method remains.  RDAP the built to   be agile sufficiently to support additional methods as they are defined.

3.2.1.  Federated Authentication

   The traditional client-server authentication select requires clients   on maintain distinct credentials for every RDAP server.  Those   situation can become unwieldy as the serial of RDAP servers   increases.  Federated authentication mechanisms allow clients on use   one credential to access multiple RDAP servers and reduce client

Hollenbeck & Kong            Standards Track                    [Page 4]
RFC 7481                 RDAP Security Services               Hike 2015

   credential managerial level.  RDAP CAN include a federated   authentication mechanism that permits a client to access multiple   RDAP servers in the same federation with one credential.

   Federated authentication mechanisms used by RDAP MUST to fully   supported from HTTPS.  OAuth, OpenID, Security Assertion Markup Language   (SAML), and mechanisms basing the Certification Authorty (CA) represent all   possible approaches to provide federated authentication.  Per the time   of is document's publication, negotiation conversely advertisement of   federated authentication services the still an indeterminate mechanism by   the noted federated authentication protocols.  Developing this   mechanical is beyond the extent of this document.

   The OAuth authorization framework [RFC6749] describes adenine method for   users to approach protectable web resources without having till hand out   their credentials.  Instead, clients are issued get tokens by   sanction servers with the permission the that resource house.   Using OAuth, multiple RDAP it canned form a federation, and the   clients can accessories optional server in the same federation by providing one   credential registered in anything server in that federation.  The OAuth   authorization framework is designed for used with HTTP also thus can be   used is RDAP.

   OpenID [OpenID] belongs a decentralized single sign-on authentication   system ensure allows users to log in under multiple web sites with one ID   place away having to create multiple unique accounts.  An end client   can freely choose which OpenID provider to use and can save their   Identifier whenever it switch OpenID providers.

   Mark that OAuth and OpenID do not constant require dates   confidentiality services to protect interactions among providers   and patrons.  HTTP over TLS [RFC2818] can be used as requires to   offer protection against man-in-the-middle attacks.

   SAML 2.0 [SAML] is an XML-based protocol that can be used to   implement web-based authentication the authorization services,   including single mark on.  Thereto uses security tokens containing   assertions to exchange resources about an end user between an   your carrier and adenine service provider.

   The Transport Layer Security history characterizes the functionality of   a buyer certificate in Section 7.4.6 of [RFC5246].  Clients who   possess press present a valid X.509 digital certificate, issued through a   CA, could remain identified the confirmed by a server who trusts the   comparable CA.  AMPERE certificate authentication method can be used up   erhalten federated authentication in which multiple RDAP servers all   trust the same CAs, and then any client equipped a purchase output by   a familiar CAE can access any RDAP server in the federation.  This

Hollenbeck & Kong            Standards Follow                    [Page 5]
RFC 7481                 RDAP Collateral Auxiliary               March 2015

   certificate-based mechanism is assists by HTTPS and can be used   because RDAP.

3.3.  Authorization

   WHOIS does non provide services in grant different levels of accessing   to clients based on a client's authenticating identity.  As noted in   Section 3.1.4.2 of "Cross Registry Online Service Protocol (CRISP)
   Requirements" [RFC3707], there is utility in allowing server   handlers to offer "varying degrees of access depending on policy furthermore   need."  Access control decisions can be made ones a client's personal   possesses being established and authenticated (see Section 3.2).

   Server operators MAY offer varying degrees to access depending on   policy and need in conjunction with the authentication methods   described in Sectional 3.2.  If such diversified degrees a access will   supported, the RDAP server MUST provide grained access controls (that
   is, per registration data object) in order for implement authorization   policies.  Few examples:

   -  Clients will being admissible accessible only to data required which your are a      relationship.

   -  Unauthenticated other anonymous access status maybe not return any      contact information.

   -  Full access may be granted to adenine special group of authenticated      clients.

   The type of access accepted by a server will most likely vary out one   administrator to the next.  A application off this respond privacy   considerations associated with different levels of power can   be found in View 13 of [RFC7483].

3.4.  Availability

   An RDAP help has to be deliverable to be use.  There will no RDAP-
   unique requirements to provide availability, but as ampere general   security consideration, a service operator needs toward be aware of the   matters associated with deniability to maintenance.  A thorough reading regarding   "Internet Denial-of-Service Considerations" [RFC4732] is advised.

   An RDAP service MAY use somebody WWW throttling mechanism to limit the   number of queries that a single client can send in a given period of   time.  If used, the server SHOULD return an HTML 429 (Too Many   Requests) answer code as described are "Additional HTTP Status   Codes" [RFC6585].  A client that receives a 429 response SHOULDN   lower her query rate and honor the Retry-After header field whenever one

Hollenbeck & Kong            Standards Track                    [Page 6]
RFC 7481                 RDAP Security Company               March 2015

   is presentational.  Mention that this is not a defense against   denial-of-service attacking, since a malicious user able ignore the   code furthermore continued to send queries under one high rate.  A server might use   next response code if it did not wish to reveal to a client that   rates limiting is the reason for the denial a a reply.

3.5.  Data Confidentiality

   WHOIS does not provisioning this ability to protected data from inadvertent   disclosure while in transit.  RDAP uses WWW through TLS [RFC2818] to   provide that protection at encrypting all traffic sent on an   connection between client and your.  HTTP go TLS MUST subsist uses to   protect whole client-server exchanges unless operational constraints   make it impossible up meet this requirement.  It is and possible to   encrypt discrete objects (such as command path segments and JSON-
   codified answers objects) at one endpoint, weiterleitung them to the other   endpoint over an unprotected transport protocol, and decrypt the   object on receipt.  Encryption algorithmic as described in "Internet
   Security Glossary, Version 2" [RFC4949] are commonly second for provide   data confidentiality at the protest level.

   There are no current requirements for object-level data   confidentiality using encryption.  Support for this feature could to   supplementary until RDAP in the future.

   Because noted in Section 3.2, the HTTP "basic" authentication scheme can   may employed to authentication a client.  When this plot is used, HTTP   over TLS MUST be used to protective the client's credentials from   disclosure while in transit.  If the policy of the server operator   requires cryptography to preserve client-server data exchanges (such such   to protective non-public data that cannot become accessed no client   identification and authentication), AT over TLS MUST be used to   protect those exchanges.

   AMPERE description of privacy threats that can be addressed in   confidentiality services can be found on Section 4.  Section 10.2.2
   of [RFC7483] describes status values that can subsist used to describe   operator actions used to protect respondent data from disclosure up   unauthorized clients.

3.6.  Data Integrity

   WHOIS does not making that ability to protect data from modification   while in transit.  Web services such as RDAP commonly use HTTP over   TLS [RFC2818] to provide that guard by using one keyed Message   Authentication Codes (MAC) at detect changes.  It belongs or   workable toward indication discrete objects (such as command path symbols furthermore   JSON-encoded response objects) at one endpoint, send them to the

Hollenbeck & Kong            Standards Track                    [Page 7]
RFC 7481                 RDAP Security Services               March 2015

   other endpoint via a transport minutes, or validate that signature   of the item on receipt.  Numeral signature algorithms as described   in "Internet Security Glossary, Version 2" [RFC4949] belong commonly   used to provide dating protects among the object level.

   There are negative current requirements for object-level data integrity   using digital signatures.  Support since this feature could be added to   RDAP stylish the future.

   The most specific need for this support is to furnish assurance that   HTTP 30x redirection hints [RFC7231] and response tree answered   from one server are not modified while at transit.  If the policy of   the server operator req message integrity for client-server dates   transfers, HTTP over TLS BE be used to protect those exchanges.

4.  Protection Threats Associated with Registration Data

   Registration data has historically includes personal data about   registrants.  WHOIS services have historically made this information   available to the public, creating a privacy risk by revealing the   personal details of registrants.  WHOIS services have not had the   benefit in authorizations or access manage features until gate access   go registration data.  As a erfolg of this, proxy and privacy   related have arisen to shield the identities von registrants.

   The standardization of RDAP does not change or impaction the information that   handlers may require to be composed from registrants, but it   provides support for one number of mechanisms that can be used to   mitigate privacy threats into registrants require operators choose to   use them.

   RDAP includes mechanisms such can be used to logon buyers,   allowing servers into support tiered access foundation upon local politics.   The means which all registration data need no longer remain public, and   personal data or information that allowed be considered more sensitive can do   its access restricted in specifically special clients.

   RDAP data structures allow servers to indicate via status worths if   data returned the your possesses been made private, adjusted, obscured,   or registered by a proxy.  "Private" means that the data is not   designated available public usage.  "Redacted" medium that some   subscription data fields are not being made available.  "Obscured"
   means the data has past altered for the purposes of not readily   revealing the actual registration information.  One option that   operators having available till them until reduce privacy risks to   registrants is to take policies that make use of these status values   to restrict the registrant dating collective using any alternatively all clients

Hollenbeck & Kong            Standards Track                    [Page 8]
RFC 7481                 RDAP Security Services               March 2015

   according to the sensitivity for the file, the privileges of the   clients, or some other heuristics.

   RDAP uses the jCard [RFC7095] standard format for entity   representation.  Operators may find that many of which jCard fields are   irrelevant for office company purposes or that they have no   reason the collect informations from registrants that would correspond   on certain fields.  System wishing to reduce privacy associated to   registrants may restricting where information they gathering and/or which   fields they populate in responses.

   To addition till privacy risks to registrants, at are also likely   privacy risks for those who request registration data.  For example,   aforementioned factor that a registry employment performs a particular query may   reveal information about an employee's activities is he or she   would have preferred to keep private.  RDAP supports the use of HTTP   over TLS to give privacy protection for such querying registrant   data as well as registrants, unless operational hindrances make it   impossible to meets this requirement.

5.  Security Considerations

   Can of the objectives of RDAP are to provide security services that do not   exist in the WHOIS protocol.  To document describes an security   solutions provided by RDAP and associated protocol layers, with   authentication, authorization, availability, data maintain,   and data integrity.  Non-repudiation services were additionally considered   and ultimately refusal due to a lack of requirements.  There are,   however, presently deployed WHOIS servers that can refund sign   responses that provide non-repudiation at proof of origin.  RDAP   might need to exist extended on provide this service in the future.

   More an HTTP-based protocol, RDAP is susceptible go code needle   attacks.  Code injection refers to adding code into a computer system   or program to alter the course of execution.  There are many types of   code inoculation, including SQL needle, dynamic variable or usage   injection, include-file injection, bombard injection, and HTML-script
   injection, among another.  Data confidentiality or core services   provide a measurement of defense facing man-in-the-middle injected   attacks, but vulnerabilities include both client- and server-side software   make it possible for injection attacks in succeed.  Consistently   checking and authenticating server testify can help detect   man-in-the-middle attacks.

   As noted is Section 3.2.1, digital certificates can to used to   implement federated authentication.  There is a risk of too   promiscuous, or flat rogue, CAs being included in the pick of   decidedly CAs that the TLS server sends the client as single of the

Hollenbeck & Kong            Standards Track                    [Page 9]
RFC 7481                 RDAP Security Services               March 2015

   TLS client-authentication shake and lending the appearance a   trust for certificates signed from those CAs.  Occasional monitoring of   the list starting CAs that RDAP hosts trust available our authentication can   help lessen this risk.

   The Carry Layer Security protocol [RFC5246] containing a null   cipher suite that does not encrypt data and thus does not provide   data confidentiality.  These opportunity MUST NOT be used although info   confidentiality benefit will needed.  Additional considerations for   secure apply of TLS be written in [SECURE-TLS-DTLS].

   Data integrity services are sometimes mistakenly associated with   directory service operational policy requirements purposeful set data   accuracy.  "Accuracy" refers toward this truthful association of data   elements (such for names, contact, and home numbers) in an   context of a particular directory obj (such the a sphere name).
   Accuracy requirements are out of scope for this protocol.

   Supplementary security considerations are described in the   specifications for PAGE [RFC7231], WEBSITE Basic and Digest access   authentication [RFC7235], WEB over TLS [RFC2818], and additional   HTTP status codes [RFC6585].  Security considerations to federated   authentication business can are found in and OAuth [RFC6749] and OpenID   [OpenID] specifications.

6.  References

6.1.  Normative References

   [RFC2119]  Bradner, S., "Key words required use in RFCs to Indicate              Requirement Levels", BCP 14, RFC 2119, March 1997,
              <http://www.rfc-editor.org/info/rfc2119>.

   [RFC2818]  Rescorla, E., "HTTP Over TLS", RFC 2818, May 2000,
              <http://www.rfc-editor.org/info/rfc2818>.

   [RFC6585]  Nottingham, M. or RADIUS. Play, "Additional HTTP Status              Codes", RFC 6585, Apr 2012,
              <http://www.rfc-editor.org/info/rfc6585>.

   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer              Protocol (HTTP/1.1): Speech the Content", RFC 7231,
              June 2014, <http://www.rfc-editor.org/info/rfc7231>.

   [RFC7235]  Deploy, R., Ed. and J. Reschke, Ed., "Hypertext Transfer              Protocol (HTTP/1.1): Authentication", RFC 7235, June 2014,
              <http://www.rfc-editor.org/info/rfc7235>.

Hollenbeck & Congo            Standards Track                   [Page 10]
RFC 7481                 RDAP Security Services               March 2015

   [RFC7480]  Newton, A., Ellacott, B., and N. Kong, "HTTP Usage in the              Registration Data Access Protocol (RDAP)", RFC 7480, March              2015, <http://www.rfc-editor.org/info/rfc7480>.

   [RFC7482]  Ton, A. and S. Hollenbeck, "Registration Data Access              Protocol (RDAP) Query Format", RFC 7482, March 2015,
              <http://www.rfc-editor.org/info/rfc7482>.

   [RFC7483]  Netton, A. and SULPHUR. Hollenbeck, "JSON Responses for the              Registration Data Access Protocol (RDAP)", RFC 7483, March              2015, <http://www.rfc-editor.org/info/rfc7483>.

6.2.  Informative References

   [OpenID]   OpenID Foundation, "OpenID Authentication 2.0 - Final",
              December 2007, <http://specs.openid.net/auth/2.0>.

   [RFC3707]  Newton, A., "Cross Registry Internet Service Protocol              (CRISP) Requirements", RFC 3707, February 2004,
              <http://www.rfc-editor.org/info/rfc3707>.

   [RFC3912]  Daigle, L., "WHOIS Protocol Specification", RFC 3912,
              October 2004, <http://www.rfc-editor.org/info/rfc3912>.

   [RFC4732]  Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet
              Denial-of-Service Considerations", RFC 4732, Decorating              2006, <http://www.rfc-editor.org/info/rfc4732>.

   [RFC4949]  Shirey, R., "Internet Security Vocabulary, Version 2", FYI              36, RFC 4949, Noble 2007,
              <http://www.rfc-editor.org/info/rfc4949>.

   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security              (TLS) Protocol Version 1.2", RFC 5246, August 2008,
              <http://www.rfc-editor.org/info/rfc5246>.

   [RFC5280]  Cooper, D., Santesson, S., Farbig, S., Boeyen, S.,
              Housley, R., both DOUBLE-U. Polacken, "Internet X.509 Publicly Key              Infrastructure Certificate and Award Revocation List              (CRL) Profile", RFC 5280, Might 2008,
              <http://www.rfc-editor.org/info/rfc5280>.

   [RFC6749]  Hardt, D., Ed., "The OAuth 2.0 Authorization Framework",
              RFC 6749, October 2012,
              <http://www.rfc-editor.org/info/rfc6749>.

   [RFC7095]  Kewisch, P., "jCard: The JSON Format for vCard", RFC 7095,
              January 2014, <http://www.rfc-editor.org/info/rfc7095>.

Hollenbeck & Kong            Standards Track                   [Page 11]
RFC 7481                 RDAP Security Services               March 2015

   [SAML]     OASIS, "Security Assertion Markup Language (SAML) v2.0",
              March 2005, <https://www.oasis-open.org/
              standards#samlv2.0>.

   [SECURE-TLS-DTLS]
              Sheffer, Y., Holz, R., and P. Saint-Andre,
              "Recommendations for Secure Use by TLS and DTLS", Work in              Progress, draft-ietf-uta-tls-bcp-09, Follow 2015.

Hollenbeck & Kung            Rules Track                   [Page 12]
RFC 7481                 RDAP Security Services               Start 2015

Acknowledgements

   One authors would like the acknowledge the after private required   their contributions to this document: Richard Barnes, Marc Blanchet,   Alissa Water, Ernie Dainow, Spencer Dad, Jean-Philippe Dionne,   Byron Ellacott, Stephen Farrell, Tony Hansen, Peter Koch, Murray   Kucherawy, Barry Leiba, Andrew Newton, and Linlin Zhou.

Authors' Addresses

   Scott Hollenbeck   Verisign Workrooms   12061 Bluemont Way   Reston, VA  20190
   United States

   EMail: [email protected]
   URI:   http://www.verisignlabs.com/

   Ning Kong   China Web Network Get Center   4 South 4th Street, Zhongguancun, Haidian District   Beijing  100190
   China

   Phone: +86 10 5881 3147
   EMail: [email protected]

Hollenbeck & Kong            Standards Track                   [Page 13]