[1]  Sollins, Karen and Larry Masinter, "Functional Requirements
        for Uniform Resource Names", RFC-1737, Dec. 1994.

   [2]  The URN Implementors, Uniform Resource Names: A Progress Report,
        http://www.dlib.org/dlib/february96/02arms.html, D-Lib Magazine,
        February 1996.




 
RFC 2168            Resolution of URIs Using the DNS           June 1997


   [3]  Moats, Ryan, "URN Syntax", RFC-2141, May 1997.

   [4]  Gulbrandsen, A. and P. Vixie, "A DNS RR for specifying
        the location of services (DNS SRV)", RFC-2052, October 1996.

   [5]  Daniel, Jr., Ron, "A Trivial Convention for using HTTP in URN
        Resolution", RFC-2169, June 1997.

   [6]  URN-WG, "URN Resolution Services", Work in Progress.

   [7]  Moore, Keith,  Shirley Browne, Jason Cox, and Jonathan Gettler,
        Resource Cataloging and Distribution System, Technical Report
        CS-97-346, University of Tennessee, Knoxville, December 1996

   [8]  Paul Vixie, personal communication.

   [9]  Crocker, Dave H. "Standard for the Format of ARPA Internet Text
        Messages", RFC-822, August 1982.

   [10] Orth, Charles and Bill Arms; Handle Resolution Protocol
        Specification, http://www.handle.net/docs/client_spec.html

   [11] Williamson, S., M. Kosters, D. Blacka, J. Singh, K. Zeilstra,
        "Referral Whois Protocol (RWhois)", RFC-2167, June 1997.

   [12] Information Retrieval (Z39.50): Application Service Definition
        and Protocol Specification, ANSI/NISO Z39.50-1995, July 1995.

   [13] IEEE Standard for Information Technology - Portable Operating
        System Interface (POSIX) - Part 2: Shell and Utilities (Vol. 1);
        IEEE Std 1003.2-1992; The Institute of Electrical and
        Electronics Engineers; New York; 1993. ISBN:1-55937-255-9

   [14] Braden, R., "Requirements for Internet Hosts - Application and
        and Support", RFC-1123, Oct. 1989.

   [15] Sollins, Karen, "Requirements and a Framework for URN Resolution
        Systems", November 1996, Work in Progress.














 
RFC 2168            Resolution of URIs Using the DNS           June 1997


Security Considerations
=======================

   The use of "urn.net" as the registry for URN namespaces is subject to
   denial of service attacks, as well as other DNS spoofing attacks. The
   interactions with DNSSEC are currently being studied. It is expected
   that NAPTR records will be signed with SIG records once the DNSSEC
   work is deployed.

   The rewrite rules make identifiers from other namespaces subject to
   the same attacks as normal domain names. Since they have not been
   easily resolvable before, this may or may not be considered a
   problem.

   Regular expressions should be checked for sanity, not blindly passed
   to something like PERL.

   This document has discussed a way of locating a resolver, but has not
   discussed any detail of how the communication with the resolver takes
   place. There are significant security considerations attached to the
   communication with a resolver. Those considerations are outside the
   scope of this document, and must be addressed by the specifications
   for particular resolver communication protocols.

Author Contact Information:
===========================

   Ron Daniel
   Los Alamos National Laboratory
   MS B287