Upload
archibald-oconnor
View
214
Download
1
Embed Size (px)
Citation preview
June 6, 2003 1
CRISP Overview and Update
Andrew Newton
VeriSign Labs
June 6, 2003 2
What’s in a Name?
• CRISP – Cross Registry Internet Service Protocol
• Acknowledges that domain registries are not the only types of registries needed for the operational infrastructure of the Internet.
• Focusing on domain name registries while accepting the responsibility to be extensible.
June 6, 2003 3
Some Items covered by CRISP
• Access– Different answers for different levels of access– The ability to understand the access limits– Controls aimed at preventing data mining
• Standard queries and responses• Referrals
– Indicating where to find data– Passing state with referrals– Using DNS to locate data
June 6, 2003 4
Items NOT covered by CRISP
• Escrow– CRISP recognizes the need for data serialization, but
that is only one piece of the puzzle for escrow.
• Communications between registry operators– CRISP is about communicating with the end-user
• Definitions of access levels– The CRISP protocol will be able to support multiple
levels of access, but it does not define them.
June 6, 2003 5
CRISP Goals
• The protocol should define the mechanisms to allow for various policies.
• The protocol should not define policy.• Allow for data to be decentralized, but
define how to find it.• Define uniform queries and responses.• Provide access control mechanisms.• Enable better internationalization.
June 6, 2003 6
CRISP non-Goals
• Backwards compatibility with nicname/whois on port 43.
• Provisioning or modification of data.
June 6, 2003 7
CRISP Requirements
• draft-ietf-crisp-requirements-05– http://www.ietf.org/internet-drafts/draft-ietf-cri
sp-requirements-05.txt
• Lists the consensus of the working group on what needs to be done.
• The extensive effort documents:– the protocol requirements– the service context in which they occur
June 6, 2003 8
Requirements Sections
• The CRISP functional requirements are broken down into two sections:– requirements that are general to many types of
Internet registries– requirements that are specific to domain name
registries
• The CRISP feature requirements are derived from the functional requirements.
June 6, 2003 9
What is the WG doing now?
• The working group has reached consensus on the requirements and has asked for review by the IESG.
• There are two technical protocol proposals before the working group.
• A matrix has been created to judge the proposals against the requirements.
June 6, 2003 10
The Two Proposals
• IRIS– draft-ietf-crisp-iris-core-01– draft-ietf-crisp-iris-dreg-01– draft-ietf-crisp-iris-areg-01– draft-ietf-crisp-iris-beep-01
• FIRS– draft-ietf-crisp-firs-arch-01– draft-ietf-crisp-firs-core-01– draft-ietf-crisp-firs-dns-01– draft-ietf-crisp-firs-dnsrr-01– draft-ietf-crisp-firs-contact-01– draft-ietf-crisp-firs-ipv4-01– draft-ietf-crisp-firs-ipv6-01– draft-ietf-crisp-firs-asn-01
June 6, 2003 11
Other Work
• There are discussions with the address registries regarding their requirements.– And they have reviewed the CRISP
requirements and are reviewing the protocol proposals.
• Two tangentially related drafts:– draft-daigle-iris-credreg-00– draft-newton-iris-lightweight-00
June 6, 2003 12
IRIS
• XML-based– Uses XML Schemas for definition.– Uses XML namespaces for dividing the various
types of registries.
• Queries and results are explicit in the XML syntax.
• Uses BEEP as the default transport.– Which uses SASL for authentication.
June 6, 2003 13
FIRS
• LDAP-based– Uses a mixture of new object classes and
currently defined object classes.– Uses different branches of the DIT for dividing
the various types of registries.
• Queries use the LDAP query syntax.
• LDAP has some basic authentication but also uses SASL for newer methods.
June 6, 2003 14
SASL
• Simple Authentication and Security Layer• Defines a common framework for various
authentication methods and security facilities.– SSL/TLS for client & server authentication and
encryption with digital certificates.– MD5 Digest authentication for sending passwords over
an unencrypted session.– One-Time-Password authentication for limited client or
server trust.– And anonymous for no passwords.
June 6, 2003 15
All this technical jargon is interesting, but what does it mean
to a policy maker?
June 6, 2003 16
More Possibilities
• The CRISP working group is building a better lock…
• But they will not be making the decisions about who gets the keys.
• To bridge the gap between protocol and policy, a document describing what is technically possible may aid in developing policy.