Transcript CRISP Overview and Update

CRISP Overview and Update
Andrew Newton
VeriSign Labs
[email protected]
June 6, 2003
1
What’s in a Name?
• CRISP – Cross Registry Internet Service
Protocol
• Acknowledges that domain registries are
not the only types of registries needed for
the operational infrastructure of the Internet.
• Focusing on domain name registries while
accepting the responsibility to be extensible.
June 6, 2003
2
Some Items covered by CRISP
• Access
– Different answers for different levels of access
– The ability to understand the access limits
– Controls aimed at preventing data mining
• Standard queries and responses
• Referrals
– Indicating where to find data
– Passing state with referrals
– Using DNS to locate data
June 6, 2003
3
Items NOT covered by CRISP
• Escrow
– CRISP recognizes the need for data serialization, but
that is only one piece of the puzzle for escrow.
• Communications between registry operators
– CRISP is about communicating with the end-user
• Definitions of access levels
– The CRISP protocol will be able to support multiple
levels of access, but it does not define them.
June 6, 2003
4
CRISP Goals
• The protocol should define the mechanisms
to allow for various policies.
• The protocol should not define policy.
• Allow for data to be decentralized, but
define how to find it.
• Define uniform queries and responses.
• Provide access control mechanisms.
• Enable better internationalization.
June 6, 2003
5
CRISP non-Goals
• Backwards compatibility with
nicname/whois on port 43.
• Provisioning or modification of data.
June 6, 2003
6
CRISP Requirements
• draft-ietf-crisp-requirements-05
– http://www.ietf.org/internet-drafts/draft-ietfcrisp-requirements-05.txt
• Lists the consensus of the working group on
what needs to be done.
• The extensive effort documents:
– the protocol requirements
– the service context in which they occur
June 6, 2003
7
Requirements Sections
• The CRISP functional requirements are
broken down into two sections:
– requirements that are general to many types of
Internet registries
– requirements that are specific to domain name
registries
• The CRISP feature requirements are derived
from the functional requirements.
June 6, 2003
8
What is the WG doing now?
• The working group has reached consensus
on the requirements and has asked for
review by the IESG.
• There are two technical protocol proposals
before the working group.
• A matrix has been created to judge the
proposals against the requirements.
June 6, 2003
9
The Two Proposals
• IRIS
–
–
–
–
draft-ietf-crisp-iris-core-01
draft-ietf-crisp-iris-dreg-01
draft-ietf-crisp-iris-areg-01
draft-ietf-crisp-iris-beep-01
• FIRS
–
–
–
–
–
–
–
–
draft-ietf-crisp-firs-arch-01
draft-ietf-crisp-firs-core-01
draft-ietf-crisp-firs-dns-01
draft-ietf-crisp-firs-dnsrr-01
draft-ietf-crisp-firs-contact-01
draft-ietf-crisp-firs-ipv4-01
draft-ietf-crisp-firs-ipv6-01
draft-ietf-crisp-firs-asn-01
June 6, 2003
10
Other Work
• There are discussions with the address
registries regarding their requirements.
– And they have reviewed the CRISP
requirements and are reviewing the protocol
proposals.
• Two tangentially related drafts:
– draft-daigle-iris-credreg-00
– draft-newton-iris-lightweight-00
June 6, 2003
11
IRIS
• XML-based
– Uses XML Schemas for definition.
– Uses XML namespaces for dividing the various
types of registries.
• Queries and results are explicit in the XML
syntax.
• Uses BEEP as the default transport.
– Which uses SASL for authentication.
June 6, 2003
12
FIRS
• LDAP-based
– Uses a mixture of new object classes and
currently defined object classes.
– Uses different branches of the DIT for dividing
the various types of registries.
• Queries use the LDAP query syntax.
• LDAP has some basic authentication but
also uses SASL for newer methods.
June 6, 2003
13
SASL
• Simple Authentication and Security Layer
• Defines a common framework for various
authentication methods and security facilities.
– SSL/TLS for client & server authentication and
encryption with digital certificates.
– MD5 Digest authentication for sending passwords over
an unencrypted session.
– One-Time-Password authentication for limited client or
server trust.
– And anonymous for no passwords.
June 6, 2003
14
All this technical jargon is
interesting, but what does it mean
to a policy maker?
June 6, 2003
15
More Possibilities
• The CRISP working group is building a better
lock…
• But they will not be making the decisions about
who gets the keys.
• To bridge the gap between protocol and policy, a
document describing what is technically possible
may aid in developing policy.
June 6, 2003
16