June 6, 20031 CRISP Overview and Update Andrew Newton VeriSign Labs

Slides:

Advertisements

Similar presentations

RPKI Standards Activity Geoff Huston APNIC February 2010.

Advertisements

Mar Uwho Requirements Gathering Andrew Newton Mark Kosters Leslie Daigle VeriSign Labs APNIC 13, March 2002.

The Internet Registry Information Service (IRIS) Protocol January 12, 2005 Marcos Sanz, DeNIC Andrew Newton, VeriSign Leslie Daigle, VeriSign.

GNSO goals Bruce Tonkin Chair, GNSO Council Sao Paulo, 4 Dec 2006.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

XML Key Management Requirements W3C XML Key Management Working Group Meeting – Dec 9 th, 2001 Frederick Hirsch (Zolera Systems) Mike Just (Entrust)

IRIS: an Intelligent Network capability set for Next Generation Networks Tony Rutkowski VeriSign Andrew Newton

Update on ccTLD Agreements Montevideo 9 September, 2001 Andrew McLaughlin.

Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003.

CCNA – Network Fundamentals

S&I Framework Provider Directories Initiative esMD Work Group October 19, 2011.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

1 Directory related work in the Global Grid Forum 3rd TF-LSD Meeting in Antalya Peter Gietz

Hands-On Microsoft Windows Server 2003 Networking Chapter 1 Windows Server 2003 Networking Overview.

Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Session Policy Framework using EAP draft-mccann-session-policy-framework-using-eap-00.doc IETF 76 – Hiroshima Stephen McCann, Mike Montemurro.

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

CSCI 6962: Server-side Design and Programming

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

Requirements for DSML 2.0. Summary RFC 2251 fidelity Represent existing directory protocols with new transport syntax Backwards compatibility with DSML.

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

Internet-Based Client Access

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

EREG: an Intelligent Network capability set for User and Infrastructure ENUM Tony Rutkowski VeriSign Switzerland Andrew Newton.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Sep 30, 2000XML Workshop Talk, IIT Bombay XML Standardization for Business Applications Dr. Vasudev Kamath Persistent Systems.

CRISP Requirements Discussion draft-ietf-crisp-requirements-02.txt Andrew Newton 55 th IETF, November 19, 2002 Atlanta, GA.

Dynamic Symmetric Key Provisioning Protocol (DSKPP) Mingliang Pei Salah Machani IETF68 KeyProv WG Prague.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

LDAP Directory Services: Security. Directory Security Syllabus  Brief Review of Directories and LDAP  Brief Review of Security  Basic Security Concepts.

SWIM-SUIT Information Models & Services

Module 9: Fundamentals of Securing Network Communication.

1 DHCP Authentication Discussion INTAREA meeting, 70th IETF Vancouver, Canada Jari Arkko and Ralph Droms.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.

VoN September ‘98 1 9/17/98 VoN Standards Update Jonathan Rosenberg Bell Laboratories September 17, 1998.

IETF63 - enum WG1 ENUM validation architecture & friends Alex Mayrhofer enum.at / 3.4.e164.arpa Bernie Höneisen SWITCH.

SHIM6 Protocol Drafts Overview Geoff Huston, Marcelo Bagnulo, Erik Nordmark.

© 2004 VeriSign, Inc. Domain Registry Version 2 (DREG2) Andrew Newton 8 November 2005 IETF 64 CRISP Working Group Vancouver, BC, Canada.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Session Traversal Utilities for NAT (STUN) IETF-92 Dallas, March 26, 2015 draft-ietf-tram-stunbis Marc Petit-Huguenin, Gonzalo Salgueiro.

IRIS and Application Transports Andrew Newton CRISP Working Group 58 th IETF, Minneapolis, MN, USA November 12, 2003.

Module 5: Managing Addresses and Address Lists.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Requirements and Selection Process for RADIUS Crypto-Agility December 5, 2007 David B. Nelson IETF 70 Vancouver, BC.

RFC 2716bis Wednesday, July 12, 2006 Draft-simon-emu-rfc2716bis-02.txt Dan Simon Bernard Aboba IETF 66, Montreal, Canada.

Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:

Basic Security Cor Loef Philips Medical Systems Co-Chair IHE Radiology Technical Committee.

IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.

1 IEEE MEDIA INDEPENDENT HANDOVER DCN: Title: EAP Pre-authentication Problem Statement in IETF HOKEY WG Date Submitted: September,

VIRTUAL SERVERS Chapter 7. 2 OVERVIEW Exchange Server 2003 virtual servers Virtual servers in a clustering environment Creating additional virtual servers.

DOTS Requirements Andrew Mortensen November 2015 IETF 94 1.

Port Based Network Access Control

IEEE SISWG (P1619.3)‏ Messaging & Transport. AGENDA Transport Protocols & Channel Protection Messaging Layer Capability Exchange & Authentication Groups.

Radiology Option for Audit Trail and Node Authentication Robert Horn

S/MIME T ANANDHAN.

Presentation transcript:

June 6, CRISP Overview and Update Andrew Newton VeriSign Labs

June 6, What’s in a Name? CRISP – Cross Registry Internet Service Protocol Acknowledges that domain registries are not the only types of registries needed for the operational infrastructure of the Internet. Focusing on domain name registries while accepting the responsibility to be extensible.

June 6, Some Items covered by CRISP Access –Different answers for different levels of access –The ability to understand the access limits –Controls aimed at preventing data mining Standard queries and responses Referrals –Indicating where to find data –Passing state with referrals –Using DNS to locate data

June 6, Items NOT covered by CRISP Escrow –CRISP recognizes the need for data serialization, but that is only one piece of the puzzle for escrow. Communications between registry operators –CRISP is about communicating with the end-user Definitions of access levels –The CRISP protocol will be able to support multiple levels of access, but it does not define them.

June 6, CRISP Goals The protocol should define the mechanisms to allow for various policies. The protocol should not define policy. Allow for data to be decentralized, but define how to find it. Define uniform queries and responses. Provide access control mechanisms. Enable better internationalization.

June 6, CRISP non-Goals Backwards compatibility with nicname/whois on port 43. Provisioning or modification of data.

June 6, CRISP Requirements draft-ietf-crisp-requirements-05 – crisp-requirements-05.txthttp:// crisp-requirements-05.txt Lists the consensus of the working group on what needs to be done. The extensive effort documents: –the protocol requirements –the service context in which they occur

June 6, Requirements Sections The CRISP functional requirements are broken down into two sections: –requirements that are general to many types of Internet registries –requirements that are specific to domain name registries The CRISP feature requirements are derived from the functional requirements.

June 6, What is the WG doing now? The working group has reached consensus on the requirements and has asked for review by the IESG. There are two technical protocol proposals before the working group. A matrix has been created to judge the proposals against the requirements.

June 6, The Two Proposals IRIS –draft-ietf-crisp-iris-core-01 –draft-ietf-crisp-iris-dreg-01 –draft-ietf-crisp-iris-areg-01 –draft-ietf-crisp-iris-beep-01 FIRS –draft-ietf-crisp-firs-arch-01 –draft-ietf-crisp-firs-core-01 –draft-ietf-crisp-firs-dns-01 –draft-ietf-crisp-firs-dnsrr-01 –draft-ietf-crisp-firs-contact-01 –draft-ietf-crisp-firs-ipv4-01 –draft-ietf-crisp-firs-ipv6-01 –draft-ietf-crisp-firs-asn-01

June 6, Other Work There are discussions with the address registries regarding their requirements. –And they have reviewed the CRISP requirements and are reviewing the protocol proposals. Two tangentially related drafts: –draft-daigle-iris-credreg-00 –draft-newton-iris-lightweight-00

June 6, IRIS XML-based –Uses XML Schemas for definition. –Uses XML namespaces for dividing the various types of registries. Queries and results are explicit in the XML syntax. Uses BEEP as the default transport. –Which uses SASL for authentication.

June 6, FIRS LDAP-based –Uses a mixture of new object classes and currently defined object classes. –Uses different branches of the DIT for dividing the various types of registries. Queries use the LDAP query syntax. LDAP has some basic authentication but also uses SASL for newer methods.

June 6, SASL Simple Authentication and Security Layer Defines a common framework for various authentication methods and security facilities. –SSL/TLS for client & server authentication and encryption with digital certificates. –MD5 Digest authentication for sending passwords over an unencrypted session. –One-Time-Password authentication for limited client or server trust. –And anonymous for no passwords.

June 6, All this technical jargon is interesting, but what does it mean to a policy maker?

June 6, More Possibilities The CRISP working group is building a better lock… But they will not be making the decisions about who gets the keys. To bridge the gap between protocol and policy, a document describing what is technically possible may aid in developing policy.