Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003.

Published byBrooklynn Grieve Modified over 9 years ago

Similar presentations

Presentation on theme: "Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003."— Presentation transcript:

1 Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003

2 Past, Present, and Future The Whois policies of today are severely constrained by the Whois protocol of yesterday. In the future, CRISP will allow greater flexibility for policy. The questions should no longer be “How do we do this?” but “What do we want?”

3 The Past Whois was first described in RFC 812 in 1982. –It was titled “Nicname/Whois” –Its IANA port registration is under the “Nicname”. –RFC 812 describes Whois over NCP, not IP. By comparison, the first RFC to describe DNS was published in 1983. RFC 954, the most current specification for Whois, spends more text describing who from ARPANET & MILNET should be in the database than describing the protocol itself.

4 The Present Nicname/Whois is used for many types of data: –domain registration data –IP address allocation data –Routing policy data –others… many we don’t even know about

5 The Present Users Nicname/Whois users are no longer just a couple of node operators on ARPANET. They are: –Intellectual property holders –Law enforcement –Service providers –Network operators –Registrars –Registrants –DNS users –Abusive users

6 The Future The CRISP working group of the IETF is working on a new specification for use by registries of Internet resources. It is applying what we have learned about operating services over the Internet from the 20 intervening years to the problems of today.

7 CRISP Goals Access controls –allows service operators to differentiate between the varying types of users Internationalization (I18N) –provides a user experience beyond ASCII and creates an environment for localization (L10N). Decentralized –facilitates navigation between repositories without requiring aggregation of data

8 Authentication vs. Authorization Authentication – the process used to verify the identity of a user Authorization – the access policies applied to a user based on authentication Authentication mechanisms facilitate authorization schemes.

9 Today’s Authentication Anonymous –because RFC 954 assumes all users to be equal Source IP address –this is an artifact of the Internet Protocol and was never intended as an authentication mechanism Hence, the authorization policies of today are limited.

10 Modern Authentication and Authorization Authentication mechanisms –passwords, one-time passwords, digital certificates, references Authorization schemes –user-based, sequence-based, chain-based, attribute-based, time-based, referee-based

11 Passwords An old idea still valid in today’s world. –Newer technologies allow passwords to be passed securely on unencrypted channels. –The user experience is the same. Passwords allow for the well understood user-based authorization schemes.

12 One-time Passwords One-time password systems are cryptographic mechanisms designed to keep pass phrases from being sent in the clear over unencrypted sessions. –However, their design limits their use to a finite number of authentications with both parties keeping track of the number of uses. –But the user experience is not much different than normal passwords. This allows for sequence-based authorization –access may be changed based on the number of times a user authenticates.

13 Digital Certificates Use a branch of mathematics called public key cryptography to conduct authentication. –Used in conjunction with TLS, they also allow for server authentication and session encryption. Facilitate the following authorization schemes: –user-based –chain-based –attribute-based –time-based

14 Certificate Chains Authorization can be based on one of the certificates in the chain. Example: –If the certificate is signed by the “lea CA” Allow access to all contact data –If the certificate is signed by the “regr CA” Allow access only to all domain and registrant data

15 Attributes in Certificates Information attributes in certificates are cryptographically secure. Example: –If the “Type” attribute in the certificate equals “LEA” Allow access to all contact data –If the “Type” attribute in the certificate equals “Registrar” Allow access only to all domain and registrant data

16 Referrals The CRISP protocols allow a server to pass extra information via a client to a referent server. This information may contain authentication data, thus allowing a referee-based authorization policy.

17 Conclusion CRISP will allow much more than is currently possible with Nicname/Whois. The question should no longer be: –How do we do this? The question should be: –What do we want?

Download ppt "Bridging Technical Possibilities With Policy Technicalities Montreal, QC June 24, 2003."

Similar presentations

The Internet Registry Information Service (IRIS) Protocol January 12, 2005 Marcos Sanz, DeNIC Andrew Newton, VeriSign Leslie Daigle, VeriSign.

The Internet Registry Information Service (IRIS) Protocol January 12, 2005 Marcos Sanz, DeNIC Andrew Newton, VeriSign Leslie Daigle, VeriSign.
IRIS: an Intelligent Network capability set for Next Generation Networks Tony Rutkowski VeriSign Andrew Newton

IRIS: an Intelligent Network capability set for Next Generation Networks Tony Rutkowski VeriSign Andrew Newton
CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.

CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.
ICANN’s Whois Policy: Registry Obligations A “What is ICANN’s Whois Policy” Subteam Presentation By Kathy Kleiman.

ICANN’s Whois Policy: Registry Obligations A “What is ICANN’s Whois Policy” Subteam Presentation By Kathy Kleiman.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.

APNIC Member Services George Kuo. MyAPNIC 2 What is MyAPNIC A secure Member services website Internet resources management, for example: –Whois updates.
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.

SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
Bangkok October 2005 Slide 1 Whois Services Jaap Akkerhuis

Bangkok October 2005 Slide 1 Whois Services Jaap Akkerhuis
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.

Resource Certificate Profile SIDR WG Meeting IETF 66, July 2006 draft-ietf-sidr-res-certs-01 Geoff Huston Rob Loomans George Michaelson.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Similar presentations

Ads by Google