Enhancing the Internet

1
Enhancing the Internets Administrative Look-up
Service

• Mark Kosters
• Andrew Newton
• VeriSign Labs
• NANOG 23, October 2001

2
UWhat?

• Universal Whois
• VeriSign has committed undertaking in agreement
  with ICANN
• Public consultations (3 formal, ongoing informal)
• business, intellectual property holders (Aug
  2001)
• international input (May be at Nov 2001 ICANN
  meeting)
• civil liberties, other ngos (TBD)
• Informal Meetings
• RIPE (Oct 2001)
• NANOG (Oct 2001)
• ARIN (Oct 2001)
• APRICOT (Mar 2002)

3
UWho

• universal whois
• non-centralized
• not specific to particular tld registry
• non-proprietary, open standard as outcome

4
VeriSigns role

• coordinating
• commitment
• listening

5
Part of a bigger picture

• Protocol, if any, to be developed within IETF
  standards body
• whoisfix bof _at_ IETF51
• ietf-whois_at_imc.org
• ietf-not43_at_lists.research.netsol.com
• Policy ICANNs role

6
Exploring Enhancements

• Perhaps the best methods are not on port 43.
• Points of exploration
• Referral LDAP Service take advantage of the
  many LDAP standards.
• XDAP looking at a layered XML approach similar
  to EPP.
• This work actually started before VeriSign
  committed to Appendix W.

7
Goals

• Re-use known technology.
• Dont invent too much
• Does the world really need another application
  transport?
• Does the world really need another schema
  language?
• Structured queries and structured results for
  better machine readability.
• Referrals to bridge domain registries and
  registrars and other needs for entity reference.
• Client authentication to address privacy concerns
• Provide the mechanism, not the policy
• Toolkits should be readily available.

8
Referral LDAP Service

• Uses LDAP to serve up domain information
• Many, many server implementations
• Many, many tools and toolkits
• No new objectclasses, attributes, or syntaxes
  needed for our implementation.
• Works with LDAPv2 and LDAPv3.
• http//www.ldap.research.netsol.com
• DIT structure is outlined in draft-newton-ldap-who
  is-01

9
Our LDAP Work To Date

• A registry LDAP server
• 4 DITs for com,net,org, and edu
• DIT for nameservers
• Over 32 million domains
• A registrar LDAP server
• 4 DITs for com,net,org, and edu
• DITs for nameservers and contacts
• Referrals to registrants
• Demonstration of access control
• Web site
• Web interface to conduct various LDAP queries.
• Examples on using ldapsearch
• LDAP-to-whois gateway for domains
• Open-sourced.
• Uses OpenLDAP.

10
Our LDAP Work

• Client code samples
• Open-sourced graphical clients

11
XDAP

• Only in draft form at present
• Uses layering approach
• Similar to EPP in methodology
• Uses XML Namespaces for extensibility
• Uses XML Schema for definition
• Perhaps see what PROVREG produces and re-use some
  of their object definitions
• Multiple XML layers
• A common schema for talking about commands,
  authentication, referrals, etc
• Information specific layers for refining queries
  and defining results.
• Application transport agnostic.

12
Further Exploration

• RIR and IRR uses
• Can their data/needs be accommodated using the
  current approaches?
• Should this be explored?
• Common indexing.
• More requirements gathering.