[dnssec-deployment] Registry software systems

Edward Lewis Ed.Lewis at neustar.biz
Wed Jan 19 12:41:19 EST 2005 

At 5:54 PM +0100 1/19/05, Jaap Akkerhuis wrote:
>Jim Galvin reminded about the following:
>
>     20041027 Jaap Akkerhuis to put together a quick summary of
>     registry/registar software he knows about and who is using it.
>
>If I recall correctly, this was in reference to the discussion which
>registar systems needs to be adapted to use DNSSEC. Of course all need
>go, but what the notes below give an idea about the basic priciples
>registrars use for their systems. Note this is not compete, but I ran
>out of time. Sorry about that. If this is useful, let me know nd I'll
>expand these notes.

I think it would be wise to limit it to that. ;)  Otherwise we could 
go on forever.  (Or at least until lines of text equals lines of 
code.)

>	jaap
>
>1. Modes of operation of registars
>
>There are a couple of ways how registrars might operate. In a strict
>registry registrar model (.com, nl); direct registrations (.br) or
>both (.de).
>
>Another way registrar can operate is whether they do all the
>processing in house or have (parts of) the operations sourced out.
>Verisign GRS is running .com, but also the back offie of a couple
>of (cc)tld. The same is done by affilias and other, less known
>outfits (icb.co.uk, www.cocca.cx). They might provide just the
>back-office, represent the TLD also in the policy precess up to
>running the TLD.

We also need to account for resellers (just to pick a document 
highlighting the relationship and it's fragility - 
http://www.merit.edu/mail.archives/nanog/msg04382.html).

Also there are registry gateway services, the best way I can describe 
them is to direct y'all to this faq: 
http://www.neulevel.com.cn/faqs/.  BTW - there's currently a typo in 
#3 that ought to be fixed in short order.

(It's business.  I'm an engineer.  The reason I am aware of this is 
that EPP in involved. That's all I'm saying.)

>2. "Protocols" used by Registars
>
>A shared registry registrar system have often a protocol called a
>Shared registry registrar protocol. The Generic requirements can
>be found in RFC 3375. In pratice there are two forms of such a
>protocol, the Registry Registrar protocol (RRP, RFC 2832) and the
>Extensible Provisioning Protocol (EPP, RFC 3730 and friends).

RFC 3632 is newer for RRP, don't know if it's the latest.

>
>2.1 RRP
>
>RRP is developed by Verisign for use by the .com, .net and, initially,
>the .org registries. As far as I know, Verisign has a protoype RRP
>client available for registrars.
>
>2.2 EPP
>
>EPP is a standard developped in the IETF community as a result of
>the contract the new registries had with ICANN. In there was mentioned
>the these registries should use a standard IETF protocol althought
>there wasn't one.  Before the proposed standard was published,
>various registries implemented EPP drafts ov various levels to get
>started. Allthough most registriy operators promised to upgrade to
>the final soecifications, it is not sure whether they actually have
>done.
>
>Registries using this systems have often example code available for
>their registrars.
>
>2.2.1. EPP clients
>
>There are quite some (sourceforce) open source projecs for various
>clients able to spaek EPP.
>
>2.2.2. EPP servers
>
>Of the registrations system is less available publicly, There is
>an incomplete system "open registry" done by the ISC. There are
>rumours that some registries have actually build on top of this
>system.
>
>The Belgian Registry has an EPP (-like, it is based on a draft as
>fas as I know) based system they are willing to give away to other
>non-profit registries under the strict condition that dns-be will
>nog give any spupport.
>
>3. Mail template

I'd label this 2.3, and the next 2.4.  To non-trivialize the comment, 
registries can be divided as in #1 and can also be (orthogonally) 
divided amongst interface types as in #2.  Also - registries may do 
multiple protocols .
>
>The majority of (cc) TLDS are using mailrobots, often stemming
>directkly form the original Postel mail templates. There are an
>enormous amount of small deifferences between the templates, due
>to the fact that all registries have slight differences in their
>rules and regulations. Most registries seems to accept email
>submission, but there are still registries only accepting FAXES or
>postal mail.
>
>4. Web interfaces
>
>Registries, notably the ones with allow (also) direct registrations have
>web interfaces. Notably the system from Alain Aina, which uses a LDAP
>backend workds like that (and is available). Another example us the
>brazialian system (uses MySql as back0enp) and that is also available to
>others.

E.g, I know that APNIC uses a X.509-cert secured Web Portal, I 
believe/think in addition to templates.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis                                                +1-571-434-5468
NeuStar

"A noble spirit embiggens the smallest man." - Jebediah Springfield

More information about the Dnssec-deployment mailing list