Minutes, Cross Registry Information Service Protocol WG (crisp) Tuesday, November 19 at 1930-2200 CHAIR: Ted Hardie Minutes edited by : Ted Hardie Minute takers: George Michaelson, David Blacka AGENDA: (post-bashing) Agenda Bash, 5 mins (Chair) Evaluation Process, 60 mins (Chair) IRIS Diffs, 20 mins (Andy Newton) LW Diffs, 20 mins (Eric Hall) Requirements doc changes, 30 minutes. (Andy Newton) Milestone & Charter Review, 10 mins (Chair) During the discussion of the evaluation process, the chair proposed that the requirements draft be re-written to distinguish between protocol requirements and service requirements, and to eliminate all MUST/MAY/SHOULD language from the service agreements. Those present agreed to this change, and the document author will go forward with re-drafting and forward to the list. During discussion of the evaluation process, those present felt the best strategy to be making an informal matrix matching requirements to protocol capabilities, evaluate according to that matrix, dropping or publishing as experimental candidate protocols which were not selected. After confirmation by the working group mailing list, this will go forward. Rick Wesson volunteered to maintain the matrix, should the working group mailing list confirm the view of those present. Andy Newton then presented the IRIS diffs, most of which reflect changes based on lessons learned during implementation of the code base documented at http://iris.verisignlabs.com/ . Slides containing details of the changes will be made available for the proceedings. Eric Hall presented changes to the LDAP-whois documents. Primary change has been split of monolithic document into sections; two intended as WG documents; four as experimental. Current issues: internationalization, client input methods, SRV, the use of server data stores, query output, and structured data elements. Those present discussed search strategies in some detail, both for internationalized strings and for the use of specific elements (such email addresses). For the internationalization issues, it was felt that the problem was common across uses of LDAP and that matching the solution used here to the common LDAP solution was important. Kurt noted that the LDAP community is working on the problem. Those present then discussed how some of the security and privacy considerations worked in this context. Eric Hall agreed that redrafting the language around those issues would be appropriate and he will revise the drafts as appropriate. Andy Newton then led a discussion of the requirements document issues which were raised during the last call period. This discussion was a detailed review, resulting in the following action items: Andy will add a description of DDoS attacks to the security section. Eric and Marcos Sanz will help redraft the paragraph on using the DNS to discover the appropriate CRISP servers. Those present agreed that specific language about abusive users would be added to the draft, and that such language would reference abuse definitions being service specific (as defined in a document like an AUP). Those present agreed to shift the current escrow language to a more general requirement for serialization. Future language will note that this may be useful for escrow, but is not sufficient for itself. Discussion of the service requirements for escrow indicated that a range of perceived need would make it difficult to capture the escrow service requirements in this document. Ted and Andy will draft new language on how error messages to query access denials should work and post it to the list. This language will make the explicit point that the protocol must be capable of supporting access authentication but that the service operators use of that is according to local policy. Those present carried on a lively discussion of query referral, but did not come to a consensus. Objections were raised that the requirements were presuming or imposing a particular query distribution mechanism. Rick Wesson volunteered to write more on the subject for the group. Those present did agree to split the protocol requirements for querying a particular service operator from those applied when a query applied to multi Those present then discussed the question of settlements. It was agreed that this question would be set aside until further discussion of the distributed query mechanism could take place. The group then discussed resetting milestones. Jan '03 was proposed as the milestone for the requirements document; Feb '03 for the protocol use specifications (which will be inputs into the matrix to be maintained by Rick Wesson). The domain spec will be complete by Vienna IETF.