[Ietf-not43] draft minutes

[Ted Hardie]

Hi,
	Below are draft minutes for the working group meeting in
Yokohama; many thanks to Ed Lewis for taking these and sending them
over so quickly.  I slowed the process a good bit, and my apologies
for that delay.  If you have revisions or additions, please send 
them to me or the list by Tuesday, July 30th.
			thanks,
				Ted Hardie





Minutes (draft) of CRISP WG meeting, July 17, 2002 in Yokohama
Chair: Ted Hardie
Minutes prepared by: Edward Lewis
Minutes edited by: Ted Hardie


Agenda:
     Review of the IESG-approved charter
     Review of the updated requirements draft
     Review of the ICANN whois Task Force draft document
     "Advertisement" for a draft on Authentication Mechanisms
         draft-rescorla-auth-mech-00.txt
     Review of two candidate proposals
         LDAP-based
         IRIS


Action Items:

1)   Andy Newton will resubmit his drafts as draft-ietf-crisp items
     so that they are tracked as working group drafts.  These will
     be updated to clarify the points raised during the working group
     meeting and on the list.  The requirements draft will be re-released
     first and the candidate proposals after.
   
2)   Leslie Daigle will send a pointer to the list on the TISDAG work.

3)   Ted Hardie will send a pointer to the Rescorla draft to the mailing
     list and start discussion of authentication mechanisms required by
     CRISP.


Meeting Review:

Charter discussion (WG chair Ted Hardie)
     (see the WG charter page for content)
     Scope has been reduced since the BoF held at Minneapolis
     Now limited to domain registries with extensibility to others a plus

     Question: "Why?"
     RIR's and IRR's are removed to allow for a narrower scope, hence
     higher probability of the WG accomplishing its goals

     Question: "Why do deliverables and milestones omit extensibility?"
     Extensibility is a facet of the proposed & to-be-worked solutions,
     degree of extensibility will be one metric used to judge goodness.

Review of requirements draft (Andy Newton)
     -01 reflect the new charter scope (not yet true for proposal docs)
     new registry types: Incident Coordination and Network Edge Resources(?)
     DNS users considered
     Functional reqts split into extensible base and specific domain items
     DNS Label Referencing (3.2.10) needs input from WG

     Question: "Why does doc exclude registrants?"
     They are just not explicitly mentioned, one reference is the DNS user.

Review of ICANN (DNSO) whois Task Force draft (Ted Hardie)
     http://www.dnso.org/ and http://www.dnso.org/dnso/notes/whoisTF/
     Questions 9-11 as input to process, requirements

     Comment: This document is open for a 4-week period for comments, as part
     of DNSO.  (See web page for details.) - Scott Hollenbeck

     Comment: European privacy laws will have an impact on CRISP (as written)
     - two folks, one whose name I missed and Jaap Akkerhius

     Comment: Requirements document should be altered to deal with privacy
     concerns. - Leslie Daigle

     Comment: TISDAG documents are helpful for understanding the problem to
     be solved here, and come from a European setting. - Also Leslie, and
     she has been asked to provide a list of relevant RFC's on TISDAG.

     Comment: Conclusions in the document did not exactly follow from the
     question presented (for question 10), from Andy

Advertisement for Auth Mech draft

     An individual submission from Eric Rescorla, "A Survey of Authentication
     Mechanisms" is recommended reading.

     http://search.ietf.org/internet-drafts/draft-rescorla-auth-mech-00.txt

     Not discussed further as there was no advanced notice given to the WG.

Candidate Proposals
     LDAP-based and IRIS
     Both doc( set)s are out of sync with new scope of charter and requirements.
     LDAP is a single, large draft
     IRIS is a set of smaller drafts (XML via HTTP)
     No further discussion as we need more background on requirements

Return to the Requriements Draft for discussion

     Question: How does authentication work in the requirements?
         Two separate issues
             Anonymous vs. identified access
             Data mining policy (3.1.1)
         Authentication query (3.1.8) - suggestion to drop section

     Question: Is this a read-write or read-only protocol?
         Read-only
         No desire to store requests on server (too complicated)
         Declare features in which a client would write (store) data on server
         as out of scope

         *** WG consensus needed on above point ***

     Question: Concerning search functions in 3.2.4 and 3.2.9, "reasonable
     subset" wording - Yoshiro Yoneya, JPNIC
         Discussion also covered ACE encoding & lookup issue, do not want to
         solve that problem in this group.
         Text about this topic solicited

     Question: Also on "reasonable" from NaoMASA Maruyama  (JPNIC)
         Resonable subset wording conflicts with data mining text (on the
         surface).
         Suggested rewording for 3.2.4 - "MUST support lookups on exact
         names and reasonable subset names, MAY/SHOULD provide limits to
         answers to alleviate performance, privacy, and/or data mining
         concerns.

     Question: Is there a requirement for hierarchical search?
         Base spec does not cover this.
         3.2.10 is closest to this topic.

     Question: Is there a requirement to allow for determination of the
         registry delegating a domain name?
         Needed feature, so folks asking for, say, ac.jp, know who to
         contact about domain name.  (DNS may have multi-label deep zones.)

Action items for Andy
     New requirements draft (with the updates discussed in meeting and a
     switch to draft-ietf-crisp-... name) is due about a week after the
     minuted are submitted.  Revised candidates assumed to appear sometime
     later.