[Ietf-not43] contact lookups: the elephant in my room

[Eric A. Hall]

I'm trying to figure out exactly what kind of search-by-email needs to be
supported in the LDAP-WHOIS spec. draft-ietf-crisp-requirements-04.txt
requires the following:

 | 3.2.1.1 Protocol Requirement
 |
 |    The protocol MUST contain the following lookup functions:
 |
 |    1.  Contact lookup given a unique reference to a contact of a
 |        resource.

This can mean several different things. As two examples of this, it can
mean that the globally distributed database of "domains" must be
searchable by some kind of contact identifier, or it can mean that some
other [different] globally distributed database of "contacts" must be
searchable by some kind of contact identifier. It can also mean both, and
it can also mean a whole lot more databases will eventually need to be
searchable as well (substitute IPV4/IPV6/ASN databases for the "domain"
database and you see that we are talking about a lot of databases).

Both of those interpretations have different ramifications.

On the one hand, searching a distributed database (domains in this case)
by attribute value isn't pretty. It isn't something that's done with any
other protocol in the IETF space (the closest we came was IQUERY in DNS,
which was deprecated last year). We've kind of bounced off this topic a
few times, but frankly, at this point the technology is more appropriate
for doctoral thesis papers than practical application. Exactly how is a
server supposed to say "I don't have any matches, go try some infinitely
and recursively large array of other servers". If this interpretation is
scaled back some -- just query a specific server for the attribute values,
effectively reinvinting IQUERY with all of its limitations -- that is
certainly doable but it is kind of a metaphorical change from other
searches that we are already doing. We have to ask for the identifier
(presumably a name and/or an email address) along with the scope they want
to search within (ask the .com servers only), and not do referrals. This
is tantamount to being an ugly hack and one which doesn't actually solve
the canonical problem of finding contacts.

The other interpretation does solve the problem, but it introduces a
management issue, which is that we aren't claiming authority over contact
information. If we say "okay there is also some amorphous table of contact
data in the system, go search that", then we are all of a sudden outside
the domain space, which is all we are "authorized" for.

I can do both of these approaches, and although I'd rather just do one
(the latter in particular), that's not really the problem I'm asking
about. What I'm asking about is, which interpretation exactly do we want
to use as a group?

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/