This is the draft minutes of the RIPE-DB - WG meeting. Many thanks to Hans Petter Holen for taking notes (any typos are mine :-)! Any additions, clarifications appreciated! Wilfried. ________________________________________________________________________________ Draft Minutes: Database-WG, RIPE 22, Amsterdam, NL ------------------------------------------------------ 0. Administrative stuff Hans Petter Holen, Oslonett AS, volunteered to take notes. 37 people subscribed to the circulated list of attenders. The proposed WG-agenda was accepted. 1. DB-SW review David Kessens went through the Database Development Report, covering new functionality that is either being proposed or already in test. As usaul the slides for this presentation are available at ftp://ftp.ripe.net/ripe/presentations/ripe-m22-david-DB-REPORT.ps.gz David reported that the NCC currently works towards making the RIPE-DB more reliable. On the hardware aspect the DB-machine is being fitted with a RAID system (to guard against single disk drives failures). At the same time a "shadow server" for the database is being implemented and tests have already begun. Some problems with portability and scaling of the database software have been reported recently. It was pointed out that the RIPE-NCC version of the database software is tested and supported for Perl4. There is a couple of known (minor) problems in trying to port the software to Perl5 (and to Solaris). Resolving of these problems is not the top priority, but will be tackled as soon as possible. In order to avoid the scaling problems David recommended to *not* use the -P option of netdbm and to eventually move to the Berkley db package. Tests are on-going. New functionality worth noting (for a comprehensive list please refer to the presentation slides): - Hierarchial authorisation schemes to be implemented - Referral mechanisms to be implemented, first tests with domain: objects - -t option plus -v should give more elaborate descriptive text for objects - The NOC-Object to be implemented soon, according to proposal from Havard Eidnes, as circulated shortly after RIPE-21 - "Synchronized DB" is running in test environment - There is a proposal to automate and inter-lock the assignment of RIPE-Handles. This should eventually remove the need to manually obtain unique handles (with the finger mechanism) and the potential race condition due to the delay between assignment of a handle and submitting/referencing the objects. - Inverse lookup, initially for person: objects The same functionality was requested for other object types during the discussion specifically to get better selection criteria for entries in the routing registry. While part of this functionality is available by accessing the data through wais, this was seen as not really adequate. Still this method should be improved as much as possible! - Authentication and Security This is currently under active consideration. In particular both PGP and MD5 should be available. There are both legal/logistic issues (see below) as well as software issues. In particular we have to decide on the method for registering keys and whether to use a "standard package" or to move functionality into the database software itself. During the discussion it was suggested to stick with "standard packages" because things are not yet stable. (Merit is using the "standard package" as well.) The RIPE-NCC is probably following the same path. 2. User interface(s) Encryption is probably going to be a legal problem in (at least) France. In addition to that there was a comment that part of the technology has recently been submitted for patent protection. Probably the first thing to be available shall be PGP protection for signing messages. The details to guard against snooping and re-play of updates are currently be solved. (Detailled input has been received after the WG meeting). A couple of WWW interfaces to the various databases have been made available recently. There is not yet consensus whether this is the right way to go, especially for submitting updates. The RIPE NCC thinks that the DB is not focussed toward the "end user" but towards ISPs. Other comments indicated that the WWW interface could be useful for all sorts of operational people as a well-known user interface. Both Brian Renaud <renaud@meritedu> as well as Paolo Bevilacqua <pab@uni.net> have recently made implementations available: - http://black.uni.net/cgi-bin/whois - http://www.ra.net/cgi-bin/ra/query-radb.pl 3. External interfaces Exchange of data with the InetNIC is still not happening. All the necessary agreements and good intentions are in place, still the InterNIC seems to regard it as a low priority issue. European ISPs want this to work really soon and regard it as *urgent*. There is not much the NCC can do right now. The different functionality of the auto-assign vs. auto-dbm mailboxes was briefly reviewed. The differences as not widely known, and the interlocks could be improved. The NCC thinks about moving towards keywords on the subject line, similar to "LONGACK". 4. Input from other WGs - MBone The expansion of the inet-rtr: object to cover multicast functionality is to be progressed now. - IPv6 There is a discussion going on how to handle and possibly abbreviate things for IPv6 (macros?). Input welcome. There was a comment that similar ideas are being (or have been) discussed in the RPS environment. 5. AOB None, thus the meeting was closed. ________________________________________________________________________________ List of new actions: David Kessens: To work with A. Blasco Bonito to improve the WAIS functionality for access to the database information on info.ripe.net. Geert-Jan de Groot: To try to follow up with the InterNIC about accepting person objects with RIPE-Handles. RIPE-NCC: To circulate a proposal how to progress the authentication (and encryption) method for the RIPE Database. RIPE-NCC: To analize the merits of implementing special keywords for the subject line of update messages, like ADD, MOD, DELETE, to possibly replace the functionality of special mailbox names (e.g. auto-assign). RIPE-NCC: To follow up on and implement the NOC-Object. WW, 27.10.95, yes I know, much too late...