Gert, Gert Doering wrote:
as there have been some IPv6 problems again today (connections over IPv6 were greeted with "permission denied"): what's the current state of IPv6 integration into the RIPE Whois server? Is it still done via Proxy, or is it properly integrated now?
Thanks for reporting the problem. We noticed it ourselves, and are looking into it. Looks like a mismatch of the configuration of our secondary server during an upgrade caused the problem. We're looking into fixing that now. As for the state of IPv6 integration... We are still using the proxy. We continue to get about 10000 WHOIS queries per day on IPv6, with the majority coming from a small number of addresses (about 0.5% of our queries). I haven't done any further analysis since the last RIPE meeting (RIPE 45): http://www.ripe.net/ripe/meetings/ripe-45/presentations/ripe45-db-whoisdb-up... I'd like to emphasize that the reason we chose to use a proxy is *not* because it was easier or faster to implement, or because we wanted to understand the technology better. I talked a bit about the reasons in the presentation I gave at RIPE 44 when we introduced the proxy: http://www.ripe.net/ripe/meetings/archive/ripe-44/presentations/ripe44-ipv6-... The main point is that we currently use client IP address to limit the amount of personal data that a user can query. This does not make sense in the IPv6 universe. While using client IP to identify users is imperfect in an IPv4 world, it is even less meaningful in the IPv6 world. We simply don't know how to protect the privacy of our users in the IPv6 world! The main motivation for the proxy was to study access behaviour and how, if at all, we can effectively protect user's privacy. From the user point of view, the proxy should be identical to a "native" server. When we fix our config, it transparent again! One possibility that may address the client-identification issue is to move to a protocol that supports client authentication. The CRISP protocol, currently in discussion in the IETF, promises to offer such a feature. It is intended to be something that serves the same function as WHOIS, while fixing many of the limitations. http://www.ietf.org/html.charters/crisp-charter.html As I mentioned in the past, I am very eager to hear suggestions on how to deal with the privacy issue in IPv6! Any real-world experience from IPv6 operators or developers would be appreciated. We do have several months of logs now, so we can do some data mining to check theories. -- Shane Kerr RIPE NCC