The REGRR protocol Daniel Kalchev, Register.BG ICANN48, Buenos - - PowerPoint PPT Presentation

the regrr protocol
SMART_READER_LITE
LIVE PREVIEW

The REGRR protocol Daniel Kalchev, Register.BG ICANN48, Buenos - - PowerPoint PPT Presentation

The REGRR protocol Daniel Kalchev, Register.BG ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol Protocol design Signed XML messages over encrypted communication channel No need to keeping session or state at the server


slide-1
SLIDE 1

ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol

The REGRR protocol

Daniel Kalchev, Register.BG

slide-2
SLIDE 2

ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol

Protocol design

  • Signed XML messages over encrypted communication channel
  • No need to keeping session or state at the server
  • Each message carries full authentication and authorization

properties by virtue of digital signatures

  • Regular command:object structure
  • Nested message structure
  • Nomenclature versions are communicated with each message
  • The various nomenclature lists can be communicated between

server and client

slide-3
SLIDE 3

ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol

What REGRR achieves

  • Secure communication with Registrars
  • Secure communication with Registrants
  • End to end encryption and signing
  • Separate authorization of the Registrant and Registrar to

modify Registry data

  • Follows contractual relationships
  • Solves the issues of Registrars having too much control
  • ver Registrant data
slide-4
SLIDE 4

ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol

How it works

  • The Registrant prepares and signs the message, possibly via the

Registrar interface (could be web based or other protocol)

  • The Registrar signs the Registrant message and communicates it

to the Registry

  • The Registry authenticates sources based on digital certificates

and authorizes object modification based on object ownership and assigned rights

  • The Registrant could authorize the Registrar to submit messages
  • n their behalf
  • The Registrant can communicate messages directly with the

Registry, providing for secure updates for DNS and DNSSEC data.

slide-5
SLIDE 5

ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol

Current implementations

  • Implemented and published 2011 by Register.BG
  • Three of .BG’s Registrars at various implementation

levels

  • Current server implementation runs on TLS/TCP
  • Specification/documentation being translated to

English…

slide-6
SLIDE 6

ICANN48, Buenos Aires 16-21 Nov 2013 Register.BG REGRR Protocol

Thank You

Daniel Kalchev, Register.BG daniel@digsys.bg