CURRENT MEETING REPORT Minutes of the RWhois Operational Development Working Group(RWHOIS) Reported by Mark Kosters, InterNIC Agenda o Release Status o What's required to make rwhois operational - Current Implementation shortfalls - less dated InterNIC data dumps - Planned Steps o Changes to 1.0 of the protocol o Security Concerns o Linkage of the Guardian Object o Integration of rwhois/whois++ o Plea for volunteers Scott Williamson started the session with a review of the current releases. The client is in beta 2, the server is in beta 6 and is available at ftp://rs.internic.net/pub/rwhois. As for new developments, it was mentioned that a Tk implementation of the client is development and Scott Williamson is building a Java server. As a FYI, the RWhois development web page has moved to Thomson Technology under the URL http://dmeister.labs.thomtech.com/rwhois.html. It was recommended by the group that a document ought to be created that demonstrated the usefulness/potential of rwhois. Discussion ensued about what is required to make rwhois move from an experimental status to operational. First, the implementation needs to be made more reliable and have more documentation. It was noted that many sites still have the example bogus data in their current operational server set and the InterNIC needs to make updates to the rwhois data set on a more frequent basis. Additionally the secondary code needs to be integrated into the server. It was mentioned that OCLC may be interested in funding this activity. Questions where brought up about the frequency of pulling up data from leaf servers and pruning that data so it only comes from one level down. It was agreed the we need to have operational experience before coming to a conclusion. It was noted that the soa record needs to be emphasized more to make pullups work. Changes to 1.0 of the protocol then mentioned. First is the addition of a capabilities id in the banner to increase efficiency. _OLD and _NEW tags need to be added to the -register directive and the identifier from the -register directive needs to be dropped. Additionally, rwhois no longer is required to conform rfc954 requirements. Security Concerns were next with clear-text passwd and pgp implementations being worked on. It was suggested to look at the results of the CAT Working group. Another alternative is the guardian object that is under development by the InterNIC is being looked at as a possible drop in. The current draft is ftp://rs.internic.net/policy/internic/internic-gen-1.txt. The key to this document is that a guardian only person to modify the particular record. There are two types of registering asymmetric - after the fact, or symmetric - during the time of registration. Discussion ensued on type type of enforcement ought to be placed on the pgp keyrings for degrees of trust. One idea was to have a attribute for what keyserver you should extract the key from and to follow the work of the pgpix working group. Another idea as integrating the dns security working group's output. Integration of the whois++ and rwhois protocols where then mentioned and there has been discussion of using the strengths of both and integrating clients to use both protocols. Scott Williamson is looking into this. Randy Conrad then brought up using the idea of distributing handles via DNS. Another alternative as placing postfixes on the handles themselves (ie handle-cc, handle-ripe, or handle (internic)). The working group then concluded with a plea for volunteers to help develop implementations or to improve on the existing implementations. Right now the server is hard to install, and there is no verification that the server is built correctly. A bulk loader also needs to be developed as well as a web interface.