registry object locking in fred
play

Registry Object Locking In FRED Jaromir Talir - PowerPoint PPT Presentation

Jul 05, 2023 •223 likes •420 views

Registry Object Locking In FRED Jaromir Talir jaromir.talir@nic.cz 23.06.2014 Why to speak about registry locks again? Domain hijacking is still an issue Only 1/3 of European ccTLD registries has this feature according

  1. Registry Object Locking In FRED Jaromir Talir • jaromir.talir@nic.cz • 23.06.2014

  2. Why to speak about registry locks again? ● Domain hijacking is still an issue ● Only 1/3 of European ccTLD registries has this feature according survey in Oct 2013 ● Registry object locking is/should be a feature of registry software – in FRED since 2008 ● New registrant interface in .CZ - Sep 2013 ● Administrative locking GUI in FRED – Jan 2014

  3. What is registry lock ● Protection against EPP changes of objects in registry issued by Registrar ● Registrant (as the requester) must use different channel then EPP ● Protection is set by the Registry after proper authorization of request

  4. What is FRED ● Open source domain registry software – http://fred.nic.cz ● Developed and used by CZ.NIC since 2007 ● Used by other countries: Angola, Tanzania, Costa Rica, Faroe Islands, Estonia, Albania, Macedonia (since Jan 2014) ● Version 2.18 – July – Better contact validation ● Version 2.19 – August – RDAP protocol

  5. Registry object locking in FRED ● Entry point is the web form ● Can be integrated into registry website ● Template can be customized ● Requester must fill: ● What changes should be blocked ● Object handle and type ● Means of requester authentication

  6. Registry object locking in FRED

  7. Registry object locking in FRED ● Two levels of protection: ● Only transfer to other registrar ● All changes of object data ● Locking is possible for all registry objects ● Domain ● Contact – registrant, admin-c, tech-c ● NSSet – collection of NS information ● KeySet – collection of DNSKEY information

  8. Registry object locking in FRED ● Object “owner” can authorize request ● Domain -> registrant, admin-c ● Contact -> contact itself ● NSSet, KeySet -> tech-c ● Authentication means ● Letter with notarized signature ● Email with digital signature based on official CA certificate

  9. Registry object locking in FRED ● After submitting request, requester provides authentication to our client center operator ● Client center operator verifies authentication and confirms lock setting through web administration interface ● Despite manual procedure, service is free of charge ● Registrar will receive “Object status prohibits operation” EPP response ● Anyone can see ServerTransferProhibited and ServerUpdateProhibited status in WHOIS

  10. Registry object locking in FRED

  11. Domain browser ● New registrant interface into registry - https://domenovyprohlizec.cz ● Integration of registry and our identity service mojeID - https://mojeid.cz ● MojeID is the internal registrar only for contacts ● Data of those contacts are validated ● Providing those contacts web authentication (password, ssl certificates, two factor authentication)

  12. Domain browser ● Provided that we have validated registrant through mojeID service, we can offer him direct services of registry ● Cross-registar view of owned objects (domains, nsset, keysets) ● Direct access to auth info code necessary for transfer objects to other registrars ● Possibility to merge the same contacts into one ● Registry object locking and unlocking

  13. Domain browser

  14. Administrative locking ● Important part of the registry operations is cooperation with Law Enforcement Agencies ● New option in our registration rules is that anybody can ask for temporary lock with proper papers about ongoing dispute issued by appropriate court ● Used to be seldom activity done manually by CLI tools ● Increased occurrence demanded integration into web administration interface ● Implemented in FRED-2.16 (Jan 2013)

  15. Administrative locking ● Almost any EPP request can be blocked ● Transfer, Update, Delete, Renew ● Appropriate status Server*Prohibited is shown in WHOIS together with new status ServerBlocked ● Registrar will again receive “Object status prohibits operation” EPP response ● Domain can be deactivated as part of locking ● Locking can be bounded by time period

  16. Administrative locking

  17. Conclusion ● Even in Registry-Registrar-Registrant model there are use cases for enhanced Registry- Registrant communication like registry objects locking ● There is not only voluntary locking requested by registrant but also administrative locking requested by LEA – both are supported in FRED

  18. Thank You Jaromir Talir • jaromir.talir@nic.cz

Recommend

The Keepers Registry a brief overview Fred Guy, Project Manager, EDINA, University of

The Keepers Registry a brief overview Fred Guy, Project Manager, EDINA, University of

The Keepers Registry a brief overview Fred Guy, Project Manager, EDINA, University of Edinburgh March 2012 The Keepers The role of the Keepers The carrying out of archiving activities to ensure long term access to the materials Note

769 views • 10 slides
The Artory Registry Blockchain for the Art World The Registry is the industrys first

The Artory Registry Blockchain for the Art World The Registry is the industrys first

The Artory Registry Blockchain for the Art World The Registry is the industrys first object-oriented, public database. Leveraging Ethereum blockchain, it tracks provenance and title, and distinguishes trusted from non- trusted data for the

567 views • 7 slides
Roadmap for Section 12.2. Registry Fundamentals Registry Structure Registry Limits Monitoring

Roadmap for Section 12.2. Registry Fundamentals Registry Structure Registry Limits Monitoring

Unit OS12: Scripting 12.2. The Registry Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 12.2. Registry Fundamentals Registry Structure Registry Limits Monitoring Registry

397 views • 19 slides
FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz

FRED update ICANN61 TechDay Puerto Rico Jaromir Talir jaromir.talir@nic.cz 12.03.2018 What is FRED? Open source domain registry solution EPP, DNSSEC, WHOIS, RDAP Developed (and used) by CZ.NIC since 2006 Just

649 views • 18 slides
What is a Honeymoon Registry A Honeymoon Registry is a wedding gift registry experience for

What is a Honeymoon Registry A Honeymoon Registry is a wedding gift registry experience for

What is a Honeymoon Registry A Honeymoon Registry is a wedding gift registry experience for honeymoons and destination weddings. Our online Honeymoon Registry allows brides and grooms to list anything they want to do on their

547 views • 19 slides
Registry Principles GMTA March 15, 2017 Key Elements of Registry Principles Definition

Registry Principles GMTA March 15, 2017 Key Elements of Registry Principles Definition

Registry Principles GMTA March 15, 2017 Key Elements of Registry Principles Definition Objectives for a registry Threshold questions Data Governance Committee Well-balanced registry design Registry data use

415 views • 9 slides
TLD Registry Data an unstructured wander through the zoo Joe Abley Public Interest Registry

TLD Registry Data an unstructured wander through the zoo Joe Abley Public Interest Registry

TLD Registry Data an unstructured wander through the zoo Joe Abley Public Interest Registry AIMS-CAIDA Workshop San Diego, February 2020 What is a TLD Registry DNS Answer We publish the ORG zone in the DNS Highly

550 views • 18 slides
SYSTEM WHAT IS A REGISTRY? A registry is an organized system for the timely collection , storage ,

SYSTEM WHAT IS A REGISTRY? A registry is an organized system for the timely collection , storage ,

THE TEXAS TB REGISTRY SYSTEM WHAT IS A REGISTRY? A registry is an organized system for the timely collection , storage , retrieval , analysis , and dissemination of information on individual persons who have a particular disease, or a risk factor

811 views • 34 slides
CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking

CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking

CS533 Concepts of Operating Systems Linux Kernel Locking Techniques Intro to kernel locking techniques (Linux) Why do we need locking in the kernel? o Which problems are we trying to solve? What implementation choices do we have? o Is

407 views • 30 slides
http://registry.sf.net http://registry.sf.net Before We Start . . . FORGET ABOUT THE NAME

http://registry.sf.net http://registry.sf.net Before We Start . . . FORGET ABOUT THE NAME

Linux Registry Turning Linux into a Trully Integrated Operating Environment Avi Alkalay <avi@unix.sh> Avi Alkalay <avi@unix.sh> Linux, Open Standards Consultant http://registry.sf.net http://registry.sf.net Before We Start . . .

640 views • 34 slides
LOCKING CS 2550 / Spring 2006 Principles of Database Systems 10 Locking Alexandros

LOCKING CS 2550 / Spring 2006 Principles of Database Systems 10 Locking Alexandros

LOCKING CS 2550 / Spring 2006 Principles of Database Systems 10 Locking Alexandros Labrinidis University of Pittsburgh 2 Alexandros Labrinidis, Univ. of Pittsburgh CS 2550 / Spring 2006 Centralized DBMS Locking T 1 T 2 T n

400 views • 10 slides
Registry for Performance Metrics draft-ietf-ippm-metric-registry-05 M. Bagnulo, B. Claise, P.

Registry for Performance Metrics draft-ietf-ippm-metric-registry-05 M. Bagnulo, B. Claise, P.

Registry for Performance Metrics draft-ietf-ippm-metric-registry-05 M. Bagnulo, B. Claise, P. Eardley, A. Morton, A. Akhter Registry Draft Updates 2 Goals and a recommendation: IANA creates and maintains according to process Define

367 views • 19 slides
Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object

4/13/2017 OOP Object Oriented Object 3 Programming Object 1 Object 2 Object 4 For : COP 3330. Object oriented Programming (Using C++) ht t p: / / www. com pgeom . com / ~pi yush/ t each/ 3330 Objects: State (fields), Behavior (member

632 views • 6 slides
Orthogonal key-value locking Goetz Graefe, Hideaki Kimura Hewlett-Packard Laboratories Palo Alto,

Orthogonal key-value locking Goetz Graefe, Hideaki Kimura Hewlett-Packard Laboratories Palo Alto,

Orthogonal key-value locking Goetz Graefe, Hideaki Kimura Hewlett-Packard Laboratories Palo Alto, Cal. Madison, Wis. ARIES/KVL What about non-key updates? February 27, 2015 Orthogonal key-value locking 8 ARIES/IM Data-only locking

337 views • 23 slides
and prospective registry study data in the EBMT registry Per Ljungman, MD, PhD For the

and prospective registry study data in the EBMT registry Per Ljungman, MD, PhD For the

The challenge of COVID-19 for HSCT; EBMT recommendations and prospective registry study data in the EBMT registry Per Ljungman, MD, PhD For the Infectious Diseases Working Party Disclosures None on this topic 2 What have been the EBMT

380 views • 23 slides
Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY

THERE AND BACK AGAIN BRIAN CHESS SEPTEMBER 2013 Fred Sam Joe Fred Sam Joe A BRIEF HISTORY OF COMMUNICATIONS SECURITY 6 COMPUTER SECURITY 7 THE PROGRAMMER "Programming is hard" Donald Knuth Programmers not historically

350 views • 21 slides
Medical Marijuana Registry August 15, 2018 Document 8 Presentation 2 of 17 Overview

Medical Marijuana Registry August 15, 2018 Document 8 Presentation 2 of 17 Overview

Document 8 Presentation 1 of 17 Medical Marijuana Registry August 15, 2018 Document 8 Presentation 2 of 17 Overview Marij uana in Colorado Registry s Role Functions of the Registry Foundation of the Registry

515 views • 17 slides
The case for a registry owning a registrar in its TLD Richard Tindal, SVP Registry eNom/ Demand

The case for a registry owning a registrar in its TLD Richard Tindal, SVP Registry eNom/ Demand

The case for a registry owning a registrar in its TLD Richard Tindal, SVP Registry eNom/ Demand Media What this debate is about: To simplify terminology lets call registries producers and registrars retail stores Were debating

357 views • 18 slides
National Breast Implant Registry Andrea Pusic, MD Co-Chair, National Breast Implant Registry

National Breast Implant Registry Andrea Pusic, MD Co-Chair, National Breast Implant Registry

National Breast Implant Registry Andrea Pusic, MD Co-Chair, National Breast Implant Registry Steering Committee MDEpiNet Annual Meeting October 2017 Single Sign Up Portal What is the National Breast Implant Registry? The Plastic Surgery

500 views • 11 slides
Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members

Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members

GDPR and .AS Domain Registry What is there to be worried about? Stephen Deerhake AS Domain Registry ccNSO Members meeting Who we are US Territory (Like Puerto Rico!) Located at 14d 1954 S / 170d 4241W 16,111 km from

250 views • 8 slides
Registry Trust - An Introduction- Who We Are Changing Operations Registry Trust The Original

Registry Trust - An Introduction- Who We Are Changing Operations Registry Trust The Original

Registry Trust - An Introduction- Who We Are Changing Operations Registry Trust The Original Register The Lord Chancellor in the early 1980s So rather than shut down the register, a non-profit Originally set up by parliament in 1852. The

592 views • 24 slides
www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541

www.instove.org Fred Colgan Co-founder and Executive Director fred@instove.org Office: +1 541 515 1330 Mobile: +1 541 514 3653 Our Mission: We are a humanitarian not-for-profit organization, dedicated to mass producing high quality

675 views • 29 slides
H. Wilson Company This Is The Ultimate Presentation Cart! F u t u r e e h ! T o t n

H. Wilson Company This Is The Ultimate Presentation Cart! F u t u r e e h ! T o t n

WTPSSCE Model Sound Presentation 47 LBS. WPS4HDE MODEL FEATURES WEIGHT M.S.R.P. WPS80E Open Shelf $445.00 Casters! WPS81E One Locking Cabinet 56 LBS. $495.00 WPS82E Two Locking Cabinets 65 LBS. WPS4CE Duty 4 All Models This

328 views • 8 slides
The case for a registry owning a registrar that sells its names Richard Tindal, SVP Registry

The case for a registry owning a registrar that sells its names Richard Tindal, SVP Registry

The case for a registry owning a registrar that sells its names Richard Tindal, SVP Registry eNom/Demand Media What this debate is about Were debating whether a manufacturer can own one of the retail stores that sells its product to the

375 views • 15 slides

More recommend