Restricted access to root DSA (Giant Tortoise)

Vincent Berkhout <V.Berkhout@dante.org.uk> Tue, 25 April 1995 12:31 UTC

Message-Id: <v02110100abc1a485831f@[193.63.211.2]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Tue, 25 Apr 1995 10:14:01 +0000
To: managers@nameflow.dante.net
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Vincent Berkhout <V.Berkhout@dante.org.uk>
Subject: Restricted access to root DSA (Giant Tortoise)
Cc: osi-ds@cs.ucl.ac.uk, quipu@cs.ucl.ac.uk

Dear directory managers,

Apologies for cross posting, but this is an important message for Directory
managers.

In order to phase out the Root-of-the-world DSA (the "Giant Tortoise") we
announced in a previous message that access would be limited. An
undocumented feature of Quipu allows us to further tighten the
restrictions.

The coming changes may effect a large part of the Directory starting from
the 2nd of May 1995. We will be testing restricted access for the DSA
"Giant Tortoise" from the 2 May until the 14 May 1995. As from 15 May 1995
access restrictions to the Giant Tortoise will be a fact. The access
restrictions will have as minimal influence on the operational service as
possible.

The rest of this message will respectively explain what will change for
directory users and what will change for Directory System Agents (DSAs).

What will change for directory _USERS_?
In principle directory users are NOT allowed to connect to the Giant
Tortoise anymore as they should contact their local DSA.
The following users will be allowed to connect to the Giant Tortoise:
* the managers of the Giant Tortoise,
* probes to determine availability,
* and country managers to allow them to alter their country entry.
On request other end users may be granted access, if this is necessary.

What will change for -COUNTRY_ DSAs? (A country DSA masters the country entry)
Only known country DSAs will be allowed to connect via DSP (Directory
Systems Protocol) to the Giant Tortoise.
* Country DSAs should hold a copy of the root EDB for further distribution
to other DSAs within that country.

What will change for all _OTHER_ DSAs? (non country DSAs)
In principle all other DSAs should connect to their country DSA.
To allow an easy transition the following DSAs will be allowed to connect:
* All DSAs that currently use the Giant Tortoise as a relay DSA.
* All DSAs that currently use the Giant Tortoise for replication.
These DSAs will be advised to use their country DSA during the coming period.

Every non-country DSA that has the quiputailor "parent" option set to Giant
Tortoise is suggested to replace "Giant Tortoise" with the name of their
country DSA (or other superior DSA).
For instance for @c=GB@cn=Urutu Snake quiputailor
was:    parent "cn= Giant Tortoise"     Internet=128.86.8.55 etc.
is:     parent "cn= Inca Dove"          Internet=128.86.8.65 etc.

The non-country DSAs should also replicate the root entry (EDB) from their
country DSA (or other superior DSA).

If there are any questions, please contact <helpdesk@nameflow.dante.net>.

So remember, testing will start on 2 May 1995 and full access restriction
will be effective as from 15 May 1995.

Regards,
        Vinc&

_____________________________________________________________________
            * *           Vincent Berkhout   -   Application Engineer
          *    *
        *                 Lockton House, Clarendon Road
       *                  Cambridge CB2 2BH, United Kingdom

    D  A  N  T  E         Tel. +44 1223 302992   Fax. +44 1223 303005
_____________________________________________________________________

Restricted access to root DSA (Giant Tortoise) Vincent Berkhout
Restricted access to root DSA (Giant Tortoise) /DD.NTADDR=Anne_Philpott#l#a#r#HWC/G=Anne/S=Philpott/
Restricted access to root DSA (Giant Tortoise) Alan Wong
Restricted access to root DSA (Giant Tortoise) Alan Wong