Australian ENUM Trial

Robert JohnstonNumbering Team Manager

Australian Communications AuthorityRobert.Johnston@aca.gov.au

24 February 2004

Overview of Australian Trial• Discussion paper – September 2002• Workshop – March 2003• Established Australian ENUM discussion group [AEDG] – April 2003

Carriers, Carriage Service Providers & Internet Service Providers Universities Consumer and Industry Groups Domain name registrars Regulatory agencies

• Context document – July 2003• Privacy guidelines - February 2004

• Verification guidelines – April 2004• EOI – by mid 2004• Trial 6 – 12 Months

ENUM Trial Model (Under Consideration)

ACA RIPEDatabase

Tier 1 Registrar

ENUM Subscriber

Tier 2 Registrar

Tier 2DNS

Nameserver

TIER 1 Registry Operator

Authorisation&

Authentication

Tier 1 Registry

RegistryDatabase

1.6.e164.arpaDNS

Nameserver

ENUMUSER

Tier 2 Nameserver Operator may also be a Tier 2 Registrar

Tier 0

Tier 1

Tier 2

e.164.arpaDNS

Nameserver

EPP(RT1 Interface)

Authentication/Authorisation Methods• Method for Australian trial is still being developed

• Preference of Australian ENUM Discussion Group is to use a mechanism that incorporates digital certificates and an accompanying Public Key Infrastructure

• Working group within the Australian ENUM Discussion Group is investigating adapting validation model proposed for Austrian trial (Scalable Architecture for ENUM Number Validation)

• Possibly, role of Tier 1 Registry Operator will be extended to included responsibility as Trusted Third Party for authorisation of ENUM subscribers

Registration Process• ENUM subscriber registers with registrar.• Registrar authenticates subscriber’s

identity and checks that they are authorised to make changes to a particular ENUM domain.

• Registrar provisions NAPTR record in Tier 2 Nameserver.

• Registrar places entry in the zonefile of the Tier 1 Registry to point at the appropriate Tier 2 Nameserver.

Registry/Registrar/Authentication Agency Interface Requirements• Registrar to Tier 1 Registry

All data transfers secure and authenticated Interface to fully support the Extensible Provisioning

Protocol (EPP) on a secure Transport Layer Each EPP session will be authenticated and

encrypted using the Transport Layer Security (TLS) protocol, or a protocol with authentication and encryption capabilities as good or better than TLS

The Tier 1 Registry shall authenticate every EPP client connection using both an X.509 server certificate

issued by a trusted Certification Agency nominated by the ACA and its Registrar password

NAPTR Formats

• NAPTR format Australian ENUM Trial– Minimum requirement for interoperability

of European ENUM trials (ETSI TS 102 172)

Privacy Aspects • Australian ENUM Discussion Group established

separate working group to draft privacy guidelines• Recommendations of privacy working group:

No registrant personal information be exposed to the public via a whois service

A whois service is to be operated for the purposes of technical support but privacy risks to be minimised by:Allowing nameserver operators to opt-outPermitting technical contacts to be a role rather than a

personal identifierOnly requiring technical contacts to provide one form of

contactOnly exposing specific fields to the public

Privacy Aspects Registrant’s personal information collected

during the trial is not to be used for secondary purposes (without the registrant’s express consent

Registrant’s personal information is not to be used after the trial without their express consent

Both Registry and Registrar be treated as an “organisation” under the Privacy Act 1998 and comply with National Privacy Principles and other constraints

Policy Development

– Privacy and security– Rights of Use for ENUM– Charging for ENUM – Competition as we move beyond the trial– Access by agencies like Law Enforcement– Access Emergency services– Equivalent services to people with disabilities