Identity Registration Protocol (IRP)
What is Identity Registration Protocol (IRP)?
The Sixscape innovated this high-end secured protocol called Identity Registration Protocol (IRP). It is the first comprehensive PKI protocol. IRP is a new application layer protocol that was created to enable a new connectivity paradigm (i.e.) direct Application to Application Connections.
The special feature about this IRP is that it supports both IPv4 and IPv6. For IPv4, IRP provides a strong replacement for username/password authentication by making X.509 client certificate issuance and management simple, affordable and standardized. For IPv6, it enables a whole new class of applications that go beyond the current client/server paradigm for better scalability, reliability and security.
IRP was reviewed by IANA (Internet Assigned Numbers Authority) and accepted as being a viable protocol that meets current design requirements and is not duplicated in other IETF RFCs. It was assigned port number 4604.
IRP allows any node to register its current IPv6 address so that the IRP server for your domain always contains the most recently registered IPv6 address for all nodes in that domain. So when Alice wants to connect to Bob, she can try the most recent address that worked, but if Bob is no longer there, she can obtain his current IPv6 address (and presence information) from his IRP server, and then connect to him directly to him there. She can easily locate his IRP server by asking DNS to resolve the SRV (Service Locator) record for IRP for his domain (e.g. protocol = tcp, service = irp). That returns the nodename, port number, priority and weight for one or more IRP servers for his domain (e.g. hostname ws4.hughesnet.org, port 4604, priority 10, weight 5). This allows scaling to the entire global Internet.
Three main features of IRP are,
The user directory, which allows users to register identifying information such as name, email address, etc. Each user has a globally unique IRP User ID. Requests can specify which user in a domain for whom they need the IP address and client certificate based on the user’s identity. This is a replacement for LDAP (difficult to use, and not supported by most clients).
Public Key Infrastructure (PKI) is to create and manage X.509 client digital certificates for strong authentication during address registration for each user. The PKI also used for determining the validity and revocation status of any certificate managed by IRP. This replaces existing OCSP (Online Certificate Status Protocol).
The IRP Address Registry is a very fast DNS address registration that can be updated quickly and securely from any location on the IPv6 Internet.