This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
CERT Object summary (for review in Paris)
- Previous message (by thread): Moving the whois protocol discussion
- Next message (by thread): CERT Object summary (for review in Paris)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wilfried Woeber, UniVie/ACOnet
woeber at cc.univie.ac.at
Wed Jan 17 11:30:38 CET 2001
Below please find the most recent summary of our proposal for a "CERT Object", taking into account all the comments I am aware of - as well as a couple of proposals for clarifiaction and open issues. This is for discussion and review by CERTs/IRTs in Barcelona and input for the DB-WG meeting next week in Amsterdam. Attributes that are "DB-Standard" get no tag, the CERT Object specific attributes are tagged with "*". For the description of the "DB-Standard" attributes refer to the DB Software documentation, please. * irt: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [optional] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [look-up key] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] upd-to: [mandatory] [multiple] [inverse key] mnt-nfy: [optional] [multiple] [ ] auth: [mandatory] [multiple] [ ] * mnt-cert: [mandatory] [multiple] [ ] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] * signature: [mandatory] [multiple] [] * encryption: [mandatory] [single] [] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] - The irt: attribute assigns a unique name to an IRT object. Q: [to the NCC DB group] in your example, the IRT: attribute's value looks like a handle, and it is used like a handle in references. Wouldn't it be "cleaner" to allow person: and role: like identifications and assign a handle, which is then used to as a reference? Q: Another issue: assuming that a similar facility becomes available in other registry databases, should we try to "reserve" a handle-suffix for those handles? The use of "RIPE-CERT" got me wondering... - The mnt-cert: attribute points to a key-cert: object; it is checked when this irt object is added to e.g. an inetnum:. For all objects that support a pointer to an irt: object, a new attribute is defined as a reference pointing to an irt: object. This attribute might be named irt-c: or incident-c: Q: from an end-user point of view, wouldn't it be more "obvious" to use abuse-c: ? Q: We said that as a value for the auth: attribute, only PGPKEY-<key-id> would be allowed. Do we really need both, the (restricted) auth: _and_ the mnt-cert: ? - The signature: attribute points to a key-cert: object which defines one or more keys that are user by the CERT's team members to sign and/or encrypt messages sent by the team. - The encryption: attribute points to a key-cert: object which defines the key that should be used to sign and/or encrypt messages sent to the team. Q: should we try to find a more "obvious" name for those tags? I could think of sig-from: and encrypt-to: (similar to SMTP mail from and rcpt to :-) or even from-irt: and to-irt: Wilfried.
- Previous message (by thread): Moving the whois protocol discussion
- Next message (by thread): CERT Object summary (for review in Paris)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]