This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
CERT Object summary (for review in Paris)
- Previous message (by thread): Moving the whois protocol discussion
- Next message (by thread): CERT Object summary (for review in Paris)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Wilfried Woeber, UniVie/ACOnet
woeber at cc.univie.ac.at
Wed Jan 17 11:30:38 CET 2001
Below please find the most recent summary of our proposal for a "CERT
Object", taking into account all the comments I am aware of - as well as
a couple of proposals for clarifiaction and open issues.
This is for discussion and review by CERTs/IRTs in Barcelona and input
for the DB-WG meeting next week in Amsterdam.
Attributes that are "DB-Standard" get no tag, the CERT Object specific
attributes are tagged with "*". For the description of the "DB-Standard"
attributes refer to the DB Software documentation, please.
* irt: [mandatory] [single] [primary/look-up key]
address: [mandatory] [multiple] [ ]
phone: [optional] [multiple] [ ]
fax-no: [optional] [multiple] [ ]
e-mail: [mandatory] [multiple] [look-up key]
admin-c: [mandatory] [multiple] [inverse key]
tech-c: [mandatory] [multiple] [inverse key]
upd-to: [mandatory] [multiple] [inverse key]
mnt-nfy: [optional] [multiple] [ ]
auth: [mandatory] [multiple] [ ]
* mnt-cert: [mandatory] [multiple] [ ]
remarks: [optional] [multiple] [ ]
notify: [optional] [multiple] [inverse key]
mnt-by: [mandatory] [multiple] [inverse key]
* signature: [mandatory] [multiple] []
* encryption: [mandatory] [single] []
changed: [mandatory] [multiple] [ ]
source: [mandatory] [single] [ ]
- The irt: attribute assigns a unique name to an IRT object.
Q: [to the NCC DB group] in your example, the IRT: attribute's value looks
like a handle, and it is used like a handle in references.
Wouldn't it be "cleaner" to allow person: and role: like
identifications and assign a handle, which is then used to as a
reference?
Q: Another issue: assuming that a similar facility becomes available in
other registry databases, should we try to "reserve" a handle-suffix
for those handles? The use of "RIPE-CERT" got me wondering...
- The mnt-cert: attribute points to a key-cert: object;
it is checked when this irt object is added to e.g. an inetnum:.
For all objects that support a pointer to an irt: object, a new
attribute is defined as a reference pointing to an irt: object.
This attribute might be named irt-c: or incident-c:
Q: from an end-user point of view, wouldn't it be more "obvious" to use
abuse-c: ?
Q: We said that as a value for the auth: attribute, only PGPKEY-<key-id>
would be allowed. Do we really need both, the (restricted) auth: _and_
the mnt-cert: ?
- The signature: attribute points to a key-cert: object which defines one
or more keys that are user by the CERT's team members to sign and/or
encrypt messages sent by the team.
- The encryption: attribute points to a key-cert: object which defines
the key that should be used to sign and/or encrypt messages sent to
the team.
Q: should we try to find a more "obvious" name for those tags?
I could think of sig-from: and encrypt-to: (similar to SMTP mail from
and rcpt to :-) or even from-irt: and to-irt:
Wilfried.
- Previous message (by thread): Moving the whois protocol discussion
- Next message (by thread): CERT Object summary (for review in Paris)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]