This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
Multiple signatures to create a reference to an irt object
- Previous message (by thread): Multiple signatures to create a reference to an irt object
- Next message (by thread): Multiple signatures to create a reference to an irt object
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alexander Gall
gall at switch.ch
Wed Apr 24 19:28:31 CEST 2002
Hello Wilfried > >So far, the response to my query has been, well, nil :-( Maybe I'm asking > >this question on the wrong list? This must have been tested before... > > > >Cheers, > >Alex > > Well, I guess the answers are: > NO (wrong list) and > WELL... (tested for all situations) > > Do you want it on the WG agenda for next week? If it's supposed to work the way I tried but doesn't, I guess so. -- Alex > Wilfried. > > ___________ SWITCH - The Swiss Academic and Research Network ___________ > Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland > gall at switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568 > > > > > Hello > > > > I've been playing around with PGP authentication and irt objects in the > > test database and ran into the following problem. > > > > The relevant objects are > > > > mntner: SWITCH-MNT > > irt: IRT-SWITCH > > inetnum: 130.59.0.0 - 130.59.255.255 > > key-cert: PGPKEY-C3BA4795 > > key-cert: PGPKEY-82146071 > > > > They are all protected by SWITCH-MNT, which has a single auth attribute > > pointing to PGPKEY-C3BA4795. Updates signed with this key work fine. > > > > IRT-SWITCH has the attribute auth: PGPKEY-82146071. > > > > What I would like to do is to add mnt-irt: IRT-SWITCH to the inetnum > > object. If I understood correctly, I have to sign that update with two keys: > > with key C3BA4795 because the inetnum is protected by SWITCH-MNT and with > > 82146071 because a new reference to an irt object needs to be signed by > > the key referenced in the irt's auth attribute. > > > > The question is, which MIME message sent to test-dbm at ripe.net > > does this for me? > > > > My interpretation of the (rather brief) section "3.3.2 PGP support" in the > > handbook is that I need to create a MIME message with nested signatures. > > So, I created such a beast by hand because my mailer can't do that (see > > first attachment). Apparently, the robot checks the outer signature but > > does not recognize the inner multipart/signed content-type (see second > > attachment). > > > > Unless my MIME encoding is wrong (which may well be the case :-) I must > > have misunderstood the mechanism. > > > > Any help is appreciated. > > -- > > Alex > > ___________ SWITCH - The Swiss Academic and Research Network ___________ > > Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland > > gall at switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568 > > -------------------------------------------------------------------------------- >
- Previous message (by thread): Multiple signatures to create a reference to an irt object
- Next message (by thread): Multiple signatures to create a reference to an irt object
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]