This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
IRT object and authentication schemes
- Previous message (by thread): Summary of ERX-TF discussion
- Next message (by thread): IRT object and authentication schemes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Havard Eidnes
he at uninett.no
Wed Oct 30 17:20:47 CET 2002
Hi, someone's prodded me wrt. the IRT object registration. This finally made me take a closer look at the available documentation defining this object type. I have one question (well, I may have more, but this one is the most important one, I think): In section 5 of http://www.ripe.net/ripe/docs/irt-object.html I find the following text: When adding a reference to an irt object the update of an inet[6]num should pass the following authorisation checks: * from the irt object itself as specified in one of the "auth:" attribute * from any of the mntner objects that protect the inet[6]num object (i.e. referenced using "mnt-by:" attribute). Is there a logical AND between these two items? (I think there is, but it really ought to be said explicitly, and the "should pass" phrase should be replaced by "must pass both of".) This is pretty crucial when evaluating what should be registered in the IRT object, as unwise choices (no overlap between irt auth: and mntnr auth:) on this front will at best make it very cumbersome to add IRT references to inetnum / inet6num objects, requiring nested signatures (I wonder, does the RIPE DB support that?). Oh, yes, I also think the IRT definition document needs to say a few words about what specific roles the admin-c and tech-c of an IRT object is supposed to fill. Regards, - Håvard
- Previous message (by thread): Summary of ERX-TF discussion
- Next message (by thread): IRT object and authentication schemes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]