This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
IRT object and authentication schemes
- Previous message (by thread): IRT object and authentication schemes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Menno Pieters
menno.pieters at stelvio.nl
Thu Oct 31 10:06:19 CET 2002
Havard Eidnes wrote: Håvard, > someone's prodded me wrt. the IRT object registration. This finally > made me take a closer look at the available documentation defining > this object type. I have one question (well, I may have more, but > this one is the most important one, I think): > > In section 5 of > [SNIP] > Is there a logical AND between these two items? (I think there is, > but it really ought to be said explicitly, and the "should pass" > phrase should be replaced by "must pass both of".) Indeed, there is a logical AND. Both the auth: for (any of the) maintainers AND the auth: for the IRT object MUST pass. So, yes, it should (or must?) be a "MUST pass". > This is pretty crucial when evaluating what should be registered in > the IRT object, as unwise choices (no overlap between irt auth: and > mntnr auth:) on this front will at best make it very cumbersome to add > IRT references to inetnum / inet6num objects, requiring nested > signatures (I wonder, does the RIPE DB support that?). The usage of two separate auth: keys is meant to be and yes the database supports double authorization. First the LIR can make the request to add the mnt-irt: attribute to the inet[6]num, sign it and pass this on to the IRT. The IRT in turn signs the signed request to show that the IRT agrees. > Oh, yes, I also think the IRT definition document needs to say a few > words about what specific roles the admin-c and tech-c of an IRT > object is supposed to fill. In fact this is no different than with most other objects that (can) have admin-c and tech-c fiels. E.g. the admin-c can be the head of the IRT and tech-c can be his/her co-workers. Both can be either references to person or role objects. Regards, Menno Pieters -- Menno Pieters - Stelvio Postbus 2171, 3800 CD Amersfoort, the Netherlands Zonnehof 41, 3811 ND Amersfoort, the Netherlands phone: +31-33-4.697.340 / fax: +31-33-4.697.341 XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/
- Previous message (by thread): IRT object and authentication schemes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]