[db-wg] Another Proposal: Sort of generated Authorized-by Attribute + some PGP stuff

Hi List,

Since Shane has posted some proposals for the RIPE-DB, I have another one:

For Updates which have been authorized by someone using strong 
encryption it would be nice to reflect the key that has been used in the 
object. this is similar to the changed: attribute but should be 
generated by the robot and not filled in by the user.

Why?
At the moment there is no way to tell that data within the Database is 
authentic in a way that it was really put in by the person who is in the 
object (pls. correct me if I am wrong), and the mnt-* just prevents you 
from stealing an object and not from giving it away to pretend 
something. Usually this is not bad, but related to some irt-stuff it can 
give the people the opportunity to pretend to be someone else.
If the authorizing key was reflected in the object, one can check if who 
sent the update....


Something else related to PGP (and discussed with wilfried a while ago):
it would be really nice to be able to link key-certs and persons/roles 
together other than by using remarks.... (as we do it now).

lG uk
-- 
------------------------------------------------------------------------
Ulrich Kiermayr         Zentraler Informatikdienst der Universitaet Wien
Network Security              Universitaetsstrasse 7, 1010 Wien, Austria
------------------------------------------------------------------------
eMail:   ulrich.kiermayr at univie.ac.at          Tel: (+43 1) 4277 / 14104
Hotline: security.zid at univie.ac.at             Fax: (+43 1) 4277 /  9140
------------------------------------------------------------------------
GPG Key fingerprint = BF0D 5749 4DC1 ED74 AB67  7180 105F 491D A8D7 64D8