[db-wg] abuse-c: proposal

Niall O'Reilly wrote:
> 
> On 29 Jan 2004, at 14:57, Ulrich Kiermayr wrote:
> 
>> [ Niall O'Reilly wrote ]
>>
>>> Do we need a new machinery for this?  If a role or person object 
>>> acquires
>>> a new inverse-key relationship, I would find it reasonable to alert the
>>> 'mnt-by:' and 'notify:' targets as a matter of course.  I don't see the
>>> value in defining new attributes just to cover this.
>>
>>
>> Hmm, I'd prefer the protection from that to happen instead of: Bad Guy 
>> does something -> You hear from it -> You have to persuade the 
>> RIPE-NCC to do something against it (Because you can't do it yourself, 
>> since you do _not_ maintain the object where the reference is in).
> 
> 
> Right.  I should have thought of that.
> 
> For " ... alert the 'mnt-by:' and 'notify:' targets ... "
> read
> " ... alert 'mnt-by:' and 'notify:' targets, and block the update pending
> their confirmation ... ".

Ok, but this in my vision this has 2 drawbacks:

1. Then you cant have the the object itself protected, but leave the
    referencing unprotected. (This is a change in the default behaviout
    that might break tools)

2. There are cases where the one maintaining the data [i.e. content of
    the object] != the one who wants to control who references it.
    [Your Company (auto)-provides the objects contents out of a database
     and protects that path, but leaves it to you or the LIR guy to
     reference te object. ]

lG uk
-- 
Ulrich Kiermayr         Zentraler Informatikdienst der Universitaet Wien
Network - Security - ACOnet-CERT   Universitaetsstrasse 7, 1010 Wien, AT

eMail:      ulrich.kiermayr at univie.ac.at       Tel: (+43 1) 4277 / 14104
PGP Key-ID: 0xA8D764D8                         Fax: (+43 1) 4277 /  9140