This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] IRT object creation is easy

Previous message (by thread): [db-wg] IRT object creation is easy
Next message (by thread): [db-wg] IRT object creation is easy

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Denis Walker denis at ripe.net
Tue Mar 16 19:06:21 CET 2004

Hi Jeroen

Jeroen Massar wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Christian Rasmussen [mailto:chr at jay.net] wrote:
> 
> 
>>Im sure that creating an IRT object is doable for any ISP 
>>which takes the time. The reason why I do not wish to use
>>IRT is that it is much too complex
>>for the very simple purpose it should have. It seems to have 
>>been designed to be used for outsourcing of abuse-handling,
>>Im sure some ISP's do this but
>>I haven't yet seen any numbers which justifies a design which 
>>primarily favors these ISP's.
> 
> 
> It is a seperate object, just like what the abuse-c is supposed
> to be, but indeed without the encryption. If you put one pgpkey
> in the RIPE registry you are done, and you should already be
> using signed messages to update your objects anyways.
> 
> 
>>Remove the encryption-thing on the IRT object and let it be 
>>maintained by a maintainer object, then Im sure more ISP's
>>would be willing to implement it,
>>but for it to become a success I still believe the designers 
>>need to pay attention to the needs of those ISP's who have
>>no use for the current version.
> 
> 
> I could live with changing the mnt-irt to be an or case with
> the mnt-by too indeed as currently when one wants to update
> an object protected by the mnt-irt it needs to be signed by
> both the mnt-by and the mnt-irt, when you are 'outsourcing'
> as you call it this is a problem, otherwise one will have
> access to both the maintainer and the irt anyhow.

You only need to include the authorisation for the mnt-irt: when it is first 
added to an object. Once the mnt-irt: is in the object you do not need to 
include this authorisation for subsequent modifications or deletions. Nor do 
you need this authorisation to remove the mnt-irt: from this object. So only 
the addition of an mnt-irt: attribute needs to be authorised by the mnt-irt:. 
(It does not matter if this attribute is included when creating the object or 
added later with a modification of the object, both would require the 
additional authorisation.)

> 
> 
>>I think its very unfortunate that the Ripe DB doesn't have 
>>abuse information on all IP addresses, that should actually
>>be the primary goal for a public
>>IP database, at least from the Internet users perspective.
> 
> 
> Well currently, according to toolwriters, it has, as they will
> just use all the e-mail lines they can find.
> Now there is a good solution, not ;)
> 
> Greets,
>  Jeroen
> 
> -----BEGIN PGP SIGNATURE-----
> Version: Unfix PGP for Outlook
> Comment: Jeroen Massar / http://unfix.org/~jeroen/
> 
> iQBGBAERAgAQCRApqihSMz58IwUCQFc7lgAA5OUAnj9D2qJO0OVwEzz+bJUXwX1A
> Tbx3AKCKHU1lljo9gV+IIs/Wc8uJsavWjA==
> =wszm
> -----END PGP SIGNATURE-----

Best Regards

Denis Walker
RIPE NCC Software Engineering Department

Previous message (by thread): [db-wg] IRT object creation is easy
Next message (by thread): [db-wg] IRT object creation is easy

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]