This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] crypted password

Previous message (by thread): [db-wg] crypted password
Next message (by thread): [db-wg] crypted password

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Denis Walker denis at ripe.net
Tue Jul 25 12:25:08 CEST 2006

Hi

I have just been thinking about this discussion and have a suggestion. I
have not thought it all the way through the code so it is only an idea
at this stage.

We can obscure the authentication information from mntner, key-cert and
irt objects and make it no longer publically accessible. This would
initially give rise to the problems illustrated below.

We can get round these problems using dbupdate. We can add a new keyword
'full' to be used in the subject line of an e-mail update or entered
through webupdates/syncupdates. If this keyword is used and at least the
primary keys and source attributes are supplied with correct
authentication, dbupdate can return the full object from the database.

This effectively makes dbupdate a query mechanism. But this would only
need to be done for modifications and deletions of mntner, key-cert and
irt objects. These are only a small percentage of the updates we receive.

This is not a proposal, it is just an idea. If there is any interest in
the idea then we can spend some time looking at it in more detail.

regards
denis
Software Engineering Department
RIPE NCC

Markus Werner wrote:

>Hello All,
>
>At the first place it is a good Idea to removed MD5-Hashes from public view.
>But there a some stuff that should be though of.
>
>- At the moment you have to supply the hole object if you delete an object.
> -> So you have to store the origin object locally.
> -> Is it a good Idea to remove an object when someone submitting it
>without the crypted pw's ?
>
>- How can you remove password in this case?
>  -> Simply by submitting the object without the auth attributes that
>contain MD5-PW's is IMHO error prone.
>
>
>I decided (in 2005) to remove the MD5-PW at all. We just use pgp keys
>andfor fallback the X509 cert from the LIR Portal. The lir Portal
>account uses also PKI login and has as fallback a password.
>
>And if the worse case happens, you could ask the hostmaster at ripe.net to
>unlock the maintainer for you.
>But IMHO the worse case doesn't happen all to often. Anyway the RIPE-NCC
>should considere to bill cases if somebody ask twice a day:-)
>
>IMHO you should not remove the PGP-Keys and the X509 Cert from public
>view. It see no sercurity reasons for this.
>
>
>
>with kind regards || Mit freundlichen Gruessen
>
>i.A. Markus Werner
>
>  
>

Previous message (by thread): [db-wg] crypted password
Next message (by thread): [db-wg] crypted password

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]