[db-wg] MD5 and Password Security in the RIPE DB, Fwd: Wonder if you can help - re: PDP

Nigel,

On Tue, Dec 13, 2011 at 10:10:56AM +0000, Nigel Titley wrote:
> I think we've seen enough support for this in the community for this to go ahead without invoking the PDP, which as David K has said is really overkill for this sort of thing.
> 
> RIPE NCC can you start this off please?

first off, the various proposals really are not PDP issues, so thanks for getting
the procedural question sorted.  However, what is 'this' in the request above?
My current understanding is that we have been going in circles for quite a while
with two bullet items being suggested:

> >> 1) The first proposal's scope regards the display of the MD5 password 
> >> hashes in the "auth:" attribute. Since then the DB department 
> >> published an article recommending the technical solutions of, in short:
> >> 
> >> -filtering out "auth:" attributes from all query results on MNTNER 
> >>objects  -adjusting Webupdates to require maintainer password 
> >>authorisation over  HTTPS before presenting the object to the user for 
> >>updating.
> >> 
> >> This solution can be easy and quick to implement. They only need some 
> >> discussion in the DB WG.

while I agree that concealing the hashes actually sound like a reasonable approach,
it sacrifices a DB invariant, which is: every object will be displayed as-is
(-B and other options non-withstanding).

> >> 2) The second proposal's scope regards the restriction to secure 
> >> channels for all the possible mntner authentications. In this 
> >> instance as well, the NCC can provide some quick technical 
> >> alternatives for the DB WG to discuss.

So, what can we expect the NCC to 'start off'?

Apologies for my confusion,
       Peter