This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] MD5 and Password Security in the RIPE DB, Fwd: Wonder if you can help - re: PDP
- Previous message (by thread): [db-wg] MD5 and Password Security in the RIPE DB, Fwd: Wonder if you can help - re: PDP
- Next message (by thread): [db-wg] MD5 and Password Security in the RIPE DB, Fwd: Wonder if you can help - re: PDP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter Koch
pk at DENIC.DE
Tue Dec 13 15:04:47 CET 2011
Nigel, On Tue, Dec 13, 2011 at 10:10:56AM +0000, Nigel Titley wrote: > I think we've seen enough support for this in the community for this to go ahead without invoking the PDP, which as David K has said is really overkill for this sort of thing. > > RIPE NCC can you start this off please? first off, the various proposals really are not PDP issues, so thanks for getting the procedural question sorted. However, what is 'this' in the request above? My current understanding is that we have been going in circles for quite a while with two bullet items being suggested: > >> 1) The first proposal's scope regards the display of the MD5 password > >> hashes in the "auth:" attribute. Since then the DB department > >> published an article recommending the technical solutions of, in short: > >> > >> -filtering out "auth:" attributes from all query results on MNTNER > >>objects -adjusting Webupdates to require maintainer password > >>authorisation over HTTPS before presenting the object to the user for > >>updating. > >> > >> This solution can be easy and quick to implement. They only need some > >> discussion in the DB WG. while I agree that concealing the hashes actually sound like a reasonable approach, it sacrifices a DB invariant, which is: every object will be displayed as-is (-B and other options non-withstanding). > >> 2) The second proposal's scope regards the restriction to secure > >> channels for all the possible mntner authentications. In this > >> instance as well, the NCC can provide some quick technical > >> alternatives for the DB WG to discuss. So, what can we expect the NCC to 'start off'? Apologies for my confusion, Peter
- Previous message (by thread): [db-wg] MD5 and Password Security in the RIPE DB, Fwd: Wonder if you can help - re: PDP
- Next message (by thread): [db-wg] MD5 and Password Security in the RIPE DB, Fwd: Wonder if you can help - re: PDP
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]