[db-wg] Update of mntner object with mixed authentication

Hello Wilfried

Long time no seen :)

On Wed, 18 Jul 2012 14:32:11 +0200, "Wilfried Woeber, UniVie/ACOnet" <Woeber at CC.UniVie.ac.at> said:

> Alexander Gall wrote:

>> I'm trying to update the "shared" 6to4 anycast-relay maintainer object
>> RFC3068-MNT.  My own authentication for the object is PGP.  But how
>> the heck do I get a full copy of the object including the other
>> people's MD5 hashes if I don't have a password myself?

> This is one of the (unwanted) side-effects of removing hashes from the
> whois output: the DB object can no longer be used as the primary/authoritative
> copy of the object, and retrieved for submitting an update.

> It should still work as follows, assuming that "one party" still has a "full"
> copy of the object and uses password authentication:

Yes, but that's not exactly practical :/

I can see a workaround for this with webupdate.  Instead of accecpting
only passwords for authentication, the system could create a challenge
that somebody who has a X509 or PGP key could encrypt offline and
present to the system, which could verify it with the corresponding
public key referenced by the mntner object.

-- 
Alex