This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Filtering auth: attributes in the whois server
- Previous message (by thread): [db-wg] Filtering auth: attributes in the whois server
- Next message (by thread): [db-wg] Draft Minutes RIPE 63
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Boyle
brian.boyle at heanet.ie
Wed Mar 7 16:29:55 CET 2012
Hi Håvard, All, > In the whois server, if a maintainer object *only* contains > auth: lines using currently deemed to be secure methods > (currently PGP or X.509), then reveal all the auth: lines to > the whois client. Otherwise, if the maintainer object > contains one or more lower-security auth: attribute > (currently MD5-based passwords), filter out *all* the auth: > attributes. I would like to see this implemented, as it involves the least amount of disruption to our existing practices. Indeed, when I first read the documentation of the change, I thought this was in fact how the RIPE-NCC had planned to implement it, but I a closer reading when experience seemed to show otherwise proved me wrong. There is one minor drawback with it, which I feel I could live with (as I don't have any MD5 hashs that I know of to worry about). The change would make it possible to identify mntner objects that have weak MD5 protection, by excluding any that show any auth: attributes. If the actual hash is not disclosed though, I think the risk is minimal for the gain. Best regards, Brian. -- Brian Boyle, Network Services Manager HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +353-1-660 9040 fax: +353-1-660 3666 web: http://www.heanet.ie/
- Previous message (by thread): [db-wg] Filtering auth: attributes in the whois server
- Next message (by thread): [db-wg] Draft Minutes RIPE 63
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]