[db-wg] Filtering auth: attributes in the whois server

Hi Denis+all,


Am 07.03.2012 um 15:36 schrieb Denis Walker:

> Dear Colleagues,
> 
> To clarify one point, use of Webupdates does not require any account or
> membership. It is a free to use tool for anyone to update the RIPE
> Database over secure https. For MNTNER objects with only PGP
> authentication, no authentication is asked for when using Webupdates to
> view the MNTNER object.
> 
> The alternative suggestion for not filtering "auth:" attributes in
> MNTNER objects with PGP only would still fit with the community
> requirements for security of password hashes. The RIPE NCC implemented a
> proposal that had consensus from the community at the time. If there is
> a new consensus to change this, the RIPE NCC will implement the change.


since i'm one of the guys who still loves his password authentication as
last resort, it doesn't really matter to me (until i can finally overcome
my fear of not being able to update the database when i only have my not-so-smartphone
with me or something :-> ).

But anyways, i do support this change, since it makes much more sense for those
who feel more secure with only key authentication. 
If it's possible to implement that without too much hassle, this suggestions
has my support.

-- 
Mit freundlichen Grüßen / Kind Regards

Sascha Lenz [SLZ-RIPE]
Senior System- & Network Architect