This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Updating maintainer objects with filtered auth lines
- Previous message (by thread): [db-wg] Updating maintainer objects with filtered auth lines
- Next message (by thread): [db-wg] Updating maintainer objects with filtered auth lines
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Daniel Stolpe
stolpe at resilans.se
Fri Aug 21 13:46:54 CEST 2015
Hi Denis, I know it might sound odd but I do know perfectly well who this password belongs to. The typical case when this happens is when an organization has an LIR, they have no idea what it is all about and the only auth is a password. Then they find that there are other organizations out there able to help them. They hire one of these to do registry stuff for them, and then they are told to add a couple of PGP keys into the mnt object. As stated somewhere earlier you could of course go for adding another "mnt-by" everywhere, but that means a lot of updating, compared to just adding a few more auth lines into the current mnt object. Cheers, Daniel On Fri, 21 Aug 2015, denis wrote: > Hi Daniel > > Maybe I can bounce this back at you in the form of another question...who > does this password belong to that you don't want to disturb? It sounds like > you don't know who has access to this data. > > This has been one of the issues with the MNTNER object since it's inception. > It is a bucket full of anonymous security tokens. Personalised auth won't > help much with this until all auth is moved into PERSON objects. > > cheers > denis > > On 20/08/2015 13:43, Daniel Stolpe wrote: >> >> I just had a very specific experience but this is a general problem. >> >> What I wanted to do was update a maintainer object in the database. No >> problems since I was authorized via a PGP key. The problem was that one >> of the lines looked like: >> >> auth: MD5-PW # Filtered >> >> And although I have no personal use for the md5 hash I did not want to >> disturb users who might have. I asked the NCC for advice and the answers >> were like "if you have an access account" (yes) you can add a line >> "auth: SSO xxxx at xxxx.xx" (yes). Still not a solution to my problem since >> adding the SSO line would just break the md5 anyway. >> >> The solution this time was that I eventually found a local copy of the >> object with the md5 hash unfiltered. >> >> I know the md5 hashes are a security problem and I do not recommend >> anyone using them but as long as they are there the filtering causes >> trouble. And by the way, we now see a lot of >> >> auth: SSO # Filtered >> >> What I am looking for is a way to retrieve the whole unfiltered object >> for anyone authorized, or, at least, a possibility to updated the object >> without touching the filtered lines. >> >> >> Maybe you could send a PGP signed request, not for updating but just for >> viewing the complete object? >> >> >> Best Regards, >> >> Daniel Stolpe >> >> _________________________________________________________________________________ >> >> Daniel Stolpe Tel: 08 - 688 11 81 >> stolpe at resilans.se >> Resilans AB Fax: 08 - 55 00 21 63 >> http://www.resilans.se/ >> Box 45 094 556741-1193 >> 104 30 Stockholm _________________________________________________________________________________ Daniel Stolpe Tel: 08 - 688 11 81 stolpe at resilans.se Resilans AB Fax: 08 - 55 00 21 63 http://www.resilans.se/ Box 45 094 556741-1193 104 30 Stockholm
- Previous message (by thread): [db-wg] Updating maintainer objects with filtered auth lines
- Next message (by thread): [db-wg] Updating maintainer objects with filtered auth lines
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]