This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Previous message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
Next message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tim Bruijnzeels tim at ripe.net
Tue Jul 14 15:57:36 CEST 2015

Dear working group,

> On Jul 14, 2015, at 12:22 PM, Gert Doering <gert at space.net> wrote:
> 
> Hi,
> 
> On Tue, Jul 14, 2015 at 12:20:20PM +0300, Vladislav V. Prodan wrote:
>> E-mail newsletter for these maintainer you tried to do?
>> Where instructions to restore access?
> 
> Maintainers *have* been contacted well in advance, with a simple web form
> to change their passwords provided.

We contacted 7100 active maintainers, meaning maintainers that had made any successful update over the last 12 months. Out of this group 5709 (80%) have reset their password.

The remaining maintainers can use the normal maintainer reset process here:
https://apps.db.ripe.net/change-auth/#/

As communicated on 17 June inactive maintainers were not contacted:

> Note that we do not plan to contact inactive maintainers individually beforehand, or send notifications about this change. Instead we will include a remark in these maintainers explaining why these maintainers were locked and refer to the "forgot mntner password process": https://apps.db.ripe.net/change-auth
> 
> The reason for this is simple. We are simply not able to handle the additional load of supporting password resets for 20,000 inactive maintainers. We can and will however, deal with access recovery requests for these maintainer as needed.

Note that many inactive will have forgotten their passwords, so the reset process cannot be used by them. Also many of these maintainers are not actively used, and therefore resetting the passwords for them is not as time critical. Considering that we would not have been able to deal with the load of performing due diligence checks for ALL these maintainers, and the risk we were running with the old password hashes surfacing, we could not postpone and buy more time either. Therefore we opted for helping this group on a case by case basis and spreading the load.

Kind regards,

Tim Bruijnzeels

> 
> If people can't be bothered, they will notice now.
> 
> Gert Doering
>        -- NetMaster
> -- 
> have you enabled IPv6 on something today...?
> 
> SpaceNet AG                        Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14          Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen                   HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444           USt-IdNr.: DE813185279

Previous message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods
Next message (by thread): [db-wg] MD5s of the RIPE database, Deprecation of MD5 and safe authentication methods

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ db-wg Archives ]