This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
- Next message (by thread): [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Christoffer Hansen (Lists)
netravnen+lists at gmail.com
Thu Nov 1 15:35:54 CET 2018
Dear DB WG, It came to my attention the RIPE NCC Database does not do validation of signed updates. (Other than checking the key is allowed to sign updates for object(s) in question) I got the understanding from writing to DB-WG-Chairs this was a decision made years back. I think is less than optimal from a security perspective an signed update (with GPG and/or X509 certs) is not validated against (1) when the update was signed (E.g. signing was done 10 minutes ago) and (2) that the expiration date for the keys are not validated. Usually I will expect if I revoke a GPG-key|X509-cert. It cannot be used any more. But the RIPE NCC Database does still allow this currently. This is relevant in the case I ever lose a private GPG-key|X509-cert to less than friendly 3rd-parties. And the lost private GPG-key|X509-cert is the one used for signing updates to the database. What I have in mind. Is the RIPE NCC Database begins verifying validity (not revoked and/or expired) of GPG-key|X509-cert used to sign updates with. Christoffer
- Next message (by thread): [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]