This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/db-wg@ripe.net/
[db-wg] Authenticating References to Objects
- Previous message (by thread): [db-wg] Authenticating References to Objects
- Next message (by thread): [db-wg] Authenticating References to Objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Mon May 27 12:39:43 CEST 2019
Ed, On 27/05/2019 11.42, Edward Shryane via db-wg wrote: > Dear Working Group, > > as mentioned at last week's DB-WG meeting, I'd like to propose extending authenticating references to other objects. > > Currently, only references to organisation objects can be protected with the mnt-ref attribute. > > However, we could extend this protection to other types of objects: > > - Abuse-c role > - Technical contact, admin contact, zone contact etc. (person/role) > - Organisation maintainer(s) Indeed the reason that "mnt-ref:" was chosen as a name instead of "mnt-org:" or the like was so that it could be general-purpose. > This would prevent unauthorised references to an organisation's objects (e.g. to impersonate a third party or mis-direct abuse email). > > Please let me know your feedback on this proposal. In principle wider use of "mnt-ref:" makes sense, but I'm not sure exactly what is being proposed. If you mean allowing "mnt-ref:" on *specific* PERSON, ROLE, and MNTNER objects then I think that this is a potential source of confusion, and needlessly complicates the database. (For example, only PERSON objects used as a "tech-c:".) If you mean allowing "mnt-ref:" on *all* PERSON and ROLE objects, then I support that. I am unsure if "mnt-ref:" is necessary on MNTNER objects, as I thought that they already required authentication by the MNTNER object itself to be referred to anywhere ("mnt-by:", "mnt-lower:", "mnt-domains:", or "mnt-routes:")? So, isn't "mnt-ref:" already implicit for MNTNER objects? Also, it's not clear if the proposal includes adding "ref-nfy:" along with "mnt-ref:". I think that should be included as well. Cheers, -- Shane
- Previous message (by thread): [db-wg] Authenticating References to Objects
- Next message (by thread): [db-wg] Authenticating References to Objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]