<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 16px; font-family: Calibri, sans-serif; ">
<div>Looks like I need to get a policy proposal together then….</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Kaveh Ranjbar <<a href="mailto:kranjbar@ripe.net">kranjbar@ripe.net</a>><br>
<span style="font-weight:bold">Date: </span>Tue, 8 Nov 2011 15:22:37 +0100<br>
<span style="font-weight:bold">To: </span><<a href="mailto:db-wg@ripe.net">db-wg@ripe.net</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [db-wg] Disallowing MD5 passwords in e-mail updates, was MD5 Hashes in the database<br>
</div>
<div><br>
</div>
<div>
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div>Dear colleague,</div>
<div><br>
</div>
<div>Since any change in the current process means significantly changing the behaviour of the RIPE Database* and will break existing use cases of the system, it is not something the RIPE NCC can make a decision on. </div>
<div>The change should come from and get approved by the community and the RIPE NCC can then implement it. Obviously we as RIPE NCC can suggest technical solutions -and that's why we have brought up the issue on different occasions- but still, agreeing on and
implementing them will require community's consensus.</div>
<div><br>
</div>
<div>In the mean time we are publishing an article on RIPE Labs outlining the current situation and highlighting the problem statement as well as guidelines for mitigating the risk until a full solution is found. </div>
<div>We are also adding a password strength indicator to the online MD5 hash generator as an additional measure.</div>
<div><br>
</div>
<div>Kind Regards,</div>
<div>Kaveh Ranjbar,</div>
<div>RIPE Database Group Manager</div>
<div><br>
</div>
<div>*- As an example, current Update process requires the full object -including the hashes for maintainer objects- to be used in the update message.</div>
<div><br>
</div>
<div> <br>
<div>
<div>On Nov 8, 2011, at 3:01 PM, virtu virtualabs wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; ">That
would mean RIPE NCC did not do anything while people has been aware of this fact since 2 years ?</span></blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</body>
</html>