This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/ncc-services-wg@ripe.net/
[ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
- Previous message (by thread): [ncc-services-wg] New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again
- Next message (by thread): [ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed Jun 23 09:19:13 CEST 2021
Nick, On 22/06/2021 23.50, Nick Hilliard wrote: > Patrik Fältström wrote on 22/06/2021 21:23: > > With regard to the ripe database and the rpki repo, it doesn't look like > there are any specific legal issues that haven't been considered. All > of this information is publicly accessible anyway. There may well be a > different set of considerations for other types of data. I don't think that is is okay to say "this information is publicly accessible anyway". On a RIPE Database or RPKI server there is meta-data about *who* is accessing the database, including timestamps, source addresses, and possibly other data. There is also meta-data about *what queries* are made to the database. There also things to be learned about replication delays between servers, and surely a lot more that might be of interest to creative folks. I don't know about now, but at one point there were firewalls and/or intrusion-detection systems that would query the RIPE Database to give the admin information about the source of suspicious traffic. An attacker trying to penetrate a network might be able to identify which security products were in use if given unrestricted access to WHOIS query logs. I'm not saying this is a likely scenario, I'm saying we should be cautious about declaring access to data safe. Humans (and increasingly AI) are ingenious about ways to use systems in unintended ways. As a thought experiment to try to demonstrate the idea, how would you feel about a proposal to provide public access to complete system logs of all RIPE Database servers? If that makes you nervous in any way - and I think that it should! - then this is exactly why we should consider the operators hosting RIPE Database (and RPKI) resources important. Cheers, -- Shane -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x3732979CF967B306.asc Type: application/pgp-keys Size: 11589 bytes Desc: OpenPGP public key URL: </ripe/mail/archives/ncc-services-wg/attachments/20210623/4bb9ba98/attachment-0001.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: </ripe/mail/archives/ncc-services-wg/attachments/20210623/4bb9ba98/attachment-0001.sig>
- Previous message (by thread): [ncc-services-wg] New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again
- Next message (by thread): [ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]