telnet interface

  > Geert Jan de Groot <GeertJan.deGroot at ripe.net> writes:
  > 
  > There is no telnet interface for updates. 

We have one coded and it works. It is not in the distribution.
It is deployed only inside the NCC for testing. It works.
See the response from David Kessens who implemented it.
The main problem is authentication.

  > There are a couple of reasons
  > I can think of why a telnet interface is not a good idea:
  > 1. The email interface is generally found sufficient, because a response
  >    (positive or negative) is received within minutes (max), essentially
  >    limited by the speed two email messages are sent/received
  >    (people that have connectivity bad enough for mail to take more than
  >    a minute probably do not want interactive telnet...)

That is perfectly right.
It is why deployment is not a terribly high priority hereabouts.

  > 2. Telnet has no authentication mechanism. Somehow I feel that some kind
  >    of 'login' authentication isn't a good idea.

Yep.

  > 3. Email has an easy way to log transactions. logging telnet is much
  >    more difficult...

Nope. The DB software logging mechanism is independent of the transport
mechanism.  Telnet transactions are logged perfectly well at this point.

  > 4. I can't think of an easy way to authenticate new objects. cut/paste
  >    of PGP signatures looks painful to me. Email headers are useless;
  >    people apperently aren't too fond of password authentication.

Again, see above. Kerberos black telnet sessions are a possibility.
A weaker one is IP peer based authentication. We use that at the moment.

  > Am I missing something?

Yes, that it was implemented partly on your request because the e-mail
responses in the mailbox made the multi-hostmaster synchronisation more 
difficult. ;-)

Daniel



-------- Logged at  Thu Apr 20 14:55:14 MET DST 1995  ---------