IRT object and authentication schemes
- Previous message (by thread): IRT object and authentication schemes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Menno Pieters
menno.pieters at stelvio.nl
Thu Oct 31 10:06:19 CET 2002
Havard Eidnes wrote: Håvard, > someone's prodded me wrt. the IRT object registration. This finally > made me take a closer look at the available documentation defining > this object type. I have one question (well, I may have more, but > this one is the most important one, I think): > > In section 5 of > [SNIP] > Is there a logical AND between these two items? (I think there is, > but it really ought to be said explicitly, and the "should pass" > phrase should be replaced by "must pass both of".) Indeed, there is a logical AND. Both the auth: for (any of the) maintainers AND the auth: for the IRT object MUST pass. So, yes, it should (or must?) be a "MUST pass". > This is pretty crucial when evaluating what should be registered in > the IRT object, as unwise choices (no overlap between irt auth: and > mntnr auth:) on this front will at best make it very cumbersome to add > IRT references to inetnum / inet6num objects, requiring nested > signatures (I wonder, does the RIPE DB support that?). The usage of two separate auth: keys is meant to be and yes the database supports double authorization. First the LIR can make the request to add the mnt-irt: attribute to the inet[6]num, sign it and pass this on to the IRT. The IRT in turn signs the signed request to show that the IRT agrees. > Oh, yes, I also think the IRT definition document needs to say a few > words about what specific roles the admin-c and tech-c of an IRT > object is supposed to fill. In fact this is no different than with most other objects that (can) have admin-c and tech-c fiels. E.g. the admin-c can be the head of the IRT and tech-c can be his/her co-workers. Both can be either references to person or role objects. Regards, Menno Pieters -- Menno Pieters - Stelvio Postbus 2171, 3800 CD Amersfoort, the Netherlands Zonnehof 41, 3811 ND Amersfoort, the Netherlands phone: +31-33-4.697.340 / fax: +31-33-4.697.341 XOIP: +31-84-8.720.349 / Web: http://www.stelvio.nl/
- Previous message (by thread): IRT object and authentication schemes
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]