|
|
 |
[db-wg] Another Proposal: Sort of generated Authorized-by Attribute + somePGP stuff
- Date: Tue, 04 Mar 2003 16:38:55 +0100
- Organization: Vienna University Computer Center
Hi List,
Since Shane has posted some proposals for the RIPE-DB, I have another one:
For Updates which have been authorized by someone using strong
encryption it would be nice to reflect the key that has been used in the
object. this is similar to the changed: attribute but should be
generated by the robot and not filled in by the user.
Why?
At the moment there is no way to tell that data within the Database is
authentic in a way that it was really put in by the person who is in the
object (pls. correct me if I am wrong), and the mnt-* just prevents you
from stealing an object and not from giving it away to pretend
something. Usually this is not bad, but related to some irt-stuff it can
give the people the opportunity to pretend to be someone else.
If the authorizing key was reflected in the object, one can check if who
sent the update....
Something else related to PGP (and discussed with wilfried a while ago):
it would be really nice to be able to link key-certs and persons/roles
together other than by using remarks.... (as we do it now).
lG uk
--
------------------------------------------------------------------------
Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien
Network Security Universitaetsstrasse 7, 1010 Wien, Austria
------------------------------------------------------------------------
eMail: ulrich.kiermayr@localhost Tel: (+43 1) 4277 / 14104
Hotline: security.zid@localhost Fax: (+43 1) 4277 / 9140
------------------------------------------------------------------------
GPG Key fingerprint = BF0D 5749 4DC1 ED74 AB67 7180 105F 491D A8D7 64D8
|
|
|
|
