About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: RPSL authentication mechanisms

  • To: Andrei Robachevsky < >
  • From: David Kessens < >
  • Date: Tue, 23 Apr 2002 12:44:02 -0700
Andrei,

On Tue, Apr 23, 2002 at 01:43:00PM +0200, Andrei Robachevsky wrote:
> Hi,
> 
> David Kessens wrote:
> 
> > Ping,
> > 
> > On Fri, Apr 19, 2002 at 01:07:03PM -0400, Lu, Ping wrote:
> > 
> >>One easy way may be to translate/filter the query output to mask the hash
> >>string with '*'
> >>based on where the query coming from. If the address is authorized then pass
> >>the query output
> >>without filtering.
> >>
> > 
> > That's how I implemented it.
> 
> 
> The problem here is that you either need to map the address to a 
> particular mntner (or group of mntners), or to to allow all authorised 
> users to see all the data uncensored. To say nothing about maintaining 
> an acl of 7000 plus entries (# of mntners in the RIPE DB).

I am showing the crypted password only to real-time mirror feeds and
then only to those feeds who really need the crypted password part of
the data. This acl is rather short. I was thinking in terms of queries
from approved mirror sites. 

I don't show the crypted password to the mntners, they supposedly
already know their password :-).

David K.
---
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community