Database Working Group Minutes from RIPE 51

• content to the Chair of the working group.
  
• format to webmaster@ripe.net.

RIPE51 Database WG draft Minutes
14th October 2005

A. Administrative Matters
    
    * scribe (Nigel Titley, FLAG Telecom)
    * list of participants
    * agenda
    * minutes (please all review and return comments (2 weeks))
    [AP51.1 NT13] To watch list, fold in updates to RIPE-50 minutes and release
       after 2 weeks.
    * "remote participation" coordination (if needed)

    
46.5    WW         Coordinate with RIPE NCC to prepare a document summarizing
                   basic assumptions about the use of the database.
                	
                   [Various documents have been produces, and others need
	           updating, but overtaken by events, Closed]

47.3	RIPE NCC   Write a document properly documenting the use of the
		   IRT object for reporting abuse.
		   [Part of general documentation issue, ongoing]

48.6 RIPE NCC      To change DB behaviour to return IRT object
		   [Misunderstanding of requirement, superceded by
		   AP51.8, complete]
					
49.2	RIPE NCC   Give updates about the number of abuse records
		   in the database to the Working Group.
		   [Sent to list, Complete]

50.1	WW	   Take proposal to make the country attribute optional 
                   and multiple for inetnum and inet6num objects to 
		   the mailing list
		   [Take to policy development process, Ongoing]


B. 	DB Update (N.N., RIPE NCC)
	See presentation
	
	Things are really stable, query rates, update rates, query mix
	etc.  Statistics are all online.  Database documentation is
	being gradually reworked, and is being broken up into various
	reference manuals. Document formats will be PDF and HTML.  New
	whois software is much easier to install (autoconf friendly)
	Signed updates will now expire a week after signature, to
	prevent replay attacks.  WW noted problems with gnupg and
	dates of signature. This will be checked.  
        [AP51.2 RIPE NCC]
	Check gnupgp compatibility before release of functionality.



C	Review of security mechanisms in the DB (Peter K., denic.de)
	. quality of CRYPT-PW, CRYPT-MD5, X.509
		
        This is a proposal to deprecate CRYPT-PW. See presentation.
		
        CRYPT-PW is relatively easy to break. 25% of all maintainer
        objects still contain CRYPT-PW and hence are easy to crack
        (weakest scheme wins).  Why bother? RIPE community responsible
        for the strength of its tools.  MD5-PW is much stronger and
        may be kept, at least for the moment.
		
        It was noted ??-PW cannot prevent replay attacks as there is
        not embedded timestamp, although if you have the update
        message you actually have the password.
		
	It was noted that John the Ripper now supports MD5-PW,
	although at about 100 times slower than CRYPT-PW.
		
	It was agreed that the DB-WG should go with the proposal and
	should have a practice with the Policy Development
	Process.  
        [AP51.3 Peter Koch] Start by formulating the
	proposal on the mailing list.

D.      State of whois services, developments? (WW144, N.N., RIPE NCC)
	
        There are concerns with the privacy of registry data.  WW has
	tried to get different parts of the EU to talk to each other
	and formulate a unified view of requirements, ie is privacy
	important?  AT the moment this is more of a problem in the
	domain name area, but it is possible that it may become an
	issue for IP addresses too. See the next presentation.

E. 	IRIS pilot frontend to whois (Shane Kerr, RIPE NCC)
	See presentation
	
        Please have a look and see if it satisfies user requirements.
	
	It was confirmed that IPv6 is also supported.  There is no
	support for routing policy at the moment in the protocol,
	although this is being looked at, and a set of requirements
	being formulated.  There are some doubts as to the exact
	benefits that IRIS gives to routing registries.  
        [AP51.4 RIPE NCC] Check that the mapping of contacts is indeed
	not properly supported in IRIS (admin-c and tech-c).  
        [AP51.5 RIPE NCC] Check and see if there are any other missing
	attributes that are needed for RIPE community.

F. 	Fact finding: RoutingReg facilities at RIRs (Gert D, SpaceNet)
	No presentation
	
        Do any of the other RiRs have facilities to store RPSL-ng
	objects?  There appear to be no objects in any of the other
	RiRs.  
        [AP51.6 Matt ?? (ARIN)] To find out if any of the other
	routing registries have the ability to store RPSL-ng.

X.      Impact of "PDP" on how the DB-WG operates (WW144) [~15 min] . ref:
	https://www.ripe.net/ripe/docs/ripe-350.html 
        From this WG meeting onwards, any sizeable changes should go
	through the PDP.  Note that this WG is not intended to invent
	things, but to fill in the gaps left by other WGs and make
	sure that they get the appropriate attention.

Y. 	Input from other WGs

        * DNS: secureDNS requirements for the DB This has already been
        covered by the DB Update presentation.  
        [AP51.7 RIPE NCC] Make sure that the proposed DNS Security
        changes are implemented

Z.  AOB Show irt: objects by default on address queries There has been
	some misunderstanding of this requirement. It is still
	necessary to use the -c flag to get the irt: object, whereas
	the requirement was that if the irt: object existed then it
	should be returned.  It was noted that this would result in a
	object being returned which was not actually referred to in
	any of the queried objects. This is a change in behaviour, but
	there was no objection to this.  
        [AP51.8 RIPE NCC] To properly implement behaviour as
	requested.  
        [AP51.9 RIPE NCC] To contact a subset of the spam tool writers
	and make sure that they are aware of the change in behaviour.