[db-wg] Proposed change 2003.1: notification for more-specific
- Previous message (by thread): [db-wg] Proposed change 2003.1: notification for more-specific
- Next message (by thread): [db-wg] Proposed change 2003.1: notification for more-specific
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at ripe.net
Mon Mar 10 16:20:28 CET 2003
On 2003-03-07 17:56:46 -0500, Larry J. Blunk wrote: > > My comment is not specifically related to this proposal, but I > have long been concerned about the optional status of the > mnt-nfy: attribute. This means if someone cracks a mntner > password and begins submitting updates (which naturally will be > successful since they have the password), no notification will > be sent to the mntner. > > I'm not sure of the best way to handle this. I suppose there > are some people who don't want to be bothered by notification > of successful updates and if they're using PGP that might be > okay. It also seems the upd-to attribute name was very poorly > chosen as it is difficult to differentiate it's function from > that of mnt-nfy (I often get the two confused and I deal with > this stuff every day). I personally feel that the mnt-nfy > should be mandated in RPSL and those mntner's who do not have > one should have it replicated from their upd-to attribute > value. For those who really don't care to see the results of > successful updates, they could simply direct the email address > to /dev/null. I am personally agnostic on the issue, but do not think there would be a problem making "mnt-nfy:" mandatory. As a data point, of the 8808 maintainers in the RIPE Database, there are 2322 that use password-based authentication (CRYPT-PW or MD5-PW) and have no "mnt-nfy:" attribute. -- Shane Kerr RIPE NCC p.s. I also think that "upd-to:" and "mnt-nfy:" are probably not the best names. But what can we expect of a standard with things like "mntner:" and "aggr-mtd:"? (These names can't be to shorten them, or we wouldn't have "peering-set:" and "mbrs-by-ref:")? Would it make sense to make an alias for "upd-to:" of something reasonable, e.g. "auth-fail-nfy:"?
- Previous message (by thread): [db-wg] Proposed change 2003.1: notification for more-specific
- Next message (by thread): [db-wg] Proposed change 2003.1: notification for more-specific
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]