[db-wg] IRT object creation is easy
- Previous message (by thread): [db-wg] IRT object creation is easy
- Next message (by thread): [db-wg] IRT object creation is easy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Denis Walker
denis at ripe.net
Tue Mar 16 19:06:21 CET 2004
Hi Jeroen Jeroen Massar wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Christian Rasmussen [mailto:chr at jay.net] wrote: > > >>Im sure that creating an IRT object is doable for any ISP >>which takes the time. The reason why I do not wish to use >>IRT is that it is much too complex >>for the very simple purpose it should have. It seems to have >>been designed to be used for outsourcing of abuse-handling, >>Im sure some ISP's do this but >>I haven't yet seen any numbers which justifies a design which >>primarily favors these ISP's. > > > It is a seperate object, just like what the abuse-c is supposed > to be, but indeed without the encryption. If you put one pgpkey > in the RIPE registry you are done, and you should already be > using signed messages to update your objects anyways. > > >>Remove the encryption-thing on the IRT object and let it be >>maintained by a maintainer object, then Im sure more ISP's >>would be willing to implement it, >>but for it to become a success I still believe the designers >>need to pay attention to the needs of those ISP's who have >>no use for the current version. > > > I could live with changing the mnt-irt to be an or case with > the mnt-by too indeed as currently when one wants to update > an object protected by the mnt-irt it needs to be signed by > both the mnt-by and the mnt-irt, when you are 'outsourcing' > as you call it this is a problem, otherwise one will have > access to both the maintainer and the irt anyhow. You only need to include the authorisation for the mnt-irt: when it is first added to an object. Once the mnt-irt: is in the object you do not need to include this authorisation for subsequent modifications or deletions. Nor do you need this authorisation to remove the mnt-irt: from this object. So only the addition of an mnt-irt: attribute needs to be authorised by the mnt-irt:. (It does not matter if this attribute is included when creating the object or added later with a modification of the object, both would require the additional authorisation.) > > >>I think its very unfortunate that the Ripe DB doesn't have >>abuse information on all IP addresses, that should actually >>be the primary goal for a public >>IP database, at least from the Internet users perspective. > > > Well currently, according to toolwriters, it has, as they will > just use all the e-mail lines they can find. > Now there is a good solution, not ;) > > Greets, > Jeroen > > -----BEGIN PGP SIGNATURE----- > Version: Unfix PGP for Outlook > Comment: Jeroen Massar / http://unfix.org/~jeroen/ > > iQBGBAERAgAQCRApqihSMz58IwUCQFc7lgAA5OUAnj9D2qJO0OVwEzz+bJUXwX1A > Tbx3AKCKHU1lljo9gV+IIs/Wc8uJsavWjA== > =wszm > -----END PGP SIGNATURE----- Best Regards Denis Walker RIPE NCC Software Engineering Department
- Previous message (by thread): [db-wg] IRT object creation is easy
- Next message (by thread): [db-wg] IRT object creation is easy
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]