FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Previous message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Thu Oct 5 12:02:53 CEST 2006
Hi, (I'm adding db-wg at ripe.net back into the CC: list) On Thu, Oct 05, 2006 at 01:50:09PM +0400, Potapov Vladislav wrote: > > From: Gert Doering [mailto:gert at space.net] > > Changing from CRYPT-PW to MD5-PW doesn't incur any > > operational changes, and doesn't require key management and > > crypto of any sort, but *will* improve security. > No "operational changes"? In the day-to-day operation ("sending in mails to change objects to the RIPE DB") going from CRYPT-PW to MD5-PW *will* *not* *change* *anything*. The mail will still contain a "password: <something>" block, just the way this password is hashed in the maintainer object is different. > Let's look at the plan to get an image that it's not so "problemless". So where exactly *do* you see "problems"? In your mail you speak about "crypto" - which is NOT involved here (except hashing the password) - this proposal is not forcing anybody to go to PGP, just to a different password storing scheme. > I don't speak about RIPE resources which > should support this change. > About security: there was several opponents of your view already. I'm > adding myself to them. Please get a reality check on what is proposed, and what is proposed as replacement. > > From: Gert Doering [mailto:gert at space.net] > > Security issues in the IRR DB impact all of us (like "fake objects, > > use that to leverage a routing attack"). > Let's not say fairy tales about that. I have asked about REAL LIFE > problems with the scheme. Nobody has answered. *Good* security is fixing problems *before* they happen. Like "lock your front door when you leave your house, even if you have never been burglared yet". Gert Doering -- NetMaster -- Total number of prefixes smaller than registry allocations: 98999 SpaceNet AG Mail: netmaster at Space.Net Joseph-Dollinger-Bogen 14 Tel : +49-89-32356-0 D- 80807 Muenchen Fax : +49-89-32356-234
- Previous message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
- Next message (by thread): FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]