[db-wg] Filtering auth: attributes in the whois server
- Previous message (by thread): [db-wg] Filtering auth: attributes in the whois server
- Next message (by thread): [db-wg] Draft Minutes RIPE 63
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Brian Boyle
brian.boyle at heanet.ie
Wed Mar 7 16:29:55 CET 2012
Hi Håvard, All, > In the whois server, if a maintainer object *only* contains > auth: lines using currently deemed to be secure methods > (currently PGP or X.509), then reveal all the auth: lines to > the whois client. Otherwise, if the maintainer object > contains one or more lower-security auth: attribute > (currently MD5-based passwords), filter out *all* the auth: > attributes. I would like to see this implemented, as it involves the least amount of disruption to our existing practices. Indeed, when I first read the documentation of the change, I thought this was in fact how the RIPE-NCC had planned to implement it, but I a closer reading when experience seemed to show otherwise proved me wrong. There is one minor drawback with it, which I feel I could live with (as I don't have any MD5 hashs that I know of to worry about). The change would make it possible to identify mntner objects that have weak MD5 protection, by excluding any that show any auth: attributes. If the actual hash is not disclosed though, I think the risk is minimal for the gain. Best regards, Brian. -- Brian Boyle, Network Services Manager HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +353-1-660 9040 fax: +353-1-660 3666 web: http://www.heanet.ie/
- Previous message (by thread): [db-wg] Filtering auth: attributes in the whois server
- Next message (by thread): [db-wg] Draft Minutes RIPE 63
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]