[db-wg] DB signatures
Tim Bruijnzeels tim at ripe.net
Mon Oct 16 14:29:47 CEST 2017
Dear Aliaksei, working group, The split files, and all other content of the ftp site, are also available on https: https://ftp.ripe.net/ https://ftp.ripe.net/ripe/dbase/split/ They have been available here for quite a while but I realise that this was not widely announced, nor documented. I will make sure that documentation is updated. The files are generated using a snapshot of data at midnight CEST - but take over 2 hours to complete - because we have to filter out personal data. Because this is resource intense, and because there may be scripts out there running at various times in the day and expecting to retrieve the ‘midnight’ snapshot, I am not keen on increasing the frequency unless it’s clear that there is great demand for this. Dependent on your needs the NRTM service may also be a fit for you: https://www.ripe.net/manage-ips-and-asns/db/nrtm-mirroring Kind regards, Tim Bruijnzeels > On 16 Oct 2017, at 11:30, Horváth Ágoston János via db-wg <db-wg at ripe.net> wrote: > > > From: Horváth Ágoston János <horvath.agoston at gmail.com> > Subject: Re: [db-wg] DB signatures > Date: 15 October 2017 at 12:22:03 GMT+2 > To: Aliaksei Sheshka <sheshkaoss at gmail.com> > Cc: "db-wg at ripe.net >> Database WG" <db-wg at ripe.net> > > > The gzip format already contains checksum. > Signing is a different issue. But the first question one might ask is > why this data is still offered through FTP. Using https would also > make most of the signing requirements obsolete. > > On Sat, Oct 14, 2017 at 1:02 AM, Aliaksei Sheshka via db-wg > <db-wg at ripe.net> wrote: >> >> >> ---------- Forwarded message ---------- >> From: Aliaksei Sheshka <sheshkaoss at gmail.com> >> To: db-wg at ripe.net >> Cc: >> Bcc: >> Date: Fri, 13 Oct 2017 19:01:56 -0400 >> Subject: Re: [db-wg] DB signatures >> I assume time stamps are UTC, ftp shows 10/12/17, 10:12:00 PM, now it is Fri Oct 13 22:57:17 2017 UTC >> I would say 24h+ update for such data is too much. >> Also having signatures / checksums is a standard security measure for any downloads and are very easy to implement. >> >> >> On Fri, Oct 13, 2017 at 1:58 PM, denis walker <ripedenis at yahoo.co.uk> wrote: >>> >>> Hi Aliaksei >>> >>> The files are regenerated daily. There are some checks done on the files as part of the generation process, like zero size check or size difference more than some percentage from yesterday. Perhaps the RIPE NCC can comment on the possibility of signing or checksum files? >>> >>> cheers >>> denis >>> co-chair DB WG >>> >>> ________________________________ >>> From: Aliaksei Sheshka via db-wg <db-wg at ripe.net> >>> To: db-wg at ripe.net >>> Sent: Friday, 13 October 2017, 19:45 >>> Subject: [db-wg] DB signatures >>> >>> Hello! >>> >>> I would like to know if there is a plan to sign / checksum files located at >>> ftp://ftp.ripe.net/ripe/dbase/split/ ? >>> Currently there is no mechanism to know if files aren't tampered or corrupted. >>> >>> My second question is how often those files are updated? >>> >>> Thanks!
[ db-wg Archives ]