[db-wg] Authenticating References to Objects
- Previous message (by thread): [db-wg] Authenticating References to Objects
- Next message (by thread): [db-wg] Authenticating References to Objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Mon May 27 12:39:43 CEST 2019
Ed, On 27/05/2019 11.42, Edward Shryane via db-wg wrote: > Dear Working Group, > > as mentioned at last week's DB-WG meeting, I'd like to propose extending authenticating references to other objects. > > Currently, only references to organisation objects can be protected with the mnt-ref attribute. > > However, we could extend this protection to other types of objects: > > - Abuse-c role > - Technical contact, admin contact, zone contact etc. (person/role) > - Organisation maintainer(s) Indeed the reason that "mnt-ref:" was chosen as a name instead of "mnt-org:" or the like was so that it could be general-purpose. > This would prevent unauthorised references to an organisation's objects (e.g. to impersonate a third party or mis-direct abuse email). > > Please let me know your feedback on this proposal. In principle wider use of "mnt-ref:" makes sense, but I'm not sure exactly what is being proposed. If you mean allowing "mnt-ref:" on *specific* PERSON, ROLE, and MNTNER objects then I think that this is a potential source of confusion, and needlessly complicates the database. (For example, only PERSON objects used as a "tech-c:".) If you mean allowing "mnt-ref:" on *all* PERSON and ROLE objects, then I support that. I am unsure if "mnt-ref:" is necessary on MNTNER objects, as I thought that they already required authentication by the MNTNER object itself to be referred to anywhere ("mnt-by:", "mnt-lower:", "mnt-domains:", or "mnt-routes:")? So, isn't "mnt-ref:" already implicit for MNTNER objects? Also, it's not clear if the proposal includes adding "ref-nfy:" along with "mnt-ref:". I think that should be included as well. Cheers, -- Shane
- Previous message (by thread): [db-wg] Authenticating References to Objects
- Next message (by thread): [db-wg] Authenticating References to Objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]