ALLOCATED UNSPECIFIED ???
Joao Luis Silva Damas joao at ripe.net
Tue Jun 11 15:09:27 CEST 2002
At 12:03 +0200 11/6/02, Daniel Roesen wrote: >On Tue, Jun 11, 2002 at 09:57:27AM +0200, Marcus Rist wrote: >> In your concrete case this would mean you have to fullfill >> RIPE-NCC-NONE-MNT (inetnum), DE-COLT-MNT (AS9126) and UUNET-MNT >> (220.127.116.11/13). >> >> I don't know how this is possible to achieve. > >Colt signs their request with their PGP key, sending the mail to >UUnet instead of auto-dbm. UUnet then signs the Colt request with their >key and send it to auto-dbm. Caveat: never tested that, but I was told >it should work. This is correct. The authorization model of the RIPE DB is rps-auth (rfc2725). It provides a means of ensuring not only proper authentication (normal maintainers as before) but also provides a means to have proper authorization (when creating a new route, did the owner of the AS allow to put them down as origin AS, and did the holder of the address space allow the AS holder to announce the prefix?) PGP is the best suited way of doing this. MAIL-FROM fails because an email can only have one from address. Passwords have the little problem that, since the password is sent in cleartext in the update, you would disclose your password to someone else when co-signing an update. So if you need to do co-signing the advise is to use PGP in your maintainers Regards Joao Damas RIPE NCC > >Regards, >Daniel
[ lir-wg Archives ]