[ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
- Previous message (by thread): [ncc-services-wg] New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again
- Next message (by thread): [ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Wed Jun 23 09:19:13 CEST 2021
Nick, On 22/06/2021 23.50, Nick Hilliard wrote: > Patrik Fältström wrote on 22/06/2021 21:23: > > With regard to the ripe database and the rpki repo, it doesn't look like > there are any specific legal issues that haven't been considered. All > of this information is publicly accessible anyway. There may well be a > different set of considerations for other types of data. I don't think that is is okay to say "this information is publicly accessible anyway". On a RIPE Database or RPKI server there is meta-data about *who* is accessing the database, including timestamps, source addresses, and possibly other data. There is also meta-data about *what queries* are made to the database. There also things to be learned about replication delays between servers, and surely a lot more that might be of interest to creative folks. I don't know about now, but at one point there were firewalls and/or intrusion-detection systems that would query the RIPE Database to give the admin information about the source of suspicious traffic. An attacker trying to penetrate a network might be able to identify which security products were in use if given unrestricted access to WHOIS query logs. I'm not saying this is a likely scenario, I'm saying we should be cautious about declaring access to data safe. Humans (and increasingly AI) are ingenious about ways to use systems in unintended ways. As a thought experiment to try to demonstrate the idea, how would you feel about a proposal to provide public access to complete system logs of all RIPE Database servers? If that makes you nervous in any way - and I think that it should! - then this is exactly why we should consider the operators hosting RIPE Database (and RPKI) resources important. Cheers, -- Shane -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_0x3732979CF967B306.asc Type: application/pgp-keys Size: 11589 bytes Desc: OpenPGP public key URL: <https://lists.ripe.net/ripe/mail/archives/ncc-services-wg/attachments/20210623/4bb9ba98/attachment-0001.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <https://lists.ripe.net/ripe/mail/archives/ncc-services-wg/attachments/20210623/4bb9ba98/attachment-0001.sig>
- Previous message (by thread): [ncc-services-wg] New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again
- Next message (by thread): [ncc-services-wg] That's So Meta (was Re: New on RIPE Labs: RIPE NCC and the Cloud - Let’s Start Again)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]