On 2003-03-07 17:56:46 -0500, Larry J. Blunk wrote:
My comment is not specifically related to this proposal, but I have long been concerned about the optional status of the mnt-nfy: attribute. This means if someone cracks a mntner password and begins submitting updates (which naturally will be successful since they have the password), no notification will be sent to the mntner.
I'm not sure of the best way to handle this. I suppose there are some people who don't want to be bothered by notification of successful updates and if they're using PGP that might be okay. It also seems the upd-to attribute name was very poorly chosen as it is difficult to differentiate it's function from that of mnt-nfy (I often get the two confused and I deal with this stuff every day). I personally feel that the mnt-nfy should be mandated in RPSL and those mntner's who do not have one should have it replicated from their upd-to attribute value. For those who really don't care to see the results of successful updates, they could simply direct the email address to /dev/null.
I am personally agnostic on the issue, but do not think there would be a problem making "mnt-nfy:" mandatory. As a data point, of the 8808 maintainers in the RIPE Database, there are 2322 that use password-based authentication (CRYPT-PW or MD5-PW) and have no "mnt-nfy:" attribute. -- Shane Kerr RIPE NCC p.s. I also think that "upd-to:" and "mnt-nfy:" are probably not the best names. But what can we expect of a standard with things like "mntner:" and "aggr-mtd:"? (These names can't be to shorten them, or we wouldn't have "peering-set:" and "mbrs-by-ref:")? Would it make sense to make an alias for "upd-to:" of something reasonable, e.g. "auth-fail-nfy:"?