Hi Denis, Denis Walker wrote: [...]
Why does it matter if people don't have a local copy of the hash? If you want to modify the mntner object (maybe add a new admin-c) and you can't remember the hash value, you can just encrypt your plain text password again and enter a new hash value to the update.
Technically, you are right.
It may be a little bit inconvenient,
... for any definition of *little* :-)
but not a major problem. I don't think even the password owner 'needs' to see the hash.
I think we should think this through to the very end :-) Starting with modifying all the documentation, the training material, the LIR portal, how to manage removal of e.g. 1 out of 2 or 3 hashes. Not talking about the fact that this is a pretty fundamental change to the DB architecture and behaviour. Not from a software development point of view - your view. But there are people out there who do not use commandline tools, but scripts, or applications...
regards Denis Walker RIPE NCC
But if we change stuff, why don't we simply do away with it, instead of plastering around the cracks? Wilfried.