5. Improve database security
These ideas were discussed at the RIPE-41, the detailed proposals will follow - Deprecate MAIL-FROM as a weak auth scheme that doesn't serve todays's security requirements. This will be done in several phases starting form not allowing updating mntner objects containing this scheme, and ending with not allowing updates to be authorised with MAIL-FROM. - Implement authentication scheme using MD5 as a more secure mechanism compared to crypt. Passphrases can be used instead of 8 character passwords and MD5 fingerprint will be presented in the auth value. - Implement inverse queries on auth, encryption, signature for PGP keys only (key-cert's).
As an alternative to deprecating MAIL-FROM, have you considered sending a response to updates with a random cookie in it and requiring a confirmation message with the cookie? In regards to the MD5 fingerprint, would this be a straight MD5 hash, or something like the FreeBSD MD5-based password hash (which I believe supports passwords longer than 8 chars)? Also, would the hash continue to be openly published? It would seem you would still have to deal with potential dictionary attacks. I understand the Perl-based RIPE server would use a "*" in place of the actual crypt-pw and I've been considering adding support for this in IRRd. Also, I would suggest reading the following paper regarding the strength of traditional Unix crypt, FreeBSD's MD5-based crypt, and OpenBSD's Blowfish- based bcrypt -- http://www.usenix.org/events/usenix99/provos.html Regards, Larry Blunk Merit