Hi I have just been thinking about this discussion and have a suggestion. I have not thought it all the way through the code so it is only an idea at this stage. We can obscure the authentication information from mntner, key-cert and irt objects and make it no longer publically accessible. This would initially give rise to the problems illustrated below. We can get round these problems using dbupdate. We can add a new keyword 'full' to be used in the subject line of an e-mail update or entered through webupdates/syncupdates. If this keyword is used and at least the primary keys and source attributes are supplied with correct authentication, dbupdate can return the full object from the database. This effectively makes dbupdate a query mechanism. But this would only need to be done for modifications and deletions of mntner, key-cert and irt objects. These are only a small percentage of the updates we receive. This is not a proposal, it is just an idea. If there is any interest in the idea then we can spend some time looking at it in more detail. regards denis Software Engineering Department RIPE NCC Markus Werner wrote:
Hello All,
At the first place it is a good Idea to removed MD5-Hashes from public view. But there a some stuff that should be though of.
- At the moment you have to supply the hole object if you delete an object. -> So you have to store the origin object locally. -> Is it a good Idea to remove an object when someone submitting it without the crypted pw's ?
- How can you remove password in this case? -> Simply by submitting the object without the auth attributes that contain MD5-PW's is IMHO error prone.
I decided (in 2005) to remove the MD5-PW at all. We just use pgp keys andfor fallback the X509 cert from the LIR Portal. The lir Portal account uses also PKI login and has as fallback a password.
And if the worse case happens, you could ask the hostmaster@ripe.net to unlock the maintainer for you. But IMHO the worse case doesn't happen all to often. Anyway the RIPE-NCC should considere to bill cases if somebody ask twice a day:-)
IMHO you should not remove the PGP-Keys and the X509 Cert from public view. It see no sercurity reasons for this.
with kind regards || Mit freundlichen Gruessen
i.A. Markus Werner