Hi Denis On Wed, 18 Jul 2012 15:11:01 +0200, Denis Walker <denis@ripe.net> said:
The current arrangement of hiding MD5 password hashes is based on a series of community discussions and two iterations of the implementation. Although the consensus is that hiding the hashes is beneficial from a security point of view, unfortunately this does result in some corner cases that are not easy to resolve. This is an extreme example of such a corner case with so many people sharing the use of one MNTNER.
Currently there is no simple way for a user with only PGP credentials to modify a MNTNER object like this one. Only one of the users with a password can query the full object. Wilfried has suggested one work around. Bear in mind that these corner cases only occur when there is a mixture of credential options. If all users used either password or PGP there is no issue. So another work around in this case could be for the PGP users to included a strong password as well. As there are already so many passwords in this object, perhaps this would not affect the overall security level.
Yes, that's the path I've taken.
The RIPE NCC is currently re-developing the whole of the RIPE Database update software. As part of this process the RIPE NCC would like to put a proposal to the community for additional authentication options including an extension to the RIPE NCC Single Sign On service (SSO) to cover authentication of updates to the RIPE Database. This could provide a long term solution to the MNTNER problem.
We are still in the early stages of this re-development, which we expect to last for a few months. So we don't yet have the full details of additional authentication options. But when we do we will submit it to the community for consideration. The RIPE NCC is also always open to suggestions from the community for solutions to known problems.
For the case at hand, it would be enough to have a method to authenticate *queries* for mntner objects with any of the valid methods for updates (not just passwords). Regards, Alex