2012/2/15
<db-wg-request@ripe.net>
Send db-wg mailing list submissions to
db-wg@ripe.net
To subscribe or unsubscribe via the World Wide Web, visit
https://www.ripe.net/mailman/listinfo/db-wg
or, via email, send a message with subject or body 'help' to
db-wg-request@ripe.net
You can reach the person managing the list at
db-wg-owner@ripe.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of db-wg digest..."
Today's Topics:
1. Suggestion for a way to retrieve filtered objects
(Anders Mundt Due)
----------------------------------------------------------------------
Message: 1
Date: Tue, 14 Feb 2012 18:10:33 +0100
From: "Anders Mundt Due" <anders.mundt.due@uni-c.dk>
Subject: [db-wg] Suggestion for a way to retrieve filtered objects
To: "Database WG" <db-wg@ripe.net>
Message-ID:
<80D52320F10F9143AF3670B571348EEA01F497BB@LGBEXCHANGE01.unic.local>
Content-Type: text/plain; charset="UTF-8"
Hi there,
We just had a problem with the RFC3068-MNT object, from what I can see, if you have an object with at least one
auth: MD5 ...
Only people that have one of the passwords can see the object in the webupdater and get the full object to manipulate the object.
So now, instead of having a chance to get rid of shared passwords/passphrases, everybody needs to have one, because of the way objects are filtered.
Only idea I've had so far, would be that there should be a way to request an object in a way where I can authenticate with my PGPKEY, for instance using email and not a webbrowser, so I'd sign a mail requesting an object, with a key that would be listed as authentication in the object I request, and that would return the unfiltered object to me.
Of course, the other solution is to just get hold of all the people with an auth: MD5 line and make them take it out, that way you can get the full object without authenticating on the webupdater.
I'm not sure if my thought here is useable, good or practical. But it someone can come up with a brilliant way to make shared objects of this kind smoothly, I suspect the people implementing the database will be eager to hear about it, and at the very least the people behind RFC3068-MNT will be gratefull.
/Anders
Forskningsnettet dk.denet
End of db-wg Digest, Vol 6, Issue 2
***********************************