Dear Aliaksei, working group, The split files, and all other content of the ftp site, are also available on https: https://ftp.ripe.net/ https://ftp.ripe.net/ripe/dbase/split/ They have been available here for quite a while but I realise that this was not widely announced, nor documented. I will make sure that documentation is updated. The files are generated using a snapshot of data at midnight CEST - but take over 2 hours to complete - because we have to filter out personal data. Because this is resource intense, and because there may be scripts out there running at various times in the day and expecting to retrieve the ‘midnight’ snapshot, I am not keen on increasing the frequency unless it’s clear that there is great demand for this. Dependent on your needs the NRTM service may also be a fit for you: https://www.ripe.net/manage-ips-and-asns/db/nrtm-mirroring Kind regards, Tim Bruijnzeels
On 16 Oct 2017, at 11:30, Horváth Ágoston János via db-wg <db-wg@ripe.net> wrote:
From: Horváth Ágoston János <horvath.agoston@gmail.com> Subject: Re: [db-wg] DB signatures Date: 15 October 2017 at 12:22:03 GMT+2 To: Aliaksei Sheshka <sheshkaoss@gmail.com> Cc: "db-wg@ripe.net >> Database WG" <db-wg@ripe.net>
The gzip format already contains checksum. Signing is a different issue. But the first question one might ask is why this data is still offered through FTP. Using https would also make most of the signing requirements obsolete.
On Sat, Oct 14, 2017 at 1:02 AM, Aliaksei Sheshka via db-wg <db-wg@ripe.net> wrote:
---------- Forwarded message ---------- From: Aliaksei Sheshka <sheshkaoss@gmail.com> To: db-wg@ripe.net Cc: Bcc: Date: Fri, 13 Oct 2017 19:01:56 -0400 Subject: Re: [db-wg] DB signatures I assume time stamps are UTC, ftp shows 10/12/17, 10:12:00 PM, now it is Fri Oct 13 22:57:17 2017 UTC I would say 24h+ update for such data is too much. Also having signatures / checksums is a standard security measure for any downloads and are very easy to implement.
On Fri, Oct 13, 2017 at 1:58 PM, denis walker <ripedenis@yahoo.co.uk> wrote:
Hi Aliaksei
The files are regenerated daily. There are some checks done on the files as part of the generation process, like zero size check or size difference more than some percentage from yesterday. Perhaps the RIPE NCC can comment on the possibility of signing or checksum files?
cheers denis co-chair DB WG
________________________________ From: Aliaksei Sheshka via db-wg <db-wg@ripe.net> To: db-wg@ripe.net Sent: Friday, 13 October 2017, 19:45 Subject: [db-wg] DB signatures
Hello!
I would like to know if there is a plan to sign / checksum files located at ftp://ftp.ripe.net/ripe/dbase/split/ ? Currently there is no mechanism to know if files aren't tampered or corrupted.
My second question is how often those files are updated?
Thanks!
participants (1)
-
Tim Bruijnzeels