The gzip format already contains checksum. Signing is a different issue. But the first question one might ask is why this data is still offered through FTP. Using https would also make most of the signing requirements obsolete. On Sat, Oct 14, 2017 at 1:02 AM, Aliaksei Sheshka via db-wg <db-wg@ripe.net> wrote:
---------- Forwarded message ---------- From: Aliaksei Sheshka <sheshkaoss@gmail.com> To: db-wg@ripe.net Cc: Bcc: Date: Fri, 13 Oct 2017 19:01:56 -0400 Subject: Re: [db-wg] DB signatures I assume time stamps are UTC, ftp shows 10/12/17, 10:12:00 PM, now it is Fri Oct 13 22:57:17 2017 UTC I would say 24h+ update for such data is too much. Also having signatures / checksums is a standard security measure for any downloads and are very easy to implement.
On Fri, Oct 13, 2017 at 1:58 PM, denis walker <ripedenis@yahoo.co.uk> wrote:
Hi Aliaksei
The files are regenerated daily. There are some checks done on the files as part of the generation process, like zero size check or size difference more than some percentage from yesterday. Perhaps the RIPE NCC can comment on the possibility of signing or checksum files?
cheers denis co-chair DB WG
________________________________ From: Aliaksei Sheshka via db-wg <db-wg@ripe.net> To: db-wg@ripe.net Sent: Friday, 13 October 2017, 19:45 Subject: [db-wg] DB signatures
Hello!
I would like to know if there is a plan to sign / checksum files located at ftp://ftp.ripe.net/ripe/dbase/split/ ? Currently there is no mechanism to know if files aren't tampered or corrupted.
My second question is how often those files are updated?
Thanks!
participants (1)
-
Horváth Ágoston János