From https://apps.db.ripe.net/webupdates/search.html altough I can query
Dear members, Maybe a stupid question, but I am used to update objects via signed emails. Now, a mntner object cannot be queried fully, I got a filtered result always, even with the maintainer not containing md5 passwords. So I am missing the auth: fields. $ whois -T mntner -B -r MNT-RK1387-RIPE % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Information related to 'MNT-RK1387-RIPE' mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE # Filtered the full object: mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu auth: PGPKEY-8F59B1B7 auth: X509-2577 mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore. Any suggestions are welcome. Regards, Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
On 17 Feb 2012, at 15:19, Richard Kojedzinszky wrote:
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore. Any suggestions are welcome.
I noticed this while trying to do the same yesterday — seems you have to authenticate with the RIPE DB first — via the website. Even specifying "-B" on the whois query you still get a "source: RIPE #Filtered" line. Of course, how one authenticates with the website when it only supports MD5 password authentication... yes, this is interesting. Marek Isalski Hostmaster, Faelix Limited, AS41495
On 02/17/2012 04:33 PM, Marek Isalski wrote:
On 17 Feb 2012, at 15:19, Richard Kojedzinszky wrote:
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore. Any suggestions are welcome.
I noticed this while trying to do the same yesterday — seems you have to authenticate with the RIPE DB first — via the website. Even specifying "-B" on the whois query you still get a "source: RIPE #Filtered" line.
Of course, how one authenticates with the website when it only supports MD5 password authentication... yes, this is interesting.
Hi, Well, you can switch to the textarea-view, GPG-sign your update and submit it there - no prior MD5-authentication required :-) (And for doing that using Firefox the great FireGPG-extension comes in handy.) Kind regards, Stefan Neufeind
hmm.. as the ripe db needs an exact copy of the current contents before deleting old objects, which we usually obtain from whois... i guess that script no longer works :P anyway, the ripe mailrobot needs a better way to just "delete all objects that are within inetnum: this-until-that" anyway, rather than having to whois the whole pile of crap ip-by-ip to find leftovers :P (why the hell does it need anything besides inetnum: bla-bla and "delete" and the password anyway, not to mention the "overlaps are not covered for" thing ;) see this is why you -need- the whois output to work, scripted deletes require it ;) (just clearing it all and generating new entries from the route table + database is much easier than updating old junk, but the delete process is a bit... crappy ;) not sure how to do this on ipv6 anyway... ipv6 is a bit -much- to just whois one by one to delete the leftovers *grin* maybe an option to clear an entire PA network (and then just re-create the ones actually in use ;) would be .. practical... -- Greetings, Sven Olaf Kamphuis, CB3ROB Ltd. & Co. KG ========================================================================= Address: Koloniestrasse 34 VAT Tax ID: DE267268209 D-13359 Registration: HRA 42834 B BERLIN Phone: +31/(0)87-8747479 Germany GSM: +49/(0)152-26410799 RIPE: CBSK1-RIPE e-Mail: sven@cb3rob.net ========================================================================= <penpen> C3P0, der elektrische Westerwelle http://www.facebook.com/cb3rob ========================================================================= Confidential: Please be advised that the information contained in this email message, including all attached documents or files, is privileged and confidential and is intended only for the use of the individual or individuals addressed. Any other use, dissemination, distribution or copying of this communication is strictly prohibited. On Fri, 17 Feb 2012, Marek Isalski wrote:
On 17 Feb 2012, at 15:19, Richard Kojedzinszky wrote:
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore. Any suggestions are welcome.
I noticed this while trying to do the same yesterday — seems you have to authenticate with the RIPE DB first — via the website. Even specifying "-B" on the whois query you still get a "source: RIPE #Filtered" line.
Of course, how one authenticates with the website when it only supports MD5 password authentication... yes, this is interesting.
Marek Isalski Hostmaster, Faelix Limited, AS41495
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.
Dear Richard There is an easy way to do this with Webupdates. Starting with the "Modify or Delete an object" page on the url you mentioned, https://apps.db.ripe.net/webupdates/search.html, enter your MNTNER object name in the search box then select the "modify object in single text area" option. When you click on "Search" you will see the full object, including the "auth:" attributes, in a text area. You can copy and paste this data and use any update method you choose. Please note that this only has an impact on changes to the MNTNER object itself, as requested by the community through the RIPE Database Working Group (DB WG) to hide the MD5 hashes from public view. Changing any other object type remains as it was. The change was discussed in detail on the DB WG mailing list. If you have any suggestions on this behaviour, you may wish to discuss them on that list. Full details of how the new process works can be seen here: https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database Regards, Denis Walker Business Analyst RIPE NCC Database Group On 17/02/12:8 4:19 PM, Richard Kojedzinszky wrote:
Dear members,
Maybe a stupid question, but I am used to update objects via signed emails. Now, a mntner object cannot be queried fully, I got a filtered result always, even with the maintainer not containing md5 passwords. So I am missing the auth: fields.
$ whois -T mntner -B -r MNT-RK1387-RIPE % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Information related to 'MNT-RK1387-RIPE'
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE # Filtered
From https://apps.db.ripe.net/webupdates/search.html altough I can query the full object:
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu auth: PGPKEY-8F59B1B7 auth: X509-2577 mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore.
Any suggestions are welcome.
Regards,
Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.
Dear Denis, Thanks for your reply. As I am unix user, I have only text console, and using a browser on that is very uncomfortable. Ok, that was a joke only, but the question still stands: what if I dont have a password for my mntner, as the link you've sent mentions that the webupdates will only show the object after authentication. Regards, Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt. On Fri, 17 Feb 2012, Denis Walker wrote:
Date: Fri, 17 Feb 2012 17:20:48 +0100 From: Denis Walker <denis@ripe.net> To: Richard Kojedzinszky <krichy@tvnetwork.hu> Cc: members-discuss@ripe.net Subject: Re: [members-discuss] whois mntner
Dear Richard
There is an easy way to do this with Webupdates. Starting with the "Modify or Delete an object" page on the url you mentioned, https://apps.db.ripe.net/webupdates/search.html, enter your MNTNER object name in the search box then select the "modify object in single text area" option. When you click on "Search" you will see the full object, including the "auth:" attributes, in a text area. You can copy and paste this data and use any update method you choose.
Please note that this only has an impact on changes to the MNTNER object itself, as requested by the community through the RIPE Database Working Group (DB WG) to hide the MD5 hashes from public view. Changing any other object type remains as it was. The change was discussed in detail on the DB WG mailing list. If you have any suggestions on this behaviour, you may wish to discuss them on that list.
Full details of how the new process works can be seen here: https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
Regards,
Denis Walker Business Analyst RIPE NCC Database Group
On 17/02/12:8 4:19 PM, Richard Kojedzinszky wrote:
Dear members,
Maybe a stupid question, but I am used to update objects via signed emails. Now, a mntner object cannot be queried fully, I got a filtered result always, even with the maintainer not containing md5 passwords. So I am missing the auth: fields.
$ whois -T mntner -B -r MNT-RK1387-RIPE % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Information related to 'MNT-RK1387-RIPE'
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE # Filtered
From https://apps.db.ripe.net/webupdates/search.html altough I can query the full object:
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu auth: PGPKEY-8F59B1B7 auth: X509-2577 mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore.
Any suggestions are welcome.
Regards,
Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.
Dear Richard After the discussion on the DB WG mailing list it was agreed that all "auth:" attributes will be hidden from public view in a 'normal' query output. The only way now to see the full object is with Webupdates. For any MNTNER object that has an MD5 password, authentication must be supplied to see the full objects. This also applies if the MNTNER has both MD5 password and PGP/X509. If the MNTNER has only PGP/X509 and no passwords, you still need to use Webupdates to see the full object. But in this latter case, no authentication is needed to see the object. So in your case, if you just follow the steps outlined below you will see the full MNTNER object including the "auth:" attributes, without having to enter any authentication. btw...I think the Lynx browser still works from a text only console. Regards, Denis Walker Business Analyst RIPE NCC Database Group On 17/02/12:8 5:26 PM, Richard Kojedzinszky wrote:
Dear Denis,
Thanks for your reply. As I am unix user, I have only text console, and using a browser on that is very uncomfortable. Ok, that was a joke only, but the question still stands: what if I dont have a password for my mntner, as the link you've sent mentions that the webupdates will only show the object after authentication.
Regards,
Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
On Fri, 17 Feb 2012, Denis Walker wrote:
Date: Fri, 17 Feb 2012 17:20:48 +0100 From: Denis Walker <denis@ripe.net> To: Richard Kojedzinszky <krichy@tvnetwork.hu> Cc: members-discuss@ripe.net Subject: Re: [members-discuss] whois mntner
Dear Richard
There is an easy way to do this with Webupdates. Starting with the "Modify or Delete an object" page on the url you mentioned, https://apps.db.ripe.net/webupdates/search.html, enter your MNTNER object name in the search box then select the "modify object in single text area" option. When you click on "Search" you will see the full object, including the "auth:" attributes, in a text area. You can copy and paste this data and use any update method you choose.
Please note that this only has an impact on changes to the MNTNER object itself, as requested by the community through the RIPE Database Working Group (DB WG) to hide the MD5 hashes from public view. Changing any other object type remains as it was. The change was discussed in detail on the DB WG mailing list. If you have any suggestions on this behaviour, you may wish to discuss them on that list.
Full details of how the new process works can be seen here: https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
Regards,
Denis Walker Business Analyst RIPE NCC Database Group
On 17/02/12:8 4:19 PM, Richard Kojedzinszky wrote:
Dear members,
Maybe a stupid question, but I am used to update objects via signed emails. Now, a mntner object cannot be queried fully, I got a filtered result always, even with the maintainer not containing md5 passwords. So I am missing the auth: fields.
$ whois -T mntner -B -r MNT-RK1387-RIPE % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Information related to 'MNT-RK1387-RIPE'
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE # Filtered
From https://apps.db.ripe.net/webupdates/search.html altough I can query the full object:
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu auth: PGPKEY-8F59B1B7 auth: X509-2577 mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore.
Any suggestions are welcome.
Regards,
Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.
Dear Denis, Thanks for your response. I've probably missed that point, so that if my object has no password, than I will be able to see the whole at least on webupdates. Thanks for the replies, regards. Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt. On Fri, 17 Feb 2012, Denis Walker wrote:
Date: Fri, 17 Feb 2012 18:04:22 +0100 From: Denis Walker <denis@ripe.net> To: Richard Kojedzinszky <krichy@tvnetwork.hu> Cc: members-discuss@ripe.net Subject: Re: [members-discuss] whois mntner
Dear Richard
After the discussion on the DB WG mailing list it was agreed that all "auth:" attributes will be hidden from public view in a 'normal' query output. The only way now to see the full object is with Webupdates. For any MNTNER object that has an MD5 password, authentication must be supplied to see the full objects. This also applies if the MNTNER has both MD5 password and PGP/X509. If the MNTNER has only PGP/X509 and no passwords, you still need to use Webupdates to see the full object. But in this latter case, no authentication is needed to see the object.
So in your case, if you just follow the steps outlined below you will see the full MNTNER object including the "auth:" attributes, without having to enter any authentication.
btw...I think the Lynx browser still works from a text only console.
Regards,
Denis Walker Business Analyst RIPE NCC Database Group
On 17/02/12:8 5:26 PM, Richard Kojedzinszky wrote:
Dear Denis,
Thanks for your reply. As I am unix user, I have only text console, and using a browser on that is very uncomfortable. Ok, that was a joke only, but the question still stands: what if I dont have a password for my mntner, as the link you've sent mentions that the webupdates will only show the object after authentication.
Regards,
Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
On Fri, 17 Feb 2012, Denis Walker wrote:
Date: Fri, 17 Feb 2012 17:20:48 +0100 From: Denis Walker <denis@ripe.net> To: Richard Kojedzinszky <krichy@tvnetwork.hu> Cc: members-discuss@ripe.net Subject: Re: [members-discuss] whois mntner
Dear Richard
There is an easy way to do this with Webupdates. Starting with the "Modify or Delete an object" page on the url you mentioned, https://apps.db.ripe.net/webupdates/search.html, enter your MNTNER object name in the search box then select the "modify object in single text area" option. When you click on "Search" you will see the full object, including the "auth:" attributes, in a text area. You can copy and paste this data and use any update method you choose.
Please note that this only has an impact on changes to the MNTNER object itself, as requested by the community through the RIPE Database Working Group (DB WG) to hide the MD5 hashes from public view. Changing any other object type remains as it was. The change was discussed in detail on the DB WG mailing list. If you have any suggestions on this behaviour, you may wish to discuss them on that list.
Full details of how the new process works can be seen here: https://labs.ripe.net/Members/denis/securing-md5-hashes-in-the-ripe-database
Regards,
Denis Walker Business Analyst RIPE NCC Database Group
On 17/02/12:8 4:19 PM, Richard Kojedzinszky wrote:
Dear members,
Maybe a stupid question, but I am used to update objects via signed emails. Now, a mntner object cannot be queried fully, I got a filtered result always, even with the maintainer not containing md5 passwords. So I am missing the auth: fields.
$ whois -T mntner -B -r MNT-RK1387-RIPE % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Information related to 'MNT-RK1387-RIPE'
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE # Filtered
From https://apps.db.ripe.net/webupdates/search.html altough I can query the full object:
mntner: MNT-RK1387-RIPE descr: Maintainer of RK1387-RIPE admin-c: RK1387-RIPE upd-to: richardk@tvnetwork.hu auth: PGPKEY-8F59B1B7 auth: X509-2577 mnt-by: MNT-RK1387-RIPE referral-by: MNT-RK1387-RIPE changed: richardk@tvnetwork.hu 20080417 changed: krichy@tvnetwork.hu 20090814 changed: krichy@tvnetwork.hu 20090814 source: RIPE
And as I am used to copy-paste the result, change what I like, and then send it back, this does not work anymore.
Any suggestions are welcome.
Regards,
Kojedzinszky Richard Euronet Magyarorszag Informatikai Zrt.
---- If you don't want to receive emails from the RIPE NCC members-discuss mailing list, please log in to your LIR Portal account and go to the general page: https://lirportal.ripe.net/general/view
Click on "Edit my LIR details", under "Subscribed Mailing Lists". From here, you can add or remove addresses.
participants (5)
-
Denis Walker -
Marek Isalski -
Richard Kojedzinszky -
Stefan Neufeind, SpeedPartner -
Sven Olaf Kamphuis