several folks have asked me to forward information from the routing arbiter project that would be of broader interest. thought you all might like to know about our pgp key plans (i think that jean-michel asked about this at the last ripe meeting.) --elise

Brian Renaud writes: From nanog-request@MERIT.EDU Thu Sep 7 11:52:50 1995 Resent-Date: Thu, 7 Sep 1995 11:52:39 -0400 Message-Id: <199509071552.LAA21225@home.merit.edu> From: Brian Renaud <renaud@MERIT.EDU> To: nanog@MERIT.EDU Subject: PGP authentication for the RADB Reply-To: renaud@MERIT.EDU Date: Thu, 07 Sep 1995 11:52:31 -0400 Sender: renaud@MERIT.EDU Resent-Message-ID: <"obcC1.0.5z.2LnJm"@merit.edu> Resent-From: nanog@MERIT.EDU X-Mailing-List: <nanog@MERIT.EDU> archive/latest/24 X-Loop: nanog@MERIT.EDU Precedence: list Resent-Sender: nanog-request@MERIT.EDU

The RADB now supports authentication using PGP-based digital signatures. If you want to use this feature, there are three things you must do:

* Register your public key with the RA.

* Modify your maintainer object to reflect your use of digital signatures

* Sign (via PGP) your RADB transactions.

1. Registering your public key with the RA.

You must send your public key to the RA for inclusion onto our PGP keyring. Use the "pgp -kxa" command to generate a copy of your public key suitable for mailing, then mail the resultant file to db-admin@ra.net.

For example:

% pgp -kxa smith@ra.net pubkey ... % mail -s 'please register my public key' db-admin@ra.net < pubkey.asc

You may use one of two methods of verification:

* Fax a copy of a photographic identification (passport or drivers license) to:

RADB public key verification +1 313 747 3185

please write your PGP fingerprint and email address on the fax

* Attend an RA sponsored key signing session at NANOG or IETF. You will need to bring a copy of your public key with a PGP fingerprint and photo identification. (This will be verification via the identification you bring, rather than having two other people agree that you are who you say you are.)

We will be holding a key signing at NANOG on Monday, September 11 at 5:00. If that time is not convenient, you can also accost RA team members at random and present them with with the appropriate information.

2. Modifications to the maintainer object

There is a new authentication option for the maintainer object. The syntax for it is:

auth: PGP-FROM {PGP User Id}

For example,

auth: PGP-FROM John Smith <smith@ra.net>

3. Signing your RADB transactions

You will need to PGP-sign each transaction you send to auto-dbm@ra.net. Use the "pgp -sta" command to do this.

For example:

% pgp -sta -u smith@ra.net routes ... % mail -s 'route updates' auto-dbm@ra.net < routes.asc