Hi Peter
We looked a little deeper into this. We noticed there are only 50 MNTNER
objects in the database that do NOT have a password. They use a
combination of PGP and/or X.509 only. So we looked at where these
MNTNERs are used. There are probably many ways to look at this. The one
we chose is how allocated address space is managed by LIRs. So we looked
at the "mnt-lower:" on the allocation INETNUM objects. Some of these 50
MNTNERs are used in this way. The "mnt-lower:" allows assignments to be
created. So this can be seen as a measure of control over the assigned
address space.
We calculated the cumulative size of the allocation blocks where one of
these 50 MNTNERs is used as the "mnt-lower:" as a percentage of the
total allocated address space.
Cumulative total of allocations 4722688
using one of these 50 MNTNERS
Total allocated address space 555648000
Percentage of address space 0.85%
controlled by PGP/X.509 only
(without any passwords)
For the other 99.15% of address space, there may be a PGP or X.509
credential in the MNTNER object, but in addition to a password.
Regards
Denis Walker
Business Analyst
RIPE NCC Database Group
On 21/06/11:26 7:14 PM, Peter Koch wrote:
> Denis,
>
> thanks a lot for producing the numbers and information.
>
>> The next step was to look into the referenced MNTNER objects to see how
>> many used password, PGP or X.509, and in what combination and numbers.
>>
>> MNTNER with one auth containing a password = 27,434 85%
>> MNTNER with only password = 27,796 86%
>> MNTNER with one auth containing a PGP = 952 3%
>> MNTNER with only PGP = 1,507 5%
>> MNTNER with one auth containing an X.509 = 16 <1%
>> MNTNER with only X.509 = 21 <1%
>> MNTNER with password plus either PGP or X.509 = 3,023 9%
>> MNTNER with PGP plus X.509 (no password) = 50 <1%
>> MNTNER with one password plus multiple PGP = 357 1%
>> MNTNER with one PGP plus multiple password = 59 <1%
>
> in addition to what Shane suggested (which methods are actually _used_), I'd
> be interested to learn how large of a percentage of the address space (as opposed to
> the number of objects) is covered by "password" authentication. This is
> to avoid artefacts by passwords being used for small chunks and PGP/X.509
> for the larger ones - or vice versa.
>
> Thanks,
> Peter
>