Below please find the most recent summary of our proposal for a "CERT Object", taking into account all the comments I am aware of - as well as a couple of proposals for clarifiaction and open issues. This is for discussion and review by CERTs/IRTs in Barcelona and input for the DB-WG meeting next week in Amsterdam. Attributes that are "DB-Standard" get no tag, the CERT Object specific attributes are tagged with "*". For the description of the "DB-Standard" attributes refer to the DB Software documentation, please. * irt: [mandatory] [single] [primary/look-up key] address: [mandatory] [multiple] [ ] phone: [optional] [multiple] [ ] fax-no: [optional] [multiple] [ ] e-mail: [mandatory] [multiple] [look-up key] admin-c: [mandatory] [multiple] [inverse key] tech-c: [mandatory] [multiple] [inverse key] upd-to: [mandatory] [multiple] [inverse key] mnt-nfy: [optional] [multiple] [ ] auth: [mandatory] [multiple] [ ] * mnt-cert: [mandatory] [multiple] [ ] remarks: [optional] [multiple] [ ] notify: [optional] [multiple] [inverse key] mnt-by: [mandatory] [multiple] [inverse key] * signature: [mandatory] [multiple] [] * encryption: [mandatory] [single] [] changed: [mandatory] [multiple] [ ] source: [mandatory] [single] [ ] - The irt: attribute assigns a unique name to an IRT object. Q: [to the NCC DB group] in your example, the IRT: attribute's value looks like a handle, and it is used like a handle in references. Wouldn't it be "cleaner" to allow person: and role: like identifications and assign a handle, which is then used to as a reference? Q: Another issue: assuming that a similar facility becomes available in other registry databases, should we try to "reserve" a handle-suffix for those handles? The use of "RIPE-CERT" got me wondering... - The mnt-cert: attribute points to a key-cert: object; it is checked when this irt object is added to e.g. an inetnum:. For all objects that support a pointer to an irt: object, a new attribute is defined as a reference pointing to an irt: object. This attribute might be named irt-c: or incident-c: Q: from an end-user point of view, wouldn't it be more "obvious" to use abuse-c: ? Q: We said that as a value for the auth: attribute, only PGPKEY-<key-id> would be allowed. Do we really need both, the (restricted) auth: _and_ the mnt-cert: ? - The signature: attribute points to a key-cert: object which defines one or more keys that are user by the CERT's team members to sign and/or encrypt messages sent by the team. - The encryption: attribute points to a key-cert: object which defines the key that should be used to sign and/or encrypt messages sent to the team. Q: should we try to find a more "obvious" name for those tags? I could think of sig-from: and encrypt-to: (similar to SMTP mail from and rcpt to :-) or even from-irt: and to-irt: Wilfried.