Hi! In Russia ALL uncertified by goverment cryptographic system is illegal. So SSL (lirportal) is illegal. But PGP/MD5/CRYPT is NOT illegal, because it don't do encryption and not interfere with SORM (SORM - a mandatory part of any ISP in Russia, that do hidden analysis and mirroring some of traffic to FSB), but only do signatures. Also, unlike PGP, lirportal can't do safr multiply persons authorization (i.e. owner of PI space creates route object with his upstream's AS, signs it, sent to upstream, upstream signs it too and send to RIPE). Potapov Vladislav wrote:
Hi!
Vladislav! If you wish to be really constructive - do policy proposal for shutting down MD5-PW - personally I will vote for that too.
Max, I'm not a reactionary as you may think. I'm not against changes to the better. But it should be adequate, effective and universal for the region it serves. I don't know why you start to think on behalf (and propose against) of the 3500 other members using the scheme. If we got to the stage of a new proposal then maybe we should drop e-mail as a way to change the objects in the DB? It will be more constructive than shutting down both "password" ways. At least this way solves the "crypting mail prohibited" problem together with crypting ALL conversation (not only password part) and many more (and much more productive that the halved currently proposed "step"). The mechanism for that is already here - lirportal.
Vladislav Potapov Ru.iiat
-----Original Message----- From: db-wg-admin@ripe.net [mailto:db-wg-admin@ripe.net] On Behalf Of Max Tulyev Sent: Thursday, October 05, 2006 9:13 PM To: db-wg@ripe.net Subject: Re: FW: [db-wg] Proposal to deprecate CRYPT-PW authorisation in the RIPE Database
Hi!
My official +1. We need to shut it out as mail-from was.
Vladislav! If you wish to be really constructive - do policy proposal for shutting down MD5-PW - personally I will vote for that too.
Sascha Lenz wrote:
Hi,
Potapov Vladislav wrote:
Hi, -Hank
I think a number of people have pointed out why they wish to deprecate
crypt-pw. No, I'm not convinced. And a number of people - only Gert Doering? The point of view they propagate - it should increase security (in reality - not). But, we all know: false sense of security is worse than knowledge of a problem.
actually i don't care much about this issue, but since you
raise the
question - i have show my support for Gert/the proposal in general here, that is, i'm IN FAVOR of the depreciation of CRYPT-PW.
It's not needed, it's more than a litte more insecure than
MD5-PW, it
doesn't change anything operational.
..and no i'm not going to comment any other side-arguments
here, gets
too personal.
I support the original proposal - full stop.
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)
-- WBR, Max Tulyev (MT6561-RIPE, 2:463/253@FIDO)