Niall O'Reilly wrote:
On 29 Jan 2004, at 14:57, Ulrich Kiermayr wrote:
[ Niall O'Reilly wrote ]
Do we need a new machinery for this? If a role or person object acquires a new inverse-key relationship, I would find it reasonable to alert the 'mnt-by:' and 'notify:' targets as a matter of course. I don't see the value in defining new attributes just to cover this.
Hmm, I'd prefer the protection from that to happen instead of: Bad Guy does something -> You hear from it -> You have to persuade the RIPE-NCC to do something against it (Because you can't do it yourself, since you do _not_ maintain the object where the reference is in).
Right. I should have thought of that.
For " ... alert the 'mnt-by:' and 'notify:' targets ... " read " ... alert 'mnt-by:' and 'notify:' targets, and block the update pending their confirmation ... ".
Ok, but this in my vision this has 2 drawbacks: 1. Then you cant have the the object itself protected, but leave the referencing unprotected. (This is a change in the default behaviout that might break tools) 2. There are cases where the one maintaining the data [i.e. content of the object] != the one who wants to control who references it. [Your Company (auto)-provides the objects contents out of a database and protects that path, but leaves it to you or the LIR guy to reference te object. ] lG uk -- Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network - Security - ACOnet-CERT Universitaetsstrasse 7, 1010 Wien, AT eMail: ulrich.kiermayr@univie.ac.at Tel: (+43 1) 4277 / 14104 PGP Key-ID: 0xA8D764D8 Fax: (+43 1) 4277 / 9140