Hello Wilfried Long time no seen :) On Wed, 18 Jul 2012 14:32:11 +0200, "Wilfried Woeber, UniVie/ACOnet" <Woeber@CC.UniVie.ac.at> said:
Alexander Gall wrote:
I'm trying to update the "shared" 6to4 anycast-relay maintainer object RFC3068-MNT. My own authentication for the object is PGP. But how the heck do I get a full copy of the object including the other people's MD5 hashes if I don't have a password myself?
This is one of the (unwanted) side-effects of removing hashes from the whois output: the DB object can no longer be used as the primary/authoritative copy of the object, and retrieved for submitting an update.
It should still work as follows, assuming that "one party" still has a "full" copy of the object and uses password authentication:
Yes, but that's not exactly practical :/ I can see a workaround for this with webupdate. Instead of accecpting only passwords for authentication, the system could create a challenge that somebody who has a X509 or PGP key could encrypt offline and present to the system, which could verify it with the corresponding public key referenced by the mntner object. -- Alex