Dear Colleagues, On 19 August 2002 we will perform the cleanup stage. After that we may congratulate ourselves with successful phasing out of this weak protection scheme :). Mntner objects containing MAIL-FROM as well as other types of authentication schemes will be automatically modified so that "auth:" attributes specifying the MAIL-FROM scheme are removed as being no longer valid. This is a cosmetic change that has no impact on object protection and functionality of these mntners. No further action is required from the owners of these objects. Mntner objects with MAIL-FROM authentication _only_ will be updated according to the proposed procedure (please see below). Starting from 19 August 2002 we will stop processing requests to unlock mntner objects resulting from the MAIL-FROM deprecation. All contacts of these mntners will be notified with detailed instructions how to unlock their objects. Regards, Andrei Robachevsky DB Group Manager RIPE NCC Andrei Robachevsky wrote:
Dear Colleagues,
As you may know the third phase of phasing out the MAIL-FROM authentication scheme from the RIPE Database resulted in a very high rate of requests to update mntner objects coming to the Database Administration, ripe-dbm (please see my message on this subject http://www.ripe.net/ripe/mail-archives/db-wg/20020701-20021001/msg00021.html).
The requests are coming from the owners of the mntner objects that still use only MAIL-FROM authentication scheme and therefore are locked.
We still have about 1500 such mntner object whose owners didn't use the opportunity to update their objects during previous phases and now have to apply to ripe-dbm to fix this situation.
Taking into account that this puts extra load on ripe-dbm and takes resources from serving the usual types of requests I'd like to propose a change for the phase 4 of the process of phasing out the MAIL-FROM authentication scheme.
According to the agreed procedure (http://www.ripe.net/db/MD5-HOWTO.html#b._Migration_timeline) during the phase 4 maintainers with "auth:" attributes using "MAIL-FROM" will have those attributes removed. This is a clean-up step.
In addition we would like to do the following:
1. mntners with MAIL-FROM authentication _only_ will be updated in the following way: - a password will be auto generated and all MAIL-FROM "auth:" attributes will be replaced with one auth: MD5-PW $1$<generated_string>; - a mnt-by: attribute will be added referencing a protected mntner RIPE-MAIL-FROM-MNT. This will serve as a tag.
2. A clear text password can be requested by sending an e-mail to ripe-dbm@ripe.net with the following in the subject line: MAIL-FROM:<mntner_name> without any spaces. The reply with the passphrase will be sent to contacts listed in "upd-to:" and admin-c's "e-mail:" of the mntner.
3. After that the mntner should be updated to remove the mnt-by: RIPE-MAIL-FROM-MNT attribute and to possibly change the password.
4. After a certain period of time (2 months) the service will be discontinued and decision will be made about the mntners that still haven't been modified (still bear the RIPE-MAIL-FROM-MNT tag).
We will extend the deadline of the phase 4 till 15 August to have time to come to an agreement. I kindly ask you to consider this proposal and comment before that day.
Regards,
Andrei Robachevsky DB Group Manager RIPE NCC