Max Tulyev wrote:
Do you really thinking MD5 much safer? ;) It is not.
the "sense of the room" was that CRYPT-PW was by far the weakest authentication mechanism and security improvements should start with deprecating this particular method without ignoring problems in MD5, i.e. PGPKEY/X.509 would be recommended. That's what already happens in <http://www.ripe.net/db/support/security/>. The reasons for keeping MD5-PW for the moment are minuted <http://www.ripe.net/ripe/wg/db/minutes/ripe-51.html> <http://www.ripe.net/ripe/wg/db/minutes/ripe-52.html>
It is good idea even to hide PGP key data (open key) because why we need to provide extra data to evil persons?
IIRC the reason not to hide any attributes was operational, i.e. it should be easy to fetch-edit-submit an object without the danger of accidentally losing one auth mechanism in those cases where an object allows more than one. -Peter