Hi Denis+all, Am 07.03.2012 um 15:36 schrieb Denis Walker:
Dear Colleagues,
To clarify one point, use of Webupdates does not require any account or membership. It is a free to use tool for anyone to update the RIPE Database over secure https. For MNTNER objects with only PGP authentication, no authentication is asked for when using Webupdates to view the MNTNER object.
The alternative suggestion for not filtering "auth:" attributes in MNTNER objects with PGP only would still fit with the community requirements for security of password hashes. The RIPE NCC implemented a proposal that had consensus from the community at the time. If there is a new consensus to change this, the RIPE NCC will implement the change.
since i'm one of the guys who still loves his password authentication as last resort, it doesn't really matter to me (until i can finally overcome my fear of not being able to update the database when i only have my not-so-smartphone with me or something :-> ). But anyways, i do support this change, since it makes much more sense for those who feel more secure with only key authentication. If it's possible to implement that without too much hassle, this suggestions has my support. -- Mit freundlichen Grüßen / Kind Regards Sascha Lenz [SLZ-RIPE] Senior System- & Network Architect