Hello So far, the response to my query has been, well, nil :-( Maybe I'm asking this question on the wrong list? This must have been tested before... Cheers, Alex ___________ SWITCH - The Swiss Academic and Research Network ___________ Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland gall@switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568
Hello
I've been playing around with PGP authentication and irt objects in the test database and ran into the following problem.
The relevant objects are
mntner: SWITCH-MNT irt: IRT-SWITCH inetnum: 130.59.0.0 - 130.59.255.255 key-cert: PGPKEY-C3BA4795 key-cert: PGPKEY-82146071
They are all protected by SWITCH-MNT, which has a single auth attribute pointing to PGPKEY-C3BA4795. Updates signed with this key work fine.
IRT-SWITCH has the attribute auth: PGPKEY-82146071.
What I would like to do is to add mnt-irt: IRT-SWITCH to the inetnum object. If I understood correctly, I have to sign that update with two keys: with key C3BA4795 because the inetnum is protected by SWITCH-MNT and with 82146071 because a new reference to an irt object needs to be signed by the key referenced in the irt's auth attribute.
The question is, which MIME message sent to test-dbm@ripe.net does this for me?
My interpretation of the (rather brief) section "3.3.2 PGP support" in the handbook is that I need to create a MIME message with nested signatures. So, I created such a beast by hand because my mailer can't do that (see first attachment). Apparently, the robot checks the outer signature but does not recognize the inner multipart/signed content-type (see second attachment).
Unless my MIME encoding is wrong (which may well be the case :-) I must have misunderstood the mechanism.
Any help is appreciated. -- Alex ___________ SWITCH - The Swiss Academic and Research Network ___________ Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland gall@switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568