CERT/IRT object in the RIPE database
-----BEGIN PGP SIGNED MESSAGE----- Content-Type: text/plain; charset=us-ascii Dear RIPE DB-WG team, I would like to inform you that the proposal for the CERT/IRT object in the RIPE database was presented by Wilfried Woeber at the TERENA TF-CSIRT meeting last Wednesday in Barcelona. After a discussion and proposed minor changes, the participants at the meeting expressed their strong support for the proposed new object. The purpose of the TERENA CSIRT Coordination activity in the frame of TF-CSIRT is to encourage and support the cooperation between CSIRTs in Europe. More information on TF-CSIRT is available at http://www.terena.nl/cert/ Best regards, Gorazd Bozic, TF-CSIRT Chairman - -- Gorazd Bozic <gorazd.bozic@arnes.si> ARNES SI-CERT, Jamova 39 p.p. 7, SI-1001 Ljubljana, Slovenia tel: +386 1 479 88 22, fax: +386 1 479 88 99 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBOmt2mwxzg1x3uI5pAQGicgQA6EBqi2jrONkYYFEHDAilLTcUbvZ13EUj DXRUG6wR4S0avygROM8WhYu63U08tAkQ8NUUv+rPXof/jToMNHqLiFx05bTgnRcK 53Dsue+m/XWxA1/IO6ju9Ldr1b1HKzxaDXpikiEsG7y+iR3ghhMaWH4py7xmzube XgI/RGFeHoA= =9Lv9 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Wilfried, Thank you for your presentation of the proposed IRT object for the RIPE database at TERENA's TF-CSIRT meeting in Barcelona last week. I am sure that including this information in the database will help to get complaints to the right place more quickly, and so improve the chances of resolving problems successfully. My only observation, made after the presentation, is that the PGP key ID can no longer be assumed to be unique. The KeyID is a hash value and there were reports last year of collisions having occurred where two different keys produced the same KeyID. I think you were only proposing to use the KeyID as part of the handle to identify a PGP key object, so it should not be a problem to add extra characters into the handle to resolve naming clashes. All the best, Andrew -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com> iQEVAwUBOm1geXnoxmgUypZhAQHs8QgAgZbCHvGtdPPINZyw9ukJl4jTZwLTu44z FLLa9kSxlAM+qKA5qHbPaCMgHgpcp8u5/S2F8T8/9aZY9xdb99OxL+eyZc3nmMUC Vb9CI9kYtGl8e/FJAIxQz1bwOR0dUbaHLp2HhLLifA6enWf5oBsRlOrsZErDxzCs UPXpHrBm/izkJDSteZWqr33MLXkb6YBPCYYvlJbYm3emFdmlj62p6x9B4Ldr8/mI 8ntL03DwEpfbwnylhLUCrYG16UUbJTkLW7aaUcgOcOhcb/XYsbpht1mD3qNsx5fz uNS/v7Y+0inead41BoSzg49CMd1qT3DjxvwjmQJOYXNHepjBj8ZDPg== =aOBY -----END PGP SIGNATURE----- -------------------------------------------------------------- Andrew Cormack Head of CERT UKERNA, Atlas Centre, Chilton, Didcot, Oxon. OX11 0QS Phone: 01235 822 302 E-mail: Andrew.Cormack@ukerna.ac.uk Fax: 01235 822 398
My only observation, made after the presentation, is that the PGP key ID can no longer be assumed to be unique. The KeyID is a hash value and there were reports last year of collisions having occurred where two different keys produced the same KeyID.
not exactly. it has been shown to be theoretically possible. it has also been shown not to have actually occurred in the public pgp web of trust. randy
participants (3)
-
Andrew Cormack
-
Gorazd Bozic
-
Randy Bush