Another Proposal: Sort of generated Authorized-by Attribute + some PGP stuff
Hi List, Since Shane has posted some proposals for the RIPE-DB, I have another one: For Updates which have been authorized by someone using strong encryption it would be nice to reflect the key that has been used in the object. this is similar to the changed: attribute but should be generated by the robot and not filled in by the user. Why? At the moment there is no way to tell that data within the Database is authentic in a way that it was really put in by the person who is in the object (pls. correct me if I am wrong), and the mnt-* just prevents you from stealing an object and not from giving it away to pretend something. Usually this is not bad, but related to some irt-stuff it can give the people the opportunity to pretend to be someone else. If the authorizing key was reflected in the object, one can check if who sent the update.... Something else related to PGP (and discussed with wilfried a while ago): it would be really nice to be able to link key-certs and persons/roles together other than by using remarks.... (as we do it now). lG uk -- ------------------------------------------------------------------------ Ulrich Kiermayr Zentraler Informatikdienst der Universitaet Wien Network Security Universitaetsstrasse 7, 1010 Wien, Austria ------------------------------------------------------------------------ eMail: ulrich.kiermayr@univie.ac.at Tel: (+43 1) 4277 / 14104 Hotline: security.zid@univie.ac.at Fax: (+43 1) 4277 / 9140 ------------------------------------------------------------------------ GPG Key fingerprint = BF0D 5749 4DC1 ED74 AB67 7180 105F 491D A8D7 64D8
participants (1)
-
Ulrich Kiermayr