Multiple signatures to create a reference to an irt object
Hello I've been playing around with PGP authentication and irt objects in the test database and ran into the following problem. The relevant objects are mntner: SWITCH-MNT irt: IRT-SWITCH inetnum: 130.59.0.0 - 130.59.255.255 key-cert: PGPKEY-C3BA4795 key-cert: PGPKEY-82146071 They are all protected by SWITCH-MNT, which has a single auth attribute pointing to PGPKEY-C3BA4795. Updates signed with this key work fine. IRT-SWITCH has the attribute auth: PGPKEY-82146071. What I would like to do is to add mnt-irt: IRT-SWITCH to the inetnum object. If I understood correctly, I have to sign that update with two keys: with key C3BA4795 because the inetnum is protected by SWITCH-MNT and with 82146071 because a new reference to an irt object needs to be signed by the key referenced in the irt's auth attribute. The question is, which MIME message sent to test-dbm@ripe.net does this for me? My interpretation of the (rather brief) section "3.3.2 PGP support" in the handbook is that I need to create a MIME message with nested signatures. So, I created such a beast by hand because my mailer can't do that (see first attachment). Apparently, the robot checks the outer signature but does not recognize the inner multipart/signed content-type (see second attachment). Unless my MIME encoding is wrong (which may well be the case :-) I must have misunderstood the mechanism. Any help is appreciated. -- Alex ___________ SWITCH - The Swiss Academic and Research Network ___________ Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland gall@switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568
Hello So far, the response to my query has been, well, nil :-( Maybe I'm asking this question on the wrong list? This must have been tested before... Cheers, Alex ___________ SWITCH - The Swiss Academic and Research Network ___________ Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland gall@switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568
Hello
I've been playing around with PGP authentication and irt objects in the test database and ran into the following problem.
The relevant objects are
mntner: SWITCH-MNT irt: IRT-SWITCH inetnum: 130.59.0.0 - 130.59.255.255 key-cert: PGPKEY-C3BA4795 key-cert: PGPKEY-82146071
They are all protected by SWITCH-MNT, which has a single auth attribute pointing to PGPKEY-C3BA4795. Updates signed with this key work fine.
IRT-SWITCH has the attribute auth: PGPKEY-82146071.
What I would like to do is to add mnt-irt: IRT-SWITCH to the inetnum object. If I understood correctly, I have to sign that update with two keys: with key C3BA4795 because the inetnum is protected by SWITCH-MNT and with 82146071 because a new reference to an irt object needs to be signed by the key referenced in the irt's auth attribute.
The question is, which MIME message sent to test-dbm@ripe.net does this for me?
My interpretation of the (rather brief) section "3.3.2 PGP support" in the handbook is that I need to create a MIME message with nested signatures. So, I created such a beast by hand because my mailer can't do that (see first attachment). Apparently, the robot checks the outer signature but does not recognize the inner multipart/signed content-type (see second attachment).
Unless my MIME encoding is wrong (which may well be the case :-) I must have misunderstood the mechanism.
Any help is appreciated. -- Alex ___________ SWITCH - The Swiss Academic and Research Network ___________ Alexander Gall, SWITCH, Limmatquai 138, CH-8001 Zurich, Switzerland gall@switch.ch Tel: +41 1 268 1522 Fax: +41 1 268 1568
participants (1)
-
Alexander Gall