Protecting References to Objects in the RIPE Database
Dear Colleagues, Currently the "mnt-ref:" attribute only protects references to organisation objects in the RIPE database, by specifying which maintainer(s) can authorise the reference. This means it is possible to make references to other object types without any authorisation, for example: * Refer to another organisation's maintainer * Refer to another organisation's abuse-c contact * Refer to any technical contact, admin contact, zone contact Since these references do not need authorisation, it is open to misuse, creating the impression that an unrelated party is responsible for that object. I propose that the "mnt-ref:" attribute be added (as an optional attribute) to other object types to allow references to be authorised: * person * role * mntner * irt This proposal does not eliminate misuse (e.g. contact information can still be copied into a separate object), but protects references to existing objects. If the DB-WG agrees to this proposal, I will prepare a more detailed impact analysis for review. Regards Ed Shryane RIPE NCC
Hi Ed, I might be misunderstanding but mnt-ref on mntners sounds like a catch 22. If mnt-ref would only be needed for mnt-by and any other references to mntners except mnt-ref I suppose it would be fine. But generally speaking here I think I support it for the object types excluding mntners but only if no mnt-ref attribute means that anyone can reference it. (the way it is today) This would mean that it's an opt-in functionality that requires adding at least one mnt-ref attribute to the object. I think the impact would be too big and uncertain otherwise. -Cynthia On Mon, Mar 28, 2022, 09:30 Edward Shryane via db-wg <db-wg@ripe.net> wrote:
Dear Colleagues,
Currently the "mnt-ref:" attribute only protects references to organisation objects in the RIPE database, by specifying which maintainer(s) can authorise the reference.
This means it is possible to make references to other object types without any authorisation, for example:
* Refer to another organisation's maintainer * Refer to another organisation's abuse-c contact * Refer to any technical contact, admin contact, zone contact
Since these references do not need authorisation, it is open to misuse, creating the impression that an unrelated party is responsible for that object.
I propose that the "mnt-ref:" attribute be added (as an optional attribute) to other object types to allow references to be authorised:
* person * role * mntner * irt
This proposal does not eliminate misuse (e.g. contact information can still be copied into a separate object), but protects references to existing objects.
If the DB-WG agrees to this proposal, I will prepare a more detailed impact analysis for review.
Regards Ed Shryane RIPE NCC
--
To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/db-wg
Hi Cynthia, Thanks for your feedback,
On 29 Mar 2022, at 03:08, Cynthia Revström <me@cynthia.re> wrote:
Hi Ed,
I might be misunderstanding but mnt-ref on mntners sounds like a catch 22.
If mnt-ref would only be needed for mnt-by and any other references to mntners except mnt-ref I suppose it would be fine.
We can authorise "mnt-ref:" in the same way as the other "mnt" attributes: - If the referenced mntner itself has an "mnt-ref:" attribute, then the update needs to be authenticated by that mntner. - If the refereneced mntner does not have an "mnt-ref:" attribute, then the reference is allowed. A self-referencing "mnt-ref:" attribute is possible (i.e. a reference to a mntner needs to be authenticated by that mntner). Do I understand your concern correctly?
But generally speaking here I think I support it for the object types excluding mntners but only if no mnt-ref attribute means that anyone can reference it. (the way it is today)
This would mean that it's an opt-in functionality that requires adding at least one mnt-ref attribute to the object.
I think the impact would be too big and uncertain otherwise.
I agree! The "mnt-ref:" attribute should be optional on the other object types (it's mandatory on organisation objects). Regards Ed
-Cynthia
participants (2)
-
Cynthia Revström
-
Edward Shryane