nanog mailing list archives

Re: AltDB? (IRR support & direction at ARIN)

From: Jon Lewis <jlewis () lewis org>
Date: Mon, 10 Jan 2011 12:37:32 -0500 (EST)

On Sun, 9 Jan 2011, Charles N Wyble wrote:

I am simply suggesting it is dangerous and irresponsible to run an IRR
with only MAIL-FROM authentication, and quite easy to also support
CRYPT-PW.  ARIN should either support passwords or immediately make

The trouble is, since the DES crypt passwords are publicly accessible,even CRYPT-PW is not much security. I suspect with a copy of the db, apasssword cracking program, and some modest computing capacity, you couldcrack all the passwords in ALTDB before this thread dies.

I've been trying to convert from CRYPT-PW to PGPKEY auth, but I don't seemto be having much luck getting that working. I've put a key-cert(PGPKEY-7ABEC6A3) into altdb, and changed our mntner to permit eitherCRYPT-PW or PGPKEY-7ABEC6A3 for auth. But PGP signed update requestsresult in #ERROR: Authorization failure.

I'm not sure why I'm getting this auth failure. i.e. Something wrong withthe formatting of my submissions? Something wrong with my key-cert? Thecertif: from my key-cert wasn't automatically imported into the auto-dbmkeyring? I'm assuming I can take a RPSL format submission, save it to afile, use GPG to clearisgn it, and put the result in the body of an emailto auto-dbm.

It's also possible altdb doesn't actually have working PGP support.Looking at the database dump I downloaded the other day, only one mntneruses PGP as their sole auth method...and that mntner hasn't made changesto any objects since the last change to their mntner...so it could be theychanged to PGP auth, never got it working, and abandoned altdb.

I was afraid of losing control of my mntner if there were issues with PGP,so I figured I'd add PGP as an auth method, test it, and then after seeingit work, remove CRYPT-PW.


----------------------------------------------------------------------
 Jon Lewis, MCP :)           |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

Re: AltDB? (IRR support & direction at ARIN), (continued)
- - - Re: AltDB? (IRR support & direction at ARIN) Jon Lewis (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) John Curran (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Randy Bush (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Randy Bush (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Charles N Wyble (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Charles N Wyble (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Charles Gucker (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 09)
    - Re: AltDB? (IRR support & direction at ARIN) Jon Lewis (Jan 10)
    - Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 10)
- Re: AltDB? Craig Pierantozzi (Jan 05)
  - Re: AltDB? Jay Coley (Jan 05)
    - RE: AltDB? Randy Epstein (Jan 05)
    - Re: AltDB? Jared Mauch (Jan 05)
    - Re: AltDB? Joe Abley (Jan 05)
    - Re: AltDB? Randy Bush (Jan 05)
    - Re: AltDB? David Conrad (Jan 05)
    - Re: AltDB? Christopher Morrow (Jan 05)
    - Re: AltDB? David Conrad (Jan 05)

(Thread continues...)