nanog mailing list archives
Re: AltDB? (IRR support & direction at ARIN)
From: Jon Lewis <jlewis () lewis org>
Date: Mon, 10 Jan 2011 12:37:32 -0500 (EST)
On Sun, 9 Jan 2011, Charles N Wyble wrote:
I am simply suggesting it is dangerous and irresponsible to run an IRR with only MAIL-FROM authentication, and quite easy to also support CRYPT-PW. ARIN should either support passwords or immediately make
The trouble is, since the DES crypt passwords are publicly accessible, even CRYPT-PW is not much security. I suspect with a copy of the db, a passsword cracking program, and some modest computing capacity, you could crack all the passwords in ALTDB before this thread dies.
I've been trying to convert from CRYPT-PW to PGPKEY auth, but I don't seem to be having much luck getting that working. I've put a key-cert (PGPKEY-7ABEC6A3) into altdb, and changed our mntner to permit either CRYPT-PW or PGPKEY-7ABEC6A3 for auth. But PGP signed update requests result in #ERROR: Authorization failure.
I'm not sure why I'm getting this auth failure. i.e. Something wrong with the formatting of my submissions? Something wrong with my key-cert? The certif: from my key-cert wasn't automatically imported into the auto-dbm keyring? I'm assuming I can take a RPSL format submission, save it to a file, use GPG to clearisgn it, and put the result in the body of an email to auto-dbm.
It's also possible altdb doesn't actually have working PGP support. Looking at the database dump I downloaded the other day, only one mntner uses PGP as their sole auth method...and that mntner hasn't made changes to any objects since the last change to their mntner...so it could be they changed to PGP auth, never got it working, and abandoned altdb.
I was afraid of losing control of my mntner if there were issues with PGP, so I figured I'd add PGP as an auth method, test it, and then after seeing it work, remove CRYPT-PW.
---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Current thread:
- Re: AltDB? (IRR support & direction at ARIN), (continued)
- Re: AltDB? (IRR support & direction at ARIN) Jon Lewis (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) John Curran (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Randy Bush (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Randy Bush (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Charles N Wyble (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Charles N Wyble (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Charles Gucker (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 09)
- Re: AltDB? (IRR support & direction at ARIN) Jon Lewis (Jan 10)
- Re: AltDB? (IRR support & direction at ARIN) Jeff Wheeler (Jan 10)
- Re: AltDB? Jay Coley (Jan 05)
- RE: AltDB? Randy Epstein (Jan 05)
- Re: AltDB? Jared Mauch (Jan 05)
- Re: AltDB? Joe Abley (Jan 05)
- Re: AltDB? Randy Bush (Jan 05)
- Re: AltDB? David Conrad (Jan 05)
- Re: AltDB? Christopher Morrow (Jan 05)
- Re: AltDB? David Conrad (Jan 05)