On Sun, 9 Jan 2011, Charles N Wyble wrote:
I am simply suggesting it is dangerous and irresponsible to run an IRR with only MAIL-FROM authentication, and quite easy to also support CRYPT-PW. ARIN should either support passwords or immediately make
The trouble is, since the DES crypt passwords are publicly accessible, even CRYPT-PW is not much security. I suspect with a copy of the db, a passsword cracking program, and some modest computing capacity, you could crack all the passwords in ALTDB before this thread dies. I've been trying to convert from CRYPT-PW to PGPKEY auth, but I don't seem to be having much luck getting that working. I've put a key-cert (PGPKEY-7ABEC6A3) into altdb, and changed our mntner to permit either CRYPT-PW or PGPKEY-7ABEC6A3 for auth. But PGP signed update requests result in #ERROR: Authorization failure. I'm not sure why I'm getting this auth failure. i.e. Something wrong with the formatting of my submissions? Something wrong with my key-cert? The certif: from my key-cert wasn't automatically imported into the auto-dbm keyring? I'm assuming I can take a RPSL format submission, save it to a file, use GPG to clearisgn it, and put the result in the body of an email to auto-dbm. It's also possible altdb doesn't actually have working PGP support. Looking at the database dump I downloaded the other day, only one mntner uses PGP as their sole auth method...and that mntner hasn't made changes to any objects since the last change to their mntner...so it could be they changed to PGP auth, never got it working, and abandoned altdb. I was afraid of losing control of my mntner if there were issues with PGP, so I figured I'd add PGP as an auth method, test it, and then after seeing it work, remove CRYPT-PW. ---------------------------------------------------------------------- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________