Browse Prior Art Database

PGP Authentication for RIPE Database Updates (RFC2726)

IP.com Disclosure Number: IPCOM000003321D
Original Publication Date: 1999-Dec-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 8 page(s) / 21K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

J. Zsako: AUTHOR

Abstract

This document presents the proposal for a stronger authentication method of the updates of the RIPE database based on digital signatures. The proposal tries to be as general as possible as far as digital signing methods are concerned, however, it concentrates mainly on PGP, as the first method to be implemented. The proposal is the result of the discussions within the RIPE DBSEC Task Force.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 13% of the total text.

Network Working Group J. Zsako

Request for Comments: 2726 BankNet

Category: Standards Track December 1999

PGP Authentication for RIPE Database Updates

Status of this Memo

This document specifies an Internet standards track protocol for the

Internet community, and requests discussion and suggestions for

improvements. Please refer to the current edition of the "Internet

Official Protocol Standards" (STD 1) for the standardization state

and status of this protocol. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (1999). All Rights Reserved.

Abstract

This document presents the proposal for a stronger authentication

method of the updates of the RIPE database based on digital

signatures. The proposal tries to be as general as possible as far as

digital signing methods are concerned, however, it concentrates

mainly on PGP, as the first method to be implemented. The proposal

is the result of the discussions within the RIPE DBSEC Task Force.

1. Rationale

An increasing need has been identified for a stronger authentication

of the database maintainer upon database updates (addition,

modification and deletion of objects). The existing authentication

methods have serious security problems: the MAIL-FROM has the

drawback that a mail header is very easy to forge whereas CRYPT-PW is

exposed to message interception, since the password is sent

unencrypted in the update mail message.

The goal was to implement a digital signature mechanism based on a

widely available and deployed technology. The first choice was PGP,

other methods may follow at a later date. PGP is presently quite

widely used within the Internet community and is available both in

and outside the US.

The current aim is for an improved authentication method and nothing

more (in particular, this paper does not try to cover authorization

issues other than those related to authentication).

2. Changes to the RIPE database

In order to make the database as much self consistent as possible,

the key certificates are stored in the RIPE database. For efficiency

reasons a local keyring of public keys will also be maintained,

however, the local keyring will only contain a copy of the key

certificates present in the database. The synchronization of the

database with the local keyring will be made as often as possible.

The database objects will be created only via the current e-mail

mechanism (auto-dbm@ripe.net), in particular no public key

...