[DBWG] Making mnt-by mandatory on person objects

Michel ODOU michel.odou at afrinic.net
Tue Dec 13 12:15:27 UTC 2016


Just one thing though: making the mnt-by mandatory for person objects is
not an easy thing since you need a person object first to create a mntner.

So, to protect a person object, you need ... a person object. It is
therefore not really possible to make it mandatory. But as said in my
previous mail, we can put the person object into quarantine for some
time until it is protected and delete if after otherwise. And of course,
as you suggested, forbid the use of unprotected objects if they are to
be referenced.

Regards,
Michel

On 05/12/2016 19:35, fransossen at yahoo.com wrote:
> 
> 
>  
> Hi list,
> 
> I noticed that person objects can be created and then referenced away in the AFRINIC Database without any maintainer listed on them as mnt-by, which means they also can get updated without any maintainer.
> 
> This is at the moment an issue on potential data quality and nuisance but will become an even greater issue once the transfer policy kicks in, as "hijacking" a person will be rather easy, simply change the email address and place a maintainer under your control on the person object, it doesn't give you the maintainer listed on the resources...but you're almost there.
> 
> 
> An immediate action that could can be taken is that the AFRINIC does not allow to issue resources to organisation that have unprotected person objects, basically, if a person's nic-hdl is listed in myAFRINIC, it must have a mnt-by.
> 
> Any nic-hdl referenced on resources issued by AFRINIC *must* have a mnt-by, if the nic-hdl referenced is a role object, all persons within that role object must have an mnt-by:
> 
> This can be pointed out in the very first interaction with the LIR, thus not delaying anything in most cases.
> Further actions would need to be taken to clear up all the objects without maintainer that already exist and will not have contact with the hostmasters for the coming period of time, but that's the part that requires planning. 
> 
> I haven't looked up the numbers, so I do not know the size of the issue, I just noticed that some LIRs old and new had that issue in their records.
> 
> 
> 
> Cheers,
> David Hilario
> 
> _______________________________________________
> DBWG mailing list
> DBWG at afrinic.net
> https://lists.afrinic.net/mailman/listinfo/dbwg
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.afrinic.net/pipermail/dbwg/attachments/20161213/b902fd95/attachment.sig>


More information about the DBWG mailing list