[DBWG] Deprecation of CRYPT and MD5 authentication on AFRINIC WHOIS

Simon Seruyinda simon at afrinic.net
Fri Dec 11 13:00:39 UTC 2020


Dear DBWG,

Just a quick update to let you know that the internal tests have been completed and we are scheduled to go to production next week.
Also note that during the tests we realised that its better not to cleanup the organisation objects. We shall instead change their org-type to closed or inactive-member.

Regards;
Simon


> On 20 Nov 2020, at 10:56, Simon Seruyinda <simon at afrinic.net> wrote:

>

> Dear DBWG

>

> Following our discussions during the online DBWG on 30th September 2020, we have the pleasure to announce that we have taken your inputs and have decided to proceed with the following database changes

>

> 1. Stop accepting updates to objects if CRYPT or MD5 authentication is used.

> Effective 12th December 2020, the users will only be able to make changes to their maintainer objects to move to a more secure password hashing algorithm such as BCRYPT , PGP Key or

> X-509.

> 2. Also going forward the key-cert object will be immutable and its mnt-by optional. This is to make it easy for members to use PGP without first creating the maintainer with password based

> authentication method such as BCRYPT.

> 3. Any unreferenced KEY-CERT,MNTNER,IRT,ORGANISATION objects older than 90 days will be cleaned up using a monthly scheduled job.

> We shall add person/role object types to this list in a future release.

> Our Member Services department is currently testing the developments and will keep you updated as we progress.

> We have already sent communication to members who still have maintainer objects using MD5 and CRYPT authentication.

> We are also working with our communications department to have this announced on the afrinic website as well.

>

>

> Regards;

> Simon





More information about the DBWG mailing list