Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AFRINIC-rpd] whois.afrinic.net leaks passwords

Emilio Madaio emadaio at ripe.net
Fri Nov 23 08:02:42 UTC 2012 

Dear Nii,
   a recent article on RIPE Labs can answer your questions.


Please have a look at
https://labs.ripe.net/Members/kranjbar/password-management-in-ripe-database

Regards
Emilio Madaio
Policy Development Officer
RIPE NCC




On 11/22/12 3:29 PM, Nii Narku Quaynor wrote:
> Adiel
> 
> Filter as you have planned.
> 
> ...ehh, It would be helpful to also appreciate what other RIRs have done/are doing about this as BCP 
> 
> Best
> Nii
> 
> On Nov 22, 2012, at 8:02, Adiel Akplogan <adiel at afrinic.net> wrote:
> 
>> On 2012-11-22, at 10:49 AM, Guy Antony Halse <G.halse at ru.ac.za> wrote:
>>> On Thu 2012-11-22 (09:50), Adiel Akplogan wrote:
>>>> Our thinking is around a) Encouraging people to use PGP or X.509 
>>>> instead of MD-5 b) Doing what you are suggesting and filter
>>>> out the MD-5 encrypted password while displaying mntner queries 
>>>> output, and/or c) gradually phase out MD-5 completely to only allow 
>>>> PGP and X.509. In my sense a combination of (b) and (c) could be 
>>>> the appropriate way to handle this for the long term. 
>>>
>>> Or d) introduce an alternative as-yet-uncompromised password encryption
>>> mechanism, such as SHA512. (perhaps whilst still doing b)).
>>
>> Thanks, we will investigate this option as well.
>>
>>> Or e) extend my.afrinic.net to provide a web interface for maintaining
>>> objects (the current version doesn't support all objects).
>>
>> Yes this is already in the pipe with other improvement to be release 
>> next year in MyAFRINIC v.2
>>
>>> Or f) provide an HTTP-based API (as EPP did for DNS).  This would
>>> allow/encourage people to automate maintenance tasks.
>>
>> Interesting and will be looked at as well.
>>
>>> Sticking with e-mail, while I personally like the idea of X.509 (S/MIME), it
>>> raises the barrier to entry for smaller members and might be difficult to
>>> manage in a large environment.  (A password is easy to store in an
>>> enterprise password safe, and easy for a number of people to use.)  
>>
>> Understood … but we try to give as much as reliable options to the 
>> community to decide by themselves.
>>
>>> There's a lot to be said for keeping it simple.
>>
>> Agree, and thank you for your input.
>>
>> - a.
>>
>>
>> _______________________________________________
>> rpd mailing list
>> rpd at afrinic.net
>> https://lists.afrinic.net/mailman/listinfo.cgi/rpd
> _______________________________________________
> rpd mailing list
> rpd at afrinic.net
> https://lists.afrinic.net/mailman/listinfo.cgi/rpd
>

More information about the RPD mailing list