[db-wg] Deprecation of the NONE Authentication Scheme
- Previous message (by thread): [db-wg] Deprecation of the NONE Authentication Scheme
- Next message (by thread): [db-wg] Deprecation of the NONE Authentication Scheme
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kristian Larsson
kristian at juniks.net
Mon Nov 7 08:58:34 CET 2005
On Mon, Nov 07, 2005 at 08:57:30AM +0200, Hank Nussbacher wrote: > At 04:52 PM 13-04-04 +0200, Ziya Suzen wrote: > > If auth:NONE was deprecated why is the weak password graph constantly > increasing: > http://www.ripe.net/projects/dbconstat/protect-weakpass.html Because people who have auth:NONE are doing more db changes. People are lazy and won't change auth scheme. > Is auth: NONE still valid or not? It is not to be used but I don't think there is anything actually forcing you to switch!? > > According to ripe-358 it is not: > http://www.ripe.net/ripe/docs/db-query-manual.html > > If not, how is NONE being used - or is this graph plotting incorrect info? > > -Hank > > >Dear Colleagues, > > > >As announced at RIPE 47 the NONE authentication scheme will be > >deprecated. > > > >After 26 April 2004 the RIPE Whois Database will not accept updates using > >the NONE authentication scheme. > > > >If you have objects protected by a MNTNER object which has the NONE > >authentication scheme, please assign another authentication scheme or > >create another MNTNER object to protect these objects. > > > >If you are a RIPE NCC member you can create new MNTNER objects through > >the LIR Portal or send your update to <auto-dbm at ripe.net>. > > > >History and details: > >-------------------- > > > >1. Motivation > > > >The RIPE Database protects data from unauthorised modification through > >the use of references to maintainer objects. The maintainer objects > >contain an "auth:" attribute which specifiy how a user is > >authenticated during updates to the database. > > > >One of the allowed authentication schemes is "NONE", which is actually > >not an authentication at all, but rather specifies that no > >authentication is necessary. NONE is intended to be used consciously, > >as a notification facility or as a means to tag objects. > > > >In April 2003, a proposal was sent to the Database Working Group by > >Hank Nussbacher: > > > > It has come lately to the attention in the Internet security realm > > that spammers as well as crackers are hijacking IP address space. > > One easy way to "steal" IP address space is via those that have > > auth=NONE on their objects. > > > >It is likely that in many cases NONE is used simply because it is > >easy. Currently approximately 500 maintainers use NONE - about 5% of > >all maintainers. > > > > > >2. Plan > > > >Normally with a database cleanup effort, an announcement is sent to > >the appropriate mailing lists, posted to the RIPE web page, and also > >sent to the specific users affected. A period of time for cleanup is > >given. Finally, if the users have not fixed the data then it is > >modified. > > > >However, for the NONE deprecation, it is inadvisable to do this > >as it means announcing what is in effect a security > >vulnerability. Also, our operational experience with past cleanups > >shows that most users do not really participate through the phases of > >the effort. > > > >Therefore, the plan for MNTNER objects with the NONE authentication > >scheme is: > > > >o Announcement only to db-wg mailing list. (This announcement) > > > >o Remove "auth: NONE" attributes from all MNTNER objects, by changing > >them to a "remarks:" attribute with a URL explaining the change. > > > >o If that is the only authentication scheme, update the mntner > >objects, adding MD5-PW with a generated password. > > > >o E-mail the "admin-c:" and "tech-c:" of the objects, and the e-mail > >addresses listed in the "upd-to:" and "mnt-nfy:" attributes of the > >objects, explaining the change and including the new password if one > >is added. > > > >o Passwords can be requested via an e-mail to <ripe-dbm at ripe.net>. > > > >The reply with the password will be sent to the same contacts. After > >a certain period of time the service will be discontinued. Users > >wishing to use these maintainers may contact <ripe-dbm at ripe.net> for > >assistance. > > > > > >3. RIPE-NCC-NONE-MNT > > > >A maintainer with NONE authentication, RIPE-NCC-NONE-MNT, was added to > >objects without any maintainer when the database was converted from > >RIPE-181 format to RPSL format in April 2001. There is a remark in > >these objects which includes the following: > > > >remarks: The RIPE NCC will never use this maintainer object to > >remarks: enforce any sort of control over user's objects. > > > >It is possible this could have been interpreted to mean that no > >restriction would ever be added to the object. > > > >One use of the RIPE-NCC-NONE-MNT has been to allow the creation of > >objects representing routing policy for resources not allocated or > >assigned by the RIPE NCC. This is done by using "mnt-routes: > >RIPE-NCC-NONE-MNT" or "mnt-lower: RIPE-NCC-NONE-MNT" as appropriate. > > > >A new maintainer object will be created for these cases, with a well- > >known password, published in the object: > > > >mntner: RIPE-NCC-RPSL-MNT > >descr: This maintainer may be used to create objects to represent > >descr: routing policy in the RIPE Database for number resources not > >descr: allocated or assigned from the RIPE NCC. > >admin-c: RD132-RIPE > >upd-to: ripe-dbm-notify at ripe.net > >auth: MD5-PW $1$GUExyzzy$XQtbZHGVqy9GW8BiAckBV1 > >remarks: ******************************************************* > >remarks: * The password for this object is 'RPSL', without the * > >remarks: * quotes. * > >remarks: ******************************************************* > >mnt-by: RIPE-DBM-MNT > >referral-by: RIPE-DBM-MNT > >changed: ripe-dbm at ripe.net 20040301 > >source: RIPE > > > >The main use of this maintainer is for INETNUM objects. There are > >approximately 60000 such objects - about 6% of the inetnums. Updates > >for objects with RIPE-NCC-NONE-MNT are rare, less than 2% of all > >updates. > > > >For objects using RIPE-NCC-NONE-MNT: > > > >o If there are other "mnt-by:" attributes it will be changed to a > >"remarks:" attribute. > > > >o Otherwise, the "mnt-by:" will be changed to RIPE-NCC-LOCKED-MNT, > >which has a locked password (or PGP key). > > > >o A "remarks:" attribute will be added explaining how to generate a > >maintainer. > > > >o An e-mail will be sent to the "admin-c:" and "tech-c:" of the > >objects, and the e-mail addresses listed in the "notify:" attributes > >of the objects, explaining the change and giving a URL which will help > >to generate a new maintainer or assign another existing maintainer. > > > >o At the URL, the object will be automatically updated to have a new > >maintainer. > > > >o After a certain period of time the service will be discontinued. > >Users wishing to use these maintainers may contact ripe-dbm at ripe.net > >for assistance. > > > > > >4. Other maintainers with "auth: NONE" > > > >The RIPE-NCC-PN-NONE-MNT was used to mark PERSON objects not to be > >deleted in the 2001 person cleanup. It can be removed and the > >maintainer deleted. > > > >The LIM-MNT is used for limericks. It will have a well-known password > >similar to the RPSL maintainer. It will also be maintained by another > >maintainer (not itself, as currently). > > > >-- > >Ziya Suzen > >RIPE NCC >
- Previous message (by thread): [db-wg] Deprecation of the NONE Authentication Scheme
- Next message (by thread): [db-wg] Deprecation of the NONE Authentication Scheme
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]