RIPE51 Database WG draft Minutes
14th October 2005

A. Administrative Matters

	* scribe					(Nigel Titley, FLAG Telecom)
    * list of participants
    * agenda
    * minutes (please all review and return comments (2 weeks))
    [AP51.1 NT13] To watch list, fold in updates to RIPE-50 minutes and release
    			  after 2 weeks.
    * "remote participation" coordination (if needed)

    
46.5	WW			Coordinate with RIPE NCC to prepare a document 
					summarizing basic assumptions about the use of the database. 
                	[Various documents have been produces, and others need updating, but overtaken
                	by events, Closed]

47.3	RIPE NCC	Write a document properly documenting the use of the
					IRT object for reporting abuse.
					[Part of general documentation issue, ongoing]

48.6	RIPE NCC	To change DB behaviour to return IRT object
					[Misunderstanding of requirement, superceded by AP51.8, complete]
					
49.2	RIPE NCC	Give updates about the number of abuse records
					in the database to the Working Group.
					[Sent to list, Complete]

50.1	WW			Take proposal to make the country attribute optional and multiple for 
					inetnum and inet6num objects to the mailing list
					[Take to policy development process, Ongoing]

B. 	DB Update (N.N., RIPE NCC)
	See presentation
	
	Things are really stable, query rates, update rates, query mix etc. 
	Statistics are all online.
	Database documentation is being gradually reworked, and is being broken up into
	various reference manuals. Document formats will be PDF and HTML.
	New whois software is much easier to install (autoconf friendly)
	Signed updates will now expire a week after signature, to prevent replay attacks.
	WW noted problems with gnupg and dates of signature. This will be checked.
	[AP51.2 RIPE NCC] Check gnupgp compatibility before release of functionality.

C	Review of security mechanisms in the DB (Peter K., denic.de)
	. quality of CRYPT-PW, CRYPT-MD5, X.509
		This is a proposal to deprecate CRYPT-PW. See presentation.
		CRYPT-PW is relatively easy to break. 25% of all maintainer objects
		still contain CRYPT-PW and hence are easy to crack (weakest scheme wins).
		Why bother? RIPE community responsible for the strength of its tools.
		MD5-PW is much stronger and may be kept, at least for the moment.
		
		It was noted ??-PW cannot prevent replay attacks as there is not embedded
		timestamp, although if you have the update message you actually have the
		password.
		
		It was noted that John the Ripper now supports MD5-PW, although at about
		100 times slower than CRYPT-PW.
		
		It was agreed that the DB-WG should go with the proposal and should 
		have a practice with the Policy Development Process.
		[AP51.3 Peter Koch] Start by formulating the proposal on the mailing list.

D. 	State of whois services, developments? (WW144, N.N., RIPE NCC)
	There are concerns with the privacy of registry data.
	WW has tried to get different parts of the EU to talk to each other and
	formulate a unified view of requirements, ie is privacy important?
	AT the moment this is more of a problem in the domain name area, but it is
	possible that it may become an issue for IP addresses too. See the next presentation.

E. 	IRIS pilot frontend to whois (Shane Kerr, RIPE NCC)
	See presentation
	Please have a look and see if it satisfies user requirements.
	
	It was confirmed that IPv6 is also supported.
	There is no support for routing policy at the moment in the protocol, although
	this is being looked at, and a set of requirements being formulated.
	There are some doubts as to the exact benefits that IRIS gives to
	routing registries.
	[AP51.4 RIPE NCC] Check that the mapping of contacts is indeed not properly
	supported in IRIS (admin-c and tech-c).
	[AP51.5 RIPE NCC] Check and see if there are any other missing attributes
	that are needed for RIPE community.

F. 	Fact finding: RoutingReg facilities at RIRs (Gert D, SpaceNet)
	No presentation
	Do any of the other RiRs have facilities to store RPSL-ng objects?
	There appear to be no objects in any of the other RiRs.
	[AP51.6 Matt ?? (ARIN)] To find out if any of the other routing registries have the
	ability to store RPSL-ng.

X. 	Impact of "PDP" on how the DB-WG operates (WW144) [~15 min]
	. ref: https://www.ripe.net/ripe/docs/ripe-350.html
	From this WG meeting onwards, any sizeable changes should go through the PDP.
	Note that this WG is not intended to invent things, but to fill in the gaps left
	by other WGs and make sure that they get the appropriate attention.

Y. 	Input from other WGs

    * DNS: secureDNS requirements for the DB
    This has already been covered by the DB Update presentation.
    [AP51.7 RIPE NCC] Make sure that the proposed DNS Security changes are implemented

Z. 	AOB
	Show irt: objects by default on address queries
	There has been some misunderstanding of this requirement. It is still necessary
	to use the -c flag to get the irt: object, whereas the requirement was that
	if the irt: object existed then it should be returned.
	It was noted that this would result in a object being returned which was not
	actually referred to in any of the queried objects. This is a change in behaviour,
	but there was no objection to this.
	[AP51.8 RIPE NCC] To properly implement behaviour as requested.
	[AP51.9 RIPE NCC] To contact a subset of the spam tool writers and make sure
	that they are aware of the change in behaviour.