RFC 2726 (rfc2726) - Page 1 of 11
PGP Authentication for RIPE Database Updates
Alternative Format: Original Text Document
Network Working Group J. Zsako
Request for Comments: 2726 BankNet
Category: Standards Track December 1999
PGP Authentication for RIPE Database Updates
Status of this Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved.
Abstract
This document presents the proposal for a stronger authentication
method of the updates of the RIPE database based on digital
signatures. The proposal tries to be as general as possible as far as
digital signing methods are concerned, however, it concentrates
mainly on PGP, as the first method to be implemented. The proposal
is the result of the discussions within the RIPE DBSEC Task Force.
1. Rationale
An increasing need has been identified for a stronger authentication
of the database maintainer upon database updates (addition,
modification and deletion of objects). The existing authentication
methods have serious security problems: the MAIL-FROM has the
drawback that a mail header is very easy to forge whereas CRYPT-PW is
exposed to message interception, since the password is sent
unencrypted in the update mail message.
The goal was to implement a digital signature mechanism based on a
widely available and deployed technology. The first choice was PGP,
other methods may follow at a later date. PGP is presently quite
widely used within the Internet community and is available both in
and outside the US.
The current aim is for an improved authentication method and nothing
more (in particular, this paper does not try to cover authorization
issues other than those related to authentication).
Zsako Standards Track
