Hi Sandra, I also noted the services of RIPE are currently accessible through http and not https. That is an issue too.
I have notified RIPE about the same. Thanks, Vishwas On Thu, Feb 28, 2008 at 1:12 PM, Sandra Murphy <[EMAIL PROTECTED]> wrote: > > > On Thu, 28 Feb 2008, Vishwas Manral wrote: > > > Hi Sandra, > > > > > To further clarify, > >> The only point I want to add to the discussion is because we have to > >> verify the Origin only in the first hop peer, we do not need a global > >> database (as I mentioned we are not saving against malicious attacks > >> in any case). > > This would mean for someone who gets the information from RIPE does > > not need to necessarily use the mechanism the way it currently stands. > > > > > As long as: > > (a) you were interested in protecting only those prefixes that are managed > by RIPE - data in RIPE about other prefixes doesn't fall under the > protection of their security model, and the RIPE database does not > contain all prefixes, > > and > > (b) you were comfortable with the trust model of RIPE (they authenticate > the upload of the data with varying strength of authentication and you > must get the data, whose aussurance you can not yourself verify, from them > and only them with a protected transport they support). > > As an additional wrinkle, I believe that RIPE does allocate prefixes to > LIRs. I do not know if the LIRs are required to maintain the RIPE > security model in their allocations. > > --Sandy > _______________________________________________ Sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
