The RADB now supports authentication using PGP-based digital signatures.
If you want to use this feature, there are three things you must do:
* Register your public key with the RA.
* Modify your maintainer object to reflect your use of digital
signatures
* Sign (via PGP) your RADB transactions.
1. Registering your public key with the RA.
You must send your public key to the RA for inclusion onto our PGP
keyring. Use the "pgp -kxa" command to generate a copy of your public
key suitable for mailing, then mail the resultant file to
db-admin@ra.net.
For example:
% pgp -kxa smith@ra.net pubkey
...
% mail -s 'please register my public key' db-admin@ra.net < pubkey.asc
You may use one of two methods of verification:
* Fax a copy of a photographic identification (passport or drivers license)
to:
RADB public key verification
+1 313 747 3185
please write your PGP fingerprint and email address on the fax
* Attend an RA sponsored key signing session at NANOG or IETF. You
will need to bring a copy of your public key with a PGP fingerprint
and photo identification. (This will be verification via the
identification you bring, rather than having two other people agree
that you are who you say you are.)
We will be holding a key signing at NANOG on Monday, September 11 at
5:00. If that time is not convenient, you can also accost RA team
members at random and present them with with the appropriate
information.
2. Modifications to the maintainer object
There is a new authentication option for the maintainer object. The
syntax for it is:
auth: PGP-FROM {PGP User Id}
For example,
auth: PGP-FROM John Smith <smith@ra.net>
3. Signing your RADB transactions
You will need to PGP-sign each transaction you send to
auto-dbm@ra.net. Use the "pgp -sta" command to do this.
For example:
% pgp -sta -u smith@ra.net routes
...
% mail -s 'route updates' auto-dbm@ra.net < routes.asc