Protecting objects in the APNIC Whois Database

The APNIC Whois Database is an important source of information for the Internet community. Therefore, it is important the information in the database is accurate and not vulnerable to unauthorized changes or additions.

To protect objects, maintainer objects are used. Only the maintainer can update or remove the object, which is identified according to one of several methods related to the maintainer object.

When objects are submitted to the whois database, the software checks that the person submitting the objects has the authority to update existing objects or create new objects within a hierarchical structure, such as hierarchical route or inetnum objects.

Objects can only be changed by including the authentication method of the maintainer object protecting the object in the email submission. Hierarchical objects can only be created if you include the authentication method of the maintainer objects controlling the creation of objects within that hierarchy.

Authorization

The primary mechanism for authorization in the APNIC Whois Database is the maintainer object. Maintainer objects are associated with all other objects in the whois database, and the appropriate form of authentication for each maintainer must be presented in any update (including deletion) to verify that the maintainer in question approves of the change being requested. This authentication can take one of several forms. The association of Object to Maintainer is maintained by the 'mnt-by' attribute, which takes as its value the name of the associated maintainer.

Authentication

To authenticate updates to the APNIC Whois Database, you must be able to use the appropriate form of authentication for the maintainer that has control of the Object being updated. This is one of Crypt password, MD5 Password, or a PGP Key (in order of increasing trust). The password has to be supplied in the object being updated. In the case of PGP, you sign your update using the appropriate private key. The update is then mailed to APNIC and processed automatically by a batch queue linked to email.

• Crypt password is the least secure method of identifying your rights.
  The Crypt password string is exposed in your maintainer object, and therefore can be subject to offline password attacks that are known to work in short time: For example, a 4 or 5 letter crypt password can be broken by exhaustive search in under 24 hours. This method is now deprecated. Your password is sent in cleartext in your update.
• MD5 password is still an inherently insecure method, but at this time the exhaustive search of the password space appears to be less feasible.
  For people unable to use PGP, this method of identifying your rights is still supported. Your password is sent in cleartext in your update.
• PGP Key is the most secure method of managing your rights.
  PGP keys are not feasibly attackable by search methods, and unlike the other methods, no cleartext is sent. Instead, your update is signed with your PGP private key, and this signature is checked using the Key object lodged in the APNIC Whois.

It is important to note that use of any password authentication method in email has very large risks if you cannot ensure the integrity of your email flow into APNIC.