PGP authentication for the RADB

Brian Renaud renaud at MERIT.EDU
Thu Sep 7 15:52:31 UTC 1995

The RADB now supports authentication using PGP-based digital signatures.
If you want to use this feature, there are three things you must do:

* Register your public key with the RA.

* Modify your maintainer object to reflect your use of digital

* Sign (via PGP) your RADB transactions.

1. Registering your public key with the RA.

You must send your public key to the RA for inclusion onto our PGP
keyring.  Use the "pgp -kxa" command to generate a copy of your public
key suitable for mailing, then mail the resultant file to
db-admin at

For example:

    % pgp -kxa smith at pubkey
    % mail -s 'please register my public key' db-admin at < pubkey.asc

You may use one of two methods of verification:

* Fax a copy of a photographic identification (passport or drivers license)

     RADB public key verification
     +1 313 747 3185

  please write your PGP fingerprint and email address on the fax

* Attend an RA sponsored key signing session at NANOG or IETF.  You
  will need to bring a copy of your public key with a PGP fingerprint
  and photo identification.  (This will be verification via the
  identification you bring, rather than having two other people agree
  that you are who you say you are.)

  We will be holding a key signing at NANOG on Monday, September 11 at
  5:00.  If that time is not convenient, you can also accost RA team
  members at random and present them with with the appropriate

2. Modifications to the maintainer object

There is a new authentication option for the maintainer object.  The
syntax for it is:

    auth:  PGP-FROM {PGP User Id}

For example,

    auth: PGP-FROM John Smith <smith at>

3. Signing your RADB transactions

You will need to PGP-sign each transaction you send to
auto-dbm at  Use the "pgp -sta" command to do this.

For example:

    % pgp -sta -u smith at routes
    % mail -s 'route updates' auto-dbm at < routes.asc

More information about the NANOG mailing list